System Commands
This chapter describes the command-line interface (CLI) commands that you can use to manage and monitor the Broadband Access Center (BAC) Device Provisioning Engine (DPE).
Note If you run these commands on an unlicensed DPE, a message similar to this one appears:
This DPE is not licensed. Your request cannot be serviced.
Please check with your system administrator for a DPE license.
The system commands that affect the entire DPE are:
•aaa authentication
•clock set
•disable
•enable
•enable password
•exit
•help
•hostname
•interface ethernet ip address
•interface ethernet ip enabled
•ip default-gateway
•no ip default-gateway
•ip domain-name
•no ip domain-name
•ip name-server
•no ip name-server
•ip route
•no ip route
•ntp server
•no ntp server
•password
•poweroff
•reload
•show
–show clock
–show commands
–show cpu
–show disk
–show hostname
–show interface ethernet config
–show interface ethernet stats
–show ip
–show ip route
–show memory
–show running-config
–show tftp files
–show version
•tacacs-server host
•no tacacs-server host
•tacacs-server retries
•tacacs-server timeout
•upgrade
•uptime
aaa authentication
Use this command to configure the CLI to perform local user (login) authentication or remote TACACS+ user authentication. This setting applies to all Telnet and console CLI interfaces.
TACACS+ is a TCP-based protocol that supports centralized access control for large numbers of network devices and user authentication for the DPE CLI. Through the use of TACACS+, a DPE supports multiple users (and their individual usernames) and the login and enable passwords configured at the TACACS+ server.
Usage Guidelines
Although this command is used on both hardware and Solaris DPEs, on the hardware DPE, it is used only in the console mode.
Syntax Description
aaa authentication mode
mode specifies either:
•local—In this mode, user authentication is enabled via a local login.
•tacacs— In this mode, the CLI sequentially attempts a TACACS+ exchange with each server in the TACACS+ server list. The attempts continue for a specified number of retries. If the end of the server list is reached before a successful protocol exchange occurs, the local authentication mode is entered automatically. In this manner, you can gain access to the CLI even if the TACACS+ service is completely unavailable.
Note TACACS+ authentication prompts you to enter your TACACS+ configured username and password; local authentication, however, prompts only for the local configured password.
Defaults
The default CLI user's login authentication is enabled in the local mode.
Examples
dpe# aaa authentication tacacs
clock set
Use this command to set the current time, in the 24-hour format, and the date used by the DPE. The DPE uses GMT to keep time, and any time changes made take effect immediately.
Note You do not have to use this command if Network Time Protocol (NTP) is being used. For additional information, see ntp server.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
clock set hh:mm:ss day month yyyy
•hh:mm:ss—Identifies the current time in the 24-hour format. For example, 5:00 a.m. is identified as 05:00:00, and 11:37 p.m. and 30 seconds is identified as 23:37:30.
•day—Identifies the date of the month as a number between 1 and 31.
•month—Identifies the current month as a number between 1 and 12.
•yyyy—Identifies the current year in four digits.
Examples
dpe# clock set 11:26:00 14 12 2006
Fri Dec 14 11:26:00 GMT 2006
disable
Use this command to exit the enabled mode on the DPE. Once the disabled mode is activated, only those commands that allow viewing the system configuration are available on the CLI.
Usage Guidelines
Use this command on both hardware and Solaris DPEs, but only in the enabled mode.
Syntax Description
No keywords or arguments.
Examples
enable
Use this command to access the DPE in the enabled mode. Viewing the system configuration does not require the enabled mode; however, only in this mode can you change the system configuration, state, and data.
After entering the command, you are prompted to enter the local, configured, enable password. For information on setting the password for the enabled mode, see enable password.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
enable password
Use this command to change the local password for accessing the DPE in the enabled mode.
Once the password is changed, all users who, from that point forward, attempt to enter into the enabled mode are required to use the new password.
Note This command does not change the login password; it only changes the local enable password. You do not use this command when TACACS+ authentication is enabled. See aaa authentication, for more information.
Usage Guidelines
Use this command on both hardware and Solaris DPEs, but only in the enabled mode.
Syntax Description
When entering the enable password command, you can provide the password on a command line or when prompted.
enable password password
password—Specifies the local configured password currently in effect or, optionally, provides a new password. If this parameter is omitted, you are prompted for the password.
Examples
Example 1
Retype new enable password:
Password changed successfully.
This result occurs when you are prompted to enter the password, and the password is changed successfully.
Example 2
Retype new enable password:
Sorry, passwords do not match.
This result occurs when the password is entered incorrectly.
Example 3
dpe# enable password cisco
Password changed successfully
This result occurs when you enter the password without being prompted, and the password is
changed successfully.
exit
Use this command to close a Telnet connection to the DPE and return to the login prompt. After running this command, a message indicates that the Telnet connection has been closed.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
help
Use this command to display a help screen to assist you in using the DPE CLI. If you need help on a particular command, or to list all available commands, enter command ? or ?, respectively.
After entering the command, a screen prompt appears to explain how you can use the help function.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Command Types
Two types of help are provided:
1. Full help is available when you are ready to enter a command argument, such as show ?, and describes each possible argument.
2. Partial help is provided when you enter an abbreviated argument and want to know what arguments match the input; for example, show c?.
Syntax Description
No keywords or arguments.
Examples
Example 1
Help may be requested at any point in a command by entering a question mark '?'. If
nothing matches, the help list will be empty and you must backup until entering a '?'
shows the available options.
1) Full help is available when you are ready to enter a command argument (e.g. 'show ?')
and describes each possible argument.
2) Partial help is provided when an abbreviated argument is entered and you want to know
what arguments match the input (e.g. "show c?").
This result occurs when you use the help command.
Example 2
bundles Shows the archived bundles.
clock Shows the current system time.
commands Shows the full command hierarchy.
cpu Shows the current CPU usage.
device-config Show device configuration.
disk Shows the current disk usage.
dpe Shows the status of the DPE process if started.
hostname Shows the system hostname.
interface Shows all of the interfaces.
ip Shows IP configuration details.
log Shows recent log entries.
memory Shows the current memory usage.
packetcable Shows PacketCable.
running-config Shows the appliance configuration.
version Shows DPE version.
This result occurs on a Solaris DPE when you invoke the full help function for a command; in this instance, show ?.
Example 3
bundles Shows the archived bundles.
clock Shows the current system time.
commands Shows the full command hierarchy.
cpu Shows the current CPU usage.
disk Shows the current disk usage.
dpe Shows the status of the DPE process if started.
hostname Shows the system hostname.
interface Shows all of the interfaces.
ip Shows IP configuration details.
log Shows recent log entries.
memory Shows the current memory usage.
running-config Shows the appliance configuration.
syslog Shows the recent syslog entries.
version Shows DPE version.
This result occurs on a hardware DPE when you invoke the full help function for a command; in this instance, show ?.
Example 4
Sat Nov 14 12:06:52 EDT 2006
This result occurs when you invoke the partial help function for arguments of a command; in this instance, show clock.
hostname
Use this command to set the DPE hostname. The hostname is used primarily for display in the DPE and should correspond to the DNS name for the IP address of the DPE.
After you use this command, run the reload command so that the changes take effect. See
reload, for additional information.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
hostname hostname
hostname—Identifies the hostname of the DPE.
Examples
dpe# hostname BPR_DPE_name
% OK (Requires appliance restart "> reload")
interface ethernet ip address
Use this command to set the IP address of the Ethernet interface being used by the DPE. This IP address must be kept current with a valid gateway. If the gateway is invalid, rebooting could occur, and this might cause the DPE to become unavailable on the network. If the IP address is configured incorrectly, use the DPE console port to reconfigure the device with a valid IP.
After you use this command, run the reload command so that the changes take effect. See
reload, for additional information.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
interface ethernet 0...1 ip address x.x.x.x y.y.y.y
•0...1—Identifies the Ethernet interface.
•x.x.x.x—Identifies the IP address of the DPE.
•y.y.y.y—Identifies the subnet mask.
Examples
dpe# interface ethernet 0 ip address 10.10.10.5 255.255.255.0
% OK (Requires appliance restart "> reload")
interface ethernet ip enabled
Use this command to control whether the Ethernet interfaces are configured to support IP communications. If both interfaces are disabled, the device will have no network connectivity. Typically, both interfaces are enabled and connected to the network either to provide redundancy or to use split networking.
After you use this command, run the reload command so that the changes take effect. See
reload, for additional information.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
interface ethernet 0...1 ip enabled {true | false}
•0...1—Identifies the Ethernet interface
•true—Indicates if the Ethernet interface on the DPE is enabled for IP.
•false—Indicates if the Ethernet interface on the DPE is disabled for IP.
Examples
dpe# interface ethernet 0 ip enabled true
% OK (Requires appliance restart "> reload")
ip default-gateway
Use this command to configure a default gateway for the DPE. This default gateway must be directly accessible by one of the DPE interfaces, otherwise the DPE becomes unavailable.
Note You must verify this setting before attempting to reboot the DPE. If an incorrect value is configured, it may become necessary to physically connect to the DPE through the console port; long distances make this impractical.
After you use this command, run the reload command so that the changes take effect. See
reload, for additional information.
To clear the default gateway configured for the DPE, use the no form of this command. See no ip default-gateway.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
ip default-gateway x.x.x.x
x.x.x.x—Identifies the IP address of the default gateway.
Examples
dpe# ip default-gateway 10.10.20.10
% OK (Requires appliance restart "> reload")
no ip default-gateway
Use this command to clear the default gateway for a DPE. If a default gateway is not specified, the DPE is available only with direct network connectivity or through the console port on the DPE.
After you use this command, run the reload command so that the changes take effect. See
reload, for additional information.
To configure a default gateway for a DPE, see ip default-gateway.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
No keywords or arguments.
Examples
dpe# no ip default-gateway
% OK (Requires appliance restart "> reload")
ip domain-name
Use this command to configure the DPE domain name used when resolving names for communication operations, such as connecting to the RDU, or when using the ping and traceroute commands. The domain name is also associated with the DPE.
To clear the domain name configured for the DPE, use the no form of this command. See no ip domain-name.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
ip domain-name sub.domain.com
sub.domain.com—Identifies the fully qualified domain name (FQDN) of the DPE.
Examples
dpe# ip domain-name cisco.com
Note The changes you introduce through this command take effect immediately. You do not need to reload the DPE.
no ip domain-name
Use this command to clear the configured domain name of a DPE. If a domain name is not specified, all remote hostnames must be specified using FQDNs.
To set a domain name for a DPE, see ip domain-name.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
No keywords or arguments.
Examples
Note The changes you introduce through this command take effect immediately. You do not need to reload the DPE.
ip name-server
Use this command to configure the IP address of the name servers for use on the DPE. These servers are used to resolve hostnames into IP addresses for communication. If an FQDN is used to specify the RDU, you must specify a valid name server for successful communication with the RDU.
To clear the DPE name servers, use the no form of this command. See no ip name-server.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
ip name-server x.x.x.x [x.x.x.x*]
•x.x.x.x—Identifies the IP address of the name server.
•x.x.x.x*—Allows the entry of multiple IP addresses if multiple name servers are used.
Examples
Example 1
dpe# ip name-server 10.10.10.5
Example 2
dpe# ip name-server 10.10.10.5 10.10.10.8
Note The changes you introduce through this command take effect immediately. You do not need to reload the DPE.
no ip name-server
Use this command to clear the DPE name servers. When no name servers are configured, all communication must be performed by using explicit IP addresses.
To configure the IP address of a name server for a DPE, see ip name-server.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
No keywords or arguments.
Examples
ip route
Use this command to configure a custom route on the DPE.
To clear a custom route, use the no form of this command. See no ip route.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
ip route x.x.x.x y.y.y.y z.z.z.z
•x.x.x.x—Identifies the IP address of the destination network.
•y.y.y.y—Identifies the subnet mask for the destination network.
•z.z.z.z—Identifies the IP address of the gateway that is to be used when communicating to
this network.
Examples
dpe# ip route 10.10.10.5 255.255.255.0 10.10.20.10
no ip route
Use this command to clear the specified custom route. You cannot use this command to remove the default route; instead, use the ip default-gateway command. See no ip default-gateway.
To add a custom route, see ip route.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
no ip route x.x.x.x
x.x.x.x—Identifies the route to be removed from the system.
Examples
dpe# no ip route 10.10.10.5
Note The changes you introduce through this command take effect immediately. You do not need to reload the DPE.
ntp server
Use this command to specify one or more Network Time Protocol (NTP) servers to be used for time synchronization. You can specify as many hosts as required to identify all of the servers.
To disable the NTP, use the no form of this command. See no ntp server.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
ntp server {host | x.x.x.x} [host* | x.x.x.x*]
•host—Identifies the first server by its FQDN.
•x.x.x.x—Identifies the first server by its IP address.
•host*—Identifies the next server by its FQDN. You can omit this value if you are entering only a single hostname.
•x.x.x.x*—Identifies the next server by its IP address. You can omit this value if you are entering only a single hostname.
Examples
These examples illustrate the use of the ntp server command for single and multiple servers.
Example 1
For a single server:
•Using FQDN:
dpe# ntp server clock.cisco.com
Shutting down ntpd: [ OK ]
•Using IP address:
dpe# ntp server 10.10.10.5
Shutting down ntpd: [ OK ]
Example 2
For multiple servers:
•Using FQDNs:
dpe# ntp server clock_1.cisco.com clock_2.cisco.com clock_3.cisco.com
Shutting down ntpd: [ OK ]
•Using IP addresses:
dpe# ntp server 10.10.10.5 10.10.10.6 10.10.10.7
Shutting down ntpd: [ OK ]
no ntp server
Use this command to disable the Network Time Protocol (NTP).
To specify one or more NTP servers, see ntp server.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
No keywords or arguments.
Examples
Shutting down ntpd: [ OK ]
password
Use this command to change the local system password, which you use to access the DPE and which is different from the one used to access the enabled mode on the DPE. The system password is changed automatically for future logins and for FTP access.
Note The changes that you introduce through this command take effect for new users, but users who are currently logged on are not disconnected.
If TACACS+ user authentication is used, the local system password is used only if the DPE is unable to communicate with a TACACS+ server.
Usage Guidelines
While you can use this command for both hardware and Solaris DPEs, on the hardware DPE, it is used only in the console mode.
Syntax Description
password password
password—Identifies the new DPE password.
Examples
Example 1
Password changed successfully.
This result occurs when you are prompted for the password, and the password is changed successfully.
Example 2
Sorry, passwords do not match.
This result occurs when the password is entered incorrectly.
Example 3
Password changed successfully.
This result occurs when the password is changed without being prompted (using an approach easier
for scripting).
poweroff
Use this command to turn off the DPE power. It removes all current users from the system and shuts the DPE down cleanly. Before executing this command, verify that the hard drive has had no activity for approximately 30 seconds.
Caution
Using the power switch on the device can potentially cause partial corruption of the DPE cache. This corruption could result in the DPE needing more time to rebuild its cache the next time it is powered up.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
No keywords or arguments.
Examples
reload
Use this command to reboot the DPE. This command disconnects all current users from the system.
Caution
Using the power switch on the device can potentially cause partial corruption of the DPE cache. This corruption could result in the DPE needing more time to rebuild its cache the next time it is powered up.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
No keywords or arguments.
Examples
GRUB loading, please wait...
Entry 0 will be booted automatically in 1 seconds.
Note The output of this command has been trimmed for demonstration purposes.
show
Use the show command to view information related to specific DPE functions. Table 2-1 lists the various keywords that you can use with this command.
Table 2-1 List of show Commands
|
|
|
Returned Values and Examples
|
|
|
show clock |
Shows the current system time and date. |
No keywords or arguments. |
P |
P |
Fri Dec 21 11:39:31 GMT 2006
|
show commands |
Depending on the connection mode in use (enabled or disabled), displays all available DPE commands. For security reasons, this command shows different output on a hardware DPE, based on whether a Telnet session or the console mode is in operation. |
No keywords or arguments. |
P |
P |
Example 1
This result occurs in the disabled mode. Note The output presented in these examples has been trimmed. Example 2
> aaa authentication local
> aaa authentication tacacs
This result occurs in the enabled mode. |
show cpu |
Identifies CPU usage for the device on which the DPE is running. After the command is entered, CPU activities and statistics appear. |
No keywords or arguments. |
P |
P |
Example 1
avg-cpu: %user %nice %sys
%idle
This result occurs on a hardware DPE. Example 2 When you enter show cpu on a Solaris DPE, the DPE returns per-processor statistics, for the following headers, in tabular form: Note Unless otherwise noted, all values are events per second. •CPU—Processor ID. •minf—Minor faults. •mjf—Major faults. •xcal—Interprocessor cross-calls. •intr—Interrupts. •ithr—Interrupts as threads (not counting clock interrupt). •csw—Context switches. •icsw—Involuntary context switches. •migr—Thread migrations (to another processor). •smtx—Spins on mutexes. •srw—Spins on readers' or writers' lock. •syscl—System calls. •usr—User time (percent). •sys—System time (percent). •wt—Wait time (percent). •idl—Idle time (percent). These values are returned on a Solaris DPE. |
show disk |
Identifies the disk that the DPE is currently using. Once the command is entered, the disk drive statistics appear. |
No keywords or arguments. |
|
|
When you enter show disk, the DPE returns values for the following headers: •Filesystem—Indicates path of the file system. •Size—Indicates size of the file system (Kb). •Used—Indicates used disk space (Kb). •Avail—Indicates available disk space (Kb). •Capacity—Indicates capacity of the disk (percent). •Mounted on—Indicates the resources on which the file system is mounted. Resources are usually directories. |
show hostname |
Displays the DPE hostname. |
No keywords or arguments. |
P |
P |
|
show interface ethernet config |
Displays the configuration for the Ethernet interface. The DPE uses these settings when it reboots. Use the show interface ethernet config command to identify the currently configured IP address. |
show interface
ethernet
{0...1 | intf0}
config
•0...1—Identifies the Ethernet interface number on a hardware DPE. •intf0—Identifies the Ethernet interface number on a Solaris DPE. |
P |
P |
Example 1
dpe# show interface ethernet 0
config
This result occurs on a hardware DPE. Example 2
dpe# show interface ethernet hme0
config
This result occurs on a Solaris DPE. |
show interface ethernet stats |
Displays statistics for the Ethernet interface of the DPE. |
show interface
ethernet
{0..1 | intf0}
stats
•0...1—Identifies the Ethernet interface number on a hardware DPE. •intf0—Identifies the Ethernet interface number on a Solaris DPE. |
P |
P |
Example 1
dpe# show interface ethernet 0 stats
eth0 Link encap:Ethernet HWaddr
00:B0:D0:F7:07:C2
inet addr:10.10.10.5
Bcast:10.10.10.2 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST
MTU:1500 Metric:1
RX packets:3539 errors:0
dropped:0 overruns:0 frame:0
TX packets:3233 errors:0
dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
This result occurs on a hardware DPE. Example 2
dpe# show interface ethernet hme0
stats
hme0 Link encap:Ethernet HWaddr
00:B0:D0:F7:07:C2
inet addr:10.10.10.4
Bcast:10.10.10.2 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST
MTU:1500 Metric:1
RX packets:3539 errors:0
dropped:0 overruns:0 frame:0
TX packets:3233 errors:0
dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
This result occurs on a Solaris DPE. |
show ip |
Shows the current general IP settings of the DPE. The DPE uses these settings when it reboots. For specific interface settings, use the show interface commands. |
No keywords or arguments. |
P |
P |
|
show ip route |
Shows the IP routing table of the DPE, including any custom routes. The default gateway is indicated by the G flag in the flags column. |
No keywords or arguments. |
P |
P |
When you enter show ip route, the DPE returns the routing table with values for the following headers: •Destination—Indicates the destination network or destination host. •Mask—Indicates the subnet mask associated with the route. •Gateway—Indicates the address of the outgoing interface. •Device—Indicates the network interfaces used for the route. •Mxfrg—Indicates the Path Maximum Transfer Unit. •Rtt—Indicates the time (in minutes) remaining before the route expires. •Ref—Indicates the current number of active uses for the route. •Flg—Indicates the state of the route, which could be: –U—Up –H—To a host rather than to a network –G—To a gateway •Out—Identifies the number of packets sent out from this interface or route. •In/Fwd—Identifies the number of packets received through this interface or route. |
show memory |
Identifies how much current memory and swap space are available on the device running the DPE. |
No keywords or arguments. |
P |
P |
When you enter show memory, the DPE returns values for: •kthr—Indicates the number of kernel threads in r (run queue), b (processes blocked while waiting for I/O), and w (idle processes that have been swapped). •memory—Indicates virtual and real memory usage. The value could be: –swap—Free, unreserved swap space (Kb). –free—Free memory (Kb). •page—Indicates page faults and paging activity (units per second). –re—Displays pages reclaimed from the free list. –mf—Displays minor faults. –pi—Displays pages in memory (Kb/s). –po—Displays pages out of memory (Kb/s). –fr—Displays activity of the page scanner that has been freed (Kb/s). –de—Displays pages freed after writes (Kb/s). –sr—Displays the number of pages that have been scanned. •disk—Indicates the number of disk operations per second. Each S column represents a different disk. •faults—Indicates the trap or interrupt rates (per second) as in (interrupts), sy (system calls), and cs (context switches). •cpu—Indicates CPU usage time, in percent, as us (user time), sy (system time), and id (idle time). |
show running-config |
Displays the current configuration of the DPE. All the configuration options appear by using the actual commands that set the options. |
No keywords or arguments. |
P |
P |
dpe provisioning-group primary
default
dpe rdu-server localhost 49187
dpe shared-secret fgIn3AXtR6mpg
packetcable registration
kdc-service-key <value is set>
packetcable snmp key-material
<value is set>
snmp-server community baccread ro
snmp-server community baccwrite rw
snmp-server contact Terry-ext1234
snmp-server host 10.10.10.5
snmp-server inform timeout 1000
retries 3
snmp-server location
equipmentrack5D
snmp-server udp-port 8001
Note The output presented in this example has been trimmed. |
show tftp files |
Identifies the files that are stored only in the DPE cache and not those in the local directory. The file size is also shown. |
No keywords or arguments. |
P |
P |
The list of TFTP files currently in
DPE cache
DPE caching 1 external files.
Listing the first 1 files, 0 files
omitted
Note By using this command, you can display a maximum of 500 TFTP files. |
show version |
Identifies the current version of DPE software. |
No keywords or arguments. |
P |
P |
Version: BAC 2.7.1
(bac_271_S_000000000000)
|
tacacs-server host
Use this command to add a TACACS+ server to the end of the TACACS+ client's list of TACACS+ servers. When TACACS+ authentication is enabled, the client attempts user login authentication to each server sequentially in the list until a successful authentication exchange is executed, or the list is exhausted. If the list is exhausted, the client automatically falls back into the local authentication mode (using the local system password).
Optionally, an encryption key can be specified for each TACACS+ server. If this encryption key is used, it must match the key configured at the specified TACACS+ server. Omitting the encryption key disables TACACS+ encryption.
To remove a TACACS+ server from the list of TACACS+ servers in the CLI, use the no form of this command. For more information, see no tacacs-server host.
Usage Guidelines
Although this command is used for both hardware and Solaris DPEs, on the hardware DPE, it is used only in the console mode.
Syntax Description
tacacs-server host host [key encryption-key]
•host—Specifies either the IP address or the hostname of the TACACS+ server.
•encryption-key—Identifies the encryption key. This parameter is optional.
Examples
Example 1
This example adds a TACACS+ server by using its IP address (10.0.1.1) without encryption.
dpe# tacacs-server host 10.0.1.1
Example 2
This example adds a TACACS+ server by using its IP address (10.0.1.1) with an encryption key (hg667YHHj).
dpe# tacacs-server host 10.0.1.1 key hg667YHHj
Example 3
This example adds a TACACS+ server by using its hostname (tacacs1.cisco.com) without encryption.
dpe# tacacs-server host tacacs1.cisco.com
Example 4
This example adds a TACACS+ server by using its hostname (tacacs1.cisco.com) with an encryption key (hg667YHHj).
dpe# tacacs-server host tacacs1.cisco.com key hg667YHHj
no tacacs-server host
Use this command to remove a TACACS+ server from the list of TACACS+ servers in the CLI.
To add a TACACS+ server, see tacacs-server host.
Usage Guidelines
Although this command is used on both hardware and Solaris DPEs, on the hardware DPE, it is used only in the console mode.
Syntax Description
no tacacs-server host host
host—Specifies either the IP address or the hostname of the TACACS+ server.
Examples
Example 1
This example removes a TACACS+ server by using its IP address.
dpe# no tacacs-server host 10.0.1.1
Example 2
This example removes a TACACS+ server by using its hostname.
dpe# no tacacs-server host tacacs1.cisco.com
tacacs-server retries
Use this command to set the number of times the TACACS+ protocol exchange is retried before the TACACS+ client considers a specific TACACS+ server unreachable. When this limit is reached, the TACACS+ client moves to the next server in its TACACS+ server list, or falls back into local authentication mode if the TACACS+ list has been exhausted.
Usage Guidelines
Although this command is used on both hardware and Solaris DPEs, on the hardware DPE, it is used only in the console mode.
Syntax Description
tacacs-server retries value
value—Specifies a dimensionless number within the range of 1 and 100, inclusive. This value applies to all TACACS+ servers.
Defaults
The default number of times the TACACS+ protocol exchange is retried before the TACACS+ client considers a specific TACACS+ server unreachable is 2.
Examples
dpe# tacacs-server retries 10
tacacs-server timeout
Use this command to set the maximum length of time that the TACACS+ client waits for a TACACS+ server response before it considers the protocol exchange to have failed.
Usage Guidelines
Although this command is used for both hardware and Solaris DPEs, on the hardware DPE, it is used only in the console mode.
Syntax Description
tacacs-server timeout value
value—Specifies the length of time that the CLI waits. This value must be within the range of 1 to 300 seconds. This value applies to all TACACS+ servers.
Defaults
The default maximum length of time that the CLI waits for a TACACS+ server response before it times out is 5 seconds.
Examples
dpe# tacacs-server timeout 10
upgrade
Use this command when the DPE requires a new software upgrade, using uploaded upgrade files. You can use the FTP facility to copy these files (which end in the file extension .bpr) into the incoming directory.
The upgrade process scans all available updates and determines which ones are required. It separates the files into these categories:
•Invalid—Files that do not match the format required by the DPE.
•Not Applicable—Patches that are not accepted because either the update is from an earlier version, or because the difference between versions (the current and updated versions) is too great.
•Applicable—Files that can be used in an upgrade.
Once the command is entered, the DPE upgrade process starts. When the update is complete, a message appears indicating that the update was successful.
Usage Guidelines
Use this command only on a hardware DPE.
Syntax Description
No keywords or arguments.
Examples
Starting BPR upgrade process
+ Scanning for available updates...
+ Determining applicable updates...
+ Compiling list of updates...
- update-invalid.bpr ... BPR version 2.5
1 update-valid.bpr ..... BACC version 2.6
Updating with BAC version 2.7.1
+ Starting update executor...
uptime
Use this command to identify how long the system has been operational. This information is useful when determining how frequently the device is rebooted. It is also helpful when checking the reliability of the DPE when it is in a stable condition.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
11:54am up 72 days(s), 2:07, 3 users, load average: 0.27, 0.08, 0.02