Command Line Interface Overview


Command Line Interface Overview
This chapter describes the numerous features in the command line interface (CLI). Included is information about the architecture of the CLI, its command modes and user privileges, how to obtain help within the CLI, and other key items.
The operating system provides the software that controls the overall system logic, control processes, and the CLI. The CLI is a multi-threaded user interface that allows you to manipulate, configure, control, and query the hardware and software components that make up the system and its hosted services. In addition, the CLI can host multiple instances of management and service configuration sessions. This allows multiple users to simultaneously access and manage multiple hosted services.
This section provides the following information about the CLI:
 
 
CLI Structure
CLI commands are strings of commands or keywords and user-specified arguments that set or modify specific parameters of the system. Commands are grouped by function and the various command modes with which they are associated.
The structure of the CLI is hierarchical. All users begin at a specific entry point into the system, called the Exec (Execute) Mode, and then navigate through the CLI according to their defined user privileges (access level) by using other command modes.
 
CLI Command Modes
There are two primary CLI command modes:
 
Exec (Execute) Mode: The Exec mode is the lowest level in the CLI. The Exec mode is where you execute basic commands such as show, and ping. When you log into the CLI, you are placed in this mode by default.
Config (Configuration) Mode: The Config mode is accessible only by users with administrator and security administrator privileges. If you are an administrative user, in this mode you can add and configure contexts and access the configuration sub-modes to configure protocols, interfaces, ports, services, subscribers, and other service-related items.
As explained above, the entry point into the CLI is called Exec Mode. In the initial CLI login, all users are placed into the default local context, which is the CLI’s default management context. From this context, administrative users can access the Config Mode and define multiple service contexts.
Refer to the mode entry-path diagrams at the beginning of each mode chapter in the Command Line Interface Reference.
Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
 
CLI Administrative Users
This section contains information on the administrative user types and privileges supported by the system.
 
Administrative User Types
There are two types of administrative users supported by the system:
 
Local-user and context-level administrative accounts can be used in parallel. However, a mechanism is provided to de-activate context-level administrative user accounts thereby providing access only to local-user accounts.
 
Authenticating Administrative Users with RADIUS
To authorize users via RADIUS, you must include two RADIUS attributes in the RADIUS Access-Accept message:
 
The default permission is none (0), meaning that service is refused even if properly authenticated via RADIUS.
 
RADIUS Mapping System
RADIUS server configuration depends on the type of server used and the instructions distributed by the server manufacturer. The following table shows the attribute/value mapping system that is constant, regardless of server manufacturer or model:
RADIUS Attribute/Value Mapping System
 
 
RADIUS Privileges
There are four RADIUS privilege roles. The following table shows the relationship between the privilege roles in the CLI configuration and RADIUS Service-Type.
CLI Privilege Roles and RADIUS Service Types
 
 
Administrative User Privileges
Regardless of the administrative user type, the system supports four user privilege levels:
 
Inspector: Inspectors are limited to a small number of read-only Exec Mode commands. The bulk of these are show commands for viewing a variety of statistics and conditions. The Inspector cannot execute show configuration commands and does not have the privilege to enter the Config Mode.
Operator: Operators have read-only privileges to a larger subset of the Exec Mode commands. They can execute all commands that are part of the inspector mode, plus some system monitoring, statistic, and fault management functions. Operators do not have the ability to enter the Config Mode.
Administrator: Administrators have read-write privileges and can execute any command in the CLI except for a few security-related commands that can only be configured by Security Administrators. Administrators can configure or modify system settings and can execute all system commands, including those available to the Operators and Inspectors.
Security Administrator: Security Administrators have read-write privileges and can execute all CLI commands, including those available to Administrators, Operators, and Inspectors.
The following figure represents how user privileges are defined in the CLI configuration modes.
 
User Privileges
Though the privilege levels are the same regardless of user type, the corresponding user type names differ slightly. The following table displays the privilege level to administrative user type mappings:
User Privilege to User Type Mapping
 
Configure context-level administrative users in the Context Configuration Mode with the administrator, config-administrator, operator, and inspector commands.
Configure local-user administrative users at the Global Configuration Mode with the local-user username command.
You can further refine administrative levels to include access to certain features with the following feature-use administrative user options:
 
Lawful Intercept (LI) Administrative User: To configure and manage LI-related issues, configure at least one administrative user account with LI functionality privileges.
Important: This privilege is available only for context-level administrative users. In addition, to ensure security in accordance with the standards, LI administrative users must access the system through the Secure Shell Protocol (SSH).
 
Enhanced Charging Service (ECS) Administrative User: To log in and execute ECS-related commands, configure at least one administrative user account with ECS functionality privileges.
All system users can be configured within any context. However, it is recommended that you configure users in the system’s management context called local. Refer to sections later in this chapter for additional information about contexts.
 
Allowed Commands per User Type
With the exception of security administrators, all other management users are limited to a subset of the entire command list as described in the Command Line Interface Reference. This section defines the commands allowed for each management user type. As stated previously, inspectors and operators are limited to only a subset of the Exec Mode commands.
 
Inspector Mode Commands
In the Exec mode, system inspectors can access the following commands:
 
 
Operator Mode Commands
In the Exec mode, system operators can access all inspector mode commands plus the following commands:
 
 
Administrator Mode Commands
Administrators can access all system commands except:
Context Config Mode
 
Global Config Mode
 
Exec Mode
 
 
Security Administrator Mode Commands
Security administrators can access all system commands.
CLI Contexts
A context is a group of configuration parameters that apply to the ports, interfaces, and protocols supported by the system. You can configure multiple contexts on the system, each of which resides as a separate, logically independent instance on the same physical device. The CLI can host multiple contexts within a single physical device. This allows wireless service providers to use the same system to support:
Each defined context operates independently from any other context(s) in the system. Each context contains its own CLI instance, IP routing tables, access filters, compression methods, and other configured data.
By default, a single system-wide context called local, is used exclusively for the management of the system. Think of the local context as the root directory of the system, since you can define and access all other contexts from this point. You cannot delete the local context. From this location in the CLI, you can:
 
Important: The system requires that you define at least one context in addition to the Local context. This isolates system management functions from application or service functions.
 
Administrative users add contexts through the Global Configuration Mode. A substantial advantage of configuring numerous service contexts is that it allows operators to broadly distribute different subscribers across the system. This greatly enhances the performance of the system and minimizes the loss of sessions should a failure occur.
 
Understanding the CLI Command Prompt
The CLI provides an intuitive command prompt that informs you of:
 
The following figure shows the various components of the command prompt.
 
CLI Command Prompt
 
CLI Command Syntax
This section describes the components of the CLI command syntax that you should be familiar with prior to using the CLI. These include:
 
Commands: Specific words that precede, or initiate, a specific function.
Keywords: Specific words that follow a command to more clearly dictate the command’s function.
Variables: Alpha, numeric, or alphanumeric values that are user-supplied as part of the command syntax. Sometimes referred to as arguments, these terms further specify the command function.
Repetitive keywords (+): Specific keyword, that when followed by a plus (+) sign, indicates that more than one of the keywords can be entered within a single command.
 
Example
In the following example, slot_number is the command variable for the info keyword:
show slot infoslot_number
slot_number is a variable representing a particular slot (1 through 48).
 
Entering and Viewing CLI Commands
This section describes various methods for entering commands into the CLI.
Typing each command keyword, argument, and variable can be time-consuming and increase your chance of making mistakes. The CLI therefore, supports the following features to assist you in entering commands quickly and more accurately. Other features allow you to view the display and review previously entered commands.
 
Entering Partial CLI Commands
In all of the modes, the CLI recognizes partially-typed commands and keywords, as long as you enter enough characters for the command to be unambiguously recognized by the system. If you do not enter enough characters for the system to recognize a unique command or keyword, it returns a message listing all possible matches for the partial entry.
 
Example
If you enter the partial command conf and press <Enter>, you enter the Global Configuration Mode. If you were to enter only co, the system would respond with the message:
Ambiguous Command
 
CLI Command Auto-completion
Use the command auto-completion feature to automatically complete unique CLI commands. Press the <Tab> key after entering enough characters to enable this feature.
 
Example
[local]host_name# sho<Tab>
[local]host_name# show
 
If you do not enter enough characters to allow the CLI to determine the appropriate command to use, the CLI displays all commands that match the characters you entered with auto-completion:
 
Example
[local]host_name# sh<Tab>
show     shutdown
[local]host_name#
Enter a question mark (?) after a partial command to display all of the possible matching commands, and their related help text.
 
Example
[local]host_name# sh?
show - Displays information based on a specified argument
shutdown - Terminates execution of all tasks within the entire chassis
[local]host_name#
 
Using CLI Auto-Pagination
When you enter commands whose expected results exceed the terminal window’s vertical display, the auto-pagination function pauses the display each time the terminal window reaches its display limit. Press any key to display the next screen of results.
By default, auto-pagination functionality is disabled. To enable auto-pagination, type the pipe command: | more
 
[local]host_name# show configuration | more
Important: When auto-pagination is enabled, if a command’s output exceeds the terminal window’s vertical display parameters, you can exit by entering “q”. This returns you to the CLI prompt.
 
Using CLI Autoconfirmation
By default, the system is configured to prompt all administrative users with a confirmation prior to executing certain commands. This functionality serves two purposes:
 
 
Example
Saving a configuration:
[local]host_name# save configuration
Are you sure ? [Yes | No]:
 
 
Examples
You create context named “newcontext”:
[local]host_name(config)# context newcontext
Are you sure ? [Yes | No]: yes
[newcontext]host_name(config-ctx)#
 
You revisit the context named “newcontext”:
[local]host_name(config)# context newcontext
[newcontext]host_name(config-ctx)#
On another occasion, you misspell the context named “newcontext”:
[local]host_name(config)# context mewcontext
Are you sure ? [Yes | No]:n
Action aborted
[local]host_name(config)#
After aborting the above action, you can again revisit “newcontext”:
[local]host_name(config)# context newcontext
[newcontext]host_name(config-ctx)#
You can control CLI autoconfirmation at the following levels:
 
Specific administrative user sessions: To enable or disable autoconfirmation, use the [no] autoconfirm commands while in the Exec mode.
All Future Sessions: To disable or re-enable autoconfirmation for all future sessions, use the [no]autoconfirm commands while in the Global Config mode.
For specific commands: Disable autoconfirmation for various commands that support the -noconfirm keyword, such as the save configuration or card reboot commands.
 
Regulating the Command Output
For many CLI commands, you can use | grep and/or | more keywords to regulate or control the command’s output.
Use the | grep keyword to filter through a command’s output for certain expressions or patterns. Only those portions of the output that contain or exclude the pattern are displayed. The | grep has the following syntax:
| grep [ -i | -v | --ignore-case | --invert-match ] expression
grep Keywords
 
Use the | more keyword to pause the terminal each time the terminal window reaches its display limit. Press any key to display the next screen. The function of this keyword is identical to the autoless command, except that you must manually enter it on a command-by-command basis.
 
Viewing Command History
To view a history of all commands line by line, simply scroll up or down with the <up arrow> and <down arrow> cursor keys on the keyboard.
The operating system supports EMACS-style text editing commands. This standard UNIX text editor format allows you to use keyboard-based shortcut keys for maneuvering around the CLI. The following table lists these available shortcut keys.
EMACS Shortcut Keystrokes
 
 
Obtaining CLI Help
The CLI provides context-sensitive help for every command token and keyword available to you. To obtain, use one of these methods:
 
Command Help: Command help provides assistance for a specific command. Type a question mark (?) at the end of the specific command to accesses help.
 
Example
[local]host_name# test?
test - Performs test on followed mechanism
 
Keyword Help: Keyword help provides assistance in determining the next keyword, argument, or option to use in the command syntax. Enter the command keyword, enter a space, and then type a question mark (?).
 
Example
[local]host_name# test alarm ?
audible - Tests internal audible alarm buzzer on SPC
central-office - Tests specified central office alarm relays on SPIO card
<cr> - newline
 
Variable Help: Variable help provides the correct format, value, or information type for each variable that is part of the command syntax. For commands with variables, enter the command keyword, enter a space, and then type a question mark (?).
 
Example
[local]host_name# show card info ?
<Enter card number as an integer ranging 1 to 48> | - Pipeline <cr> - Carriage Return or <Enter> key
 
Exiting the CLI and CLI Command Modes
A CLI session is defined as the successful login into the CLI. When you establish a CLI session, you are placed into the system’s Exec Mode. Depending upon your user privilege level, you can:
 
Use the local context to perform system management functions
This section addresses how to properly exit the various modes and the CLI.
 
Exiting Configuration Sub-modes
To exit a configuration sub-mode and return to the next highest configuration sub-mode or Global Configuration Mode, type the exit command at the system prompt.
 
Example
[context_name]host_name(config-ctx)# exit
[local]host_name(config)#
 
Important: The CLI supports implicit mode-exits when using configuration files. Therefore, configuration files do not have to contain all of the required exit commands for you to leave various sub-config modes.
To exit a sub-mode and return to the Exec Mode, enter the end command.
 
Example
[local]host_name(config-ctx)# end
[local]host_name#
 
Exiting Global Configuration Mode
To exit Global Configuration Mode, and return to the Exec Mode prompt, type the exit command at the prompt.
 
Ending a CLI Session
To end a CLI session and exit the CLI, type the exit command at the local Exec Mode prompt.
 
Accessing the CLI
Access the CLI through the following methods:
 
 
Important: Even though you can access the CLI remotely through any available IP interface, it is recommended that management traffic be isolated from network traffic by using one of the SPIO card management interfaces. You can use remote login methods only after the system has been configured to support the various access methods.
 
Important: Multiple CLI sessions are supported, but the number of sessions is dependent on the amount of available memory. The Resource Manager reserves enough resources so that as a minimum, 15 CLI sessions are assured. One of the CLI sessions is always reserved for use exclusively by a CLI session on an SPIO console interface. Additional CLI sessions beyond the pre-reserved set are permitted if sufficient SMC resources are available. If the Resource Manager is unable to reserve additional resources, you are prompted whether to allow the system to create the new CLI session, even without the reserved resources.
 
Accessing the CLI Locally Using the Console Port
This section provides instructions for accessing the CLI locally through the console port.
 
Console Port
Access the console port with the RJ-45-to-DB-9 serial (EIA-232) cable that is shipped with the Switch Processor Input/Output (SPIO)Connect to a workstation that has a communications application that accesses the workstation’s serial port, such as Minicom for Linux or HyperTerminal® for MicroSoft Windows®.
Each of the two SPIO Line Cards installed in the system provides a console port for accessing the CLI. The CLI is only accessible from the SPIO that is active—typically the SPIO installed in chassis slot 24.
For normal operation, the SMC in chassis slot 8 serves as the active processing card for the system. The SPIO that corresponds to this SMC is installed in slot 24. For the processing card in chassis slot 9, the corresponding SPIO is installed in slot 25.
Important: In the event of aSMC switchover, in which processes are switched from the processing card in slot 8 that was previously active to the redundant processing card in slot 9, the SPIO in slot 24 continues to serve as the active SPIO. Therefore, the console port is still accessible through that SPIO.
Follow the instructions below to connect to the console port.
 
1.
2.
3.
 
 
Important: To change the configuration defined in the table above, modify the terminal command located in the Global configuration mode.
4.
5.
 
Remotely Accessing the CLI
To remotely access the CLI through a defined management interface, you must first configure the remote access method (such as Telnet or SSH).
You can find examples of how to configure this in the Getting Started chapter.

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883