The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the command-line interface (CLI) commands that you can use to manage and monitor the Prime Cable Provisioning Device Provisioning Engine (DPE).
If you run these commands on an unlicensed DPE, a message similar to this one appears:
This DPE is not licensed. Your request cannot be serviced. Please check with your system administrator for a DPE license.
The commands described in this chapter are:
Use the aaa authentication command to configure the CLI for user authentication, authorization, and accounting services using the local login or remote TACACS+ or RADIUS servers. This setting applies to all Telnet and console CLI interfaces.
aaa authentication { tacacs | radius}
Note When you telnet to DPE CLI, you are prompted to enter the username and password. You can either enter the username and password of the local DPE CLI admin user or a user configured in TACACS or Radius. At any given time, either of the TACACS or Radius server is enabled.
AAA authentication is always enabled for the local admin user, even when RADIUS or TACACS+ is not configured.
This result occurs when you enable user authentication in the TACACS+ mode.
This result occurs when you enable user authentication in the radius mode.
Use the disable command to exit the enable mode on the DPE. Once you exit the enable mode, you can view only those commands that relate to system configuration.
Use the enable command to access the DPE in the enable mode. You need not access the enable mode to view the system configuration; however, only in this mode can you change the system configuration, state, and data.
You must have the PRIV_DPE_UPDATE privilege to enter the enable mode using enable command.
This result occurs if you do not have the PRIV_DPE_UPDATE privilege.
Use the exit command to close a Telnet connection to the DPE and return to the login prompt. After running this command, a message indicates that the Telnet connection has been closed.
This result occurs when you have accessed the CLI by specifying the hostname of the DPE.
This result occurs when you have accessed the CLI without specifying the hostname.
This result occurs when the Telnet connection closes because the CLI has been idle and the timeout period expired.
Use the help command to display a help screen that can assist you in using the DPE CLI. If you need help on a particular command, or to list all available commands, enter command ? or ?, respectively.
Once you enter the command, a screen prompt appears to explain how you can use the help function.
Two types of help are available:
1. Full help is available when you are ready to enter a command argument, such as show ?, and describes each possible argument.
2. Partial help is available when you enter an abbreviated argument and want to know what arguments match the input; for example, show c?.
This result occurs when you use the help command.
This result occurs when you invoke the full help function for a command; for example, show ?.
Note The help command output differs depending on the mode–login or enable–in which you run the command.
This result occurs when you invoke the partial help function for arguments of a command; for example, show clock.
Use the password command to change the local system password, which you use to access the DPE. The system password is changed automatically for future logins and for FTP access.
Note The changes that you introduce through this command take effect for new users, but users who are currently logged in are not disconnected.
This result occurs when you change the password without being prompted (using an approach easier for scripting).
This result occurs when you are prompted for the password, and the password is changed successfully.
This result occurs when you enter an incorrect password.
Use the show command to view system settings and status. Table 2-1 lists the keywords that you can use with this command.
Note To view the output for show disk, show ip, show ip route, and show memory on Linux, see man mpstat.
Use the tacacs-server command to configure user authentication settings in TACACS+. Table 2-2 lists the keywords that you can use with this command.
|
|
|
---|---|---|
Adds the TACACS+ server host address to the list of hosts. When you enable TACACS+ authentication, the client attempts to authenticate the user with the first reachable server. If the authentication succeeds the user is allowed to log in depending on the privileges obtained from the user group specified in the CISCO AV Pair (cp:groups). If the first server is not reachable, then the next server in the list is attempted till the list exhausts. To remove a TACACS+ server from the list of TACACS+ servers in the CLI, use the no form of this command. See no tacacs-server host. |
||
|
|
|
This result occurs when you add a TACACS+ server using its IP address (10.0.1.1) without encryption. This result occurs when you add a TACACS+ server using its IP address (10.0.1.1) and an encryption key (hg667YHHj). This result occurs when you add a TACACS+ server using its hostname (tacacs1.cisco.com) without encryption. This result occurs when you add a TACACS+ server using its hostname (tacacs1.cisco.com) and an encryption key (hg667YHHj). |
||
Removes the TACACS+ server host address from the list of hosts. To add a TACACS+ server, see tacacs-server host. |
||
host— Specifies either the IP address or the hostname of the TACACS+ server. |
|
|
This result occurs when you remove a TACACS+ server using its IP address. This result occurs when you remove a TACACS+ server using its hostname. |
||
Sets the maximum number of times the TACACS+ protocol exchange is tried before the TACACS+ client considers a specific TACACS+ server unreachable. When this limit is reached, the TACACS+ client moves to the next server in its TACACS+ server list till the list has been exhausted. |
||
value —Specifies a dimensionless number from 1 to 100. This value applies to all TACACS+ servers. |
|
|
This result occurs when you configure retry value for TACACS+ server: |
||
Sets the maximum length of time that the TACACS+ client waits for a response from the TACACS+ server before it considers the protocol exchange to |
||
value— Specifies the maximum length of time that the TACACS+ client waits for a TACACS+ server response. This value must be from 1 to 300 seconds, and applies to all TACACS+ servers. |
|
|
This result occurs when you configure timeout value for TACACS+ server: |
Use the radius-server command to configure user authentication settings in RADIUS. Table 2-3 lists the keywords that you can use with this command.
|
|
|
---|---|---|
Adds the RADIUS server host address to the list of hosts. When you enable RADIUS authentication, the client attempts to authenticate the user with the first reachable server. If the authentication succeeds, the user is allowed to login depending on the privileges obtained from the user group specified in the CISCO AV Pair (cp:groups). If the first server is not reachable then the next server in the list is attempted till the list exhausts. The order of the commands that appears in show run is the order in which they are contacted. To remove a RADIUS server from the list of RADIUS servers in the CLI, use the no form of this command. See no radius-server host. |
||
radius-server host host [ key encryption-key ] |
|
|
This result occurs when you add a RADIUS server using its IP address with key and port number. |
||
Removes the RADIUS server host address from the list of hosts. For details about adding a RADIUS server, see radius-server host. |
||
host— Specifies either the IP address or the hostname of the RADIUS server. |
|
|
This result occurs when you remove a RADIUS server using its IP address: |
||
Sets the maximum number of times the RADIUS protocol exchange is tried before the RADIUS client considers a specific RADIUS server unreachable. When this limit is reached, the RADIUS client moves to the next server in its RADIUS server list till the list has been exhausted. |
||
value —Specifies a dimensionless number from 1 to 10. This value applies to all RADIUS servers. |
|
|
This result occurs when you configure retry value for RADIUS server: |
||
Sets the maximum length of time that the RADIUS client waits for a response from the RADIUS server before it considers the protocol exchange to |
||
value— Specifies maximum length of time that the RADIUS client waits for a RADIUS server response. This value must be from 1 to 30 seconds, and applies to all RADIUS servers. |
|
|
This result occurs when you configure timeout value for RADIUS server: |
Use the uptime command to identify how long the system has been operational. This information is useful for determining how frequently the device is rebooted. It is also helpful when checking the reliability of the DPE when it is in a stable condition.