Cisco Broadband Access Center DPE CLI Reference Guide, 3.6

aaa authentication
disable
enable
enable password
exit
help
password
show
tacacs-server host
no tacacs-server host
tacacs-server retries
tacacs-server timeout
uptime

System Commands

This chapter describes the command line interface (CLI) commands that you use to manage and monitor aspects of the Cisco Broadband Access Center (Cisco BAC) Device Provisioning Engine (DPE).

The system commands that affect the entire DPE are:

•aaa authentication

•disable

•enable

•enable password

•exit

•help

•password

•show

–show clock

–show commands

–show cpu

–show disk

–show files

–show ip route

–show ip

–show memory

–show running-config

–show version

•tacacs-server host

•no tacacs-server host

•tacacs-server retries

•tacacs-server timeout

•uptime

aaa authentication

Use this command to configure the CLI to perform local user (login) authentication, or remote TACACS+ user authentication. This setting applies to all Telnet and console CLI interfaces.

TACACS+ is a TCP-based protocol that supports centralized access control for large numbers of network devices and user authentication for the DPE CLI. Using TACACS+, a DPE supports multiple users (and their individual usernames) and the login and enable passwords configured at the TACACS+ server.

Syntax Description

aaa authentication mode

mode specifies either:

•local—In this mode, user authentication is enabled via a local login.

•tacacs—In this mode, the CLI sequentially attempts a TACACS+ exchange with each server in the TACACS+ server list. The attempts continue for a specified number of retries. If the end of the server list is reached before a successful protocol exchange occurs, the local authentication mode is automatically enabled. In this manner, you can gain access to the CLI even if the TACACS+ service is completely unavailable.

Note TACACS+ authentication prompts you for your TACACS+ configured username and password; local authentication, however, prompts only for the local configured password.

Defaults

The CLI user's login authentication is, by default, enabled in the local mode.

Examples

dpe# aaa authentication tacacs

% OK

disable

Use this command to exit from the privileged mode on the DPE. When the disabled mode is activated, only those commands that allow viewing the system configuration are available on the CLI.

Syntax Description

No keywords or arguments.

Examples

dpe# disable

dpe>

enable

Use this command to enable the privileged mode on the DPE. Viewing system configuration does not require the privileged mode; however, only in the privileged mode you can change the system configuration, state, and data.

After entering the command, you are prompted to enter the local, configured, enable password. For information on setting the password for the privileged mode, see enable password.

Syntax Description

No keywords or arguments.

Examples

dpe> enable

Password:

dpe#

enable password

Use this command to change the local password for accessing the DPE in the privileged mode. You can change the enable password only in the privileged mode.

Once the password is changed, all users who, from that point onward, attempt to enter into the privileged mode are required to use the new password.

Note This command does not change the login password; it only changes the local enable password.

Syntax Description

When entering the enable password command, you can provide the password on the command line or when prompted.

enable password password

password—Specifies the local configured password currently in effect or, optionally, provides a new password. If you omit this parameter, you are prompted for the password.

Examples

Note In these examples, please note the different password messages that might appear.

Example 1

dpe# enable password

New enable password:

Retype new enable password:

Password changed successfully.

This result occurs when you are prompted to enter the password, and the password is changed successfully.

Example 2

dpe# enable password

New enable password:

Retype new enable password:

Sorry, passwords do not match.

This result occurs when the password is entered incorrectly.

Example 3

dpe# enable password cisco

Password changed successfully

This result occurs when you enter the password without being prompted, and the password is changed successfully.

exit

Use this command to close a Telnet connection to the DPE and return to the login prompt. After running this command, a message indicates that the Telnet connection has been closed.

Syntax Description

No keywords or arguments.

Examples

dpe# exit

% Connection closed.

help

Use this command to display a help screen to assist you in using the DPE CLI. If you need help on a particular command, or to list all available commands, enter command ? or ?, respectively.

After entering the command, a screen prompt appears to explain how you can use the help function.

Command Types

Two types of help are available:

1. Full help is available when you enter a command argument, such as show ?, and describes each possible argument.

2. Partial help is provided when you enter an abbreviated argument and want to know what arguments match the input; for example, show c?.

Syntax Description

No keywords or arguments.

Examples

Note In these examples, please note the different help messages that might appear.

Example 1

dpe# help

Help may be requested at any point in a command by entering a question mark '?'. If 
nothing matches, the help list will be empty and you must backup until entering a '?' 
shows the available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a command argument (e.g. "show ?") 
and describes each possible argument.

2. Partial help is provided when an abbreviated argument is entered and you want to know 
what arguments match the input (e.g. "show c?").

This result occurs when you use the help command.

Example 2

dpe# show ?

  bundles         Shows the archived bundles.

  clock           Shows the current system time.

  commands        Shows the full command hierarchy.

  cpu             Shows the current CPU usage.

  device-config   Show device configuration.

  disk            Shows the current disk usage.

  dpe             Shows the status of the DPE process if started.

  files           Shows files in DPE cache.

  hostname        Shows the system hostname.

  ip              Shows IP configuration details.

  log             Shows recent log entries.

  memory          Shows the current memory usage.

  running-config  Shows the appliance configuration.

  version         Shows DPE version.

This result occurs when you invoke the full help function for a command; in this instance, show ?.

Example 3

dpe# show c?

clock     commands  cpu

dpe# show clock

Sat Jul 15 01:43:19 EDT 2006

This result occurs when you invoke the partial help function for arguments of a command; in this instance, show clock.

password

Use this command to change the local system password, which you use to access the DPE and is different from the one used to access the privileged mode on the DPE. The system password is changed automatically for future logins by using the administrator account.

Note The changes that you introduce through this command take effect for new users, but users who are currently logged on are not disconnected.
If TACACS+ user authentication is used, the local system password is used only if the DPE is unable to communicate with a TACACS+ server.

Syntax Description

password password

password—Identifies the new DPE password.

Examples

Example 1

dpe# password

New password:

Retype new password:

Password changed successfully.

This result occurs when you are prompted for the password, and the password is changed successfully.

Example 2

dpe# password

New password:

Retype new password:

Sorry, passwords do not match.

This result occurs when the password is entered incorrectly.

Example 3

dpe# password cisco

Password changed successfully.

This result occurs when the password is changed (using an approach easier for scripting).

show

Use the show command to view system settings and status. Table 2-1 lists the various keywords that you can use with the show command.

Table 2-1 List of show Commands
Command Usage	Syntax Description	Returned Values and Examples
show clock
Displays the current system time and date	No keywords or arguments.	dpe# show clock Mon Jun 16 04:21:25 EDT 2006
show commands
Displays all commands on the DPE depending on the mode (privileged or disabled) in which you access the CLI.	No keywords or arguments.	Example 1 dpe> show commands > enable > exit > help > show bundles > show clock > show commands > show cpu > show disk > show dpe > show dpe config > show files > show hostname > show ip > show ip route > show log > show log last <1..9999> > show memory > show running-config > show version > uptime This result occurs in the disabled mode. Note The output presented in these examples is trimmed. Example 2 dpe# show commands > aaa authentication local > aaa authentication tacacs > clear bundles > clear cache > debug dpe cache > debug dpe connection > debug dpe dpe-server > debug dpe statistics > debug on > debug service cwmp 1 client-auth-all > debug service cwmp 1 client-auth-failures > debug service cwmp 1 extension > debug service cwmp 1 firmware [more] This result occurs in the privileged mode.
show cpu
Identifies CPU usage for the device on which the DPE is running. After the command is entered, CPU activities and statistics appear.	No keywords or arguments.	When you enter show cpu, the DPE returns per-processor statistics, as defined for the following headers, in tabular form: Note Unless otherwise noted, all values are events per second. •CPU—Processor ID. •minf—Minor faults. •mjf—Major faults. •xcal—Inter-processor cross-calls. •intr—Interrupts. •ithr—Interrupts as threads (not counting clock interrupt). •csw—Context switches. •icsw—Involuntary context switches. •migr—Thread migrations (to another processor). •smtx—Spins on mutexes. •srw—Spins on readers' or writers' lock. •syscl—System calls. •usr—User time (percent). •sys—System time (percent). •wt—Wait time (percent). •idl—Idle time (percent).
show disk
Identifies the disk that the DPE is currently using. Once the command is entered, the disk drive statistics appear.	No keywords or arguments.	When you enter show disk, the DPE returns values for the following headers: •Filesystem—Indicates path of the file system. •Size—Indicates size of the file system (Kb). •Used—Indicates used disk space (Kb). •Avail—Indicates available disk space (Kb). •Capacity—Indicates capacity of the disk (percent). •Mounted on—Indicates the resources on which the filesystem is mounted. Resources are usually directories.
show files
Identifies the external files cached at the DPE.	No keywords or arguments	dpe# show files The list of files currently in DPE cache filename size sample-firmware-image.bin 4239368 DPE caching 1 external files. Listing the first 1 files, 0 files omitted
show hostname
Displays the DPE hostname	No keywords or arguments.	dpe# show hostname hostname = BAC_host
show ip
Shows the current general IP settings of the DPE. These are the settings used when the DPE is rebooted.	No keywords or arguments.	dpe# show ip hostname = BAC_host domainname = abc.com gateway = 10.10.20.10
show ip route
Shows the IP routing table of the DPE, including any custom routes. The default gateway is indicated by the G flag in the flags column.	No keywords or arguments.	When you enter show ip route, the DPE returns the routing table with values for the following headers: •Destination—Indicates the destination network or destination host. •Mask—Indicates the subnet mask associated with the route. •Gateway—Indicates the address of the outgoing interface. •Device—Indicates the network interfaces used for the route. •Mxfrg—Indicates the Path Maximum Transfer Unit. •Rtt—Indicates the time (in minutes) remaining before the route expires. •Ref—Indicates the current number of active uses for the route. •Flg—Indicates the state of the route, which could be: –U—Up. –H—To a host rather than to a network. –G—To a gateway. •Out—Identifies the number of packets sent out from this interface or route. •In/Fwd—Identifies the number of packets received through this interface or route.
show memory
Identifies how much current memory and swap space are available on the device running the DPE.	No keywords or arguments.	When you enter show memory, the DPE returns values for the following headers: •kthr—Indicates the number of kernel threads in each of the three following states: –r—Run queue. –b—Processes blocked while waiting for I/O. –w—Idle processes that have been swapped. •memory—Indicates usage of virtual and real memory. This could be: –swap—Free, unreserved swap space (Kb). –free—Free memory (Kb). •page—Indicates page faults and paging activity (units per second). –re—Displays pages reclaimed from the free list. –mf—Displays minor faults. –pi—Displays pages in memory (Kb/s). –po—Displays pages out of memory (Kb/s). –fr—Displays activity of the page scanner that has been freed (Kb/s). –de—Displays pages freed after writes (Kb/s). –sr—Displays the number of pages that have been scanned (pages). •disk—Indicates the number of disk operations per second. The S columns represent different disks on the system. •faults—Indicates the trap or interrupt rates (per second). –/in: Interrupts –sy: System calls –cs: Context switches •cpu—Indicates the usage of CPU time. –us—User time (percent) –sy—System time (percent) –id—Idle time (percent)
show running-config
Displays the current configuration of the DPE.	No keywords or arguments.	dpe# show running-config dpe port 49186 dpe rdu-server server_x.cisco.com 49187 service cwmp 1 client-auth digest service cwmp 1 enabled true service cwmp 1 port 7547 service cwmp 1 ssl cipher all-cipher-suites Note The output presented in this example is trimmed.
show version
Identifies the current version of DPE software.	No keywords or arguments.	dpe# show version Version: BAC 3.5 (bac_3_5_S_000000000000)

tacacs-server host

Use this command to add a TACACS+ server to the end of the TACACS+ client's list of TACACS+ servers. When TACACS+ authentication is enabled, the client attempts user login authentication to each server sequentially in the list until a successful authentication exchange is executed, or the list is exhausted. If the list is exhausted, the client automatically falls back into the local authentication mode (using the local system password).

You have to specify an encryption key for each TACACS+ server. This encryption key is matched with the key configured at the specified TACACS+ server.

To remove a TACACS+ server from the list of TACACS+ servers in the CLI, use the no form of this command. For more information, see no tacacs-server host.

Syntax Description

tacacs-server host host key encryption-key

•host—Specifies either the IP address or the hostname of the TACACS+ server.

•encryption-key—Specifies the encryption key used for each TACACS+ server.

Examples

Example 1

This example adds a TACACS+ server, by using its IP address (10.0.1.1) with an encryption key (hg667YHHj).

dpe# tacacs-server host 10.0.1.1 key hg667YHHj

% OK

Example 2

This example adds a TACACS+ server, by using its hostname (tacacs1.cisco.com) with an encryption key (hg667YHHj).

dpe# tacacs-server host tacacs1.cisco.com key hg667YHHj

% OK

no tacacs-server host

Use this command to remove a TACACS+ server from the list of TACACS+ servers in the CLI.

Syntax Description

no tacacs-server host host

host—Specifies the IP address or the hostname of the TACACS+ server.

Examples

Example 1

This example removes a TACACS+ server by using its IP address.

dpe# no tacacs-server host 10.0.1.1

% OK

Example 2

This example removes a TACACS+ server by using its hostname.

dpe# no tacacs-server host tacacs1.abc.com

% OK

tacacs-server retries

Use this command to set the number of times the TACACS+ protocol exchanges are retried before the TACACS+ client considers a specific TACACS+ server unreachable. When this limit is reached, the TACACS+ client moves to the next server in its TACACS+ server list, or falls back into local authentication mode if the TACACS+ list has been exhausted.

Syntax Description

tacacs-server retries value

value—Specifies a dimensionless number from 1 to 100.

Note This value applies to all TACACS+ servers.

Defaults

The number of times the TACACS+ protocol exchanges are retried before the TACACS+ client considers a specific TACACS+ server unreachable is, by default, set to 2.

Examples

dpe# tacacs-server retries 10

% OK

tacacs-server timeout

Use this command to set the maximum time that the TACACS+ client waits for a TACACS+ server response before it considers the protocol exchange to have failed.

Syntax Description

tacacs-server timeout value

value—Specifies the duration for which the CLI waits for a TACACS+ server response. This value must be within the range of 1 to 300 seconds.

Note This value applies to all TACACS+ servers.

Defaults

The maximum time that the CLI waits for a TACACS+ server response before it times out is, by default, 5 seconds.

Examples

dpe# tacacs-server timeout 10

% OK

uptime

Use this command to identify how long the system has been operational. This information is useful when determining how frequently the device is rebooted. It is also helpful when checking the reliability of the DPE when it is in a stable condition.

Syntax Description

No keywords or arguments.

Examples

dpe# uptime

11:42pm  up 72 day(s),  8:02,  1 user,  load average: 0.00, 0.02, 0.02

Bias-Free Language

Results

Chapter: System Commands

System Commands

aaa authentication

Syntax Description

Defaults

Examples

disable

Syntax Description

Examples

enable

Syntax Description

Examples

enable password

Syntax Description

Examples

exit

Syntax Description

Examples

help

Command Types

Syntax Description

Examples

password

Syntax Description

Examples

show

tacacs-server host

Syntax Description

Examples

no tacacs-server host

Syntax Description

Examples

tacacs-server retries

Syntax Description

Defaults

Examples

tacacs-server timeout

Syntax Description

Defaults

Examples

uptime

Syntax Description

Examples

Was this Document Helpful?

Contact Cisco