Cisco SCE8000 CLI Command Reference, Release 3.7.x
CLI Command Reference
Downloads: This chapterpdf (PDF - 3.87MB) The complete bookPDF (PDF - 4.54MB) | Feedback

CLI Command Reference

Table Of Contents

CLI Command Reference

Introduction

?

aaa accounting commands

aaa authentication attempts

aaa authentication commands default

aaa authentication enable default

aaa authentication login default

accelerate-packet-drops

access-class

access-list

active-port

application slot replace force completion

asymmetric-l2-support

attack-detector

attack-detector default

attack-detector number

attack-detector tcp-port-list | udp-port-list

attack-filter

attack-filter dont-filter | force-filter

attack-filter subscriber-notification ports

auto-fail-over

auto-negotiate

bandwidth

banner

blink

boot system

calendar set

cd

cdp enable

cdp holdtime

cdp mode

cdp run

cdp timer

clear arp-cache

clear cdp counters

clear cdp table

clear diameter counters

clear diameter Gx counters

clear diameter Gy counters

clear interface linecard counters

clear interface linecard flow-filter

clear interface linecard mac-resolver arp-cache

clear interface linecard subscriber anonymous all

clear interface linecard subscriber db counters

clear interface linecard TpReportCounters

clear interface linecard traffic-counter

clear interface linecard vas-traffic-forwarding vas counters health-check

clear interface linecard vpn

clear interface range

clear logger

clear management-agent notifications counters

clear rdr-formatter

clear scmp name counters

clock read-calendar

clock set

clock summertime

clock timezone

clock update-calendar

configure

connection-mode

copy

copy ftp://

copy-passive

copy running-config-application startup-config-application

copy running-config-party-db startup-config-party-db

copy running-config startup-config

copy source-file ftp://

copy source-file startup-config

copy startup-config destination-file

copy startup-config-party-db backupfile

cpa-client destination

cpa-client retries

default subscriber template all

delete

diameter

diameter Gx

diameter Gx failure-grace-time

diameter Gx PCRF-connection-failure-grace-time

diameter Gx tx-timer

diameter gx virtual-gi vlan-id

diameter Gy subscriber-attribute-mapping

diameter Gy tx-timer

diameter host

diameter origin-realm

diameter peer

diameter port

diameter realm

diameter realm forwarding-mode

diameter tx-timer

dir

disable

do

duplex

enable

enable password

end

erase startup-config-all

exit

external-bypass

failure-recovery operation-mode

flow-capture

flow-capture controllers

flow-filter set-ff rule

flow-filter set-ff rule ipv6

force failure-condition

help

history

history size

hostname

hw-bypass mode

interface gigabitethernet

interface linecard

interface mng

interface range gigabitethernet (SCE8000 GBE only)

interface range tengigabitethernet

interface tengigabitethernet

ip access-class

ip address

ip advertising

ip default-gateway

ip domain-lookup

ip domain-name

ip ftp password

ip ftp username

ip host

ip name-server

ip radius-client retry limit

ip route

ip rpc-adapter

ip rpc-adapter port

ip rpc-adapter security-level

ip ssh

ip ssh access-class

ip ssh key

ip ssh mng-vlan

ip-tunnel 6to4

ip-tunnel DS-Lite

ip-tunnel DS-Lite Extention-Header-Support

ip-tunnel gre skip

ip-tunnel dscp-marking-skip

ip-tunnel ipinip skip

ip-tunnel l2tp skip

l2tp identify-by

line vty

link failure-reflection

link mode

link port-enhanced-recovery

logger add-user-message

logger device

logger device user-file-log max-file-size

logger get support-file

logger get user-log file-name

logging facility

logging host

logging on

logging message-counter

logging rate-limit

logging trap

logout

mac-resolver arp

management-agent sce-api ignore-cascade-violation

management-agent sce-api logging

management-agent sce-api timeout

management-agent system

mkdir

mng-vlan

more

more running-config-all

more running-config-application

more running-config-party-db

more startup-config-all

more startup-config-application

more startup-config-party-db

more user-log

mpls

no subscriber

no subscriber mappings included-in

os-fingerprinting

os-fingerprinting gx-report

os-fingerprinting NAT-detection-window

os-fingerprinting os-flush-time

os-fingerprinting sampling

os-fingerprinting scan-port

os-fingerprinting signature-file

party mapping ip-address name

party mapping ip-range

party name

party name hw-bypass

party template index

periodic-records aggregate-by-cpu

ping

pqi install file

pqi rollback file

pqi uninstall file

pqi upgrade file

pwd

queue

rdr-formatter category number buffer-size

rdr-formatter category number name

rdr-formatter destination

rdr-formatter destination protocol netflowv9 template data timeout

rdr-formatter forwarding-mode

rdr-formatter history-size

rdr-formatter protocol

rdr-formatter protocol netflowv9 dscp

rdr-formatter rdr-mapping

reload

reload shutdown

rename

rmdir

salt

sce-url-database add-entry

sce-url-database import

sce-url-database protection

sce-url-database remove-all

scmp

scmp keepalive-interval

scmp loss-of-sync-timeout

scmp name

scmp reconnect-interval

scmp subscriber force-single-sce

scmp subscriber id append-to-guid

scmp subscriber send-session-start

script capture

script print

script run

script stop

service-bandwidth-prioritization-mode

service password-encryption

service rdr-formatter

service telnetd

service timestamps

show access-lists

show applications slot tunable

show blink

show calendar

show cdp

show cdp entry

show cdp neighbors

show cdp traffic

show clock

show diameter

show diameter forwarding-mode

show diameter Gx

show diameter gx virtual-gi

show diameter Gy

show diameter peer

show diameter peer-table

show diameter realm

show diameter routing table

show environment all

show environment cooling

show environment power

show environment temperature

show environment voltage

show failure-recovery operation-mode

show hostname

show hosts

show hw-bypass mode

show interface gigabitethernet

show interface linecard

show interface linecard accelerate-packet-drops

show interface linecard application

show interface linecard asymmetric-l2-support

show interface linecard asymmetric-routing-topology

show interface linecard attack-detector

show interface linecard attack-filter

show interface linecard cascade connection-status

show interface linecard cascade peer-sce-information

show interface linecard cascade redundancy-status

show interface linecard connection-mode

show interface linecard counters

show interface linecard cpa-client

show interface linecard duplicate-packets-mode

show interface linecard external-bypass

show interface linecard flow-capture

show interface linecard flow-open-mode

show interface linecard ip-tunnel

show interface linecard ip-tunnel 6to4

show interface linecard ip-tunnel DS-Lite

show interface linecard ip-tunnel ipinip

show interface linecard ipv6

show interface linecard l2tp

show interface linecard link mode

show interface linecard link-to-port-mapping

show interface linecard mac-mapping

show interface linecard mac-resolver arp

show interface linecard mpls

show interface linecard periodic-records aggregation

show interface linecard physically-connected-links

show interface linecard sce-url-database

show interface linecard sce-url-database protection

show interface linecard service-bandwidth-prioritization-mode

show interface linecard shutdown

show interface linecard silent

show interface linecard subscriber

show interface linecard subscriber aging

show interface linecard subscriber anonymous

show interface linecard subscriber anonymous-group

show interface linecard subscriber db counters

show interface linecard subscriber Gx-pull-request-disable

show interface linecard subscriber mapping

show interface linecard subscriber max-subscribers

show interface linecard subscriber name

show interface linecard subscriber name breach-state

show interface linecard subscriber name bucket-state

show interface linecard subscriber name bucket-state id

show interface linecard subscriber properties

show interface linecard subscriber sm-connection-failure

show interface linecard subscriber templates

show interface linecard subscriber virtual-gi-mode

show interface linecard tos-marking

show interface linecard TpReportCounters

show interface linecard traffic-counter

show interface linecard traffic-rule

show interface linecard vas-traffic-forwarding

show interface linecard virtual-links

show interface linecard vlan

show interface linecard vpn

show interface linecard wap

show interface mng

show interface tengigabitethernet

show inventory

show ip access-class

show ip advertising

show ip default-gateway

show ip filter

show ip radius-client

show ip route

show ip rpc-adapter

show ip ssh

show ip ssh mng-vlan

show line vty

show log

show logger device

show logging

show logging counters

show management-agent

show management-agent sce-api quota

show mng-vlan

show mng-vlan service-bind

show mng-vlan statistics

show os-fingerprinting config

show os-fingerprinting subscriber-name

show os-fingerprinting signature-file

show party name

show party name hw-bypass

show party num-parties-with-open-flows

show pqi file

show pqi last-installed

show processes cpu

show rdr-formatter

show rdr-formatter buffer-size

show rdr-formatter connection-status

show rdr-formatter counters

show rdr-formatter destination

show rdr-formatter enabled

show rdr-formatter forwarding-mode

show rdr-formatter history-size

show rdr-formatter protocol netflowv9 dscp

show rdr-formatter rdr-mapping

show rdr-formatter statistics

show running-config

show running-config-all

show running-config-application

show running-config-party-db

show scmp

show snmp

show snmp community

show snmp contact

show snmp enabled

show snmp host

show snmp location

show snmp mib

show snmp traps

show sntp

show startup-config

show startup-config-all

show startup-config-application

show startup-config-party-db

show system operation-status

show system-uptime

show tacacs

show telnet sessions

show telnet status

show timezone

show users

show version

show version all

show version software

show vty mng-vlan

silent

snmp-server

snmp-server community

snmp-server contact

snmp-server enable traps

snmp-server host

snmp-server interface

snmp-server location

snmp-server mng-vlan

sntp broadcast client

sntp server

sntp update-interval

speed

subscriber aging

subscriber anonymous-group export csv-file

subscriber anonymous-group import csv-file

subscriber anonymous-group name ip-range

subscriber capacity-options

subscriber downstream-split-flow-pull

subscriber export csv-file

subscriber Gx-pull-request-disable

subscriber import csv-file

subscriber ip-linger-stats

subscriber ip-linger-time

subscriber max-subscribers

subscriber name property name

subscriber sm-connection-failure

subscriber template export csv-file

subscriber template import csv-file

subscriber virtual-gi-mode

tacacs-server host

tacacs-server key

tacacs-server timeout

telnet

timeout

tracert

traffic-counter

traffic-rule ip addresses

traffic-rule ipv6

traffic-side (SCE8000 10G platform only)

tunable value

unzip

username

username privilege

vas-traffic-forwarding

vas-traffic-forwarding traffic-link

vas-traffic-forwarding vas server-id health-check

vas-traffic-forwarding vas server-id vlan

vas-traffic-forwarding vas server-group

vas-traffic-forwarding vas server-group failure

vas-traffic-forwarding vas server-id

virtual-links index direction

vlan

vty mng-vlan

wap


CLI Command Reference


Revised: March 22, 2013, OL-24148-09

Introduction

This chapter contains all of the CLI commands available on the SCE8000 platform at the admin authorization level or lower.

Each command description includes the information shown in Table 2-1.

Table 2-1 Command Description Subsections 

Description
Description of the command

Command Syntax

General format.

Syntax Description

Description of parameters and options for the command.

Default

If relevant, the default setting for the command.

Mode

Mode (command line) from which the command can be invoked.

Usage Guidelines

Information about when to invoke the command and additional details.

Authorization

Level of user authorization required for using the command.

Example

An illustration of how the command looks when invoked. Because the interface is straightforward, some of the examples are included for clarity only.

Related Commands

Other commands that might be used with the command.


Syntax and Conventions

The CLI commands are written in the following format:

command required-parameter [optional-parameter]

no is an optional parameter that may appear before the command name.

When entering commands, you may enclose parameters in quotation marks, and you must do so when a parameter name includes a space.

?

Lists all of the commands available for the current command mode. You can also use the ? command to obtain specific information about a keyword or argument.

To display a list of commands that begin with a particular character string, enter the abbreviated command entry immediately followed by a question mark (?). This form of help is called partial help, because it lists only the commands that begin with the abbreviation you entered.

?

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

All

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

To list a command's associated keywords or arguments, enter a question mark (?) in place of a keyword or argument on the command line. This form of help is called argument help because it lists the keywords or arguments that apply based on the command, keywords, and arguments you have already entered.

Examples

The following example shows how to request help using the ? wildcard:

SCE(config)#ip ? 
default-gateway 					Sets the default gateway 
domain-lookup 					Enables the IP DNS-based host name-to-address translation 
domain-name 					Define a default domain name 
host 					Add a host to the host table 
name-server 					Specify the address of one or more name servers to use for name and
					address resolution 
route 					Add IP routing entry 
SCE(config)#ip d? 
default-gateway domain-lookup domain-name 
SCE(config)#ip de? 
default-gateway 
SCE(config)#ip de

aaa accounting commands

Enables TACACS+ accounting.

To disable TACACS+ accounting, use the no form of this command.

aaa accounting commands level default stop-start group tacacs+

no aaa accounting commands level default

Syntax Description

level

Privilege level for which to enable TACACS+ accounting. Choose one of the following levels:

0 (user)

5 (viewer)

10 (admin)

15 (root).

stop-start

Sends the accounting message before and after the CLI command is executed.


Command Default

TACACS+ accounting is disabled.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.3

This command was introduced.


Usage Guidelines

If TACACS+ accounting is enabled, the SCE platform sends an accounting message to the TACACS+ server after every command execution. The accounting message is logged in the TACACS+ server for use by the network administrator.

The start-stop keyword (required) indicates that the accounting message is sent at the beginning and the end (if the command was successfully executed) of the execution of a CLI command.

Authorization: admin

Examples

The following example shows how to enable TACACS+ accounting for the admin privilege level (10):

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)# aaa accounting commands 10 default stop-start group tacacs+ 
SCE(config)#

Related Commands

Command
Description

aaa authentication attempts

Sets the maximum number of login attempts that will be permitted before a Telnet session is terminated.

aaa authentication command default

Specifies which command authentication methods are to be used, and in what order of preference.

aaa authentication enable default

Specifies which privilege level authentication methods are to be used, and in what order of preference.

aaa authentication login default

Specifies which login authentication methods are to be used, and in what order of preference.

tacacs-server host

Defines a new TACACS+ server host that is available to the SCE platform TACACS+ client.

tacacs-server key

Defines the global default encryption key for the TACACS+ server hosts.


aaa authentication attempts

Specifies the number of login attempts allowed before a Telnet session is terminated.

aaa authentication attempts login [number-of-attempts]

Syntax Description

login number-of- attempts

Maximum number of login attempts that will be permitted before the Telnet session is terminated.


Command Default

The default number of authentication attempts is 3.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.0

This command was introduced.


Usage Guidelines

The maximum number of login attempts is relevant only for Telnet sessions. From the local console, the number of retries is unlimited.

Authorization: admin

Examples

The following example shows how to set the maximum number of login attempts to 5:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)# aaa authentication attempts login 5  
SCE(config)#

Related Commands

Command
Description

aaa authentication accounting commands

Enables TACACS+ accounting.

aaa authentication commands default

Specifies which command level authentication methods are to be used, and in what order of preference.

aaa authentication enable default

Specifies which privilege level authentication methods are to be used, and in what order of preference.

aaa authentication login default

Specifies which login authentication methods are to be used, and in what order of preference.


aaa authentication commands default

Specifies which command level authentication methods are to be used, and in what order of preference.

To delete the command level authentication list, use the no form of this command.

aaa authentication command level default method1 [method2]

no aaa authentication command level default

Syntax Description

level

Privilege level for which to enable TACACS+ command authorization. Choose one of the following levels:

0 (user)

5 (viewer),

10 (admin)

15 (root)

method1 [method2]

Command level authentication methods to be used. You may specify up to two different methods, in the order in which they are to be used. See Usage Guidelines for more information.


Command Default

The default command level authentication method is enable.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.3

This command was introduced.


Usage Guidelines

Use this command to configure "backup" command level authentication methods to be used if the primary command level authentication method fails. The following methods are available:

group tacacs+—Use TACACS+ authentication.

none—Use no authentication.

If the command level authentication methods list is deleted, the default command level authentication method only (enable) is used. TACACS+ authentication is not used.

Authorization: admin

Examples

The following example shows how to configure command level authentication methods:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)# aaa authentication command 15 default group tacacs+ none 
SCE(config)#
 
   

Related Commands

Command
Description

aaa authentication enable default

Specifies which privilege level authentication methods are to be used, and in what order of preference.

aaa authentication login default

Specifies which login authentication methods are to be used, and in what order of preference.

aaa accounting commands

Enables TACACS+ accounting.

aaa authentication attempts

Sets the maximum number of login attempts that will be permitted before a Telnet session is terminated.

show tacacs

Displays statistics for the TACACS+ servers.


aaa authentication enable default

Specifies which privilege level authentication methods are to be used, and in what order of preference.

To delete the privilege level authentication methods list, use the no form of this command.

aaa authentication enable default method1 [method2...]

no aaa authentication enable default

Syntax Description

method1...

Privilege level authentication methods to be used. You may specify up to four different methods, in the order in which they are to be used. See Usage Guidelines for more information.


Command Default

The default privilege level authentication method is enable.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.0

This command was introduced.


Usage Guidelines

Use this command to configure "backup" privilege level authentication methods to be used if the primary privilege level authentication method fails. The following methods are available:

group tacacs+—Use TACACS+ authentication.

local—Use the local username database for authentication.

enable (default)—Use the enable password for authentication.

none—Use no authentication.

If the privilege level authentication methods list is deleted, the default privilege level authentication method only (enable password) is used. TACACS+ authentication is not used.

Authorization: admin

Examples

The following example shows how to configure privilege level authentication methods:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)# aaa authentication enable default group tacacs+ enable none 
SCE(config)#

Related Commands

Command
Description

aaa authentication command default

Specifies which command authentication methods are to be used, and in what order of preference.

aaa authentication commands default

Specifies which command level authentication methods are to be used, and in what order of preference.

aaa authentication login default

Specifies which login authentication methods are to be used, and in what order of preference.

aaa accounting commands

Enables TACACS+ accounting.

aaa authentication attempts

Sets the maximum number of login attempts that will be permitted before a Telnet session is terminated.

show tacacs

Displays statistics for the TACACS+ servers.


aaa authentication login default

Specifies which login authentication methods are to be used, and in what order of preference.

To delete the login authentication methods list, use the no form of this command.

aaa authentication login default method1 [method2...]

no aaa authentication login default

Syntax Description

method1...

Login authentication methods to be used. You may specify up to four different methods, in the order in which they are to be used. See Usage Guidelines for more information.


Command Default

The default login authentication method is enable.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.0

This command was introduced.


Use this command to configure "backup" login authentication methods to be used if the primary login authentication method fails. The following methods are available:

group tacacs+—Use TACACS+ authentication.

local—Use the local username database for authentication.

enable (default)—Use the enable password for authentication.

none—Use no authentication.

If the login authentication methods list is deleted, the default login authentication method only (enable password) is used. TACACS+ authentication is not used.

Authorization: admin

Examples

The following example shows how to configure login authentication methods:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)# aaa authentication login default group tacacs+ enable none 
SCE(config)#
 
   
 
   

Related Commands

Command
Description

aaa authentication command default

Specifies which command authentication methods are to be used, and in what order of preference.

aaa authentication commands default

Specifies which command level authentication methods are to be used, and in what order of preference.

aaa authentication enable default

Specifies which privilege level authentication methods are to be used, and in what order of preference.

aaa accounting commands

Enables TACACS+ accounting.

aaa authentication attempts

Sets the maximum number of login attempts that will be permitted before a Telnet session is terminated.

show tacacs

Displays statistics for the TACACS+ servers.


accelerate-packet-drops

Enables drop-wred-packets-by-hardware mode. This mode improves performance, but prevents the application from being able to count all dropped packets.

To disable drop-wred-packets-by-hardware mode, enabling the software to count all dropped packets (at the expense of some loss of performance), use the no form of this command.

accelerate-packet-drops

no accelerate-packet-drops

Syntax Description

This command has no arguments or keywords.

Command Default

This command (drop-wred-packets-by-hardware mode) is enabled.

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.0

This command was introduced.


Usage Guidelines

By default, the SCE platform hardware drops WRED packets (packets that are marked to be dropped due to bandwidth-control criteria). However, dropping these packets might be a problem if you need to know the number of dropped packets per service.

You can disable drop-wred-packets-by-hardware mode. The application can then retrieve the number of dropped packets for every flow and provide better visibility into the exact number of dropped packets and their distribution.

Note that counting all dropped packets impacts system performance and therefore, by default, drop-wred-packets-by-hardware mode is enabled.


Note The MIB object tpTotalNumWredDiscardedPackets counts dropped packets. The value in this counter is absolute only in no accelerate-packet-drops mode. When in accelerate-packet-drops mode (the default mode), this MIB counter provides only a relative value indicating the trend of the number of packet drops, with a factor of approximately 1:6.


Authorization: admin

Examples

The following example shows how to disable drop-wred-packets-by-hardware mode so that the application can count all dropped packets:

SCE>enable 10 
password:<cisco> 
SCE#>config 
SCE(config)#interface linecard 0 
SCE(config if)#no accelerate-packet-drops 
SCE(config if)#
 
   

Related Commands

Command
Description

show interface linecard accelerate-packet-drops

Displays the currently configured hardware packet drop mode.


access-class

Restricts Telnet server access to those addresses listed in the specified ACL.

Use the no form of this command to either remove a specified ACL or to set the Telnet server to accept access from any IP address.

access-class acl-number in

no access-class [acl-number] in

Syntax Description

acl-number

An access-list number (1-99).


Command Default

By default, no ACL is configured (Telnet access is available from any IP address).

Command Modes

Line Configuration Mode

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

You must configure the ACL before you can assign it to a service. (See access-list.)

Authorization: admin

Examples

The following are examples of the access-class command:

EXAMPLE 1

The following example configures an access class for all Telnet lines.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#line vty 0 
SCE(config-line)#access-class 1 in  
SCE(config-line)#

EXAMPLE 2

The following example removes an access class for Telnet lines.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#line vty 0 
SCE(config-line)#no access-class 1 in  
SCE(config-line)#

Related Commands

Command
Description

access-list

Creates or updates a specified ACL

show access-lists

Displays all currently configured ACLs.


access-list

Adds an entry to the bottom of the specified access list.

To remove an entry from the specified access list, use the no form of this command.

access-list number permission address

no access-list number

Syntax Description

number

Number of an access list (1 to 99).

permission

Indicates whether the IP address should be allowed or denied access permission, as described in Table 2-2 in Usage Guidelines.

address

Addresses to be matched by this entry, as described in Table 2-2 in Usage Guidelines.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

The SCE platform can be configured with access control lists (ACLs), which are used to permit or deny incoming connections on any of the management interfaces. An access control list is an ordered list of entries, each consisting of the following elements:

Permit/deny field

IP address

Optional wildcard "mask" defining an IP address range

The order of the entries in the list is important. The default action of the first entry that matches the connection is used. If no entry in the access list matches the connection, or if the access list is empty, the default action is deny. Table 2-2 lists valid permission values.

Table 2-2 Valid Permission Values 

deny

Denies access to list member.

permit

Permits access to list member.

any

All IP addresses are matched by this entry. This value is equivalent to specifying the address 0.0.0.0 255.255.255.255.

address

IP address or range of IP addresses, matched by this entry. This value can be one address in the format x.x.x.x or a range of addresses in the format x.x.x.x y.y.y.y, where x.x.x.x specifies the prefix bits common to all IP addresses in the range, and y.y.y.y is a mask that specifies the bits that are ignored. In this notation, 1 means bits to ignore.

For example, the address 0.0.0.0 255.255.255.255 means any IP address. The address 10.0.0.0 0.1.255.255 means IP addresses from 10.0.0.0 to 10.1.255.255. The address 1.2.3.4 0.0.0.255 means IP addresses from 1.2.3.0 to 1.2.3.255 (a more natural way of expressing the same range is 1.2.3.0 0.0.0.255).


Authorization: admin

Examples

The following example adds entries to the bottom of access-list 1. The first entry permits access to 10.1.1.0 to 10.1.1.255. The second entry denies access to any address. Together, this list allows access only to addresses 10.1.1.*.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#access-list 1 permit 10.1.1.0 0.0.0.255  
SCE(config)#access-list 1 deny any  
SCE(config)#

The following example defines access-list 2, a list that denies access to all IP addresses in the range 10.1.2.0 to 10.1.2.255, permits access to all other addresses in the range 10.1.0.0 to 10.1.15.255, and denies access to all other IP addresses. Note that, because the first range is contained within the second range, the order of entries is important. If they had been entered in the opposite order, the deny entry would not have any effect.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE (config)#access-list 2 deny 10.1.2.0 0.0.0.255  
SCE (config)#access-list 2 permit 10.1.0.0 0.0.15.255  
SCE(config)#

Related Commands

Command
Description

ip access-class

Specifies which access control list (ACL) controls global access to the SCE platform.

show access-lists

Displays all access lists or a specific access list.


active-port

Specifies which management port is currently active.

active-port

Syntax Description

This command has no arguments or keywords.

Command Default

Default Mng port is 0/1.

Command Modes

Mng Interface Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.0

This command was introduced.


Usage Guidelines

The command must be executed from the Mng interface that is to be defined as the active port, as follows:

Use the interface mng command, specifying the desired port number (0/1 or 0/2), to enter the proper command mode.

Execute the active-port command.

The use of this command varies slightly depending on whether the management interface is configured as a redundant interface (auto fail-over disabled)

auto fail-over enabled (automatic mode): the specified port becomes the currently active port, in effect forcing a fail-over action even if a failure has not occurred.

auto fail-over disabled (manual mode): the specified port should correspond to the cabled Mng port, which is the only functional port and therefore must be and remain the active management port

Authorization: admin

Examples

The following example shows how to use this command to configure Mng port 2 as the currently active management port.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface mng 0/2  
SCE(config if)#active-port  
SCE(config if)#

application slot replace force completion

Forces the current application replace process to complete and immediately start finalization (killing all old flows).

application slot slot-number replace force completion

Syntax Description

slot-number

Number of the identified slot. Enter a value of 0.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.3

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to force the application replace operation to complete immediately:

SCE>enable 10 
Password:<cisco> 
SCE#application slot 0 replace force completion  
SCE#

asymmetric-l2-support

Configures the system to treat flows as having asymmetric Layer 2 characteristics (including Ethernet, VLAN, and L2TP), for the purpose of packet injection.

To disable asymmetric L2 support, use the no form of this command.

asymmetric-l2-support

no asymmetric-l2-support

Syntax Description

This command has no arguments or keywords.

Command Default

Asymmetric Layer 2 support is disabled.

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.1.6

This command was introduced.


Usage Guidelines

You should enable asymmetric Layer 2 support when the following conditions apply for any flows:

Each direction of the flow has a different pair of MAC addresses.

The routers do not accept packets with the MAC address of the other link.


Note "Asymmetric routing topology" support and "asymmetric tunneling support" are two separate features. Asymmetric routing topology refers to topologies where the SCE platform might see some flows only in one direction (upstream or downstream).
Asymmetric tunneling support (asymmetric L2 support) refers to the ability to support topologies where the SCE platform sees both directions of all flows, but some of the flows may have different Layer 2 characteristics (such as MAC addresses, VLAN tags, and L2TP headers), which the SCE platform must specifically take into account when injecting packets into the traffic (such as in block and redirect operations).
Note as well that, to support asymmetric Layer 2, the SCE platform switches to asymmetric flow open mode, which impacts performance. This limitation is not the case for asymmetric routing topology.


Authorization: admin

Examples

The following example shows how to use this command:

SCE>enable 10 
Password:<cisco> 
SCE#configure
SCE(config)#interface linecard 0
SCE(config if)# asymmetric-L2-support
 
   

Related Commands

Command
Description

show interface linecard

Displays information for a specific line card interface.


attack-detector

Enables the specified attack detector and assigns an access control list (ACL) to it.

attack-detector number access-list access-list

Syntax Description

number

Number of the attack detector.

access-list

Number of the ACL containing the IP addresses selected by this detector.


Command Default

None

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Use the following commands to define the attack detector and the ACL:

attack-detector

access-list

Authorization: admin

The following example shows how to enable attack detector number 2 and assign ACL 8:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface LineCard 0 
SCE(config if)#attack-detector 2 access-list 8  
SCE(config if)#

Related Commands

Command
Description

access-list

Adds an entry to the bottom of the specified access list.

attack-detector number

Configures a specific attack detector for a particular attack type with the assigned number.

show interface linecard attack-detector

Displays the configuration of the specified attack detector.

show access-lists

Displays all access lists or a specific access list.


attack-detector default

Defines default thresholds and attack handling action. If a specific attack detector is defined for a particular situation (protocol, attack direction, or side), the detector overrides the defaults.

To delete the user-defined defaults, use the no form of this command. The system defaults are used instead.

attack-detector default protocol protocol attack-direction attack-direction side side [action action] [open-flows open-flows] [ddos-suspected-flows ddos-suspected-flows] [suspected-flows-ratio suspected-flows-ratio] [notify-subscriber | dont-notify-subscriber] [alarm |noalarm]

no attack-detector default protocol protocol attack-direction attack-direction side side [action action] [open-flows open-flows] [ddos-suspected-flows ddos-suspected-flows] [suspected-flows- ratio suspected-flows-ratio]

Syntax Description

protocol

For protocol, choose TCP, UDP, IMCP, or other.

attack-direction

For attack-direction, choose attack-source, attack-destination, or both.

side

For size, choose subscriber, network, or both.

action

For action, choose report or block.

open-flows

Threshold for concurrently open flows (new open flows per second).

ddos-suspected-flows

Threshold for DDoS-suspected flows (new suspected flows per second).

suspected-flows-ratio

Threshold for ratio of suspected flow rate to open flow rate.

notify-subscriber, dont-notify-subscriber

Enables or disables subscriber notification.

alarm, noalarm

Enables or disables sending of SNMP traps.


Command Default

The default attack detector uses the following default values:

Action—report

Thresholds—varies according to the attack type

Subscriber notification—disabled

Sending an SNMP trap—disabled

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Use the attack-detector number command to configure a specific attack detector.

Authorization: admin

Examples

The following example shows how to configure a default attack detector for TCP flows from the attack source:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface LineCard 0 
SCE(config if)#attack-detector default protocol TCP attack-direction attack-source side 
both action report open-flows 500 ddos-suspected-flows 75 suspected-flows-ratio 50  
SCE(config if)#

The following example shows how to enable subscriber notification for the specified default attack detector:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface LineCard 0 
SCE(config if)#attack-detector default protocol TCP attack-direction attack-source side 
both notify-subscriber  
SCE(config if)#

Related Commands

Command
Description

attack-detector number

Configures a specific attack detector for a particular attack type with the assigned number.

attack-filter subscriber-notification ports

Specifies a port as a subscriber notification port.

show interface linecard attack-detector

Displays the configuration of the specified attack detector.


attack-detector number

Configures a specific attack detector for a particular attack type (protocol, attack direction, or side) with the assigned number.

To configure the default attack detector for the specified attack type, use the default form of this command.

To delete the specified attack detector, use the no form of this command.

attack-detector number protocol {TCP | UDP | ICMP | other | all} [destination-port destination-port] attack-direction attack-direction side side [action action] [open-flows open-flows] [ddos-suspected-flows ddos-suspected-flows] [suspected-flows-ratio suspected-flows-ratio] [notify-subscriber | dont-notify-subscriber] [alarm | no-alarm]

no attack-detector number

attack-detector default protocol {TCP | UDP | ICMP | other | all} [destination-port destination-port] attack-direction attack-direction side side [action action] [open-flows open-flows] [ddos-suspected-flows ddos-suspected-flows] [suspected-flows-ratio suspected-flows-ratio] [notify-subscriber | dont-notify-subscriber] [alarm | no-alarm]

no attack-detector default protocol {TCP | UDP | ICMP | other | all} [destination-port destination-port] attack-direction attack-direction side side

default attack-detector {all | all-numbered}

default attack-detector number protocol {all | IMCP | other | TCP | UDP} [destination-port destination-port] attack-direction attack-direction side side

Syntax Description

number

Assigned number for the attack detector.

protocol

For protocol, choose TCP, UDP, IMCP, or other.

destination port

(TCP and UDP protocols only) Defines whether the default attack detector applies to specific (port-based) or not-specific (port-less) detections.

For destination-port, choose specific, not-specific, or both.

attack-direction

For attack-direction, choose single-side-destination, single-side-both, dual-sided, or all.

side

For side, choose subscriber, network, or both.

action

For action, choose report or block.

open-flows-rate

Threshold for rate of open flows (new open flows per second).

suspected-flows-rate

Threshold for rate of suspected DDoS flows (new suspected flows per second).

suspected-flows-ratio

Threshold for ratio of suspected flow rate to open flow rate.

notify-subscriber, dont-notify-subscriber

Enables or disables subscriber notification.

alarm, noalarm

Enables or disables sending of SNMP traps.


Command Default

The default attack detector uses the following default values:

Action—report

Thresholds—varies according to the attack type

Subscriber notification—disabled

Sending an SNMP trap—disabled

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

If a specific attack detector is defined for a particular attack type, this detector overrides the configured default attack detector.

If the selected protocol is either TCP or UDP, specify whether destination ports are specific, not specific, or both. If the destination ports are specific, configure the ports using the attack-detector number command.

To enable a configured attack detector, use the attack-detector number command.

To configure a default attack detector, use the attack-detector default command.

Authorization: admin

Examples

The following example shows how to configure attack detector number 2:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface LineCard 0 
SCE(config if)# attack-detector 2 protocol UDP dest-port not-specific attack-direction 
single-side-destination side both action block open-flows-rate 500 suspected-flows-rate 
500 suspected-flows-ratio 50 notify-subscriber alarm  
SCE(config if)#
 
   

The following example shows how to delete attack detector number 2:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface LineCard 0 
SCE(config if)#no attack-detector 2  
SCE(config if)#
 
   

The following example shows how to disable subscriber notification for attack detector number 2:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface LineCard 0 
SCE(config if)#attack-detector 2 protocol UDP dest-port not-specific attack-direction 
single-side-destination side both dont-notify-subscriber  
SCE(config if)#
 
   

Related Commands

Command
Description

attack-detector

Enables the specified attack detector and assigns an access control list (ACL) to it.

attack-detector tcp-port-list | udp-port-list

Defines the list of destination ports for specific port detections for TCP or UDP protocols.

attack-filter subscriber-notification ports

Specifies a port as a subscriber notification port.

attack-detector default

Defines default thresholds and attack handling action.

show interface linecard attack-detector

Displays the configuration of the specified attack detector.


attack-detector tcp-port-list | udp-port-list

Defines the list of destination ports for specific port detections for TCP or UDP protocols.

attack-detector number {tcp-port-list | udp-port-list} {all | port1 [port2...]}

Syntax Description

number

Number of the attack detector for which this list of specific ports is relevant.

port1 ...

List of up to 15 specific port numbers.

all

Includes all ports in the list.


Command Default

None

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.0

This command was introduced.


Usage Guidelines

TCP and UDP protocols may be configured for specified ports only (port-based). Use this command to configure the list of specified destination ports for each protocol. Up to 15 different TCP port numbers and 15 different UDP port numbers can be specified.

Configuring a TCP or UDP port list for an attack detector affects only those attack types that have the same protocol (TCP or UDP) and are port-based (that is, detect a specific destination port). Settings for other attack types are not affected by the configured port list.

Authorization: admin

Examples

The following example shows how to configure the destination port list for the TCP protocol for attack detector 10:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface LineCard 0 
SCE(config if)#attack-detector 10 tcp-port-list 100 101 102 103  
SCE(config if)#
 
   
 
   
 
   
 
   

Related Commands

Command
Description

attack-detector number

Configures a specific attack detector for a particular attack type with the assigned number.

attack-filter
(Interface Linecard Configuration)

Enables specific attack detection for a specified protocol and attack direction.


attack-filter

Enables specific attack detection for a specified protocol and attack direction.

To disable attack detection, use the no form of this command.

attack-filter protocol {TCP | UDP | ICMP | other | all} [dest-port destination-port] attack-direction attack-direction

no attack-filter protocol {TCP | UDP | ICMP | other | all} [dest-port destination-port] attack-direction attack-direction

Syntax Description

protocol

Choose TCP, UDP, IMCP, other, or all.

destination-port

(TCP and UDP protocols only) Defines whether the default attack detector applies to specific (port-based) or not-specific (port-less) detections.

Choose specific, not-specific, or both.

attack-direction

Choose single-side-destination, single-side-both, dual-sided, or all.


Command Default

This command is enabled.

The default for protocol is all (no protocol specified).

The default for destination-port is both (port-based and port-less).

The default for attack-direction is all (all directions).

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Specific attack filtering is configured in two steps:

1. Enabling specific IP filtering for the particular attack type (using this command).

2. Configuring an attack detector for the relevant attack type (using the attack-detector numbercommand). Each attack detector specifies the thresholds that define an attack and the action to be taken when an attack is detected.

In addition, you can manually override the configured attack detectors to either force or prevent attack filtering in a particular situation (using the attack filter force filter | dont-filter command).

By default, specific IP detection is enabled for all attack types. You can configure specific IP detection to be enabled or disabled for a specific defined situation only, depending on the following options:

For a selected protocol only

For TCP and UDP protocols, for only port-based or only port-less detections

For a selected attack direction, either for all protocols or for a selected protocol

If the selected protocol is either TCP or UDP, specify whether the destination port is specific (port-based), not specific (port-less), or both. If the destination ports are specific, configure the ports using the attack-detector tcp-port-list | udp-port-listcommand.

Authorization: admin

Examples

The following example shows how to enable specific, dual-sided attack detection for TCP protocol only:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface LineCard 0 
SCE(config if)#attack-filter protocol TCP dest-port specific attack-direction dual-sided  
SCE(config if)#
 
   

The following example shows how to enable single-sided attack detection for ICMP protocol only:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface LineCard 0 
SCE(config if)# attack-filter protocol ICMP attack-direction single-side-source  
SCE(config if)#

The following example shows how to disable attack detection for all protocols that are not TCP, UDP, or ICMP:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface LineCard 0 
SCE(config if)#no attack-filter protocol other attack-direction all  
SCE(config if)#

Related Commands

Command
Description

attack-detector tcp-port-list | udp-port-list

Defines the list of destination ports for specific port detections for TCP or UDP protocols.

attack-detector number

Configures a specific attack detector for a particular attack type with the assigned number.

show interface linecard attack-filter

Displays the attack-filtering configuration.


attack-filter dont-filter | force-filter

Prevents attack filtering for a specified IP address or protocol. If filtering is already in process, it will be stopped. When attack filtering has been stopped, it remains stopped until explicitly restored by another CLI command (either specific or general). To restore attack filtering, use the no form of this command.

The force-filter option forces attack filtering for a specified IP address or protocol. When attack filtering has been forced, it continues until explicitly stopped by another CLI command (either specific or general). To stop attack filtering, use the no form of this command.

attack-filter force-filter [action {block | report}] protocol {TCP | UDP | ICMP | other} [destination-port {port-number | not-specific}] attack-direction {single-side-source | single-side-destination | single-side-both} {ip ip-address | dual-sided source-ip ip-address destination-ip ip-address} side side

attack-filter dont-filter protocol {TCP | UDP | ICMP | other} [destination-port {port-number | not-specific}] attack-direction {single-side-source | single-side-destination | single-side-both} {ip ip-address | dual-sided source-ip ip-address destination-ip ip-address} side side

no attack-filter dont-filter protocol {TCP | UDP | ICMP | other} [destination-port {port-number | not-specific}] attack-direction {single-side-source | single-side-destination | single-side-both} {ip ip-address | dual-sided source-ip ip-address destination-ip ip-address} side side

no attack-filter force-filter protocol {TCP | UDP | ICMP | other} [destination-port {port-number | not-specific}] attack-direction {single-side-source | single-side-destination | single-side-both) {ip ip-address | dual-sided source-ip ip-address destination-ip ip-address} side side

no attack-filter force-filter all

no attack-filter dont-filter all

Syntax Description

action (force-filter option only)

Specifies the action the force-filter option should perform. Choose either block or report.

protocol

Choose TCP, UDP, ICMP, or other.

destination port

(TCP and UDP protocols only) Defines whether specific IP detection is forced or prevented for the specified port number or is port-less (not specific).

Choose port-number or not-specific.

attack direction

Defines whether specific IP detection is forced or prevented for single-sided or dual-sided attacks:

Single-sided—Specify the direction (single-side-source, single-side-destination, single-side-both) and the IP address.

Dual-sided—Specify dual-sided and both the source IP address and the destination IP address.

ip-address

IP address from which traffic will not be filtered:

For single-sided filtering, specify only one IP address.

For dual-sided filtering, specify both a source IP address and a destination IP address.

side

For side, choose subscriber, network, or both.

all

Restores or stops all filtering.


Command Default

None

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.1.0

This command was introduced.


Usage Guidelines

After configuring the attack detectors, the SCE platform automatically detects attacks and handles them according to the configuration. However, to manually intervene (either for debugging purposes or because reconfiguring the SCE attack detectors properly would be difficult), you can use the CLI attack- filtering commands to:

Prevent or stop filtering of an attack related to a protocol, direction, and specified IP address

Force filtering of an attack related to a protocol, direction, and specified IP address

Attack filtering can be prevented for a specified IP address or protocol by executing a dont-filter CLI command. If filtering is already in process, it will be stopped. When attack filtering has been stopped, it remains stopped until explicitly restored by another CLI command (either force-filter or no dont-filter).

Authorization: admin

Examples

The following example shows how to prevent attack filtering for the specified conditions:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#attack-filter dont-filter protocol other attack-direction 
single-side-source ip 10.10.10.10 side both  
SCE(config if)#
 
   

The following example shows how to restore all attack filtering:

SCE>enable 10 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#no attack-filter dont-filter all  
SCE(config if)# 
Password:<cisco>
 
   

The following example shows how to force attack filtering:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#attack-filter force-filter protocol TCP dest-port not-specific 
attack-direction dual-sided source-ip 10.10.10.10 destination-ip 20.20.20.20 side both  
SCE(config if)#
 
   

The following example shows how to stop all forced attack filtering:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#no attack-filter force-filter all  
SCE#

Related Commands

Command
Description

attack-filter

Enables specific attack detection for a specified protocol and attack direction.


attack-filter subscriber-notification ports

Specifies a port as a subscriber notification port. TCP traffic from the subscriber side to this port will never be blocked by the attack filter, leaving it always available for subscriber notification.

To remove the port from the subscriber notification port list, use the no form of this command.

attack-filter subscriber-notification ports port

no attack-filter subscriber-notification ports port

Syntax Description

port

Port number. One port can be specified as the subscriber notification port.


Command Default

None

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

This command configures the port to be used for subscriber notification as configured using the attack-filter and attack-detector number commands.

Authorization: admin

Examples

The following example shows how to specify port 100 as the subscriber notification port:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#attack-filter subscriber-notification ports 100  
SCE(config if)#

Related Commands

Command
Description

attack-detector default

Defines default thresholds and attack-handling action.

attack-detector number

Configures a specific attack detector for a particular attack type with the assigned number.

show interface linecard attack-filter

Displays the attack-filtering configuration.


auto-fail-over

Enables automatic fail-over on the Mng ports. Use the no form of the command to disable automatic fail-over on the Mng ports.

auto-fail-over

no auto-fail-over

Syntax Description

This command has no arguments or keywords.

Command Default

By default, the auto fail-over mode is enabled.

Command Modes

Interface Management Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.0

This command was introduced.


Usage Guidelines

This parameter can be configured for either management port, and is applied to both ports with one command.

The automatic mode must be enabled to support management interface redundancy. This mode automatically switches to the backup management link when a failure is detected in the currently active management link.

When the automatic fail-over mode is disabled, by default Mng port 1 is the active port. If Mng port 2 will be the active port, it must be explicitly configured as such (see active-port ).

Authorization: admin

Examples

This example shows how to disable the auto fail-over mode.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface Mng 0/1 
SCE(config if)#no auto-fail-over  
SCE(config if)#

Related Commands

Command
Description

active-port

Specifies which management port is currently active.


auto-negotiate

Configures GigabitEthernet interface auto-negotiation mode. Use this command to either enable or disable auto-negotiation.

To always have auto-negotiation disabled, regardless of the connection mode, use the no form of this command.

auto-negotiate

no auto-negotiate

default auto-negotiate

Syntax Description

This command has no arguments or keywords.

Command Default

Auto-negotiation is:

On for inline connection mode

Off for receive-only connection mode

Command Modes

GigabitEthernet Interface Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Auto-negotiation does not work when the SCE platform is connected through an optical splitter (receive-only connection mode).

In the SCE8000 10GBE platform, auto-negotiation is supported by the GBE management interface only (1/1). The connection mode is not relevant to the management interface.

Authorization: admin

Examples

The following example shows how to configure all the GigabitEthernet line interfaces on the specified SPA to perform no auto-negotiation:

SCE_GBE>enable 10 
Password:<cisco> 
SCE_GBE#config 
SCE_GBE(config)#interface range GigabitEthernet 3/0/0-7 
SCE_GBE(config range if)#no auto-negotiate  
SCE_GBE(config range if)#

Related Commands

Command
Description

show interface gigabitethernet

Displays the details of the GigabitEthernet management interface.


bandwidth

Sets Ethernet shaping for the TenGigabitEthernet line interfaces.

bandwidth bandwidth burst-size burstsize

Syntax Description

bandwidth

Bandwidth measured in kbps.

burstsize

Burst size in bytes.


Command Default

The default bandwidth is 100000K (100 Mbps).

The default burst size is 5000 (5K bytes).

Command Modes

TenGigabitEthernet Interface Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

This command is valid for a specified TenGigabitEthernet line interface only. It must be executed explicitly for each interface.

Authorization: admin

Examples

The following example shows how to set the bandwidth and burst size for the TenGigabitEthernet line interface 3/2/0:

SCE#config 
SCE(config)#interface TenGigabitEthernet 3/2/0 
SCE(config if)#bandwidth 100000 burstsize 5000  
SCE(config if)#

Related Commands

Command
Description

interface tengigabitethernet

Displays the details of a TenGigabitEthernet interface.

queue

Sets the queue shaping.


banner

Enables the display of the warning banner every time a user connects to the SCE platform through either the console connection or Telnet.

Use the no form of the command to disable the display of the warning banner.

banner login banner-text

no banner login

Syntax Description

banner-text

Text of the warning banner message, enclosed in delimiting characters (such as quotation marks).


Command Default

By default, the banner is disabled.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.x

This command was introduced.


Usage Guidelines

The warning banner serves as a security warning for unauthorized users trying to connect to SCE platform. It can also provide device details, as well as information about the service and application.

You do not have to shutdown the SCE platform in order to enable or disable the banner.

Authorization: admin

Examples

The following example shows how to enable the login banner:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#banner login "Welcome to the Cisco SCE8000" 
SCE(config)#

blink

Blinks a slot LED for visual identification.

To stop slot blinking, use the no form of this command.

blink slot slot-number

no blink slot slot-number

Syntax Description

slot-number

Number of the identified slot. Enter a value of 0.


Command Default

Not blinking

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to configure the SCE platform to stop blinking:

SCE>enable 10 
Password:<cisco> 
SCE#no blink slot 0  
SCE#

Related Commands

Command
Description

show blink

Displays the blinking status of a slot.


boot system

Specifies a new package file to install. The SCE platform extracts the actual image files from the specified package file only during the copy running-config startup-config command.

boot system pkg-file

no boot system

Syntax Description

pkg-file

The package file that contains the new firmware. The filename should end with the .pkg file type.


Command Default

None.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Use this command to upgrade the SCE platform embedded firmware. The package file is verified for the system and checked that it is not corrupted. The actual upgrade takes place only after you run the copy running-config startup-config command, and reboot the SCE device.

If you are transferring the pkg file to the device manually, after the pkg file is transferred to the device, move it to the /apps/data/scos directory (The default SCOS directory) before saving the running configuration. The Cisco SCE device expects the pkg file in the /apps/data/scos directory. The upgrade fails if the pkg file is not placed in this directory.

Authorization: admin

Examples

The following example shows how to upgrade the system:

SCE> enable 10 
Password: <cisco> 
SCE#
SCE# copy ftp://user:1234@10.10.10.10/downloads/SENum.pkg pkg-file.pkg
SCE#config 
SCE(config)#boot system pkg-file.pkg 
Verifying package file... 
Package file verified OK. 
SCE(config)# do copy running-config startup-config 
Backing -up configuration file... 
Writing configuration file... 
Extracting new system image... 
Extracted OK.

Related Commands

Command
Description

copy running-config startup-config

Builds a configuration file with general configuration commands called config.txt, which is used in successive boots.


calendar set

Sets the system calendar. The calendar is a system clock that continues functioning even when the system shuts down.

calendar set hh:mm:ss day month year

Syntax Description

hh:mm:ss

Current local time in hours in 24-hour format, minutes, and seconds (hh:mm:ss).

day

Current day (date) in the month.

month

Current month (by 3-letter abbreviated name).

year

Current year using a 4-digit number.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Always coordinate between the calendar and clock by using the clock read-calendar command after setting the calendar.

Authorization: admin

Examples

The following example shows how to set the calendar to 20 minutes past 10 a.m., January 13, 2006, synchronize the real-time clock to the calendar time, and display the result:

SCE>enable 10 
Password:<cisco> 
SCE#calendar set 10:20:00 13 jan 2006  
SCE#clock read-calendar  
SCE#show calendar  
10:20:03 UTC THU January 13 2006 
SCE#show clock  
10:20:05 UTC THU January 13 2006 
SCE#
 
   
 
   
 
   
 
   

Related Commands

Command
Description

clock read-calendar

Synchronizes clocks by setting the system clock from the calendar.

clock set

Manually sets the system clock.

clock update-calendar

Synchronizes clocks by setting the calendar from the system clock.


cd

Changes the path of the current working directory.

cd new-path

Syntax Description

new-path

Path name of the new directory. This name can be either a full path or a relative path.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

The new path should already have been created in the local flash file system.

Authorization: admin

Examples

The following example shows how to display the current directory (root directory) and then change the directory to the log directory located under the root directory:

SCE>enable 10 
Password:<cisco> 
SCE>enable 10 
SCE#pwd  
system 
SCE#cd log  
SCE#pwd  
system:log 
SCE#

Related Commands

Command
Description

pwd

Displays the current working directory.

mkdir

Creates a new directory.


cdp enable

Enables Cisco Discovery Protocol (CDP) on a specific traffic interface. Use the no form of the command to disable CDP on a specific interface.

CDP is not supported on management interfaces.

cdp enable

no cdp enable

Syntax Description

This command has no arguments or keywords.

Command Default

By default, CDP is enabled on all traffic interfaces.

Command Modes

SCE8000 GBE: GigabitEthernet Interface Configuration (traffic interfaces only)

SCE8000 10G: TenGigabitEthernet Interface Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

By default, CDP is enabled on all traffic interfaces. CDP must be enabled globally on the SCE8000 platform (cdp run command) in order to enable a specific interface.


Tip For consistent CDP operation, it is recommended that both ports of any one traffic link be either enabled or disabled.


Authorization: admin

Examples

The following example illustrates how to disable CDP on both 10 Gigabit Ethernet traffic interfaces of the first traffic link on an SCE8000 10G platform.

SCE>enable 10
Password:<cisco>
SCE#config
SCE(config)#interface range TenGigabitEthernet 3/0-1/0
SCE(config if range)#no cdp enable
 
   
 
   
 
   

Related Commands

Command
Description

cdp mode

Sets the CDP mode.

cdp run

Enables Cisco Discovery Protocol (CDP) globally.

show cdp

Displays the current CDP configuration.


cdp holdtime

Specifies the amount of time the receiving device should hold a Cisco Discovery Protocol (CDP) packet from the SCE8000 before discarding it.

Use either the no or the default form of the command to restore the holdtime to the default value (180 seconds).

cdp holdtime seconds

no cdp holdtime

default cdp holdtime

Syntax Description

seconds

Hold time value to be sent in the CDP update packets in seconds.


Command Default

180 seconds

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

CDP packets are sent with a time to live, or hold time, value. The receiving device will discard the CDP information in the CDP packet after the hold time has elapsed.

You can set the hold time lower than the default setting of 180 seconds if you want the receiving devices to update their CDP information more rapidly.

The specified CDP hold time must be greater than the time between CDP transmissions, which is set using the cdp timer command.

Authorization: admin

Examples

The following example sets the CDP hold time to 60 seconds.

SCE>enable 10
Password:<cisco>
SCE#config
SCE(config)#cdp holdtime 60
SCE(config)#
 
   
 
   

Related Commands

Command
Description

cdp run

Enables Cisco Discovery Protocol (CDP) globally.

cdp enable

Enables Cisco Discovery Protocol (CDP) on a specific traffic interface.

cdp timer

Specifies how often the SCE8000 platform sends CDP updates.

show cdp

Displays the current CDP configuration.


cdp mode

Sets the Cisco Discovery Protocol (CDP) mode on the SCE8000 platform.

To reset the CDP mode to the default mode (bypass) use the default form of the command.

cdp mode (standard | monitor | bypass)

default cdp mode

Syntax Description

standard

Standard CDP operation. CDP packets are received and processed, as well as generated.

In this mode CDP functions as it does on a typical Cisco device. This mode should be used in most cases, even though it is not the default mode.

bypass (default)

CDP packets are received and transmitted unchanged on the corresponding interface. Received packets are not processed. No packets are generated.

In this mode, `bump-in-the-wire' behavior is applied to CDP packets. This is the backward compatible mode, equivalent to not having CDP support.

monitor

CDP packets are received, processed, and transmitted unchanged. CDP packets are analyzed and CDP neighbor information is available. No packets are generated.

In this mode 'bump-in-the-wire' behavior is applied to CDP packets. This mode may be confusing to operators and network management tools, since it is contrary to the concept of CDP as a physical link protocol.


Command Default

Bypass

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

The Cisco SCE8000 is usually installed as a bump-in-the-wire device, and therefore forwards packets (including CDP packets) from one interface to the corresponding interface, whereas a typical Cisco device never forwards CDP packets from one interface to another interface. Therefore, the Cisco SCE8000 extends the enabled state with three different CDP modes, allowing it to either function as a typical CDP device, or to only monitor the CDP packets, or to bypass them altogether.


Note When CDP is either not running or disabled at the interface level, CDP packets are discarded and CDP packets are not generated, regardless of the CDP mode.


Table 2-3 CDP Modes in the Cisco SCE8000

CDP Mode
"cdp run" AND "cdp enable"
"no cdp run" OR "no cdp enable"
Standard

Received CDP packets processed

CDP packets generated

Received CDP packets discarded

CDP packets not generated

Bypass (Default)

Received CDP packets bypassed (not processed)

CDP packets not generated

Received CDP packets discarded

CDP packets not generated

Monitor

Received CDP packets processed and bypassed

CDP packets not generated

Received CDP packets discarded

CDP packets not generated



Caution In cascade topologies, both SCE8000 platforms must be configured to the same CDP mode.

Authorization: admin

Examples

The following example illustrates how to set the CDP to "standard" so that CDP functions on the SCE8000 platform like it does on a typical Cisco device.

SCE>enable 10
Password:<cisco>
SCE#config
SCE(config)#cdp mode standard
SCE(config)#

Related Commands

Command
Description

cdp run

Enables Cisco Discovery Protocol (CDP) globally.

cdp enable

Enables Cisco Discovery Protocol (CDP) on a specific traffic interface.

show cdp

Displays the current CDP configuration.


cdp run

Enables Cisco Discovery Protocol (CDP) globally on the SCE8000 platform. Use the no form of the command to disable CDP.

cdp run

no cdp run

Syntax Description

This command has no arguments or keywords.

Command Default

By default, CDP is enabled.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

By default, CDP is enabled on the Cisco SCE8000. If you prefer not to use the CDP device discovery capability, use the no cdp run command to disable it.

By default, when CDP is enabled, it is enabled on all traffic interfaces. To disable CDP on a specific interface, use the no cdp enable command in interface configuration mode.


Note By default, when you enable CDP, it is set to bypass mode. To change the mode, use the cdp mode command.


Authorization: admin

Examples

The following example illustrates how to disable CDP.

SCE>enable 10
Password:<cisco>
SCE#config
SCE(config)#no cdp run
SCE(config)#
 
   
 
   
 
   
 
   
 
   

Related Commands

Command
Description

cdp mode

Sets the CDP mode.

cdp enable

Enables Cisco Discovery Protocol (CDP) on a specific traffic interface.

show cdp

Displays the current CDP configuration.


cdp timer

Specifies how often the SCE8000 platform sends Cisco Discovery Protocol (CDP) updates.

Use either the no or the default form of the command to restore the timer to the default value (60 seconds).

cdp timer

no cdp timer

default cdp timer

Syntax Description

seconds

How often the SCE8000 platform sends CDP updates, in seconds.


Command Default

60 seconds

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

Adjust the value to balance the advantage of more up-to-date CDP information with the increased bandwidth required for more frequent transmissions.

The specified CDP timer value must be less than the hold time value sent in the CDP updated packets, which is set using the cdp holdtime command.

Authorization: admin

Examples

The following example sets the timer value to 80 seconds.

SCE>enable 10
Password:<cisco>
SCE#config
SCE(config)#cdp timer 80
SCE(config)#
 
   
 
   
 
   
 
   
 
   
 
   

Related Commands

Command
Description

cdp run

Enables Cisco Discovery Protocol (CDP) globally.

cdp enable

Enables Cisco Discovery Protocol (CDP) on a specific traffic interface.

cdp holdtime

Specifies the amount of time the receiving device should hold a CDP packet from the SCE8000 before discarding it.

show cdp

Displays the current CDP configuration.


clear arp-cache

Deletes all dynamic entries from the ARP cache. The Address Resolution Protocol (ARP) is a TCP/IP protocol that converts IP addresses to physical addresses. Dynamic entries are automatically added to and deleted from the cache during normal use. Entries that are not reused age and expire within a short period of time. Entries that are reused have a longer cache life.

clear arp-cache

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to clear the ARP cache:

SCE>enable 10 
Password:<cisco> 
SCE#clear arp-cache  
SCE#

Related Commands

Command
Description

clear interface linecard mac-resolver arp-cache

Clears all the MAC addresses in the MAC resolver database.


clear cdp counters

Resets the Cisco Discovery Protocol (CDP) traffic counters to zero.

clear cdp counters

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example illustrates how to use this command. The show cdp traffic output shows that all of the traffic counters have been reset to zero.

SCE>enable 10 
Password:<cisco> 
SCE#clear cdp counters
SCE#show cdp traffic
CDP counters:
Total packets output: 0, Input: 0
Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
No memory: 0, Invalid packet: 0, Fragmented: 0
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 0, Input: 0
SCE#

Related Commands

Command
Description

clear cdp table

Clears the table that contains CDP information about neighbors.

show cdp traffic

Displays the CDP traffic counters.


clear cdp table

Clears the table that contains Cisco Discovery Protocol (CDP) information about neighbors.

clear cdp table

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example illustrates how to use this command. The output of the show cdp neighbors command shows that all information has been deleted from the table.

SCE>enable 10 
Password:<cisco> 
SCE#clear cdp table
SCE#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port I
SCE#

Related Commands

Command
Description

clear cdp counters

Resets the CDP traffic counters to zero.

show cdp neighbors

Displays the table that contains CDP information about neighbors.


clear diameter counters

Resets all diameter stack message statistics.

clear diameter counters

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to use this command.

SCE>enable 10

Password:<cisco>

SCE#clear diameter counters 
SCE#

Related Commands

Command
Description

show diameter counters

Displays stack message statistics.


clear diameter Gx counters

Resets all Gx application message statistics.

clear diameter Gx counters

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to use this command.

SCE>enable 10

Password:<cisco>

SCE#clear diameter Gx counters 
SCE#

Related Commands

Command
Description

show diameter Gx counters

Displays Gx message statistics.


clear diameter Gy counters

Resets Gy application counters.

clear diameter Gy counters

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to use this command.

SCE>enable 10

Password:<cisco>

SCE#clear diameter Gy counters 
SCE#

Related Commands

Command
Description

show diameter Gy counters

Displays Gy counters.


clear interface linecard counters

Clears the line card interface counters.

clear interface linecard slot-number counters

Syntax Description

slot-number

Number of the identified slot. Enter a value of 0.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.1.5

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to clear the counters for line card 0:

SCE>enable 10 
Password:<cisco> 
SCE#clear interface linecard 0 counters  
SCE#

Related Commands

Command
Description

show interface linecard counters

Displays the hardware counters for the line card interface.


clear interface linecard flow-filter

Clears all flow filter rules for the specified partition.

clear interface linecard slot-number flow-filter partition name name

Syntax Description

slot-number

Number of the identified slot. Enter a value of 0.

name

Name of the partition for which to clear the flow filter rules.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.1.6

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to use this command:

SCE>enable 15 
Password:<cisco> 
SCE#>clear interface linecard 0 flow-filter partition name partition_1  
SCE#>

Related Commands

Command
Description

show interface linecard flow-filter

Displays data relating to flow filtering.


clear interface linecard mac-resolver arp-cache

Clears all the MAC addresses in the MAC resolver database.

clear interface linecard slot-number mac-resolver arp-cache

Syntax Description

slot-number

Number of the identified slot. Enter a value of 0.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.1.6

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to use this command:

SCE>enable 10 
Password:<cisco> 
SCE#clear interface linecard 0 mac-resolver arp-cache  
SCE#

Related Commands

Command
Description

clear arp-cache

Deletes all dynamic entries from the ARP cache.

mac-resolver arp

Adds a static IP entry to the MAC resolver database.

show interface linecard mac-resolver arp

Displays a listing of all IP addresses and corresponding MAC addresses currently registered in the MAC resolver database.


clear interface linecard subscriber anonymous all

Clears all anonymous subscribers in the system.

clear interface linecard slot-number subscriber anonymous all

Syntax Description

slot-number

Number of the identified slot. Enter a value of 0.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin


Caution Because the clear interface linecard subscriber anonymous all command clears all the anonymous subscribers in the Cisco SCE, do not use the command in a production environment. Using this command in a production environment impacts anonymous subscribers' accountability. Use the command only when the linecard interface is shut down.

Examples

The following example shows how to clear all anonymous subscribers:

SCE>enable 10 
Password:<cisco> 
SCE#clear interface linecard 0 subscriber anonymous all  
SCE#

Related Commands

Command
Description

no subscriber

Removes a specified subscriber from the system.

no subscriber anonymous-group

Deletes the anonymous group or removes it from the specified SCMP destination.

show interface linecard subscriber anonymous

Displays the subscribers in a specified anonymous subscriber group.


clear interface linecard subscriber db counters

Clears the "total" and "maximum" subscriber database counters.

clear interface linecard slot-number subscriber db counters

Syntax Description

slot-number

Number of the identified slot. Enter a value of 0.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to clear all anonymous subscribers:

SCE>enable 10 
Password:<cisco> 
SCE#clear interface linecard 0 subscriber db counters  
SCE#

Related Commands

Command
Description

show interface linecard subscriber db counters

Displays the subscriber database counters.


clear interface linecard TpReportCounters

To clear the following reports that are displayed, use the clear interface linecard TpReportCounters command in the user EXEC mode:

Total Number of Reports generated

Number of Reports successfully sent to the Control Processor(CP)

Number of Reports dropped at the corresponding Traffic Processor(TP)

clear interface lineCard slot-number TpReportCounters

Syntax Description

slot-number

Number of the identified slot. Enter a value of 0.


Command Default

None

Command Modes

User EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.x

This command was introduced.


Usage Guidelines

The authorization used is admin.

Examples

The following is sample output from the clear interface linecard TpReportCounters command:

SCE>enable 15
Password:<cisco>
SCE>clear interface linecard 0 TpReportCounters
SCE>

Related Commands

Command
Description

show interface lineCard slot-number TpReportCounters

Displays the total number of RDR reports generated, reports successfully sent to the CP and reports dropped at the corresponding TP.


clear interface linecard traffic-counter

Clears the specified traffic counter.

clear interface linecard slot-number traffic-counter {name | all}

Syntax Description

slot-number

Number of the identified slot. Enter a value of 0.

name

Name of the traffic counter to be cleared.

all

Clears all traffic counters.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to clear the traffic counter named counter1:

SCE>enable 10 
Password:<cisco> 
SCE#clear interface linecard 0 traffic-counter name counter1  
SCE#

Related Commands

Command
Description

show interface linecard traffic-counter

Displays information of a specified traffic counter.

traffic-counter

Defines a new traffic counter


clear interface linecard vas-traffic-forwarding vas counters health-check

Clears the VAS health check counters. Use the all keyword to clear counters for all VAS servers.

clear interface linecard slot-number vas-traffic-forwarding vas server-id number counters health-check

clear interface linecard slot-number vas-traffic-forwarding vas all counters health-check

Syntax Description

slot-number

The number of the identified slot. Enter a value of 0.

number

ID number of the specified VAS server for which to clear the counters.


Command Default

This command has no default settings.

Command Modes

Privilege Exec

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.0

This command was introduced.


Usage Guidelines

Use the all keyword to clear counters for all VAS servers.

Authorization: admin

Examples

This example illustrates how to clear the health check counters for all VAS servers.

SCE>enable 10 
Password:<cisco> 
SCE#clear interface linecard 0 vas-traffic-forwarding vas all counters health-check  
SCE#

Related Commands

Command
Description

vas-traffic-forwarding vas server-id health-check

Enables or disables the VAS health check, and defines the ports it should use.

show interface linecard vas-traffic-forwarding

Displays information regarding VAS configuration and operational status summary.


clear interface linecard vpn

Removes VLAN VPNs that were created automatically by the SCE platform.

clear interface linecard slot-number vpn automatic

Syntax Description

slot-number

The number of the identified slot. Enter a value of 0.


Command Default

This command has no default settings.

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.5.0

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example illustrates the use of this command.

SCE>enable 10 
Password:<cisco> 
SCE#clear interface linecard 0 vpn automatic  
SCE#

clear interface range

Clears all the specified interfaces.

clear interface range interface-type [sce-id/]bay-range/interface-range

Syntax Description

interface-type

For the SCE8000 10GBE, enter a value of tengigabitethernet.

For the SCE8000 GBE traffic ports (in bays 0 and 1), enter a value of gigabitethernet.

For the SCE8000 GBE cascade ports (in bays 2 and 3), enter a value of tengigabitethernet.

bay-range

For the SCE8000 10GBE, specify the range of bays in the format bay1-bay2, where the overall range of possible bay numbers is 0-3.

For the SCE8000 GBE traffic ports, enter a value of 0, 1, or 0-1.

For the SCE8000 GBE cascade ports, enter a value of 2, 3, or 2-3.

interface-range

For the SCE8000 10GBE, enter a value of 0 (cannot be a range).

For the SCE8000 GBE traffic ports, specify the range of ports in the format port1-port2, where the overall range of possible port numbers is 0 to 7.

For the SCE8000 GBE cascade ports, enter a value of 0 (cannot be a range).

sce-id

In an installation of two cascaded SCE8000 GBE platforms, identifies the specific SCE platform of the cascaded pair. Enter a value of 0 or 1.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.5.5

This command was introduced.


Usage Guidelines

The clear interface range command clears a group of interfaces with one command, with the limitation that all the interfaces in the group must be of the same physical and logical type.

For the SCE8000 10GBE platform, use the following command syntax:

clear interface range tengigabitethernet sce-id/bay-range/0

For the SCE8000 GBE platform traffic ports, use the following command syntax (the bay numbers are in the range of 0-1):

clear interface range gigabitethernet sce-id/bay-range/interface-range

For the SCE8000 GBE cascade ports, use the following command syntax (the bay numbers are in the range of 2-3):

clear interface range tengigabitethernet sce-id/bay-range/0

Authorization: admin

Examples

The following example shows how to clear all the traffic interfaces in SCE8000 platform 1 of a cascaded SCE8000 GBE system:

SCE>enable 10
Password:<cisco>
SCE#clear interface range gigabitethernet 1/0-1/0-7
SCE#
 
   

The following example shows how to clear the cascade interfaces in the same SCE8000 GBE platform:

SCE>enable 10
Password:<cisco>
SCE#clear interface range tengigabitethernet 1/2-3/0
SCE#
 
   

The following example shows how to clear all the interfaces in SCE8000 platform 1 of a cascaded SCE8000 10GBE system:

SCE>enable 10
Password:<cisco>
SCE#clear interface range tengigabitethernet 1/0-3/0
SCE#

Related Commands

Command
Description

show interface linecard counters

Displays the hardware counters for the line card interface.


clear logger

Clears the SCE platform logger (user log files). This operation erases the information stored in the user log files.

clear logger device {user-file-log | line-attack-file-log} [counters | nv-counters]

Syntax Description

device

Device name to be cleared. Choose user-file-log or line-attack-file-log.

counters

Clears the couters of the SCE platform logger.

nv-counters

Clears the nonvolatile counters for the entire log or for only the specified SCE platform.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

The user log files have a size limit, with new entries overwriting the oldest entries, so you do not need to regularly clear the log files. Use this operation when you are certain that the information contained in the logs is irrelevant and might be confusing (for example, when reinstalling the system at a new site whose administrators do not need old information).

The counters keyword clears the counters of the SCE platform logger (user log files). These counters keep track of the number of info, warning, error, and fatal messages.

The nv-counters keyword clears the nonvolatile counters for the entire log or for only the specified SCE platform. These counters are not cleared during bootup, and must be cleared explicitly by using this command.

Authorization: admin

Examples

The following example shows how to clear the SCE platform user log file:

SCE>enable 10 
Password:<cisco> 
SCE#clear logger device user-file-log  
Are you sure? Y  
SCE#

The following example shows how to clear the SCE platform user log file counters:

SCE>enable 10 
Password:<cisco> 
SCE#clear logger device user-file-log counters  
Are you sure? Y 
SCE#

The following example shows how to clear the user log file nonvolatile counters:

SCE>enable 10 
Password:<cisco> 
SCE#clear logger device user-file-log nv-counters  
Are you sure? Y 
SCE#

Related Commands

Command
Description

show logger device

Displays the configuration of the specified SCE platform logger file.

show log

Displays the contents of the user log file.


clear management-agent notifications counters

Clears the counters for the number of notifications sent to the management agent

clear management-agent notifications counters

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.3

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to clear the management agent notifications counters:

SCE>enable 10 
Password:<cisco> 
SCE#clear management-agent notifications counters  
SCE#

clear rdr-formatter

Clears the RDR formatter counters and statistics.

clear rdr-formatter

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to clear the RDR formatter counters:

SCE>enable 10 
Password:<cisco> 
SCE#clear rdr-formatter  
SCE#

Related Commands

Command
Description

show rdr-formatter counters

Displays the RDR formatter counters.


clear scmp name counters

Clears the counters for the specified SCMP peer device.

clear scmp name name counters

Syntax Description

name

Name of the SCMP peer device.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.5

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to clear the counters for the SCMP peer device named device_1:

SCE>enable 10 
Password:<cisco> 
SCE#clear scmp name device_1 counters  
SCE#

Related Commands

Command
Description

show scmp

Displays the SCMP (ISG) general configuration and status.


clock read-calendar

Synchronizes clocks by setting the system clock from the calendar.

clock read-calendar

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to update the system clock from the calendar:

SCE>enable 10 
Password:<cisco> 
SCE#clock read-calendar  
SCE#

Related Commands

Command
Description

calendar set

Sets the system calendar.

clock update-calendar

Synchronizes clocks by setting the calendar from the system clock.

show calendar

Displays the time maintained by the real-time system calendar clock.


clock set

Manually sets the system clock.

clock set hh:mm:ss day month year

Syntax Description

hh:mm:ss

Current local time in hours in 24-hour format, minutes, and seconds (hh:mm:ss).

day

Current day (date) in the month.

month

Current month (by 3-letter abbreviated name).

year

Current year using a 4-digit number.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Always coordinate between the calendar and clock by using the clock update-calendar command after setting the clock.

Authorization: admin

Examples

The following example shows how to set the clock to 20 minutes past 10 p.m. on January 13, 2006:

SCE>enable 10 
Password:<cisco> 
SCE#clock set 22:20:00 13 jan 2006  
SCE#clock update-calendar  
SCE#show clock  
22:21:10 UTC THU January 13 2006 
SCE#show calendar  
22:21:18 UTC THU January 13 2006 
SCE#

Related Commands

Command
Description

clock update-calendar

Synchronizes clocks by setting the calendar from the system clock.

show calendar

Displays the time maintained by the real-time system calendar clock.

show clock

Displays the time maintained by the system clock.


clock summertime

Configures the SCE platform to automatically switch to daylight saving time on a specified date, and also to switch back to standard time. In addition, the time-zone code can be configured to vary with daylight saving time if required. (For example, in the eastern United States, standard time is designated as EST, and daylight saving time is designated as EDT).

To cancel the daylight saving time transitions configuration, use the no form of this command.

clock summertime

no clock summertime

Syntax Description

zone

Code for the time zone for daylight saving time.

week1/week2

Week of the month on which daylight saving time begins (week1) and ends (week2). A day of the week, such as Monday, must also be specified. The week/day of the week is defined for a recurring configuration only.

Default: Not used

day1/day2

Day of the week on which daylight saving time begins (day1) and ends (day2).

For recurring configurations, day is a day of the week, such as Sunday.
(Use the first and last keywords to specify the occurrence of a day of the week in a specified month. For example, last Sunday March.)

For nonrecurring configurations, day is a date in the month, such as 28.

Defaults: day1 is second Sunday, day2 is first Sunday

month1/month2

Month in which daylight saving time begins (month1) and ends (month2).

Defaults: month1 is March, month2 is November

year1/year2

Year in which daylight saving time begins (year1) and ends (year2).

For nonrecurring configurations only.

Default: Not used

time1/time2

Time of day (24-hour clock) at which daylight saving time begins (time1) and ends (time2).

Required for all configurations.

Default: time1 and time2 is 2:00

offset

Difference in minutes between standard time and daylight saving time.

Default: 60


Command Default

For recurring configurations, offset is 60 minutes.

The following recurrent time changes are configured:

Daylight saving time begins at 2:00 (a.m.) on the second Sunday of March.

Daylight saving time ends at 2:00 (a.m.) on the first Sunday of November.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

The format of the command varies somewhat, depending on how the dates for the beginning and end of daylight saving time are determined for the particular location:

If daylight saving time always begins and ends on the same day every year (recurring, as in the United States):

Use the clock summertime recurring command.

Do not specify the year keyword.

If the start and end of daylight saving time is different every year (not recurring, as in Israel):

Use the clock summertime command.

Specify the year keyword.

Authorization: admin

General Guidelines

The following guidelines apply to configuring daylight saving time transitions:

Specify the time-zone code for daylight saving time.

For recurring configurations, specify a day of the month (week number/first|last/day of the week/month).

For nonrecurring configurations, specify a date (month/day of the month/year).

Define two days:

day1 is the beginning of daylight saving time.

day2 is the end of daylight saving time.

In the Southern hemisphere, month2 must be earlier than month1, because daylight saving time begins in the fall and ends in the spring.

Specify the exact time that the transition should occur (24-hour clock):

Time of transition into daylight saving time, according to local standard time

Time of transition out of daylight saving time, according to local daylight saving time

Recurring Configurations

For the clock summertime recurring command, the default values are the United States transition rules:

Daylight saving time begins at 2:00 (a.m.) on the second Sunday of March.

Daylight saving time ends at 2:00 (a.m.) on the first Sunday of November.

Use the recurring keyword if daylight saving time always begins and ends on the same day every year.

Specifying Explicit Days

To specify the occurrence of a day of the week in a specified month, use the first and last keywords. For example, last Sunday March.

For a nonrecurring configuration, use a specific date, including the year. For example, March 29, 2004.

For a recurring configuration, use week/day of the week/month (no year):

Use the first or last occurrence of a day of the week in a specified month. For example, last Sunday March (the last Sunday in March).

Use the day of the week in a specific week in a specified month. For example, 4 Sunday March (the fourth Sunday in March). This day is different from the last Sunday of a month that has five Sundays.

Examples

The following examples show how to use this command.

Example 1

The following example shows how to configure recurring daylight saving time for a time zone designated as DST:

Daylight saving time begins at 0:00 on the last Sunday of March.

Daylight savings time ends at 23:59 on the Saturday of the fourth week of November.

Offset is 1 hour (default).

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#clock summertime DST  
recurring last Sunday March 00:00 4 Saturday November 23:59  
SCE(config)#

Example 2

The following example shows how to configure nonrecurring daylight saving time for a time zone designated as DST:

Daylight savings time begins at 0:00 on April 16, 2007.

Daylight savings time ends at 23:59 October 23, 2007.

Offset is 1 hour (default).

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#clock summertime DST April 16 2005 00:00 October 23 2005 23:59  
SCE(config)#

Example 3

The following example shows how to cancel the daylight saving time configuration:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#no clock summertime 
SCE(config)#
 
   

Related Commands

Command
Description

clock set

Manually sets the system clock.

calendar set

Sets the system calendar.

show calendar

Displays the time maintained by the real-time system calendar clock.

show clock

Displays the time maintained by the system clock.


clock timezone

Sets the time zone so that the system can correctly interpret time-stamp data coming from systems located in other time zones.

To remove current time zone settings, use the no form of this command.

clock timezone zone hours [minutes]

no clock timezone

Syntax Description

zone

Name of the time zone to be displayed.

hours

Hours offset from UTC. This number must be an integer ranging from -23 to 23.

minutes

Minutes offset from UTC. This number must be an integer ranging from 0 to 59. Use this argument to specify an additional offset in minutes when the offset is not measured in whole hours.


Command Default

UTC (hours = 0)

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to set the time zone to Pacific Standard Time with an offset of 10 hours behind UTC:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#clock timezone PST -10  
SCE(config)#

Related Commands

Command
Description

calendar set

Sets the system calendar.

clock set

Manually sets the system clock.

show calendar

Displays the time maintained by the real-time system calendar clock.


clock update-calendar

Synchronizes clocks by setting the calendar from the system clock.

clock update-calendar

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to update the calendar according to the clock:

SCE>enable 10 
Password:<cisco> 
SCE#clock update-calendar  
SCE#

Related Commands

Command
Description

clock set

Manually sets the system clock.

calendar set

Sets the system calendar.

clock read-calendar

Synchronizes clocks by setting the system clock from the calendar.


configure

Enables the user to move from Privileged EXEC mode to Global Configuration mode.

configure

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

After you enter the configure command, the system prompt changes from <hostname># to <hostname>(config)#, indicating that the system is in Global Configuration mode. To leave Global Configuration mode and return to the Privileged EXEC mode prompt, use the exit command.

Authorization: admin

Examples

The following example shows how to enter Global Configuration mode:

SCE>enable 10 
Password:<cisco> 
SCE#configure  
SCE(config)#

Related Commands

Command
Description

exit

Exits from the current mode to the next "lower" mode.


connection-mode

Sets the connection mode parameters.

connection-mode connection-mode sce-id sce-id priority priority on-failure on-failure

Syntax Description

connection-mode

Establishes the connection:

inline—Single SCE platform inline

receive-only—Single SCE platform receive-only

inline-cascade—Two SCE platforms inline

receive-only-cascade—Two SCE platforms receive-only

sce-id

(Cascaded SCE platform topology only) Number that identifies the SCE platform in a cascaded pair. Choose 0 or 1.

In a pair of cascaded SCE8000 GBE platforms, this number allows the system to identify the traffic links, with links 0 to 7 connected through one SCE platform and links 8 to 15 on the other. These link numbers are used in the SCA BB Reporter reports as well as in the Global Control configuration menu in the SCA BB console.

priority

(Cascaded SCE platform topology only) Defines the primary SCE platform. Choose primary or secondary.

on-failure

(Inline topologies only) Determines system behavior on failure of the SCE platform. Choose bypass, cutoff, or external-bypass.


Command Default

The default for connection-mode is inline.

The default for sce-id is 0.

The default for priority is primary.

The defaults for on-failure are:

external-bypass for inline mode.

bypass for inline-cascade mode.

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines


Caution This command can be used only if the line card is in either no-application or shutdown mode.


Note The sce-id argument, which identifies the SCE platform, replaces the physically-connected-link argument, which identified the link. This change was required with the introduction of the SCE8000 GBE platform, which supports multiple links. However, for backward compatibility, the physically-connected-link argument is still recognized and the number of the link assigned to that argument (0 or 1) is defined as the SCE ID.


Authorization: admin

Examples

The following example shows how to configure the primary SCE 8000 platform in a two-SCE platform inline topology. This device is designated as SCE platform 0, and the behavior of the SCE platform if a failure occurs is bypass (default).

SCE>enable 10 
Password: <cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#connection-mode inline-cascade sce-id 0 priority primary on-failure bypass  
SCE(config if)#

Related Commands

Command
Description

show interface linecard connection-mode

Displays the current configuration of the SCE platform traffic-link connection.

show interface linecard physically-connected- links

Displays the link mapping for the line card interface.

show interface linecard cascade connection-status

Displays information about the connection between two cascaded SCE8000 platforms, using the cascade interfaces.

show interface linecard cascade peer-sce-information

Displays information about the peer SCE platform.


copy

Copies any file from a source directory to a destination directory on the local flash file system.

copy source-file destination-file

Syntax Description

source-file

Name of the original file.

destination-file

Name of the new destination file.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Both filenames should be in 8.3 format, that is, the names have a maximum of eight characters before the period and three characters after it.

Authorization: admin

Examples

The following example shows how to copy the local analysis.sli file located in the root directory to the applications directory:

SCE>enable 10 
Password:<cisco> 
SCE#copy analysis.sli applications/analysis.sli  
SCE#

Related Commands

Command
Description

copy ftp://

Uploads or downloads a file system using FTP.

copy-passive

Uploads or downloads a file using passive FTP.


copy ftp://

Uploads or downloads a file system using FTP.

copy ftp://username[:password]@server-address[:port]/path/source-file destination-file

copy source-file ftp://username[:password]@server-address[:port]/path/destination-file

Syntax Description

username

Username known by the FTP server.

password

Password of the given username.

server-address

Dotted decimal IP address of the FTP server.

port

(Optional) Port number on the FTP server.

source-file

Name of the source file.

When downloading a file, this source must be an FTP location.

destination-file

Name of the destination file.

When uploading a file, this destination must be an FTP location.

When downloading a file to the local flash file system, this filename should be in 8.3 format.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Use the following syntax for remote upload or download using FTP:

ftp://username[:password]@server-address[:port]/path/file

You can configure keyword shortcuts for the copy command using the following commands:

ip ftp password to configure a password shortcut

ip ftp username to configure a username shortcut

Authorization: admin

Examples

The following example shows how to download the ftp.sli file from the host 10.10.10.10 with the username user and the password a1234:

SCE>enable 10 
Password:<cisco> 
SCE#copy ftp://user:a1234@10.10.10.10/p:/applications/ftp.sli appl/analysis.sli  
SCE#
 
   

Related Commands

Command
Description

copy-passive

Uploads or downloads a file using passive FTP.

ip ftp password

Specifies the password to be used for FTP connections for the current session.

ip ftp username

Configures the username for FTP connections for the current session.


copy-passive

Uploads or downloads a file using passive FTP.

copy-passive source-file ftp://username[:password]@server-address[:port]/path/destination-file [overwrite]

copy-passive ftp://username[:password]@server-address[:port]/path/source-file destination-file

Syntax Description

source-file

Name of the source file.

When downloading a file, this source must be an FTP location.

username

Username known by the FTP server.

password

Password of the given username.

server-address

Dotted decimal IP address.

port

(Optional) Port number on the FTP server.

destination-file

Name of the destination file.

When uploading a file, this destination must be an FTP location.

overwrite

Allows the command to overwrite an existing file.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Use the following syntax for remote upload or download using FTP:

ftp://username[:password]@serveraddress[:port]/path/file

You can configure keyword shortcuts for the copy command using the following commands:

ip ftp password to configure a password shortcut

ip ftp username to configure a username shortcut

Authorization: admin

Examples

The following example shows how to download the analysis.sli file from the host 10.10.10.10 with the username user and the password a1234:

SCE>enable 10 
Password:<cisco>0 
SCE#copy-passive ftp://user:a1234@10.10.10.10/p:/applications/analysis.sli 
appl/analysis.sli 
SCE#

Related Commands

Command
Description

copy ftp://

Uploads or downloads a file system using FTP.

ip ftp password

Specifies the password to be used for FTP connections for the current session.

ip ftp username

Configures the username for FTP connections for the current session.


copy running-config-application startup-config-application

To enable the task of copying the currently running configuration application to the startup configuration application in the Cisco SCE platform, use the copy running-config-application startup-config-application command in the privileged EXEC mode.

copy running-config-application startup-config-application

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.x

This command was introduced.


Usage Guidelines

The authorization used is root.

Examples

The following is sample output from the copy running-config-application startup-config-application command:

SCE>enable 15 
Password:<cisco> 
SCE#>copy running-config-application startup-config-application
Writing application configuration file to temporary location...
Removing old application configuration file...
Renaming temporary application configuration file with the final file's name...
SCE#>
 
   
 
   
 
   
 
   
 
   
 
   
 
   
 
   
 
   
 
   
 
   

Related Commands

Command
Description

more running-config-all

Displays the contents of all the currently running configuration files.

more running-config-application

DisplayS the contents of the currently running configuration application in the SCE platform.

more startup-config-all

Displays the contents of all the startup configuration files.

more startup-config-application

DisplayS the contents of the startup configuration application files in the Cisco SCE platform

show running-config-all

Displays the contents of all the running configuration files.

show running-config-application

Displays the contents of the currently running configuration application in the SCE platform.

show startup-config-all

Displays the contents of all the startup configuration files.

show startup-config-application

Displays the contents of the startup configuration application files in the SCE platform.


copy running-config-party-db startup-config-party-db

To enable the task of copying the currently running configuration party database to the startup configuration party database of the static parties that are configured on the Cisco SCE platform, use the copy running-config-party-db startup-config-party-db command in the privileged EXEC mode.

copy running-config-party-db startup-config-party-db

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.x

This command was introduced.


Usage Guidelines

The authorization used is root.

Examples

The following is sample output from the copy running-config-party-db startup-config-party-db command:

SCE>enable 15 
Password:<cisco> 
SCE#>copy running-config-party-db startup-config-party-db
SCE#>show startup-config-party-db                         
#This is a party database configuration file (running-config-party-db) for static parties 
only.
#Created on 13:34:53  UTC  TUE  July  12  2011
#cli-type 1
#version 1
hw-bypass mode
party name "N/A"
party name "[party-name]"
party mapping ip-address 24.11.52.128 name [party-name]
party mapping ip-address 110.10.10.10 name [party-name]
party name  [party-name] hw-bypass
SCE#>
 
   
 
   
 
   
 
   
 
   

Related Commands

Command
Description

show running-config-all

Displays the contents of all the running configuration files.

show running-config-party-db

Displays the contents of the currently running party database configuration for the static parties that are configured on the SCE platform.

show startup-config-all

Displays the contents of all the startup configuration files.

show startup-config-party-db

Displays the startup party database configuration of the static parties that are configured on the SCE platform.


copy running-config startup-config

Builds a configuration file called config.txt that contains general configuration commands. This file is used in successive boots.

copy running-config startup-config

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

This command must be entered to save newly configured parameters so that they will be effective after a reboot. To view the running configuration before saving it, use the more running-config command.

The old configuration file is automatically saved in the /system/prevconf directory.

Authorization: admin

Examples

The following example shows how to save the current configuration for successive boots:

SCE>enable 10 
Password:<cisco> 
SCE#copy running-config startup-config  
Backing-up configuration file... 
Writing configuration file... 
SCE#

Related Commands

Command
Description

more

Displays the contents of a file.

show running-config

Displays the current configuration.


copy source-file ftp://

Uploads a file to a remote station using FTP.

copy source-file ftp://username[:password]@server-address[:port]/path/destination-file

Syntax Description

source-file

Name of the source file located in the local flash file system.

username

Username known by the FTP server.

password

Password of the given username.

server-address

Dotted decimal IP address.

port

(Optional) Port number on the FTP server.

destination-file

Name of the file to be created in the FTP server.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Use the following syntax for remote upload or download using FTP:

ftp://username[:password]@serveraddress[:port]/path/file

You can configure keyword shortcuts for the copy command using the following commands:

ip ftp password to configure a password shortcut

ip ftp username to configure a username shortcut

Authorization: admin

Examples

The following example shows how to upload the analysis.sli file located on the local flash file system to the host 10.1.1.105:

SCE>enable 10 
Password:<cisco> 
SCE#copy /appl/analysis.sli ftp://myname:mypw@10.1.1.105/p:/applications/analysis.sli  
SCE#

Related Commands

Command
Description

copy ftp://

Uploads or downloads a file system using FTP.


copy source-file startup-config

Copies the specified source file to the startup-config file.

The command uploads a backup configuration file created using the copy startup-config destination-file command. In a cascaded solution, you can copy the configuration from one SCE platform to the other.

copy source-file startup-config

Syntax Description

source-file

Name of the backup configuration file. Choose either:

ftp://user:pass@host/drive:/dir/bckupcfg.txt

/system/preconf


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.0

This command was introduced.


Usage Guidelines

The source filename should be in 8.3 format, that is, the names have a maximum of eight characters before the period and three characters after it.

Authorization: admin

Examples

The following example shows how to upload a backup configuration file:

SCE>enable 10 
Password:<cisco> 
SCE#copy ftp://user:pass@host/drive:/dir/bakupcfg.txt startup-config  
SCE#

Related Commands

Command
Description

copy startup-config destination-file

Copies the startup-config file to the specified destination file.


copy startup-config destination-file

Copies the startup-config file to the specified destination file.

The command creates a backup configuration file. In a cascaded solution, you can copy the configuration from one SCE platform to the other. The file created by this command can be uploaded to the second SCE platform using the copy source-file startup-config command.

copy startup-config destination-file

Syntax Description

destination-file

Name of the file to which the configuration is copied. Choose either:

ftp://user:pass@host/drive:/dir/bckupcfg.txt

/system/prevconf


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.0

This command was introduced.


Usage Guidelines

The destination filename should be in 8.3 format, that is, the names have a maximum of eight characters before the period and three characters after it.

Authorization: admin

Examples

The following example shows how to create a backup configuration file:

SCE>enable 10 
Password:<cisco> 
SCE#copy startup-config ftp://user:pass@host/drive:/dir/bckupcfg.txt  
SCE#

Related Commands

Command
Description

copy source-file startup-config

Copies the specified source file to the startup-config file.


copy startup-config-party-db backupfile

To enable the task of copying the startup configuration party database and create a backup file of the configured static parties in the Cisco SCE platform, use the copy startup-config-party-db backup-file command in the privileged EXEC mode.

copy startup-config-party-db backup-file name

Syntax Description

backup-file name

Name of the backup file to which the startup configuration party database is copied.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.x

This command was introduced.


Usage Guidelines

The authorization used is root.

Examples

The following is sample output from the copy startup-config-party-db backupfile command:

SCE>enable 15 
Password:<cisco> 
SCE#>copy startup-config-party-db partydbcfgbackup.txt
SCE#>more partydbcfgbackup.txt
#This is a party database configuration file (running-config-party-db) for static parties
only.
#Created on 13:34:02 UTC TUE July 12 2011
#cli-type 1
#version 1
hw-bypass mode
party name "N/A"
party name "[party-name]"
party mapping ip-address 24.11.52.128 name [party-name]
party mapping ip-address 110.10.10.10 name [party-name]
party name  [party-name] hw-bypass
SCE#>
 
   
 
   
 
   
 
   
 
   

Related Commands

Command
Description

more running-config-all

Displays the contents of all the currently running configuration files.

more startup-config-all

Displays the contents of all the startup configuration files.

show running-config-all

Displays the contents of all the currently running configuration files.

show running-config-party-db

Displays the contents of the currently running party database configuration for the static parties that are configured on the SCE platform.

show startup-config-all

Displays the contents of all the startup configuration files.

show startup-config-party-db

Displays the contents of the startup configuration party database of the static parties that are configured in the SCE platform.


cpa-client destination

Configures the destination CPA server.

cpa-client destination ip-address port port#

no cpa-client destination

Syntax Description

ip-address

IP address of the destination CPA server.

port#

Port number of the CPA server.


Command Default

None

Command ModesI

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.x

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how configure the destination of the CPA client.

SCE>enable 10 
password:<cisco> 
SCE#>config 
SCE(config)#interface linecard 0 
SCE(config if)#cpa-client destination 10.10.10.20 port 135 
SCE(config if)#

Related Commands

Command
Description

show interface linecard cpa-client

Displays the current configuration of the CPA client.


cpa-client retries

Configures the number of retries to make if a request to the CPA server times out.

cpa-client retries number

no cpa-client retries

Syntax Description

number

Number of retries to allow for the CPA server.


Command Default

None

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.x

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how configure the number of retries for the CPA client.

SCE>enable 10 
password:<cisco> 
SCE#>config 
SCE(config)#interface linecard 0 
SCE(config if)#cpa-client retries 5 
SCE(config if)#

Related Commands

Command
Description

show interface linecard cpa-client

Displays the current configuration of the CPA client.


default subscriber template all

Removes all user-defined subscriber templates from the system. Only the default template remains.

default subscriber template all

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to remove all user-defined subscriber templates:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)# default subscriber template all  
SCE(config if)#

Related Commands

Command
Description

subscriber template import csv-file

Imports a subscriber template from the specified CSV file, according to the party template.

show interface linecard subscriber templates

Displays a specified subscriber template.


delete

Deletes a file from the local flash file system.

delete filename [/recursive]

Syntax Description

filename

Name of the file or directory to be deleted.

/recursive

Deletes a complete directory and its contents. When used with this switch, the filename argument specifies a directory rather than a file.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to delete the file oldlog.txt:

SCE>enable 10 
Password:<cisco> 
SCE#delete oldlog.txt  
SCE#

The following example shows how to delete the directory oldlogs:

SCE>enable 10 
Password:<cisco> 
SCE#delete oldlogs /recursive  
3 files and 1 directories will be deleted. 
Are you sure? y  
3 files and 1 directories have been deleted. 
SCE#

Related Commands

Command
Description

dir

Displays the files in the current directory.

rmdir

Removes an empty directory.


diameter

Starts the diameter stack.

To stop the stack, use the no form of this command.

To reset the stack to the default state (stopped), use the default form of this command.

diameter

no diameter

default diameter

Syntax Description

This command has no arguments or keywords.

Command Default

Diameter stack is stopped.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

Stopping the stack using this command is a brute force shutdown. All messages and states may be lost.

Authorization: admin

Examples

The following example shows how to stop the stack.

SCE>enable 10 
Password:<cisco> 
SCE# configure 
SCE(config)#no diameter
SCE(config)#

Related Commands

Command
Description

show diameter

Displays the current diameter stack state.


diameter Gx

Starts the Gx application.

To stop the Gx application, use the no form of this command.

diameter Gx

no diameter Gx

Syntax Description

This command has no arguments or keywords.

Command Default

Gx application is stopped.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to stop the Gx application.

SCE>enable 10 
Password:<cisco> 
SCE# configure 
SCE(config)#no diameter Gx
SCE(config)#

Related Commands

Command
Description

show diameter Gx

Displays the current Gx application state.


diameter Gx failure-grace-time

Configures Gx detection time out. If no connection to any server is detected for the configured length of time, all diameter sessions are closed and a new connection must be established. The sessions will be reopened once a connection is reestablished.

To reset the grace period to the default, use the default form of this command.

diameter Gx failure-grace-time time

default Gx failure-grace-time

Syntax Description

time

Detection grace period in seconds.


Command Default

300 seconds

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to use this command.

SCE>enable 10
Password:<cisco>
SCE# configure 
SCE(config)#diameter Gx failure-grace-time 360
SCE(config)#

Related Commands

Command
Description

show diameter Gx

Displays the current Gx application configuration.


diameter Gx PCRF-connection-failure-grace-time

Configures the diameter Gxconnection failure grace period.

To reset the grace period to the default, use the default form of this command.

diameter Gx pcrf-connection-failure-grace-time time

default diameter Gx pcrf-connection-failure-grace-time

Syntax Description

time

Grace period in seconds.


Command Default

150 seconds

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

Failover functions as follows:

If a connection fails and is reestablished within the failover grace period, no failover action is taken

If a connection fails and is not reestablished within the failover grace period, failover action is taken.

If a server fails, all its sessions remain open for the failover grace period. After that period has expired, all the server sessions are closed and reopened on secondary server.

If a server fails on a system using session-sharing, no failover action is taken.

Authorization: admin

Examples

The following example shows how to use this command.

SCE>enable 10
Password:<cisco>
SCE# configure
SCE(config)#diameter Gx pcrf-connection-failure-grace-time 120
SCE(config)#

Related Commands

Command
Description

show diameter Gx

Displays the current Gx application configuration.


diameter Gx tx-timer

Configures the transmit timeout value for messages.

To reset the tx timeout to the default value, use the default form of this command.

diameter Gx tx-timer time

default diameter Gx tx-timer

Syntax Description

time

Timeout interval in seconds.


Command Default

5 seconds

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

If the PCRF does not respond to a Gx message in the configured tx-timer seconds, the message is considered timed out. The message is dumped if it arrives after tx-timer expires.

Authorization: admin

Examples

The following example shows how to use this command.

SCE>enable 10
Password:<cisco>
SCE# configure
SCE(config)#diameter Gx tx-timeout 20
SCE(config)#

Related Commands

Command
Description

show diameter Gx

Displays the current Gx application configuration.


diameter gx virtual-gi vlan-id

Configures the mapping of VLAN ID to virtual Gi ID.

To disable the configuration, use the no form of this command.

diameter gx virtual-gi vlan-id vlan-id mapping value1

no diameter gx virtual-gi mapping vlanid value

no diameter gx virtual-gi mapping all

Syntax Description

vlan-id

VLAN tag (1-4094) to be mapped to virtual Gi ID.

value1

Virtual Gi ID (1-255).

all

Removes all configured mappings.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.

3.7.x

This command was modified.


Usage Guidelines

The VLAN ID (1-4094) retrieved by SCE 8000 from the subscriber traffic is mapped to a static virtual Gi ID (1-255).

Authorization: admin

Examples

The following example shows how to enable TACACS+ accounting for the admin privilege level (10):

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)# diameter Gx virtual-gi vlan-id 2 mapping 3 
SCE(config)#

Related Commands

Command
Description

subscriber virtual-gi-mode

Enables virtual Gi mode.

VLAN symmetric classify

Specifies the VLAN tag as subscriber.


diameter Gy subscriber-attribute-mapping

Maps the specified PS Information AVP (3GPP-charging-characteristics) into the specified realm.

diameter Gy subscriber-attribute-mapping attribute-name 3GPP-charging-characteristics attribute-value attribute-value realm-id realm-id

Syntax Description

attribute-value

The PS Information AVP to be mapped to the realm.

realm-id

Name of the realm.

Note The specified realm must be configured in the realm table. If no such realm was configured (or configuration was removed), the first realm in the table is used as default.


Command Default

As configured for peer.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to use this command. This example maps all subscriber s that logged in with VSA attribute 3GPP-charging-characteristics value = 0800 to the realm called `PrePaidSubsRealm'.


Note If the specified realm is not found in the realm table, the first realm in the table is used as default.


SCE>enable 10
Password:<cisco>
SCE# configure
SCE(config)#diameter Gy subscriber-attribute-mapping attribute-name 
3GPP-charging-characteristics attribute-value 0800 realm-id PrePaidSubsRealm
SCE(config)#

diameter Gy tx-timer

Configures the transmit timeout value for messages.

To reset the tx timeout to the default value, use the default form of this command.

diameter Gy tx-timer time

default diameter Gy tx-timer

Syntax Description

time

Timeout interval in seconds.


Command Default

5 seconds

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

If the PCRF does not respond to a Gy message in the configured tx-timer seconds, the message is considered timed out. The message is dumped if it arrives after tx-timer expires.

Authorization: admin

Examples

The following example shows how to use this command.

SCE>enable 10
Password:<cisco>
SCE# configure
SCE(config)#diameter Gy tx-timeout 20
SCE(config)#

Related Commands

Command
Description

show diameter Gy

Displays the current Gy application configuration.


diameter host

Configures the diameter host IP address.

To return to the default diameter host IP address, use the no form of this command.

diameter host ip-address

no diameter host

Syntax Description

ip-address

IP address of the host.


Command Default

ip-address = Management interface IP address

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.x

This command was introduced.


Usage Guidelines

By default, the IP address the diameter stack uses is the IP address that is configured for the management interface. Use this command to configure a different IP address for the diameter stack.


Caution Run this command only when the stack is stopped. Use the no diameter command to stop the stack.

Authorization: admin

Examples

The following example shows how to use this command.

SCE>enable 10
Password:<cisco>
SCE# configure
SCE(config)#no diameter
SCE(config)#diameter host 1.1.1.1

Note The IP address configured in the above CLI 'diameter host 1.1.1.1' should be present either physically or logically in the SCE box. Otherwise, the diameter stack will fail to start.


Related Commands

Command
Description

show diameter

Displays the current diameter stack state.


diameter origin-realm

Configures the name of the stack realm.

To reset the stack realm to the default, use the default form of this command.

diameter origin-realm realm

default diameter origin-realm

Syntax Description

realm

Name of the realm.


Command Default

sce.cisco.com

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines


Caution Run this command only when the stack is stopped. Use the no diameter command to stop the stack.

Authorization: admin

Examples

The following example shows how to use this command.

SCE>enable 10 
Password:<cisco> 
SCE# configure 
SCE(config)#no diameter
SCE(config)#diameter origin-realm realm1

Related Commands

Command
Description

no diameter

Stops the diameter stack.


diameter peer

Adds an entry to the peer table.

To remove an entry from the peer table, use the no form of this command.

To clear the peer table, removing all the entries, use the no diameter peer all command.

diameter peer name peer-host ip-address [port port#]

no diameter peer name

no diameter peer all

Syntax Description

name

Name to be assigned to the entry in the peer table

ip-address

IP address of the host

Note A peer is defined by an URI. This means that the same IP can not be used on different ports to distinguish between two servers except when a DNS is used.

port#

Port number used.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

The peer table holds a list of all the peers with which the SCE has a direct connection. The information for each entry includes:

Peer host - The host IP

Peer port

State - Up, Down, or N/A (stack is not currently activated). This information is non-configurable.

Peer name - Name assigned by this command


Note Removing a peer from the peer table removes all the peer related configuration information from the Routing table and from the forwarding scheme.


General Guidelines

Do not assign the same IP address to two peers, even if the port numbers are different, unless they are in different domains.

To remove one entry from the peer table, use the no diameter peer name command.

To clear the peer table, use the use the no diameter peer all command.

Authorization: admin

Examples

Example 1

The following example shows how to add an entry to the peer table for a peer named "test_peer".

SCE>enable 10 
Password:<cisco> 
SCE# configure 
SCE(config)#diameter peer test_peer peer-host 1.1.1.1

Example 2

The following example shows how to clear the peer table.

SCE>enable 10 
Password:<cisco> 
SCE# configure 
SCE(config)#no diameter peer all

Related Commands

Command
Description

show diameter peer

Displays the specified peer table entry.

show diameter peer-table

Displays the peer table.


diameter port

Configures the stack host.

To reset the stack port to the default, use the default form of this command.

diameter port port

default diameter port

Syntax Description

port

Port number to be used by the stack.


Command Default

3868

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines


Caution Run this command only when the stack is stopped. Use the no diameter command to stop the stack.

Authorization: admin

Examples

The following example shows how to use this command.

SCE>enable 10
Password:<cisco>
SCE# configure
SCE(config)#no diameter
SCE(config)#diameter port 3333

Related Commands

Command
Description

no diameter

Stops the diameter stack.


diameter realm

Adds an entry to the routing table.

To remove an entry from the routing table, use the no form of this command.

To clear the routing table, removing all the entries, use the no diameter realm all command.

diameter realm realm-name (Gx|Gy) peer peer-name priority priority

no diameter realm realm-name [Gx|Gy] peer peer-name

no diameter realm all

Syntax Description

realm-name

Name of the realm.

Gx or Gy

Indicate whether the application is Gx or Gy.

Required when adding a peer.

Optional when removing a peer entry, depending on whether you are removing only the entry for a specific application or removing entires for both applications.

peer-name

Name of the peer. (See the diameter peer command)

priority

Priority assigned to the peer within the forwarding scheme. (0-99)

Priority is optional for the first peer entry for a realm, but required for all subsequent peer entries.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

The routing table contains the peer application support and the forwarding scheme priority information. The information for each entry includes:

peer name

supported application (Gx or Gy)

realm

priority

General Guidelines

Priority is required except for the first peer entry assigned to a realm. If a priority is not assigned to the first peer entry for a realm, a priority of 100 is assigned automatically.

In the Gx application there is one realm with many peers supporting that realm.

In the Gy application there can be several realms, each with multiple peers.

Peers can support more than one application.

To remove the entry for a peer only for a specific application, specify Gx or Gy in the no form of the command. If you do not specify the application, if two peer entries exist, they will both be removed.

To clear the routing table use the no diameter realm all command.

Authorization: admin

Examples

Example 1

The following example shows how to add a route.

SCE>enable 10 
Password:<cisco> 
SCE# configure 
SCE(config)#diameter realm test_realm.cisco.com Gy peer test_peer

Example 2

The following example shows how delete one entry from the routing table.

SCE>enable 10 
Password:<cisco> 
SCE# configure 
SCE(config)#no diameter realm test_realm.cisco.com Gy peer test_peer

Example 3

The following example is similar to Example 2, but it removes both entries for the specified peer from the routing table.

SCE>enable 10 
Password:<cisco> 
SCE# configure 
SCE(config)#no diameter realm test_realm.cisco.com peer test_peer
 
   

Related Commands

Command
Description

show diameter realm

Displays all routing table entries for the specified realm

show diameter routing table

Displays the routing table.


diameter realm forwarding-mode

Configures the forwarding mode for the specified realm and application.

diameter realm realm-name(Gx |Gy) forwarding-mode (load-balancing| high-availability [shared-session-on [stickness-on |stickness-off]| shared-session-off])

Syntax Description

realm-name

Name of the realm.

Gx or Gy

Indicate whether the forwarding mode applies to Gx or Gy applications.


Command Default

Load-Balancing

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

Load Balancing

Load balancing is completed by round robin using the available servers. The available servers are round robin cycled per session and not per message, meaning the messages for a specific session are all sent to the same server.

When a server fails, it is removed from the round robin.

High Availability (Failover)

When the high availably scheme is used, there is no load balancing between servers. The high availability scheme is strictly an active and standby scheme.

Each server is assigned a priority. Only the server with the highest priority handles the session. When the active server fails, all new sessions will be started on the next server in the priority list order.

High availability mode has additional options:

shared-session-on: Sessions are common to all servers, and therefore sessions on a failed server do not need to be reopened on a different server if the server fails.

stickiness-on: Sessions move back to the original server when it restarts.

stickiness-off: Sessions do not move back to the original server when it restarts.

shared-session-off: Sessions are not common to all servers, and therefore sessions on a failed server must be reopened on a different server if the server fails.

Authorization: admin

Examples

The following example shows how to configure high-availability forwarding mode where the sessions will be common to all servers and will not return to the original server after failure when that server restarts.

SCE>enable 10 
Password:<cisco> 
SCE#configure 
SCE(config)#diameter realm test_realm.cisco.com Gy forwarding-mode high-availability 
shared-session-on stickiness-off
SCE(config)#

Related Commands

Command
Description

show diameter forwarding-mode

Displays the forwarding mode table.


diameter tx-timer

Configures the diameter transmit timeout value for messages.

To reset the timeout to the default, use the default form of this command.

diameter tx-timer time

default diameter tx-timer

Syntax Description

time

Timeout interval in seconds. Range is 5-6000.


Command Default

30 seconds

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to use this command.

SCE>enable 10
Password:<cisco>
SCE# configure
SCE(config)#diameter tx-timeout 20
SCE(config)#

Related Commands

Command
Description

show diameter

Displays the current diameter stack state.


dir

Displays the files in the current directory.

dir [applications] [-r]

Syntax Description

applications

Filters the list of files to display only the application files in the current directory.

-r

Includes all files in the subdirectories of the current directory, as well as the files in the current directory.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to display the files in the current directory (root):

SCE>enable 10 
Password:<cisco> 
SCE#dir  
File list for /system/ 
512TUE JAN 01 00:00:00 1980LOGDBG DIR 
512TUE JAN 01 00:00:00 1980LOG DIR 
7653 TUE JAN 01 00:00:00 1980FTP.SLI 
29 TUE JAN 01 00:00:00 1980SCRIPT.TXT 
512 TUE JAN 01 00:00:00 1980SYSTEM DIR 
SCE#

Related Commands

Command
Description

pwd

Displays the current working directory.

cd

Changes the path of the current working directory.


disable

Moves the user from a higher level of authorization to a lower user level.

disable level

Syntax Description

level

User authorization level (0, 5, 10, 15) as specified in CLI Authorization Levels.


Command Default

None

Command Modes

Privileged EXEC and Viewer

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Use this command with the level argument to lower the user privilege level, as illustrated in Figure 2-1. If a level is not specified, it defaults to User mode.

Figure 2-1 Disable Command

Note that you must exit to Privileged EXEC command mode to use this command.

Authorization: user

Examples

The following example shows how to change from root to admin mode:

SCE>enable 15 
Password:<cisco> 
SCE#>disable 10  
SCE#

Related Commands

Command
Description

enable

Allows the user to access a higher authorization level.


do

Executes an EXEC mode command (such as a show command) or a privileged EXEC command (such as show running-config) without exiting to the relevant command mode.

do command

Syntax Description

command

Command to be executed.


Command Default

None

Command Modes

All configuration modes

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.0

This command was introduced.


Usage Guidelines

Use this command when in any configuration command mode (global configuration, linecard configuration, or any interface configuration) to execute a User EXEC or Privileged EXEC command.

Enter the entire command with all parameters as you would if you were in the relevant command mode.

Authorization: admin

Examples

The following example assumes that the on-failure action of the SCE platform has been changed to bypass. The connection mode configuration is then displayed to verify that the parameter was changed. The do command is used to avoid having to exit to User EXEC mode.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#connection-mode on-failure bypass  
SCE(config if)#do show interface linecard 0 connection-mode  
slot 0 connection mode 
Connection mode is inline 
slot failure mode is bypass 
Redundancy status is standalone 
SCE(config if)#

duplex

Configures the duplex operation of the GigabitEthernet management interface.

duplex [mode]

no duplex

Syntax Description

mode

Sets duplex operation to one of the following modes:

full—Full duplex

half—Half duplex

auto—Auto-negotiation (do not force duplex on the link)


Command Default

The default duplex mode is auto.

Command Modes

GigabitEthernet Interface Configuration

Mng Interface Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Use this command to configure the duplex mode of the GigabitEthernet management interface.

If the speed of the management interface is configured to auto (see the speed command), changing this configuration has no effect.

Authorization: admin

Examples

The following example shows how to configure the management port to auto mode.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface mng 0/1 
SCE(config if)#duplex auto  
SCE(config if)#

Related CommandsE

Command
Description

speed

Configures the speed of the management interface.

show interface mng

Displays the details of the GigabitEthernet management interface.


enable

Enables the user to access a higher authorization level.

enable [level]

Syntax Description

level

User authorization level (0, 5, 10, 15) as specified in CLI Authorization Levels.


Command Default

The default authorization level is admin (10).

Command Modes

User EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Figure 2-2 shows the authorization levels.

Figure 2-2 Enable Command

If a level is not specified, it defaults to admin authorization (level 10).

Note that you cannot use the enable command from Privileged EXEC or any of the configuration command modes.

Authorization: user

Examples

The following example shows how to access the administrator authorization level. Note that the prompt changes from SCE> to SCE#, indicating that the level is the administrator privilege level.

SCE>enable 
Password:<cisco> 
SCE#

Related Commands

Command
Description

disable

Moves the user from a higher level of authorization to a lower user level.

enable password

Configures a password for the specified authorization level.


enable password

Configures a password for the specified authorization level, which prevents unauthorized users from accessing the SCE platform.

To disable the password for the specified authorization level, use the no form of this command.

enable password [level level] [encryption-type ] [password]

no enable password [level level]

Syntax Description

level

User authorization level (0, 5, 10, 15) as specified in CLI Authorization Levels. If no level is specified, the default is admin (10).

encryption-type

If you want to enter the encrypted version of the password, set the encryption type to 5, which specifies the algorithm used to encrypt the password.

password

Sets a regular or encrypted password for the access level. If you specify encryption-type, you must supply an encrypted password.


Command Default

The default authorization level is admin (10).

The default password is cisco.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

After the command is entered, any user executing the enable command must supply the specified password. The following conditions apply to passwords:

Must be at least 4 and no more than 100 characters long

Can contain any printable characters

Must begin with a letter

Cannot contain spaces

Are case-sensitive

Authorization: admin

Examples

The following example shows how to set a level 10 password:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#enable password level 10 a123*man  
SCE(config)#

Related Commands

Command
Description

enable

Allows the user to access a higher authorization level.

service password-encryption

Enables password encryption.


end

Exits from Global Configuration mode or an interface configuration mode to the User EXEC authorization level.

end

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Interface Linecard Configuration

Interface GigabitEthernet Configuration

Interface Range GigabitEthernet Configuration

Interface TenGigabitEthernet Configuration

Interface Range TenGigabitEthernet Configuration

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.5.5

This command was introduced.


Usage Guidelines

Use this command to exit to the User EXEC authorization level in one command, rather than having to execute the exit command twice. The system prompt changes to reflect the lower-level mode.

Authorization: admin

Examples

The following example shows how to use this command:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#end 
SCE#
 
   
 
   
 
   
 
   
 
   
 
   

Related Commands

Command
Description

configure

Enables the user to move from Privileged EXEC mode to Configuration mode.

interface gigabitethernet

Enters GigabitEthernet Interface Configuration mode.

interface range gigabitethernet

Enters a GigabitEthernet Interface Configuration mode for two or more GBE line interfaces.

interface tengigabitethernet

Enters TenGigabitEthernet Interface Configuration mode for the 10GBE line interfaces.

interface range tengigabitethernet

Enters TenGigabitEthernet Interface Configuration mode for two or more 10GBE line interfaces.

interface linecard

Enters Interface Linecard Configuration mode.

line vty

Enters Line Configuration mode for Telent lines, which configures all Telnet lines.


erase startup-config-all

Removes all current configurations by removing all configuration files.

erase startup-config-all

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.0

This command was introduced.


Usage Guidelines

The following data is deleted by this command:

General configuration files

Application configuration files

Static party DB files

Management agent installed MBeans

After using this command, the SCE platform should be reloaded immediately to ensure that it returns to the "factory default" state.

To create a backup of the current configuration before it is deleted, use the copy startup-config destination-file command.

Authorization: admin

Examples

The following example shows how to erase the startup configuration:

SCE>enable 10 
Password:<cisco> 
SCE#erase startup-config-all  

Related Commands

Command
Description

reload

Reboots the SCE platform.

copy startup-config destination-file

Copies the startup-config file to the specified destination file.


exit

Exits from the current mode to the next "lower" mode. When executed from Privileged EXEC or User EXEC mode, the command logs out of the CLI session.

exit

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

All

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Use this command each time you want to exit a mode. The system prompt changes to reflect the lower-level mode.


Tip Use the end command to exit to the User EXEC authorization level.


Authorization: admin

Examples

The following example shows how to exit from Interface Linecard Configuration mode to Global Configuration mode and then to Privileged EXEC mode and then log out:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#exit  
SCE(config)#exit  
SCE#exit 
Connection closed by foreign host.
 
   
 
   
 
   
 
   
 
   
 
   
 
   

Related Commands

Command
Description

configure

Enables the user to move from Privileged EXEC mode to Configuration mode.

interface gigabitethernet

Enters GigabitEthernet Interface Configuration mode.

interface range gigabitethernet

Enters a GigabitEthernet Interface Configuration mode for two or more GBE line interfaces.

interface tengigabitethernet

Enters TenGigabitEthernet Interface Configuration mode for the 10GBE line interfaces.

interface range tengigabitethernet

Enters TenGigabitEthernet Interface Configuration mode for two or more 10GBE line interfaces.

interface linecard

Enters Interface Linecard Configuration mode.

line vty

Enters Line Configuration mode for Telent lines, which configures all Telnet lines.


external-bypass

Manually activates the external bypass modules.

To deactivate the external bypass modules, use the no form of this command.

To return the external bypass module to the default state (deactivated), use the default form of this command.

external-bypass

no external-bypass

default external-bypass

Syntax Description

This command has no arguments or keywords.

Command Default

The external bypass module is deactivated.

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.1.6

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to use this command:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#external-bypass 
SCE(config if)#

Related Commands

Command
Description

show interface linecard external-bypass

Displays the state of the external bypass module.


failure-recovery operation-mode

Specifies the operation mode to be applied when the system reboots after a failure.

If you use the default form of the command, you do not have to specify the mode.

failure-recovery operation-mode mode

default failure-recovery operation-mode

Syntax Description

mode

Indicates whether or not the system boots as operational following a failure. Choose operational or non-operational.


Command Default

The default mode is operational.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to set the system to boot as operational after a failure:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#failure-recovery operation-mode operational  
SCE(config)#

Related Commands

Command
Description

show failure-recovery operation-mode

Displays the operation mode to apply after booting resulted from a failure.


flow-capture

Executes flow-capture operations.

flow-capture {start format cap file-name-prefix filename | stop}

Syntax Description

filename

Destination (FTP site path) where the cap file should be created, in the format: ftp://username:password@ip_address/path/filename. (Do not include the ".cap" file extension; it is appended automatically.)

In a system with two SCE8000-SCM modules, which creates two capture files, an indicator is appended to this prefix to indicate which SCE8000-SCM module created the file. For example, if you assign the filename "myCapFile", the system creates myCapFile1.cap and myCapFile2.cap.

stop

Stops recording.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

3.5.0

This command was introduced.


Usage Guidelines

Flow capturing is a useful debugging capability that captures packets from the traffic stream in real time and stores them for later analysis using a standard cap format. The classification of the traffic portion to be captured is based on L4 attributes. The captured information is sent to a specified FTP destination. In a system with two SCE8000-SCM modules installed, a separate cap file is created by each SCE8000-SCM module.

The FTP transaction is done online on SCE2000 platforms, or immediately after the capture process concludes on SCE8000 platforms.

The following flow-capture operations are available:

start—Starts recording.

stop—Stops recording.

Note that traffic can be captured only when an application is loaded.

To perform a flow capture, follow these steps:

1. (Optional) Configure limits to the flow-capture operation using the flow-capture controllers command. Limits prevent a negative impact on traffic processing.

You may skip this step and use the default controller values.

2. Configure an appropriate recording rule using the traffic-rule command. Assign the flow-capture action to the rule (see traffic-rule).


Tip You must use the traffic-rule command to define the recording rule. You cannot use the flow-filter command.


3. Start the actual capture. The capture will not start if a valid recording rule has not been defined.

Use the flow-capture start command.

4. (Optional) Stop the capture.

Use the flow-capture stop command.

If you do not stop the flow capture, it will stop when the maximum duration or capacity has been reached.

At any point, you can use the show interface linecard flow-capture command to display the flow- capture status, including whether flow capture is currently recording or is stopped, the capacity already used, and the number of packets recorded.

Authorization: admin

Examples

The following examples show how to use this command. All examples show output for an SCE8000 with two SCE8000-SCM modules installed.

Example 1

The following example shows how to perform all the steps in a flow capture:

1. Define the limits (flow-capture controllers max-l4-payload-length and flow-capture controllers time).

2. Define a counter to be assigned to the traffic rule. (Optional)

3. Define the recording traffic rule (traffic-rule with action flow-capture option).

4. Start the capture (flow-capture start).

(The show command shows that recording is in progress.)

5. Stop the capture (flow-capture stop).

SCE>enable 10 
Password:<cisco> 
SCE#configure 
SCE(config)#interface linecard 0 
SCE(config if)#flow-capture controllers max-l4-payload-length 200 
SCE(config if)#flow-capture controllers time 45  
SCE(config if)#traffic-counter name counter2 count-packets 
SCE(config if)#traffic-rule name FlowCaptureRule IP-addresses subscriber-side all 
network-side all protocol 250 direction both traffic-counter name counter2 action 
flow-capture  
SCE(config if)#end 
SCE#flow-capture start format cap file-name-prefix 
ftp://myUser:myPassword@10.10.10.80/./myCap 
SCE#show interface linecard 0 flow-capture 
Flow Capture Status (module #1):
--------------------------------
Flow capture status:           RECORDING
Capturing type:                ONLINE
Target file name:              ftp://myUser:myPassword@10.10.10.80/./myCap1.cap
Target file size (bytes):      26580
Time limit  (sec):             45
Max L4 payload length (bytes): 200
Number of recorded packets:    152
Number of lost packets:        0
Flow Capture Status (module #2):
--------------------------------
Flow capture status:           RECORDING
Capturing type:                ONLINE
Target file name:              ftp://myUser:myPassword@10.10.10.80/./myCap2.cap
Target file size (bytes):      28944
Time limit  (sec):             45
Max L4 payload length (bytes): 200
Number of recorded packets:    167
Number of lost packets:        0
SCE#flow-capture stop                     
SCE#show interface linecard 0 flow-capture
Flow Capture Status (module #1):
--------------------------------
Flow capture status:           NOT RECORDING
Capturing type:                ONLINE
Last stop cause:               User Request
Target file name:              ftp://myUser:myPassword@10.10.10.80/./myCap1.cap
Target file size (bytes):      99392
Time limit  (sec):             45
Max L4 payload length (bytes): 200
Number of recorded packets:    573
Number of lost packets:        0
Flow Capture Status (module #2):
--------------------------------
Flow capture status:           NOT RECORDING
Capturing type:                ONLINE
Last stop cause:               User Request
Target file name:              ftp://myUser:myPassword@10.10.10.80/./myCap2.cap
Target file size (bytes):      159344
Time limit  (sec):             45
Max L4 payload length (bytes): 200
SCE#

Example 2

The following example is identical to the previous one, except that instead of using the stop command, the capturing process continues until the defined time limit is reached.

1. Define the limits (flow-capture controllers max-l4-payload-length and flow-capture controllers time).

2. Define a counter to be assigned to the traffic rule. (Optional)

3. Define the recording traffic rule (traffic-rule with action flow-capture option).

4. Start the capture (flow-capture start).

(The show command shows that recording is in progress.)

5. Capture concludes automatically after 45 seconds.

SCE>enable 10 
Password:<cisco> 
SCE#configure 
SCE(config)#interface linecard 0 
SCE(config if)#flow-capture controllers max-l4-payload-length 200 
SCE(config if)#flow-capture controllers time 45  
SCE(config if)#traffic-counter name counter2 count-packets 
SCE(config if)#traffic-rule name FlowCaptureRule IP-addresses subscriber-side all 
network-side all protocol 250 direction both traffic-counter name counter2 action 
flow-capture  
SCE(config if)#end 
SCE#flow-capture start format cap file-name-prefix 
ftp://myUser:myPassword@10.10.10.80/./myCap 
SCE#show interface linecard 0 flow-capture  
Flow Capture Status (module #1):
--------------------------------
Flow capture status:           RECORDING
Capturing type:                ONLINE
Target file name:              ftp://myUser:myPassword@10.10.10.80/./myCap1.cap
Target file size (bytes):      26580
Time limit  (sec):             45
Max L4 payload length (bytes): 200
Number of recorded packets:    152
Number of lost packets:        0
Flow Capture Status (module #2):
--------------------------------
Flow capture status:           RECORDING
Capturing type:                ONLINE
Target file name:              ftp://myUser:myPassword@10.10.10.80/./myCap2.cap
Target file size (bytes):      28944
Time limit  (sec):             45
Max L4 payload length (bytes): 200
Number of recorded packets:    167
Number of lost packets:        0

after 45 seconds...

SCE>show interface linecard 0 flow-capture
Flow Capture Status (module #1):
--------------------------------
Flow capture status:           NOT RECORDING
Capturing type:                ONLINE
Last stop cause:               Time Limit
Target file name:              ftp://myUser:myPassword@10.10.10.80/./myCap1.cap
Target file size (bytes):      558716
Time limit  (sec):             45
Max L4 payload length (bytes): 200
Number of recorded packets:    2696
Number of lost packets:        0
Flow Capture Status (module #2):
--------------------------------
Flow capture status:           NOT RECORDING
Capturing type:                ONLINE
Last stop cause:               Time Limit
Target file name:              ftp://myUser:myPassword@10.10.10.80/./myCap2.cap
Target file size (bytes):      673840
Time limit  (sec):             45
Max L4 payload length (bytes): 200
Number of recorded packets:    3335
Number of lost packets:        0
SCE#

Example 3

In this example, instead of using the stop command, the capturing process continues until the defined file-size limit (64 MB for each SCE8000-SCM) is reached on the first SCE8000-SCM. The other module is stopped using the flow-capture stop command

1. Set the limits back to the defaults (default flow-capture controllers max-l4-payload-length and default flow-capture controllers time).

2. Define a counter to be assigned to the traffic rule. (Optional)

3. Define the recording traffic rule (traffic-rule with action flow-capture option).

4. Start the capture (flow-capture start).

(The show command shows that recording is in progress.)

5. Capture on the first SCE8000-SCM concludes automatically when the file size reaches the limit.

6. Stop the capture on the second SCE8000-SCM (flow-capture stop).

SCE>enable 10 
Password:<cisco> 
SCE#configure 
SCE(config)#interface linecard 0 
SCE(config if)#default flow-capture controllers max-l4-payload-length 
SCE(config if)#default flow-capture controllers time 
SCE(config if)#traffic-counter name counter2 count-packets 
SCE(config if)#traffic-rule name FlowCaptureRule IP-addresses subscriber-side all 
network-side all protocol 250 direction both traffic-counter name counter2 action 
flow-capture  
SCE(config if)#end 
SCE#flow-capture start format cap file-name-prefix 
ftp://myUser:myPassword@10.10.10.80/./myCap 
SCE#show interface linecard 0 flow-capture  
Flow Capture Status (module #1):
--------------------------------
Flow capture status:           RECORDING
Capturing type:                ONLINE
Target file name:              ftp://myUser:myPassword@10.10.10.80/./myCap1.cap
Target file size (bytes):      11141528
Time limit  (sec):             3600
Max L4 payload length (bytes): Unlimited
Number of recorded packets:    20687
Number of lost packets:        0
Flow Capture Status (module #2):
--------------------------------
Flow capture status:           RECORDING
Capturing type:                ONLINE
Target file name:              ftp://myUser:myPassword@10.10.10.80/./myCap2.cap
Target file size (bytes):      4150456
Time limit  (sec):             3600
Max L4 payload length (bytes): Unlimited
Number of recorded packets:    8365
Number of lost packets:        0

after 32 minutes...

SCE#show interface linecard 0 flow-capture
Flow Capture Status (module #1):
--------------------------------
Flow capture status:           NOT RECORDING
Capturing type:                ONLINE
Last stop cause:               Cannot Write To File or Max Allowed File Size Exceeded
Target file name:              ftp://myUser:myPassword@10.10.10.80/./myCap1.cap
Target file size (bytes):      67108164
Time limit  (sec):             3600
Max L4 payload length (bytes): Unlimited
Number of recorded packets:    124916
Number of lost packets:        0
Flow Capture Status (module #2):
--------------------------------
Flow capture status:           RECORDING
Capturing type:                ONLINE
Target file name:              ftp://myUser:myPassword@10.10.10.80/./myCap2.cap
Target file size (bytes):      27551456
Time limit  (sec):             3600
Max L4 payload length (bytes): Unlimited
Number of recorded packets:    55140
Number of lost packets:        0

after 5 more minutes...

SCE#flow-capture stop                     
SCE#show interface linecard 0 flow-capture
Flow Capture Status (module #1):
--------------------------------
Flow capture status:           NOT RECORDING
Capturing type:                ONLINE
Last stop cause:               Cannot Write To File or Max Allowed File Size Exceeded
Target file name:              ftp://myUser:myPassword@10.10.10.80/./myCap1.cap
Target file size (bytes):      67108164
Time limit  (sec):             3600
Max L4 payload length (bytes): Unlimited
Number of recorded packets:    124916
Number of lost packets:        0
Flow Capture Status (module #2):
--------------------------------
Flow capture status:           NOT RECORDING
Capturing type:                ONLINE
Last stop cause:               User Request
Target file name:              ftp://myUser:myPassword@10.10.10.80/./myCap2.cap
Target file size (bytes):      31647736
Time limit  (sec):             3600
Max L4 payload length (bytes): Unlimited
Number of recorded packets:    63463
Number of lost packets:        0
SCE(config if)#

Related Commands

Command
Description

flow-capture controllers

Configures limitations on the flow capture feature.

traffic-rule

Defines a new traffic rule.

show interface linecard flow-capture

Displays the flow capture status.


flow-capture controllers

Configures limitations on the flow-capture feature.

To reset all options to the default values, use the default form of this command.

flow-capture controllers time {duration | unlimited}

flow-capture controllers max-l4-payload-length {length | unlimited}

default flow-capture controllers {time | max-l4-payload-length}

Syntax Description

duration

Maximum duration for the flow-capture recording time, in seconds.

To specify unlimited duration, use the unlimited keyword.

length

Specifies the number of payload bytes per packet.

To specify unlimited payload bytes per packet, use the unlimited keyword.


Command Default

The default for duration is 3600 seconds.

The default for length is unlimited.

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.5.0

This command was introduced.


Usage Guidelines

Flow capturing is a useful debugging capability that captures packets from the traffic stream in real time and stores them for later analysis. The classification of the traffic portion to be captured is based on L4 attributes.

The portion of traffic that is captured does not receive service (is not processed by the application). Therefore, it is important to control the capturing scenario so that service is not negatively affected. You can limit certain aspects of the flow capture using the following options:

time (flow-capture recording time)—The duration of the flow capture may be limited to the specified time limit, or it may be unlimited, so that the flow capture is stopped only by executing an explicit stop command or when the maximum file size is reached (128 MB on the SCE8000 platform).

max-l4-payload-length (payload size)—The maximum number of L4 bytes captured from each packet may be specified. This keyword relates to each packet in the traffic stream rather than to overall flow-capture capacity. Using this keyword, the flow-capture throughput (in terms of captured packets) can be increased.

Authorization: admin

Examples

The following example shows how to configure limitations to the flow capture:

SCE>enable 10 
Password:<cisco> 
SCE#>configure 
SCE(config)#interface linecard 0 
SCE(config if)#flow-capture controllers time 120 
SCE(config if)#flow-capture controllers max-l4-payload-length 200 
SCE(config if)#

Related Commands

Command
Description

traffic-rule

Defines a new traffic rule.

flow-capture

Executes flow capture operations.

show interface linecard flow-capture

Displays the flow capture status.


flow-filter set-ff rule

To configure flow-filter rules, use the flow-filter set-ff rule command in the interface linecard configuration mode.

flow-filter set-ff rule rule number [any-ip1-ip2-port1-port2-tos | clear | ip1-min | ipv6]

flow-filter set-ff rule rule number clear

Syntax Description

rule number

Enter a number for the rule.

any-ip1-ip2-port1-port2-tos

Specifies ip1, ip2, port1, port2, tos matches any value.

clear

Clears all the rule fields.

ip1-min

Specifies the minimum value for IP1.

ipv6

IPv6 flow-filter rule configuration.


Command Default

None

Command Modes

Interface linecard configuration (config-if)

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.5

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to configure limitations to a flow capture:

SCE> enable 10 
Password: <cisco> 
SCE#> configure 
SCE(config)# interface linecard 0 
SCE(config if)# flow-filter set-ff rule 2 ip1-min 
SCE(config if)# 

Related Commands

Command
Description

flow-filter set-ff rule ipv6

Configures a flow-filter rule for IPv6.


flow-filter set-ff rule ipv6

To configures flow-filter rules for IPv6 traffic use the flow-filter set-ff rule command in the interface linecard configuration mode.

flow-filter set-ff rule rule number ipv6 any-ip1-ip2-port1-port2-tos

flow-filter set-ff rule rule number clear

Syntax Description

rule number

Enter a number for the rule.

any-ip1-ip2-port1-port2-tos

Specifies IP 1, IP 2, Port 1 and Port2, Tos matches any value.

clear

Clears all the rule fields.


Command Default

None

Command Modes

Interface linecard configuration (config-if)

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.5

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to configure limitations to flow capture:

SCE> enable 10 
Password: <cisco> 
SCE#> configure 
SCE(config)# interface linecard 0 
SCE(config if)# flow-filter set-ff rule 2 ipv6 any-ip-prefix-port1-port2-tos 
SCE(config if)# 

Related Commands

Command
Description

flow-filter set-ff rule

Configures a flow-filter rule.


force failure-condition

Forces a virtual failure condition, and exits from the failure condition, when performing an application upgrade.

To disable forcing a virtual failure condition, use the no form of this command.

force failure-condition

no force failure-condition

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

When upgrading the application in a cascaded system, use this command to force failure in the active SCE8000 platform (see System Upgrades in the Cisco SCE8000 10GBE Software Configuration Guide or System Upgrades in the Cisco SCE8000 GBE Software Configuration Guide).

Authorization: admin

Examples

The following example shows how to force a virtual failure condition.

At the displayed "n," type Y and press Enter to confirm the forced failure.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#force failure-condition  
Forcing failure will cause a failover - do you want to continue? n 
SCE(config if)#

Related Commands

Command
Description

pqi upgrade file

Upgrades the application using the specified pqi file and any specified upgrade options.


help

Displays information relating to all available CLI commands.

help {bindings | tree}

Syntax Description

bindings

Prints a list of keyboard bindings (shortcut commands).

tree

Displays the entire tree of all available CLI commands.


Command Default

None

Command Modes

EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: user

Examples

The following example shows partial output from the help bindings command:

SCE>help bindings  
Line Cursor Movements 
--------------------- 
Ctrl-F /->Moves cursor one character to the right. 
Ctrl-B /<-Moves cursor one character to the left. 
Esc-FMoves cursor one word to the right. 
Esc-BMoves cursor one word to the left. 
Ctrl-AMoves cursor to the start of the line. 
Ctrl-EMoves cursor to the end of the line. 
Esc F Moves cursor forward one word. 
Esc BMoves cursor backward one word. 
Editing 
------- 
Ctrl-DDeletes the character where the cursor is located. 
Esc-DDeletes from the cursor position to the end of the word. 
BackspaceDeletes the character before the current location of the cursor. 
Ctrl-H Deletes the character before the current location of the cursor. 
Ctrl-KDeletes from the cursor position to the end of the line. 
Ctrl-UDeletes all characters from the cursor to the beginning of the line. 
Ctrl-XDeletes all characters from the cursor to the beginning of the line. 
Ctrl-WDeletes the word to the left of the cursor. 
Ctrl-YRecall the last item deleted. 
Help and Operation Features 
---------------------------- 
? Argument help. 
<Tab>Toggles between possible endings for the typed prefix. 
<Esc><Tab>Displays all the possible arguments backwards. 
Ctrl-I <TAB> 
SCE>

history

Enables the history feature,which is a record of the last command lines that executed.

To disable the history feature, use the no form of this command.

history

no history

Syntax Description

This command has no arguments or keywords.

Command Default

History is enabled.

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to enable the history feature:

SCE>enable 10 
Password:<cisco> 
SCE#history 
SCE#

The following example shows how to disable the history feature:

SCE>enable 10  
Password:<cisco> 
SCE#no history  
SCE#

Related Commands

Command
Description

history size

Sets the number of command lines that the system records in history.


history size

Sets the number of command lines that the system records in the history.

To restore the default size, use the no form of this command.

history size [size]

no history size

Syntax Description

size

Number of command lines stored in the history of commands for quick recall.


Command Default

The default buffer size is 10 lines.

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

The size of the history buffer can be any number from 0 to 50. Use the no form of this command to restore the default size.

Authorization: admin

Examples

The following example shows how to set the history buffer size to 50 command lines:

SCE>enable 10 
Password:<cisco> 
SCE#history size 50  
SCE#

Related Commands

Command
Description

history

Enables the history feature, which is a record of the last command lines that were executed.


hostname

Modifies the name of the SCE platform. The hostname is part of the displayed prompt.

hostname [hostname]

Syntax Description

hostname

New hostname. Maximum length is 20 characters.


Command Default

The default hostname is SCE.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to change the hostname to MyHost:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#>hostname MyHost  
MyHost(config)#>

Related Commands

Command
Description

show hostname

Displays the currently configured hostname.


hw-bypass mode

To enable the hardware bypass mode of the Cisco SCE platform and to set or reset the hardware bypass state for the specified static parties when configured in this mode, use the hw-bypass mode in the global configuration mode. To disable the hardware bypass mode, use the no form of this command.

hw-bypass mode

no hw-bypass mode


Note The hardware bypass action can be performed only for the static parties created in the hardware bypass mode.


Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.x

This command was introduced.


Usage Guidelines

When no hw-bypass mode command is executed, the existing static parties with hardware bypass state will be reset. Secondly, the hardware bypass mode of the SCE platform will be disabled successfully.

The authorization used is root.

Examples

The following example shows how to enable the hw-bypass mode:

SCE>enable 15 
Password:<cisco> 
SCE#config 
SCE(config)#>hw-bypass mode 
SCE(config)#

The following is the sample output from the no hw-bypass mode command:

SCE>enable 15 
Password:<cisco> 
SCE#config 
SCE(config)#>no hw-bypass mode 
hw-bypass for party  party-name is reset  
hw-bypass for party  party-1 is reset 
hw-bypass for party  party-2 is reset .
hw-bypass for party  party-N is reset 
SCE8000(config)#>exit              
SCE8000#>show hw-bypass mode 
hw-bypass mode  is  disabled 

Related Commands

Command
Description

show hw-bypass mode

Displays the hardware bypass mode status of the SCE platform to the EXEC authorization level.


interface gigabitethernet

Enters GigabitEthernet Interface Configuration mode.

In the Cisco SCE8000 10GBE platform, only the management interfaces in slot 1 are Gigabit Ethernet interfaces. (To configure the 10 Gigabit Ethernet line interfaces, use the interface tengigabitethernet command.)

In the Cisco SCE8000 GBE platform, both the management interfaces in slot 1 and the line interfaces in slot 3 are Gigabit Ethernet interfaces.


Note To configure two or more GBE line interfaces with a single command, use the interface range gigabitethernet command.



Tip To configure the management interfaces, you can also use the interface mng command.


interface gigabitethernet slot-number/interface-number

interface gigabitethernet slot-number/bay-number/interface-number

interface gigabitethernet sce-id /slot-number/bay-number/interface-number

Syntax Description

slot-number

For a management interface, enter a value of 1.

(SCE8000 GBE only) For a GBE line interface, enter a value of 3.

bay-number

(SCE8000 GBE only) Enter a value of 0 or 1.

Note that slots 2 and 3 are used only for cascade interfaces, which are 10GBE interfaces and are not explicitly configured.

interface-number

For a management interface, enter a value of 1.

(SCE8000 GBE only) For a GBE line interface, enter a value in the range of 0 to 7.

sce-id

(SCE8000 GBE only) In a cascade installation, identifies the specific Cisco SCE8000 platform of the cascaded pair. Enter a value of 0 or 1.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

The format of this command depends on the version of the SCE8000 platform and the type of interface being configured, as described Table 2-4.

Table 2-4 Interface gigabitethernet Command Formats

Authorization Level or Command Mode
Use this command to access
Use this command to exit

SCE8000 10GBE

Management

interface gigabitethernet 1/1

SCE8000 GBE

Management

interface gigabitethernet 1/1

SCE8000 GBE

GBE line

interface gigabitethernet 3/0/(0-7)

interface gigabitethernet 3/1/(0-7)

Cascaded SCE8000 GBE

GBE line

interface gigabitethernet 0/ 3/(0-1)/(0-7)

interface gigabitethernet 1/ 3/(0-1)/(0-7)


To return to Global configuration mode, use the exit command.

The system prompt changes to reflect GigabitEthernet Interface Configuration mode.

Authorization: admin

Examples

The following example shows how to enter GigabitEthernet Interface Configuration mode to configure the management port (SCE8000 GBE and SCE8000 10GBE):

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface gigabitethernet 1/1  
SCE(config if)#

The following example shows how to enter GigabitEthernet Interface Configuration mode to configure a GBE line port in subslot 1 of platform 0 in a cascaded pair (SCE8000 GBE only):

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface gigabitethernet 0/3/1/5  
SCE(config if)#
 
   

Related Commands

Command
Description

exit

Exits from the current mode to the next "lower" level.

show interface gigabitethernet

Displays the details of the GigabitEthernet management interface.

interface range gigabitethernet

Enters a GigabitEthernet Interface Configuration mode for two or more GBE line interfaces.

interface mng

Enters Management Interface Configuration mode.


interface linecard

Enters Interface Linecard Configuration mode.

interface linecard slot-number

Syntax Description

slot-number

Number of the identified slot. Enter a value of 0.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

The system prompt changes to reflect Linecard Configuration mode. To return to Global configuration mode, use the exit command.

Authorization: admin

Examples

The following example shows how to enter Interface Linecard Configuration mode:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0  
SCE(config if)#

Related Commands

Command
Description

exit

Exits from the current mode to the next "lower" level.


interface mng

Enters Management Interface Configuration mode.

interface mng slot-number/interface-number

Syntax Description

slot-number

The number of the identified slot. Enter a value of 0.

interface-number

The Management interface number. Enter a value of 1 or 2 to configure the desired Management port.


Command Default

This command has no default settings.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.0

This command was introduced.


Usage Guidelines

Use this command to configure the management ports for the SCE platforms.

The system prompt is changed to reflect the Management Interface Interface Configuration mode.

To return to the Global configuration Mode, use the exit command.

To return to the Use Exec authorization level, use the end command.

Authorization: admin

Examples

The following example enters into Management Interface Configure Interface Mode.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface mng 0/1  
SCE(config if)#
 
   
 
   
 
   
 
   
 
   
 
   
 
   
 
   
 
   
 
   

Related Commands

Command
Description

exit

Exits from the current mode to the next "lower" level

end

Exits from Global configuration mode or an interface configuration mode to the User EXEC authorization level.

show interface mng

Displays information regarding the specified management interface.

duplex

Configures the duplex operation of the GigabitEthernet management interface.

speed

Configures the speed of the management interface.

active-port

Specifies which management port is currently active.


interface range gigabitethernet (SCE8000 GBE only)

Enters GigabitEthernet Interface Configuration mode for two or more GBE line interfaces. You can specify a range of bays as well as a range of ports. You can also specify both SCE8000 platforms of a cascaded pair.

interface range gigabitethernet slot-number/bay-range/interface-range

interface range gigabitethernet sce-id/slot-number/bay-range/interface-range

Syntax Description

slot-number

Enter a value of 3.

bay-range

Enter a value of 0, 1, or 0-1.

interface-range

Specify the range of ports in the format port1-port2, where the overall range of possible port numbers is 0 to 7.

sce-id

In a cascade installation, identifies the specific Cisco SCE8000 platform of the cascaded pair. Enter a value of 0 or 1.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.3

This command was introduced.


Usage Guidelines

The interface range command performs a CLI operation on a group of interfaces with one command, with the limitation that all the interfaces in the group must be of the same physical and logical type.

The format of this command depends on the topology of the installation, as described in Table 2-5.

Table 2-5 interface gigabitethernet Command Format

Version
Interface
Command Format

Single SCE8000 GBE

GBE line

interface range gigabitethernet 3/0/interface-range

interface range gigabitethernet 3/1/interface-range

interface range gigabitethernet 3/0-1/interface-range

Cascaded SCE8000 GBE

GBE line

interface range gigabitethernet 0/3/bay-range/interface-range

interface range gigabitethernet 1/3/bay-range/interface-range


To return to Global configuration mode, use the exit command.

The system prompt changes to reflect GigabitEthernet Interface Configuration mode.

The following commands are executed on all interfaces specified in the interface range gigabitethernet command as long as you remain in GigabitEthernet Interface Configuration mode:

auto-negotiate (for a cascaded system, supported for the GBE traffic ports only, not for the 10GBE cascade ports)

global-controller bandwidth

global-controller name

Authorization: admin

Examples

The following example shows how to enter GigabitEthernet Interface Configuration mode to configure interfaces 3 to 6 of both 8-port SPA modules:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface range gigabitethernet 3/0-1/3-6  
SCE(config if range)#

The following example shows how to enter GigabitEthernet Interface Configuration mode to configure interfaces 3 to 6 of both 8-port SPA modules on SCE8000 platform 0 of a cascaded pair:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface range gigabitethernet 0/3/0-1/3-6  
SCE(config if range)#

Related Commands

Command
Description

exit

Exits from the current mode to the next "lower" level.

end

Exits from Global configuration mode or an interface configuration mode to the User EXEC authorization level.

show interface gigabitethernet

Displays the details of the GigabitEthernet management interface.

interface gigabitethernet

Enters GigabitEthernet Interface Configuration mode.

interface range tengigabitethernet

Enters TenGigabitEthernet Interface Configuration mode for two or more 10GBE line interfaces.


interface range tengigabitethernet

Enters TenGigabitEthernet Interface Configuration mode for two or more 10GBE line interfaces. You can specify a range of bays.

Note that in the SCE8000 GBE platform, only the cascade ports in bays 2 and 3 support 10GBE interfaces.

interface range tengigabitethernet 3/bay-range/0

Syntax Description

bay-range

For the SCE8000 10GBE, specify the range of bays in the format bay1-bay2, where the overall range of possible bay numbers is 0 to 3.

For the SCE8000 GBE, enter a value of 2, 3, or 2-3.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.5.5

This command was introduced.


Usage Guidelines

The interface range command performs a CLI operation on a group of interfaces with one command, with the limitation that all the interfaces in the group must be of the same physical and logical type.

Because each SPA has only one interface (numbered 0), the only argument that has a possible range is the number of the bay or subslot.

To return to Global configuration mode, use the exit command.

The system prompt changes to reflect the interface range configuration mode.

Authorization: admin

Examples

The following example shows how to enter TenGigabitEthernet Interface Configuration mode on an SCE8000 10GBE platform to configure all the interfaces:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface range tengigabitethernet 3/0-3/0  
SCE(config if range)#

The following example shows how to enter TenGigabitEthernet Interface Configuration mode on an SCE8000 GBE platform to configure both the cascade interfaces:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface range tengigabitethernet 3/2-3/0  
SCE(config if range)#

Related CommandsE

Command
Description

exit

Exits from the current mode to the next "lower" level.

end

Exits from Global configuration mode or an interface configuration mode to the User EXEC authorization level.

show interface tengigabitethernet

Displays the details of the TenGigabitEthernet management interface.

interface tengigabitethernet

Enters TenGigabitEthernet Interface Configuration mode for the 10GBE line interfaces.

interface range gigabitethernet

Enters a GigabitEthernet Interface Configuration mode for two or more GBE line interfaces.


interface tengigabitethernet

Enters TenGigabitEthernet Interface Configuration mode for the 10GBE line interfaces.

Note that in the SCE8000 GBE platform, only the cascade ports in bays 2 and 3 support 10GBE interfaces.

interface tengigabitethernet 3/bay-number/0

Syntax Description

bay-number

For the SCE8000 10GBE, possible bay numbers are 0 to 3.

For the SCE8000 GBE, possible bay numbers are 2 or 3.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.5.5

This command was introduced.


Usage Guidelines

To return to Global configuration mode, use the exit command.

The system prompt changes to reflect the interface configuration mode.

Authorization: admin

Examples

The following example shows how to enter TenGigabitEthernet Interface Configuration mode on an SCE8000 10GBE platform to configure the interface in bay 1:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface tengigabitethernet 3/1/0  
SCE(config if range)#
 
   
 
   
 
   
 
   
 
   
 
   
 
   
 
   
 
   
 
   

Related CommandsE

Command
Description

exit

Exits from the current mode to the next "lower" level.

end

Exits from Global configuration mode or an interface configuration mode to the User EXEC authorization level.

show interface tengigabitethernet

Displays the details of a TenGigabitEthernet management interface.

interface range tengigabitethernet

Enters TenGigabitEthernet Interface Configuration mode for two or more 10GBE line interfaces.

interface gigabitethernet

Enters GigabitEthernet Interface Configuration mode.


ip access-class

Specifies which access control list (ACL) controls global access to the SCE platform.

To permit global access to the SCE platform from any IP address, use the no form of this command.

ip access-class number

no ip access-class

Syntax Description

number

Number of the access list (1 to 99) to use to allow global access to the SCE platform.


Command Default

None (all IP addresses can access the system).

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

The ACL specified in this command contains the definitions for all IP addresses with permission to access the SCE platform. IP addresses not permitted in this access list cannot access or detect the SCE platform; even a ping command does not receive a response if it is not from a permitted IP address.

Authorization: admin

Examples

The following example shows how to set access list 1 as the global ACL:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#ip access-class 1  
SCE(config)#

Related Commands

Command
Description

access-list

Adds an entry to the bottom of the specified access list.

show access-lists

Displays all access lists or a specific access list.


ip address

Sets the IP address and subnet mask of the management interface.

ip address new-address subnet-mask

Syntax Description

new-address

New IP address of the management interface.

The following IP addresses are used internally by the SCE8000 platform and cannot be assigned to the management interface:

192.168.207.241 to 192.168.207.255

92.168.207.145 to 192.168.207.159

subnet-mask

Network mask for the associated IP network.


Command Default

None

Command Modes

GigabitEthernet Interface Configuration

MNG Interface Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

When both management ports are connected, only one port is active at any given time, while the second management port provides a redundant management interface. In this case, the configured IP address acts as a virtual IP address for the currently active management interface, regardless of which port is the active port.

Since this IP address always acts as a virtual IP address for the currently active management port, this command can be executed from the Mng Interface Configuration for either management port.


Note Changing the IP address of the management interface using Telnet results in the loss of the Telnet connection and the inability to reconnect with the interface.



Note After changing the IP address, you must reload the SCE platform (see reload) so that the change will take effect properly in all internal and external components of the SCE platform.


If a routing table entry maps to the old address, but not to the new address, the command may fail.

Authorization: admin

Examples

The following example shows how to set the IP address of the SCE platform to 10.1.1.1 and the subnet mask to 255.255.0.0:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface mng 0/1 
SCE(config if)#ip address 10.1.1.1 255.255.0.0  
SCE(config if)#

Related Commands

Command
Description

gigabitethernet interface

Enters GigabitEthernet Interface Configuration mode.

interface mng

Enters Management Interface Configuration mode.


ip advertising

Enables IP advertising. If either the destination or interval is not configured, the default values are used.

To disable IP advertising, use the no form of this command.

To restore the IP advertising destination or interval to the default values, use the default form of this command.

ip advertising [destination destination | interval interval]

no ip advertising

default ip advertising [destination | interval]

Syntax Description

destination

IP address of the destination for the ping requests

interval

Frequency of the ping requests, in seconds


Command Default

IP advertising is disabled.

The default destination is 127.0.0.1.

The default interval is 300 seconds.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to enable IP advertising and specify a destination and an interval:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#ip advertising destination 10.1.1.1  
SCE(config)#ip advertising interval 240  
SCE(config)#

The following example shows how to restore the IP advertising destination to the default value:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#default ip advertising destination  
SCE(config)#

Related Commands

Command
Description

show ip advertising

Displays the status of IP advertising, the configured destination, and the configured interval.


ip default-gateway

Configures the default gateway for the SCE platform.

To remove the SCE platform default gateway configuration, use the no form of this command.

ip default-gateway x.x.x.x

no ip default-gateway

Syntax Description

x.x.x.x

IP address of the default gateway for the SCE platform.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to set the default gateway IP of the SCE platform to 10.1.1.1:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#ip default-gateway 10.1.1.1  
SCE(config)#

Related Commands

Command
Description

show ip default-gateway

Displays the configured default gateway.


ip domain-lookup

Enables or disables the domain name lookups.

To disable domain name lookup, use the no form of this command.

ip domain-lookup

no ip domain-lookup

Syntax Description

This command has no arguments or keywords.

Command Default

Domain name lookup is enabled.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to enable domain lookup:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#ip domain-lookup 
SCE(config)#

The following example shows how to disable domain lookup:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#no ip domain-lookup  
SCE(config)#
 
   
 
   
 
   
 
   
 
   
 
   
 
   

Related Commands

Command
Description

ip domain-name

Defines a default domain name.

ip name-server

Specifies the address of one or more servers to use for name and address resolution.

show hosts

Displays the default domain name, the address of the name server, and the contents of the host table.


ip domain-name

Defines a default domain name.

To remove the current default domain name, use the no form of this command. You do not have to specify the domain name.

ip domain-name domain-name

no ip domain-name

Syntax Description

domain-name

Default domain name used to complete hostnames that do not specify a domain. Do not include the initial period that separates an unqualified name from the domain name.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to configure a domain name:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#ip domain-name cisco.com  
SCE(config)#
 
   

The following example shows how to remove the configured domain name:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#no ip domain-name  
SCE(config)#
 
   
 
   
 
   
 
   

Related Commands

Command
Description

ip domain-lookup

Enables or disables domain name lookups.

ip name-server

Specifies the address of one or more servers to use for name and address resolution.

show hosts

Displays the default domain name, the address of the name server, and the contents of the host table.


ip ftp password

Specifies the password to be used for FTP connections for the current session. The system uses this password if no password is specified with the copy ftp command.

ip ftp password [password]

Syntax Description

password

Password for FTP connections.


Command Default

The default password is admin.

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to set the password to be used in the FTP connection to mypw:

SCE>enable 10 
Password:<cisco> 
SCE#ip ftp password mypw  
SCE#

Related Commands

Command
Description

copy ftp://

Uploads or downloads a file system using FTP.

copy-passive

Uploads or downloads a file using passive FTP.

ip ftp username

Configures the username for FTP connections for the current session.


ip ftp username

Configures the username for FTP connections for the current session. This username is used if no username is specified with the copy ftp command.

ip ftp username [username]

Syntax Description

username

Username for FTP connections.


Command Default

The default username is anonymous.

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to set myname as the username for FTP connections:

SCE>enable 10 
Password:<cisco> 
SCE#ip ftp username myname  
SCE#

Related Commands

Command
Description

copy ftp://

Uploads or downloads a file system using FTP.

copy-passive

Uploads or downloads a file using passive FTP.

ip ftp password

Specifies the password to be used for FTP connections for the current session.


ip host

Adds a hostname and address to the host table.

To remove a hostname and address from the host table, use the no form of this command.

ip host hostname ip-address

no ip host hostname [ip-address]

Syntax Description

hostname

Hostname to be added or removed.

ip-address

Host IP address in x.x.x.x format.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to add a host to the host table:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#ip host PC85 10.1.1.1  
SCE(config)#

Related Commands

Command
Description

show hosts

Displays the default domain name, the address of the name server, and the contents of the host table.


ip name-server

Specifies the address of one or more servers to use for name and address resolution. The system maintains a list of up to three name servers. If the current list is not empty, the command adds the specified servers to the list.

To remove specified servers from the current list, use the no form of this command.

ip name-server server-address1 [server-address2] [server-address3]

no ip name-server

Syntax Description

server-address1

IP address of the name server.

server-address2

IP address of an additional name server.

server-address3

IP address of an additional name server.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to add the DNS 10.1.1.1 and 10.1.1.2 to the list of configured servers:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#ip name-server 10.1.1.1 10.1.1.2  
SCE(config)#

Related Commands

Command
Description

ip domain-lookup

Enables or disables domain name lookups.

show hosts

Displays the default domain name, the address of the name server, and the contents of the host table.


ip radius-client retry limit

Configures the parameters for retransmitting unacknowledged RADIUS client messages.

ip radius-client retry limit [times] [timeout timeout]

Syntax Description

times

Maximum number of times the RADIUS client can try unsuccessfully to send a message.

timeout

Timeout interval for retransmitting a message, in seconds


Command Default

The default for times is 3.

The default for timeout is 5 seconds.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.3

This command was introduced.


Usage Guidelines

Because of the unreliable nature of UDP, the RADIUS client retransmits requests to the SCMP peer device if they were not acknowledged within the configured number of seconds. Messages that were not acknowledged can be retransmitted up to the configured maximum number of retries.

The optional timeout keyword limits the time interval for retransmitting a message.

Authorization: admin

Examples

The following example shows how to configure the retransmission parameters:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)# ip radius-client retry limit 5 timeout 5  
SCE(config)#

Related Commands

Command
Description

scmp name

Adds an SCMP peer device.

show ip radius-client

Displays the RADIUS client general configuration.


ip route

Adds an IP routing entry to the routing table.

To remove an IP routing entry from the routing table, use the no form of this command.

ip route ip-address mask [next-hop]

no ip route prefix mask [next-hop]

no ip route all

Syntax Description

ip-address

IP address of the new entry.

mask

Relevant subnet mask.

next-hop

Next hop in the route.

all

Used with the no form of the command, removes all IP routing entries from the routing table.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

All addresses must be in dotted notation.

The next-hop address must be within the Management Interface subnet.

A maximum of 100 subnets can be configured.

Authorization: admin

Examples

The following example shows how to set the next-hop address for IP addresses in the specified range:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#ip route 10.10.10.0 255.255.255.0 20.2.2.2  
SCE(config)#
 
   
 
   
 
   
 
   
 
   

The following example shows how to remove the entry added in the previous example:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#no ip route 10.10.10.0 255.255.255.0  
SCE(config)#

Related Commands

Command
Description

show ip route

Displays the entire routing table and the destination of last resort (default gateway).


ip rpc-adapter

Enables the RPC adapter.

To disable the RPC adapter, use the no form of this command.

ip rpc-adapter

no ip rpc-adapter

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to enable the RPC adapter:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#ip rpc-adapter  
SCE(config)#
 
   

The following example shows how to disable the RPC adapter:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#no ip rpc-adapter  
SCE(config)#

Related Commands

Command
Description

ip rpc-adapter port

Defines the RPC adapter port.

show ip rpc-adapter

Displays the status of the RPC adapter and the configured port.

ip rpc-adaptor security-level

Sets the PRPC server security level.


ip rpc-adapter port

Defines the RPC adapter port.

To reset the RPC adapter port assignment to the default port of 14374, use the default form of this command.

ip rpc-adapter port [port-number]

default ip rpc-adapter port

Syntax Description

port-number

Number of the port assigned to the RPC adapter.


Command Default

The default port number is 14374.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to configure the RPC interface, specifying 1444 as the RPC adapter port:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#ip rpc-adapter  
SCE(config)#ip rpc-adapter port 1444 

The following example shows how reset the RPC adapter port:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#default ip rpc-adapter port 

Related Commands

Command
Description

ip rpc-adapter

Enables the RPC adapter.

show ip rpc-adapter

Displays the status of the RPC adapter and the configured port.


ip rpc-adapter security-level

Sets the PRPC server security level.

ip rpc-adapter security-level [level]

Syntax Description

level

Security level for the PRPC server. Choose full, semi, or None. See Usage Guidelines for more information.


Command Default

The default security level is semi.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.3

This command was introduced.


Usage Guidelines

Specify the PRPC server security level as follows:

full—All PRPC connections require authentication.

semi—PRPC connections that supply a username and password during connection establishment are authenticated. Connections that do not supply a username and password are accepted with no authentication.

none—No authentication is performed.

Authorization: admin

Examples

The following example shows how to set the PRPC server security level:

SCE>enable 10 
Password:<cisco> 
SCE#configure 
SCE(config)#ip rpc-adapter security-level full  
SCE>

Related Commands

Command
Description

ip rpc-adapter

Enables the RPC adapter.

show ip rpc-adapter

Displays the status of the RPC adapter and the configured port.


ip ssh

Enables the SSH server.

SSH allows you to login only when the user password and AAA authentication are configured.

1. Configure at least one user name and password.

SCE8000(config)# username <username> password <password>

2. Configure AAA authentication for login.

SCE8000(config)# aaa authentication login default local none

To disable the SSH server, use the no form of this command.

ip ssh [sshv1]

no ip ssh [sshv1]

Syntax Description

sshv1

Enables SSHv1.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

If the sshv1 keyword is not specified, both SSHv1 and SSHv2 are enabled. If you want to enable only SSHv2, use the no form of this command to disable SSHv1. Use the ip ssh sshv1 command to reenable SSHv1.

When using an SSH server, you should also generate an SSH key set (ip ssh key command). A set of keys must be generated at least once before enabling the SSH server.

Authorization: admin

Examples

The following example shows how to enable the SSH server. Both SSHV1 and SSHv2 are enabled.

SCE> enable 10 
Password: <cisco> 
SCE# config 
SCE(config)# ip ssh  
SCE(config)#
 
   

The following example shows how to disable the SSH server:

SCE> enable 10 
Password: <cisco> 
SCE#config 
SCE(config)# no ip ssh  
SCE(config)#
 
   

The following example shows how to disable SSHv1 so that only SSHv2 is enabled:

SCE> enable 10 
Password: <cisco> 
SCE#config 
SCE(config)# ip ssh 
SCE(config)# no ip ssh sshv1
SCE(config)#
 
   

The following example shows how to configure the device to allow SSH login only if the user name and password is configured:

 
   
SCE8000(config)#> ip ssh
SCE8000(config)#>
SCE8000(config)#> username <username> password <password>
SCE8000(config)#> aaa authentication login default local none
SCE(config)#

Related Commands

Command
Description

ip ssh key

Generates or removes the SSH key set.

show ip ssh

Displays the status of the SSH server, including current SSH sessions.


ip ssh access-class

Assigns an access class list (ACL) to the SSH server, so that access to the SSH server is limited to the IP addresses defined in the ACL.

Use the no option to remove the ACL assignment from the SSH server.

ip ssh access-class acl-number

no ip ssh access-class

Syntax Description

acl-number

The access list number of an ACL


Command Default

By default, no ACL is configured (SSH access is available from any IP address).

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

You must configure the ACL before you can assign it to a service. (See access-list.)

Authorization: admin

Examples

The following examples illustrate how to use this command.

EXAMPLE 1:

The following example assigns an existing ACL to the SSH server.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#ip ssh access-class 4  
SCE(config)#

EXAMPLE 2:

The following example removes the ACL assignment from the SSH server.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#no ip ssh access-class  
SCE(config)#

Related Commands

Command
Description

access-list

Creates or updates a specified ACL

ip ssh

Enables the SSH server.

show ip ssh

Displays the current SSH service configuration.


ip ssh key

Generates or removes the SSH key set. A set of keys must be generated at least once before enabling the SSH server.

ip ssh key [generate | remove]

Syntax Description

generate

Generates a new SSH key set and saves it to nonvolatile memory. Key size is always 2048 bits.

remove

Removes the existing key set.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Each SSH server should define a set of keys (DSA2, RSA2, and RSA1) to be used when communicating with various clients. The key sets are pairs of public and private keys. The server publishes the public key, while keeping the private key in nonvolatile memory. The private key is never transmitted to SSH clients.

Note that the keys are kept on the /system/ file, which means that a person with knowledge of the enable password can access both the private and public keys. The SSH server implementation provides protection against eavesdroppers who can monitor the management communication channels of the SCE platform, but it does not provide protection against a user with knowledge of the enable password.

When using an SSH server, you should also enable the SSH server (ip ssh command).

Authorization: admin

Examples

The following example shows how to generate a new SSH key set:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#ip ssh key generate  
SCE(config)#

The following example shows how to remove the SSH key set:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#ip ssh key remove  
SCE(config)#

Related Commands

Command
Description

ip ssh

Enables the SSH server.

ip ssh access-class

Assigns an access control list to the SSH service.

show ip ssh

Displays the status of the SSH server, including current SSH sessions.


ip ssh mng-vlan

Assigns the specified VLAN to SSH services.

Use the no form of the command to remove the VLAN configuration for SSH services.

ip ssh mng-vlan vlan-id

no ip ssh mng-vlan

Syntax Description

vlan-id

VLAN tag to be assigned to SSH services (1-4094).


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.x

This command was introduced.


Usage Guidelines

You can create separate VLAN interfaces on the management interface in order to differentiate between various management and control services. There are two steps in this process:

1. Create the VLAN and assign the IP address (mng-vlan command).

2. Assign the VLAN to a management service.

Authorization: admin

Examples

The following example shows how to configure a VLAN for SSH services.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#mng-vlan 100 address 10.10.10.20 mask 255.255.255.0 
SCE(config)#ip ssh mng-vlan 100 
SCE(config)#
 
   

The following example shows how to remove the VLAN for SSH services.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#no ip ssh mng-vlan 
SCE(config)#

Related Commands

Command
Description

show ip ssh mng-vlan

Displays the VLAN configured for SSH services, if configured.

show ip ssh

Displays the VLAN configuration of SSH services, if configured, in addition to other SSH properties.


ip-tunnel 6to4

To enable the IPv6-to-IPv4 tunneling in an IP tunnel, use the ip-tunnel 6to4 command in inteface linecard configuartion mode.

To disable IPv6-to-IPv4 tunneling, use the no form of this command.

ip-tunnel 6to4

no ip-tunnel 6to4

Syntax Description

This command has no arguments or keywords.

Command Default

IP tunnel recognition is disabled.

Command Modes

Interface linecard configuration (config-if)

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.5

This command was introduced.


Usage Guidelines

The 6to4 protocol is an IPv6-based tunneling protocol. The IPv6 environment and the 6to4 environment should be configured before you can use this command.


Caution 6to4 tunneling can be enabled or disabled only when no applications are loaded or the line card is shut down.

If 6to4 is configured, depending on the configuration, the internal or the external IP header is considered as the subscriber traffic. In the 6to4 IPv6 mode, the internal IP header is considered as the subscriber traffic and in the 6to4-IPv4 mode as the external header.

If 6to4 is not configured, the Cisco SCE device considers the external IP header as the subscriber traffic. All the flows in the tunnel are considered as a single flow.

The corresponding subscriber IP address gets mapped to the traffic processors that are configured to handle IPv4 and IPv6, based on the 6to4 hash configuration in the 6to4-IPv6 mode.

Authorization: admin

Examples

The following example shows how to use this command. Note that you must have root level access to shut down the line card, even though an admin level access is sufficient to run the 6to4 command.

SCE> enable 15 
Password: <cisco> 
SCE#> configure 
SCE(config)#> interface linecard 0 
SCE(config if)#> shutdown
SCE(config if)#> ip-tunnel 6to4
SCE(config if)#> no shutdown
 
   

Related Commands

Command
Description

show interface linecard ip-tunnel

Displays the current IP tunnel configuration.


ip-tunnel DS-Lite

To enable the DS-Lite tunnel in the IP tunnel, use the ip-tunnel DS-Lite command in interface linecard configuration mode.

To disable the DS-Lite tunnelling use the no form of this command.

ip-tunnel DS-Lite

no ip-tunnel DS-Lite

Syntax Description

This command has no arguments or keywords.

Command Default

IP tunnel recognition is disabled.

Command Modes

Interface linecard configuration (config-if)

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.5

This command was introduced.


Usage Guidelines

The IPv6 environment should be configured before you use this command.


Caution DS-Lite tunneling can be enabled or disabled only when no applications are loaded or the line card is shut down.

When DS-Lite is enabled, IPv6 traffic is handled by the traffic processor configured for IPv6, as TCP or UDP. If DS-Lite is disabled, IPv6 traffic is bypassed on the traffic processor configured for IPv6.

Authorization: admin

Examples

The following example shows how to use this command. Note that you must have root level access to shut down the line card, even though an admin level access is sufficient to run the DS-Lite command.

SCE> enable 15 
Password: <cisco> 
SCE#> configure 
SCE(config)#> interface linecard 0 
SCE(config if)#> shutdown
SCE(config if)#> ip-tunnel DS-Lite
SCE(config if)#> no shutdown
 
   
 
   

Related Commands

Command
Description

show interface linecard ip-tunnel

Displays the current IP tunnel configuration.


ip-tunnel DS-Lite Extention-Header-Support

To enable DS-Lite extension header support in the IP tunnel, use the ip-tunnel DS-Lite Extention-Header-Support command in interface linecard configuration mode.

To disable DS-Lite Extention-Header-Support in the IP tunnel, use the no form of this command.

ip-tunnel DS-Lite Extention-Header-Support

no ip-tunnel DS-Lite Extention-Header-Support

Syntax Description

This command has no arguments or keywords.

Command Default

IP tunnel recognition is disabled.

Command Modes

Interface linecard configuration (config-if)

Command History

This table includes the following release-specific history entries:

Release
Modification

3.7.5

This command was introduced.


Usage Guidelines

The IPv6 environment should be configured before you can use this command. DS-Lite extension header support is significant only if the DS-Lite mode is enabled.


Caution DS-Lite extension header support can be enabled or disabled only when no applications are loaded or the line card is shut down.

When DS-Lite is enabled, IPv6 traffic is handled by the traffic processor configured for IPv6, as TCP or UDP. If DS-Lite is disabled, IPv6 traffic is bypassed on the traffic processor configured for IPv6.

Authorization: admin

Examples

The following example shows how to use this command. Note that you must have root level access to shut down the line card, even though an admin level access is sufficient to run the DS-Lite command.

SCE> enable 15 
Password: <cisco> 
SCE#> configure 
SCE(config)#> interface linecard 0 
SCE(config if)#> shutdown
SCE(config if)#> ip-tunnel DS-Lite
SCE(config if)#> ip-tunnel DS-Lite Extention-Header-Support
DS-Lite Extension header support will be significant only if DS-Lite mode gets enabled.
SCE(config if)#> no shutdown
 
   

Related Commands

Command
Description

show interface linecard ip-tunnel

Displays the current IP tunnel configuration.


ip-tunnel gre skip

Enables the recognition of G RE tunnels and skipping into the internal IP packet.

To disable tunnel recognition and classify traffic by the external IP address, use the no form of this command.

ip-tunnel gre skip

no ip-tunnel gre skip

Syntax Description

This command has no arguments or keywords.

Command Default

IP tunnel recognition is disabled.

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

GRE is an IP-based tunneling protocol. If GRE tunnel recognition is not configured, the system treats the external IP header as the subscriber traffic. All of the flows in the tunnel are seen as a single flow.

IP tunnel mode is mutually exclusive with other VLAN-based classifications.


Caution GRE tunneling can be enabled or disabled only when no applications are loaded or the line card is shut down.

Authorization: admin

Examples

The following example shows how to use this command. Note that you must access the root level to shut down the line card, even though the DSCP marking command is at the admin level.

SCE>enable 15 
Password:<cisco> 
SCE#> configure 
SCE(config)#>interface linecard 0 
SCE(config if)#>shutdown
SCE(config if)#>ip-tunnel gre skip
SCE(config if)#>no shutdown
 
   
 
   

Related Commands

Command
Description

show interface linecard ip-tunnel

Displays the current IP tunnel configuration.


ip-tunnel dscp-marking-skip

Configures the SCE platform to perform DSCP marking on the internal IP header of IPinIP or GRE traffic.

To perform DSCP marking on the external IP header, use the no form of this command.

ip-tunnel (gre | ipinip) dscp-marking-skip

no ip-tunnel (gre | ipinip) dscp-marking-skip

Syntax Description

This command has no arguments or keywords.

Command Default

DSCP marking is performed on the external IP header (no form of the command).

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.1.6

This command was introduced.


Usage Guidelines

DSCP marking modifies the DSCP bits of the IPv4 header. IPinIP and GRE tunnels have at least two IP headers. By default, DSCP marking is performed only on the external IP header. Use this command to mark the DSCP bits of the internal IP header.

This command takes effect only when ipinip skip or gre skip is enabled (see the ip-tunnel ipinip skip command or the ip-tunnel gre skip command).


Note DSCP marking should be enabled and configured through the SCA BB console. Refer to the section "How to Manage DSCP Marker Values" in the Cisco Service Control Application for Broadband User Guide for more information.



Caution DSCP marking can be configured only when no applications are loaded or the line card is shut down.

Authorization: admin

Examples

The following example shows how to configure the SCE platform to perform DSCP marking on the internal IP header of an IPinIP flow.

Note that you must access the root level to shut down the line card, even though the DSCP marking command is at the admin level.

SCE>enable 15 
Password:<cisco> 
SCE#> configure 
SCE(config)#>interface linecard 0 
SCE(config if)#>shutdown
SCE(config if)#>ip-tunnel ipinip dscp-marking-skip
SCE(config if)#>no shutdown

Related Commands

Command
Description

ip-tunnel gre skip

Enables the recognition of G RE tunnels and skipping into the internal IP packet.

ip-tunnel ipinip skip

Enables the recognition of IPinIP tunnels and skipping into the internal IP packet.


ip-tunnel ipinip skip

Enables the recognition of IPinIP tunnels and skipping into the internal IP packet.

To disable IPinIP skip, use the no form of this command.

ip-tunnel ipinip skip

no ip-tunnel ipinip skip

Syntax Description

This command has no arguments or keywords.

Command Default

IPinIP skip is disabled.

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.1.6

This command was introduced.


Usage Guidelines

Use this command as follows:

IPinIP and other tunnels—IPinIP is supported simultaneously with plain IP traffic and any other tunneling protocol supported by the SCE platform.

Overlapping IP addresses—Overlapping IP addresses within different IPinIP tunnels are not supported.

IPinIP can be enabled or disabled only when no applications are loaded or the line card is shut down.

DSCP marking—For IPinIP traffic, DSCP marking can be done on either the external or the internal IP header exclusively.

See the ip-tunnel dscp-marking-skip command for more information.

Authorization: admin

Examples

The following example shows how to use this command.

Note that you must access the root level to shut down the line card, even though the ipinip command is at the admin level.

SCE>enable 15 
Password:<cisco> 
SCE#> configure 
SCE(config)#>interface linecard 0 
SCE(config if)#>shutdown
SCE(config if)#>ip-tunnel ipinip skip
SCE(config if)#>no shutdown

Related Commands

Command
Description

ip-tunnel ipinip dscp-marking-skip

Configures the SCE platform to perform DSCP marking on the internal IP header of IPinIP traffic.

show interface linecard ip-tunnel ipinip

Displays the current IPinIP configuration.


ip-tunnel l2tp skip

Configures the recognition of L2TP tunnels and skipping into the internal IP packet.

To disable tunnel recognition and classify traffic by the external IP address, use the no form of this command.

ip-tunnel l2tp skip

no ip-tunnel

Syntax Description

This command has no arguments or keywords.

Command Default

IP tunnel recognition is disabled.

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.0.0

This command was introduced.


Usage Guidelines

L2TP is an IP-based tunneling protocol. The system must be specifically configured to recognize the L2TP flows, based on the UDP port used for L2TP. The SCE platform can then skip the external IP, UDP, and L2TP headers and reach the internal IP, which is the actual subscriber traffic.

If L2TP is not configured, the system treats the external IP header as the subscriber traffic. All of the flows in the tunnel are seen as a single flow.

IP tunnel mode is mutually exclusive with other VLAN-based classifications.

To configure the port number that the LNS and LAC use for L2TP tunnels, use the l2tp identify-by command.


Caution L2TP tunneling can be enabled or disabled only when no applications are loaded or the line card is shut down.

Authorization: admin

Examples

The following example shows how to enable recognition of L2TP tunnels.

Note that you must access the root level to shut down the line card, even though the DSCP marking command is at the admin level.

SCE>enable 15 
Password:<cisco> 
SCE#> configure 
SCE(config)#>interface linecard 0 
SCE(config if)#>shutdown
SCE(config if)#>ip-tunnel l2tp skip
SCE(config if)#>no shutdown

Related Commands

Command
Description

show interface linecard ip-tunnel

Displays the current IP tunnel configuration.

l2tp identify-by

Configures the port number that the LNS and LAC use for L2TP tunnels.

vlan

Configures the VLAN environment.


l2tp identify-by

Configures the port number that the LNS and LAC use for L2TP tunnels.

l2tp identify-by port-number [port-number]

l2tp identify-by default port

Syntax Description

port-number

Port number to be configured for L2TP tunnels.

default port

Replaces the user-configured port number with the default port number (1701).


Command Default

The default port number is 1701.

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

If external fragmentation exists in the L2TP environment, you must configure a quick-forwarding-ignore traffic rule that bypasses all IP traffic targeted to either the LNS or LAC IP address. (See "Configuring Traffic Rules and Counters" in the Cisco SCE8000 10GBE Software Configuration Guide or "Configuring Traffic Rules and Counters" in the Cisco SCE8000 GBE Software Configuration Guide.) This rule ensures that any packets not having the L2TP port indication (that is, non-first fragments) will not require handling by the traffic processors.

In addition, to prevent reordering of L2TP tunneled fragments, you should define a quick-forwarding traffic rule for all the L2TP traffic. This rule can be based on the IP ranges in use by the internal IPs in the tunnel (as allocated by the LNS) or for all of the traffic passing through the SCE platform.

Note that flow redirection and flow blocking cannot be performed on the quick-forwarded traffic.

Authorization: admin

Examples

The following example shows how to configure port 1000 as the L2TP port:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#l2tp identify-by port-number 1000  
SCE(config if)#

Related Commands

Command
Description

show interface linecard l2tp

Displays the currently configured L2TP support parameters.

ip-tunnel l2tp skip

Configures the recognition of L2TP tunnels and skipping into the internal IP packet.


line vty

Enters Line Configuration mode for Telnet lines, which configures all Telnet lines.

line vty start-number [end-number]

Syntax Description

start-number

Starting number ranging from 0 to 4. The actual number supplied does not matter. All Telnet lines are configured by this command.

end-number

Ending number ranging from 0 to 4. The actual number supplied does not matter. All Telnet lines are configured by this command.


Command Default

None

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

The system prompt changes to reflect Line Configuration mode. To return to Global configuration mode, use the exit command.

Authorization: admin

Examples

The following example shows how to enter Line Configuration mode for all lines:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#line vty 0  
SCE(config-line)#

Related Commands

Command
Description

show line vty

Displays the Telnet configuration.

exit

Exits from the current mode to the next "lower" level.


link failure-reflection

Enables link failure reflection.

To disable link failure reflection, use the no form of this command.

link failure-reflection [on-all-ports] [linecard-aware]

no link failure-reflection [linecard-aware]

Syntax Description

on-all-ports

(SCE8000 10GBE platforms only) Enables reflection of a link failure to all ports.

linecard-aware

(SCE8000 10GBE platforms only) Prevents link failure reflection if the failure might be in the line card.


Command Default

Link failure reflection is disabled.

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Use the linecard-aware keyword when each link of the SCE8000 10GBE platform (subscriber-side interface and the corresponding network-side interface) is connected to a different line card.

This mode reflects a failure of one port to the other three ports of the SCE8000 10GBE platform differently, depending on whether the failure appears to be in the SCE platform itself or not:

One interface of the SCE8000 10GBE platform is down, indicating a problem with the SCE platform—Link failure is reflected to the other three SCE platform ports.

Two reciprocal ports of the SCE8000 10GBE platform are down, indicating a problem in the line card to which the SCE platform is connected and not in the interface—No action is taken. This response allows the second link in the SCE platform to continue functioning without interruption.

Use the no form of this command with the linecard-aware keyword to disable linecard-aware mode without disabling link failure reflection itself.

None of the keywords can be used with the SCE8000 GBE platform.

Authorization: admin

Examples

The following example shows how to enable the reflection of a link failure to all ports (SCE8000 10GBE platform only):

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#link failure-reflection on-all-ports 
SCE(config if)#

The following example shows how to enable the reflection of a link failure. This form of the command is the only one that can be used on the SCE8000 GBE platform (but it can also be used on the SCE8000 10GBE platform).

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#link failure-reflection 
SCE(config if)#

Related Commands

Command
Description

link port-enhanced-recovery

Enables link port enhanced recovery.


link mode

Configures the link mode. The link mode allows you to force the specified behavior on the link, which may be useful during installation and for debugging the network.

link mode {all-links mode}

Syntax Description

all-links

Sets the link mode for all links. (The link mode cannot be set separately for individual links.)

mode

Establishes the link mode. Choose forwarding, bypass, or cutoff.


Command Default

None

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to use this command:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#link mode all-links bypass  

Related Commands

Command
Description

show interface linecard link mode

Displays the configured Linecard Interface link mode.


link port-enhanced-recovery

Enables link port enhanced recovery.

To disable link port enhanced recovery, use the no form of this command.

link port-enhanced-recovery

no port-enhanced-recovery

Syntax Description

This command has no arguments or keywords.

Command Default

Link port enhanced recovery is disabled.

Command Modes

Interface Linecard Configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

3.6.x

This command was introduced.


Usage Guidelines

Link port-enhanced-recovery tries to recover the link before link failure is declared. When enabled, it tries five times to recover the link at 200msec intervals before the link is declared down

If link failure-reflection is also configured, it comes into effect after one second.

Authorization: admin

Examples

The following example shows how to enable link port enhanced recovery.

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#interface linecard 0 
SCE(config if)#link port-enhanced-recovery 
SCE(config if)#

Related Commands

Command
Description

link failure-reflection

Enables link failure reflection.


logger add-user-message

Adds a message string to the user log files.

logger add-user-message message-text

Syntax Description

message-text

Message string you want to add.


Command Default

None

Command Modes

Privileged EXEC

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example show how to add "testing 123" as the message to the user log files:

SCE>enable 10 
Password:<cisco> 
SCE#logger add-user-message testing 123  
SCE#

logger device

Disables or enables the specified logger device.

logger device {line-attack-file-log | statistics-file-log | user-file-log} [status]

Syntax Description

logger device

Available logger devices are Line-Attack-File-Log (line-attack-file-log), SCE-agent-Statistics-Log (statistics-file-log), or User-File-Log (user-file- log).

status

Indicates whether to turn logging on or off. Choose enabled or disabled.


Command Default

Log devices are enabled.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

System messages generated by the SCE platform are available from the following sources:

SCE user logs (managed using logger commands)

SNMP traps (displayed using the show snmp mib command)

syslog server (managed using logging commands)

Authorization: admin

Examples

The following example shows how to disable the User-File-Log device:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#logger device user-file-log disabled  
SCE(config)#

Related Commands

Command
Description

logger device user-file-log max-file-size

Sets the maximum size of the log file.

logger get user-log file-name

Outputs the current user log to a target file.

clear logger

Clears the SCE platform logger (user log files).


logger device user-file-log max-file-size

Sets the maximum size of the log file.

logger device user-file-log max-file-size [size]

Syntax Description

size

Maximum size for the user log (in bytes).


Command Default

The default log size is 1,000,000 bytes.

Command Modes

Global configuration

Command History

This table includes the following release-specific history entries:

Release
Modification

2.5.7

This command was introduced.


Usage Guidelines

Authorization: admin

Examples

The following example shows how to configure the maximum size of the user-file-log device to 65000 bytes:

SCE>enable 10 
Password:<cisco> 
SCE#config 
SCE(config)#logger device user-file-log max-file-size 65000  
SCE(config)#

Related Commands

Command
Description

logger device

Disables or enables the specified logger device.

show logger device

Displays the configuration of the specified SCE platform logger file