System Commands

This chapter describes the command-line interface (CLI) commands that you can use to manage and monitor the Cisco Broadband Access Center (BAC) Device Provisioning Engine (DPE).

If you run these commands on an unlicensed DPE, a message similar to this one appears: 

This DPE is not licensed. Your request cannot be serviced. Please check with your 
system administrator for a DPE license.

The commands described in this chapter are:

Command
Description
CLI Mode
Login
Privileged

aaa authentication

Configures user authentication, authorization, and accounting services.

 

P

disable

Exits the privileged mode.

 

P

enable

Accesses the privileged mode.

P

 

enable password

Changes the local password, using which you access the privileged mode.

 

P

exit

Closes a Telnet connection to the DPE.

P

P

help

Displays a usage screen that assists you in using the commands on the CLI.

P

P

password

Changes the local system password, using which you access the DPE.

 

P

show clock

Displays the current system time and date.

P

P

show commands

Displays all available commands on
the CLI.

P

P

show cpu

Identifies CPU usage for the DPE server.

P

P

show disk

Identifies the disk that the DPE is
currently using.

P

P

show hostname

Displays the hostname of the DPE.

P

P

show ip

Displays the current general IP settings configured on the DPE.

P

P

show ip route

Displays the IP routing table of the DPE.

P

P

show memory

Displays the current memory and swap space that are available on the DPE server.

P

P

show running-config

Displays the current configuration on
the DPE.

P

P

show tftp files

Displays the files that are stored in the
DPE cache.

 

P

show version

Displays the current version of
DPE software.

P

P

tacacs-server host

Adds a TACACS+ server to the end of the TACACS+ client's list of TACACS+ servers.

 

P

no tacacs-server host

Removes a TACACS+ server from the list of TACACS+ servers in the CLI.

 

P

tacacs-server retries

Sets the maximum number of times the TACACS+ protocol exchange is tried before the TACACS+ client considers a specific TACACS+ server unreachable.

 

P

tacacs-server timeout

Sets the maximum length of time that the TACACS+ client waits for a response from the TACACS+ server.

 

P

uptime

Identifies how long the system has
been operational.

P

P


aaa authentication

Use the aaa authentication command to configure the CLI for user authentication, authorization, and accounting services using the local login or remote TACACS+ authentication. This setting applies to all Telnet and console CLI interfaces.

TACACS+ is a TCP-based protocol that supports centralized access control for several network devices and user authentication for the DPE CLI. Using TACACS+, a DPE supports multiple users (and their individual usernames) and the login and enable passwords configured at the TACACS+ server.

Syntax Description

aaa authentication {local | tacacs}

local—In this mode, user authentication is enabled via a local login.

tacacs—In this mode, the CLI server sequentially attempts a TACACS+ exchange with each server in the TACACS+ server list. The attempts continue for a specified number of retries. If the CLI reaches the end of the server list without a successful protocol exchange, authentication is automatically enabled in the local mode. In this manner, you can gain access to the CLI even if the TACACS+ service is unavailable.

Note When you configure TACACS+ authentication, you are prompted to enter the username and password configured at the TACACS+ server; local authentication, however, prompts only for the local configured password.

Defaults

AAA authentication is enabled by default in the local mode.

Examples

This result occurs when you enable user authentication in the local mode. 

bac_dpe# aaa authentication local

% OK

This result occurs when you enable user authentication in the TACACS+ mode. 

bac_dpe# aaa authentication tacacs

% OK

This result occurs when you have configured user authentication in the TACACS+ mode and try to access the privileged mode on the DPE (using the enable command). If the CLI server is unable to establish a successful protocol exchange with the servers in the TACACS+ list, it reverts to local user authentication and prompts you for the local configured password. 

bac_dpe> enable


TACACS+: all hosts unreachable or no hosts configured

Reverting to local authentication mode

Password: <changeme>

Note If you enter an incorrect password, the following error message appears:
Sorry, invalid password.

disable

Use the disable command to exit the privileged mode on the DPE. Once you exit the privileged mode, you can view only those commands that relate to system configuration.

Syntax Description

No keywords or arguments.

Defaults

No default behavior or values.

Examples 

bac_dpe# disable

bac_dpe>

enable

Use the enable command to access the DPE in the privileged mode. You need not access the privileged mode to view the system configuration; however, only in this mode can you change the system configuration, state, and data.

Once you enter the enable command, you are prompted to enter the local, configured, privileged mode password. For information on setting this password, see enable password.

Syntax Description

No keywords or arguments.

Defaults

The default password to access the privileged mode is changeme.

Examples 

bac_dpe> enable

Password: <password2>

bac_dpe#

enable password

Use the enable password command to change the local password that allows you to access the DPE in the privileged mode. You can change the privileged mode password only in the privileged mode.

Once the password is changed, all users who, from that point forward, attempt to access the privileged mode must use the new password.

Note This command does not change the login password; it only changes the local privileged mode password. You do not use this command when you enable user authentication in the TACACS+ mode, because TACACS+ authentication prompts for the username and password configured at the TACACS+ server. For more information, see aaa authentication.

Syntax Description

When entering the enable password command, you can specify the password on the command line or when prompted.

enable password password

passwordSpecifies the local configured password currently in effect or, optionally, provides a new password. If you omit this parameter, you are prompted for the password.

Defaults

The default password to access the privileged mode is changeme.

Examples

This result occurs when you enter the password without being prompted, and the password is changed successfully. 

bac_dpe# enable password password1

Password changed successfully.

This result occurs when you are prompted to enter the password, and the password is changed successfully. 

bac_dpe# enable password

New enable password: <password2>

Retype new enable password: <password2>

Password changed successfully.

This result occurs when you enter an incorrect password. 

bac_dpe# enable password

New enable password: <password2>

Retype new enable password: <paswsord2>

Sorry, passwords do not match.

exit

Use the exit command to close a Telnet connection to the DPE and return to the login prompt. After running this command, a message indicates that the Telnet connection has been closed.

Syntax Description

No keywords or arguments.

Defaults

No default behavior or values.

Examples

This result occurs when you have accessed the CLI by specifying the hostname of the DPE. 

bac_dpe# exit

% Connection closed.

Connection to 10.10.2.10 closed by foreign host.

This result occurs when you have accessed the CLI without specifying the hostname. 

bac_dpe# exit

% Connection closed.

Connection to 0 closed by foreign host.

This result occurs when the Telnet connection closes because the CLI has been idle and the timeout period expired. 

bac_dpe# 

% Connection timed out.

Connection to 0 closed by foreign host.

help

Use the help command to display a help screen that can assist you in using the DPE CLI. If you need help on a particular command, or to list all available commands, enter command ? or ?, respectively.

Once you enter the command, a screen prompt appears to explain how you can use the help function.

Command Types

Two types of help are available:

1. Full help is available when you are ready to enter a command argument, such as show ?, and describes each possible argument.

2. Partial help is available when you enter an abbreviated argument and want to know what arguments match the input; for example, show c?.

Syntax Description

No keywords or arguments.

Defaults

No default behavior or values.

Examples

This result occurs when you use the help command. 

bac_dpe# help

Help may be requested at any point in a command by entering a question mark '?'. If 
nothing matches, the help list will be empty and you must backup until entering a '?' 
shows the available options.


1) Full help is available when you are ready to enter a command argument (e.g. 'show ?') 
and describes each possible argument.


2) Partial help is provided when an abbreviated argument is entered and you want to know 
what arguments match the input (e.g. "show c?").

This result occurs when you invoke the full help function for a command; for example, show ?.

Note The help command output differs depending on the mode-login or privileged-in which you run the command. 

bac_dpe# show ?

  bundles         Shows the archived bundles.

  clock           Shows the current system time.

  commands        Shows the full command hierarchy.

  cpu             Shows the current CPU usage.

  device-config   Shows a device configuration

  disk            Shows the current disk usage.

  dpe             Shows the status of the DPE process if started.

  hostname        Shows the system hostname.

  ip              Shows IP configuration details.

  log             Shows recent log entries.

  memory          Shows the current memory usage.

  running-config  Shows the appliance configuration.

  tftp            Shows TFTP details.

  version         Shows DPE version.

This result occurs when you invoke the partial help function for arguments of a command; for example, show clock. 

bac_dpe# show c?

clock     commands  cpu

bac_dpe# show clock

Thu Oct 25 01:20:14 EDT 2007

password

Use the password command to change the local system password, which you use to access the DPE and which is different from the one used to access the privileged mode on the DPE. The system password is changed automatically for future logins and for FTP access.

Note The changes that you introduce through this command take effect for new users, but users who are currently logged in are not disconnected.

If you enable TACACS+ user authentication, the system prompts for the local system password only if the DPE is unable to communicate with a TACACS+ server.

Syntax Description

password password

passwordIdentifies the new DPE password.

Defaults

The default password for accessing the DPE is changeme.

Examples

This result occurs when you change the password without being prompted (using an approach easier for scripting). 

bac_dpe# password password2

Password changed successfully.

This result occurs when you are prompted for the password, and the password is changed successfully. 

bac_dpe# password

New password: <password1>

Retype new password: <password1>

Password changed successfully.

This result occurs when you enter an incorrect password. 

bac_dpe# password

New password: <password1>

Retype new password: <paswsord1>

Sorry, passwords do not match.

show

Use the show command to view system settings and status. Table 2-1 lists the keywords that you can use with this command.

Table 2-1 List of show Commands 

Command
Description

show clock

Displays the current system time and date.

Syntax Description

No keywords or arguments.

Defaults

No default behavior or values.

Example 
bac_dpe# show clock

Thu Oct 25 01:20:14 EDT 2007

show commands

Displays all commands on the DPE depending on the mode (login or privileged) in which you access the CLI.

Syntax Description

No keywords or arguments.

Defaults

No default behavior or values.

Examples

This result occurs in the login mode. 

bac_dpe> show commands

> enable

> exit

> help

> show bundles

> show clock

> show commands

> show cpu

> show disk

> show dpe

> show dpe config

> show hostname

> show ip

> show ip route

> show log

> show memory

> show running-config

> show version

> uptime

Note The output presented in these examples is trimmed.

This result occurs in the privileged mode. 

bac_dpe# show commands

> aaa authentication local

> aaa authentication tacacs

> clear bundles

> clear cache

> clear logs

> debug dpe cache

> debug dpe connection

> debug dpe dpe-server

> debug dpe event-manager

> debug dpe exceptions

> debug dpe framework

> debug dpe messaging

> debug on

> debug service packetcable <1..1> netsnmp

> debug service packetcable <1..1> registration

> debug service tftp <1..1> <ipv4|ipv6>

> disable

> dpe docsis shared-secret [0|7] <shared-secret>

> dpe port <port>

[more]


To view the commands that flow beyond your screen, press Spacebar at the 
[more] prompt.

show cpu

Identifies CPU usage for the device on which the DPE is running. Once you enter the command, CPU activities and statistics appear.

Syntax Description

No keywords or arguments.

Defaults

No default behavior or values.

When you enter show cpu, the DPE returns per-processor statistics, for the following headers, in tabular form:

Note Unless otherwise noted, all values are events per second.

CPU—Processor ID.

minf—Minor faults.

mjf—Major faults.

xcal—Interprocessor cross-calls.

intr—Interrupts.

ithr—Interrupts as threads (not counting clock interrupt).

csw—Context switches.

icsw—Involuntary context switches.

migr—Thread migrations (to another processor).

smtx—Spins on mutexes.

srw—Spins on readers' or writers' lock.

syscl—System calls.

usr—User time (percent).

sys—System time (percent).

wt—Wait time (percent).

idl—Idle time (percent).

Example 
bac_dpe# show cpu

CPU minf mjf xcal  intr ithr  csw icsw migr smtx  srw syscl  usr sys  wt 
idl

  0    9   0   31     8    6   38    3   69   24    0    90    1   0   0  
99

  1    8   0   14    22   76   60   12   69   16    0    41    1   1   0  
98

CPU minf mjf xcal  intr ithr  csw icsw migr smtx  srw syscl  usr sys  wt 
idl

  0    0   0  314   606  504  351    1   74   32    0   175    0   0   0 
100

  1    3   0    2   316  275  492    7   73   24    0   230    0   0   0 
100

show disk

Identifies the disk that the DPE is currently using. Once you enter the command, disk drive statistics appear.

Syntax Description

No keywords or arguments.

Defaults

No default behavior
or values.

When you enter show disk, the DPE returns values for:

Filesystem—Indicates path of the file system.

kbytes—Indicates size of the file system (Kb).

Used—Indicates used disk space (Kb).

Avail—Indicates available disk space (Kb).

Capacity—Indicates capacity of the disk (percent).

Mounted on—Indicates the resources on which the file system is mounted. Resources are usually directories.

Example 
bac_dpe# show disk

Filesystem            kbytes    used   avail capacity  Mounted on

/dev/dsk/c1t0d0s0    4129290 3902964  185034    96%    /

/proc                      0       0       0     0%    /proc

mnttab                     0       0       0     0%    /etc/mnttab

fd                         0       0       0     0%    /dev/fd

/dev/dsk/c1t0d0s4    4129290  571587 3516411    14%    /var

swap                 2193480      96 2193384     1%    /var/run

swap                 2194104     720 2193384     1%    /tmp

/dev/dsk/c1t0d0s6    24685535 5876418 18562262    25%    /scratch

/dev/dsk/c1t1d0s2    35009161   34753 34624317     1%    /data

show hostname

Displays the hostname configured for the DPE.

Syntax Description

No keywords or arguments.

Defaults

No default behavior
or values.

Example 
bac_dpe# show hostname

hostname = bac_dpe.example.com

show ip

Displays the current general IP settings configured on the DPE. The DPE uses these settings when it reboots.

For specific interface settings, use the show interface commands.

Syntax Description

No keywords or arguments.

Defaults

No default behavior
or values.

Example 
bac_dpe# show ip

hostname = bac_dpe_example.com

domainname = example.com

gateway = 10.10.20.10

show ip route

Displays the IP routing table of the DPE, including any custom routes. The default gateway is indicated by the G flag in the flags column.

Syntax Description

No keywords or arguments.

Defaults

No default behavior
or values.

When you enter show ip route, the DPE returns the routing table with values for the following headers:

Destination—Indicates the destination network or destination host.

Mask—Indicates the subnet mask associated with the route.

Gateway—Indicates the address of the outgoing interface.

Device—Indicates the network interfaces used for the route.

Mxfrg—Indicates the Path Maximum Transfer Unit.

Rtt—Indicates the time (in minutes) remaining before the route expires.

Ref—Indicates the current number of active uses for the route.

Flg—Indicates the state of the route, which could be:

U—Up

H—To a host rather than to a network

G—To a gateway

Out—Identifies the number of packets sent out from this interface or route.

In/Fwd—Identifies the number of packets received through this interface or route.

Example 
bac_dpe# show ip route

IRE Table: IPv4

  Destination Mask Gateway Device Mxfrg  Rtt  Ref Flg  Out  In/Fwd

----------- ----- --------- ------ ----- ----- --- --- ----- ------

10.10.10.4 255.255.255.128 10.10.20.10 eri0    1500* 0 1 U 24489 0

204.0.1.2 240.0.0.0 10.10.10.4 eri0 1500* 0   1 U 0 0

default 0.0.0.0 10.10.10.2 1500*   0   1 UG  128095   0

127.0.0.1 255.255.255.255 127.0.0.1 lo0 8232*  164  14 UH  19767884  0


IRE Table: IPv6

Destination/Mask Gateway If    PMTU   Rtt  Ref Flags  Out   In/Fwd

--------------- --------------- ----- ------ ----- --- ----- ------ 

2001:0DB8:0:0:E000::F 2001:0DB8:0:0:203:baff:fe12:d5ea eri0:1 1500* 0 1 U 
0 0

2001:0DB8:0:0:E020::A 2001:0DB8:0:0:E020:203:baff:fe12:d5ea eri0:2 1500* 
0 1 U 0 0

fe80::/10 fe80::203:baff:fe12:d5ea eri0 1500* 0   1 U 1 0

default fe80::247:7cff:fe6b:7d1c eri0 1500* 0 1 UG 0 0

default fe80::2d0:ff:fe48:6400 eri0 1500* 0 1 UG 2 0

show memory

Displays the current memory and swap space that are available on the device running the DPE.

Syntax Description

No keywords or arguments.

Defaults

No default behavior
or values.

When you enter show memory, the DPE returns values for:

kthr—Indicates the number of kernel threads in r (run queue), b (processes blocked while waiting for I/O), and w (idle processes that have been swapped).

memory—Indicates virtual and real memory usage. The value could be:

swap—Free, unreserved swap space (Kb).

free—Free memory (Kb).

page—Indicates page faults and paging activity (units per second).

re—Displays pages reclaimed from the free list.

mf—Displays minor faults.

pi—Displays pages in memory (Kb/s).

po—Displays pages out of memory (Kb/s).

fr—Displays activity of the page scanner that has been freed (Kb/s).

de—Displays pages freed after writes (Kb/s).

sr—Displays the number of pages that have been scanned.

disk—Indicates the number of disk operations per second. Each S column represents a different disk.

faults—Indicates the trap or interrupt rates (per second) as
in (interrupts), sy (system calls), and cs (context switches).

cpu—Indicates CPU usage time, in percent, as us (user time), sy (system time), and id (idle time).

Example 
bac_dpe# show memory

 kthr      memory            page            disk          faults      
cpu

 r b w   swap  free  re  mf pi po fr de sr s6 sd sd --   in   sy   cs us 
sy id

 0 0 0 2511320 1267040 1 17  0  0  0  0  0  0  0  0  0   97  120   80  1  
1 98

 0 0 0 2156784 1105272 0  4  0  0  0  0  0  0  0  2  0  918  387  800  0  
4 96

show running-config

Displays the current configuration on the DPE.

Syntax Description

No keywords or arguments.

Defaults

No default behavior or values.

Example 
bac_dpe# show running-config

  aaa authentication tacacs

  dpe port 49186

  dpe provisioning-group primary default

  dpe rdu-server bac_dpe.example.com 49187

  dpe shared-secret <value is set>

  log level 5-notification

  no debug

  no debug dpe cache

  no debug dpe dpe-server

  no debug dpe event-manager

  no debug dpe exceptions

  no debug dpe framework

  no debug dpe messaging

  no debug service packetcable 1 netsnmp

  no debug service packetcable 1 registration

  no debug service packetcable 1 registration-detail

  no debug service packetcable 1 snmp

  no dpe docsis shared-secret

  no dpe provisioning-group secondary

  no service packetcable 1 snmp key-material

  service tftp 1 ipv4 verify-ip

  service tftp 1 ipv6 verify-ip

  snmp-server community baccread ro

  snmp-server community baccwrite rw

  snmp-server contact <unknown>

  snmp-server location <unknown>

  snmp-server udp-port 8001

  tacacs-server retries 2

  tacacs-server timeout 5

show tftp files

Displays the files that are stored in the DPE cache.

You cannot use this command to display the files that are stored in the local directory.

Syntax Description

No keywords or arguments.

Defaults

The maximum number of files that this command displays is by default 500.

Example 
bac_dpe# show tftp files

 

The list of TFTP files currently in DPE cache

 

filename                      size

 

bronze.cm                     310

gold.cm                       310

silver.cm                     310

unprov.cm                     310

unprov_11.cm                  320

unprov_30.cm                  264

unprov_30v4.cm                152

unprov_30v6.cm                196

unprov_packet_cable.bin       333

unprov_wan_man.cfg            72

 

 

DPE caching 10 external files.

Listing the first 10 files, 0 files omitted

show version

Displays the current version of DPE software.

Syntax Description

No keywords or arguments.

Defaults

No default behavior or values.

Example 
bac_dpe# show version

Version: BAC 4.0 (SOL_BAC4_0_0_00000000_0000)

tacacs-server

Use the tacacs-server command to configure user authentication settings in TACACS+. Table 2-2 lists the keywords that you can use with this command.

Table 2-2 List of tacacs-server Commands 

Command
Description

tacacs-server host

Adds a TACACS+ server to the end of the TACACS+ client's list of TACACS+ servers. When you enable TACACS+ authentication, the client attempts user login authentication to each server in the list sequentially until a successful authentication exchange is executed, or the list is exhausted. If the list is exhausted, the client automatically falls into the local authentication mode (using the local system password).

Optionally, you can specify an encryption key for each TACACS+ server. If you use an encryption key, it must match the key configured at the specified TACACS+ server. If you omit the encryption key, you disable TACACS+ encryption.

To remove a TACACS+ server from the list of TACACS+ servers in the CLI, use the no form of this command. See no tacacs-server host.

Syntax Description

tacacs-server host host [key encryption-key]

host—Specifies the IP address or the hostname of the TACACS+ server.

encryption-key—Identifies the encryption key (optional).

Defaults

No default behavior or values.

Examples

This result occurs when you add a TACACS+ server using its IP address (10.0.1.1) without encryption. 

bac_dpe# tacacs-server host 10.0.1.1 

% OK

This result occurs when you add a TACACS+ server using its IP address (10.0.1.1) and an encryption key (hg667YHHj). 

bac_dpe# tacacs-server host 10.0.1.1 key hg667YHHj

% OK

This result occurs when you add a TACACS+ server using its hostname (tacacs1.cisco.com) without encryption. 

bac_dpe# tacacs-server host tacacs1.example.com

% OK

This result occurs when you add a TACACS+ server using its hostname (tacacs1.cisco.com) and an encryption key (hg667YHHj). 

bac_dpe# tacacs-server host tacacs1.example.com key hg667YHHj

% OK

no tacacs-server host

Removes a TACACS+ server from the list of TACACS+ servers in the CLI.

To add a TACACS+ server, see tacacs-server host.

Syntax Description

no tacacs-server host host

host—Specifies either the IP address or the hostname of the TACACS+ server.

Defaults

No default behavior or values.

Examples

This result occurs when you remove a TACACS+ server using its IP address. 

bac_dpe# no tacacs-server host 10.0.1.1

% OK

This result occurs when you remove a TACACS+ server using its hostname. 

bac_dpe# no tacacs-server host tacacs1.example.com

% OK

tacacs-server retries

Sets the maximum number of times the TACACS+ protocol exchange is tried before the TACACS+ client considers a specific TACACS+ server unreachable. When this limit is reached, the TACACS+ client moves to the next server in its TACACS+ server list or, if the TACACS+ list has been exhausted, falls back into local authentication mode.

Syntax Description

tacacs-server retries value

value—Specifies a dimensionless number from 1 to 100. This value applies to all TACACS+ servers.

Defaults

The maximum number of times that the TACACS+ exchange is tried before the client considers the TACACS+ server unreachable is by default 2.

Example 
bac_dpe# tacacs-server retries 10

% OK

tacacs-server timeout

Sets the maximum length of time that the TACACS+ client waits for a response from the TACACS+ server before it considers the protocol exchange to
have failed.

Syntax Description

tacacs-server timeout value

value—Specifies the length of time that the CLI waits for a TACACS+ server response. This value must be from 1 to 300 seconds, and applies to all TACACS+ servers.

Defaults

The maximum length of time that the CLI waits for a TACACS+ server response before it times out is by default 5 seconds.

Example 
bac_dpe# tacacs-server timeout 10

% OK

uptime

Use the uptime command to identify how long the system has been operational. This information is useful for determining how frequently the device is rebooted. It is also helpful when checking the reliability of the DPE when it is in a stable condition.

Syntax Description

No keywords or arguments.

Defaults

No default behavior or values.

Examples 

bac_dpe# uptime 

  1:47am  up 496 day(s),  8:49,  1 user,  load average: 0.14, 0.07, 0.06