System Commands
This chapter describes the command-line interface (CLI) commands that you can use to manage and monitor the Prime Cable Provisioning Device Provisioning Engine (DPE).
If you run these commands on an unlicensed DPE, a message similar to this one appears:
This DPE is not licensed. Your request cannot be serviced. Please check with your system administrator for a DPE license.
The commands described in this chapter are:
|
|
|
|
|
|
|
|
|
|
aaa authentication |
Configures user authentication, authorization, and accounting services. |
|
P |
P |
P |
P |
|
disable |
Exits the enable mode. |
|
P |
P |
P |
|
|
enable |
Accesses the enable mode. |
P |
|
P |
P |
|
|
exit |
Closes a Telnet connection to the DPE. |
P |
P |
P |
|
|
|
help |
Displays a usage screen that assists you in using the commands on the CLI. |
P |
P |
P |
|
|
|
password |
Changes the local system password, using which you can access the DPE. |
|
P |
P |
P |
P |
|
show clock |
Displays the current system time and date. |
P |
P |
P |
|
|
|
show commands |
Displays all available commands on the CLI. |
P |
P |
P |
|
|
|
show disk |
Identifies the disk that the DPE is currently using. |
P |
P |
P |
|
|
|
show hostname |
Displays the hostname of the DPE. |
P |
P |
P |
|
|
|
show ip |
Displays the current general IP settings configured on the DPE. |
P |
P |
P |
|
|
|
show ip route |
Displays the IP routing table of the DPE. |
P |
P |
P |
|
|
|
show memory |
Displays the current memory and swap space that are available on the DPE server. |
P |
P |
P |
|
|
|
show running-config |
Displays the current configuration on the DPE. |
P |
P |
P |
|
|
|
show tftp files |
Displays the files that are stored in the DPE cache. |
|
P |
P |
P |
|
|
show version |
Displays the current version of DPE software. |
P |
P |
P |
|
|
|
tacacs-server host |
Adds the TACACS+ server host address to the list of hosts. |
|
P |
P |
P |
P |
|
no tacacs-server host |
Removes the TACACS+ server host address from the list of hosts. |
|
P |
P |
P |
P |
|
tacacs-server retries |
The maximum number of times the TACACS+ client tries to connect with the TACACS+ server. |
|
P |
P |
P |
P |
|
tacacs-server timeout |
Sets the maximum length of time that the TACACS+ client waits for a response from the TACACS+ server. |
|
P |
P |
P |
P |
|
radius-server host |
Adds the RADIUS server host address to the list of hosts. |
|
P |
P |
P |
P |
|
no radius-server host |
Removes the RADIUS server host address from the list of hosts. |
|
P |
P |
P |
P |
|
radius-server retries |
The maximum number of times the RADIUS client tries to connect with the RADIUS server. |
|
P |
P |
P |
P |
|
radius-server timeout |
Sets the maximum length of time that the RADIUS client waits for a response from the RADIUS server. |
|
P |
P |
P |
P |
|
uptime |
Shows the time during which the system is operational. |
P |
P |
P |
|
|
|
aaa authentication
Use the aaa authentication command to configure the CLI for user authentication, authorization, and accounting services using the local login or remote TACACS+ or RADIUS servers. This setting applies to all Telnet and console CLI interfaces.
Syntax Description
aaa authentication { tacacs | radius}
- tacacs —In this mode, the CLI server sequentially attempts a TACACS+ exchange with each server in the TACACS+ server list. The attempts continue for a specified number of retries. If the CLI reaches the end of the server list without a successful protocol exchange, a message is displayed indicating that the servers were not reachable. The CLI again prompts for the username and password. Enter the local CLI admin username and password to gain access to the CLI even if the TACACS+ service is unavailable.
- radius —In this mode, user authentication is performed via RADIUS server. The RADIUS server authentication details are similar to TACACS+ server. Cisco AV-pair needs to be configured in the RADIUS server to support DPE CLI RADIUS authentication. Cisco IOS/PIX 6.x is the RADIUS server that supports Cisco AV-pair in the Access Control Server (ACS) server. The Cisco AV-pair attribute value is:
cp:groups=<group-name>
For example:
cp:groups=Administrators
Note When you telnet to DPE CLI, you are prompted to enter the username and password. You can either enter the username and password of the local DPE CLI admin user or a user configured in TACACS or Radius. At any given time, either of the TACACS or Radius server is enabled.
Defaults
AAA authentication is always enabled for the local admin user, even when RADIUS or TACACS+ is not configured.
Examples
This result occurs when you enable user authentication in the TACACS+ mode.
bac_dpe# aaa authentication tacacs
This result occurs when you enable user authentication in the radius mode.
bac_dpe# aaa authentication radius
disable
Use the disable command to exit the enable mode on the DPE. Once you exit the enable mode, you can view only those commands that relate to system configuration.
Syntax Description
No keywords or arguments.
Defaults
No default behavior or values.
enable
Use the enable command to access the DPE in the enable mode. You need not access the enable mode to view the system configuration; however, only in this mode can you change the system configuration, state, and data.
You must have the PRIV_DPE_UPDATE privilege to enter the enable mode using enable command.
Syntax Description
No keywords or arguments.
Defaults
The default password to access the enable mode is changeme.
Examples
This result occurs if you do not have the PRIV_DPE_UPDATE privilege.
Sorry, insufficient privileges.
exit
Use the exit command to close a Telnet connection to the DPE and return to the login prompt. After running this command, a message indicates that the Telnet connection has been closed.
Syntax Description
No keywords or arguments.
Defaults
No default behavior or values.
Examples
This result occurs when you have accessed the CLI by specifying the hostname of the DPE.
Connection to 10.10.2.10 closed by foreign host.
This result occurs when you have accessed the CLI without specifying the hostname.
Connection to 0 closed by foreign host.
This result occurs when the Telnet connection closes because the CLI has been idle and the timeout period expired.
Connection to 0 closed by foreign host.
help
Use the help command to display a help screen that can assist you in using the DPE CLI. If you need help on a particular command, or to list all available commands, enter command ? or ?, respectively.
Once you enter the command, a screen prompt appears to explain how you can use the help function.
Command Types
Two types of help are available:
1. Full help is available when you are ready to enter a command argument, such as show ?, and describes each possible argument.
2. Partial help is available when you enter an abbreviated argument and want to know what arguments match the input; for example, show c?.
Syntax Description
No keywords or arguments.
Defaults
No default behavior or values.
Examples
This result occurs when you use the help command.
Help may be requested at any point in a command by entering a question mark '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
1) Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument.
2) Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. "show c?").
This result occurs when you invoke the full help function for a command; for example, show ?.
Note The help command output differs depending on the mode–login or enable–in which you run the command.
bundles Shows the archived bundles.
clock Shows the current system time.
commands Shows the full command hierarchy.
device-config Show device configuration
disk Shows the current disk usage.
dpe Shows the status of the DPE process if started.
hostname Shows the system hostname.
ip Shows IP configuration details.
log Shows recent log entries.
memory Shows the current memory usage.
running-config Shows the DPE configuration.
version Shows DPE version.
This result occurs when you invoke the partial help function for arguments of a command; for example, show clock.
Thu Oct 25 01:20:14 EDT 2007
password
Use the password command to change the local system password, which you use to access the DPE. The system password is changed automatically for future logins and for FTP access.
Note The changes that you introduce through this command take effect for new users, but users who are currently logged in are not disconnected.
Syntax Description
password password
password —Identifies the new DPE password.
Defaults
The default password for accessing the DPE is changeme.
Examples
This result occurs when you change the password without being prompted (using an approach easier for scripting).
bac_dpe# password password2
Password changed successfully.
This result occurs when you are prompted for the password, and the password is changed successfully.
New password: <password1>
Retype new password: <password1>
Password changed successfully.
This result occurs when you enter an incorrect password.
New password: <password1>
Retype new password: <paswsord1>
Sorry, passwords do not match.
show
Use the show command to view system settings and status. Table 2-1 lists the keywords that you can use with this command.
Note To view the output for show disk, show ip, show ip route, and show memory on Linux, see man mpstat.
Table 2-1 List of show Commands
|
|
show clock |
Displays the current system time and date. |
No keywords or arguments. |
No default behavior or values. |
This result occurs when you run the show clock command:
Thu Oct 25 01:20:14 EDT 2007
|
show commands |
Displays all commands on the DPE depending on the mode (login or enable) in which you access the CLI. |
No keywords or arguments. |
No default behavior or values. |
This result occurs in the login mode.
> show device-config duid <DUID>
> show device-config mac <mac-address>
> show log last <1..9999>
Note The output presented in these examples is trimmed. This result occurs in the enable mode.
> aaa authentication radius
> aaa authentication tacacs
> debug dpe event-manager
> debug service packetcable 1 netsnmp
> debug service packetcable 1 registration
> debug service packetcable 1 registration-detail
> debug service packetcable 1 snmp
> debug service tftp 1 <ipv4|ipv6>
To view the commands that flow beyond your screen, place the cursor at the
[more] prompt and press Spacebar.
|
|
Identifies the disk that the DPE is currently using. Once you enter the command, disk drive statistics appear. |
show disk |
No keywords or arguments. |
No default behavior or values. |
show hostname |
Displays the hostname configured for the DPE. |
No keywords or arguments. |
No default behavior or values. |
hostname = bac_dpe.example.com
|
show ip |
Displays the current general IP settings configured on the DPE. The DPE uses these settings when it reboots. For specific interface settings, use the show interface commands. |
No keywords or arguments. |
No default behavior or values. |
show ip route |
Displays the IP routing table of the DPE, including any custom routes. The default gateway is indicated by the G flag in the flags column. |
|
No keywords or arguments. |
No default behavior or values. |
show memory |
Displays the current memory and swap space that are available on the device running the DPE. |
|
No keywords or arguments. |
No default behavior or values. |
show running-config |
Displays the current configuration on the DPE. |
No keywords or arguments. |
No default behavior or values. |
bac_dpe#
show running-config
dpe port 49186
dpe provisioning-group primary default
dpe rdu-server bacdev2-t5220-1-d8 49187
dpe shared-secret <value is set>
log level 5-notification
no debug all
no debug dpe cache
no debug dpe connection
no debug dpe device-config-compression
no debug dpe device-config-compression-details
no debug dpe device-config-decompression
no debug dpe device-config-decompression-details
no debug dpe dpe-server
no debug dpe event-manager
no debug dpe exceptions
no debug dpe framework
no debug dpe messaging
no debug service packetcable 1 netsnmp
no debug service packetcable 1 registration
no debug service packetcable 1 registration-detail
no debug service packetcable 1 snmp
no dpe docsis emic-shared-secret
no dpe docsis shared-secret
no dpe provisioning-group secondary
no service packetcable 1 snmp key-material
radius-server retries 3
radius-server timeout 3
service tftp 1 ipv4 verify-ip
service tftp 1 ipv6 verify-ip
snmp-server community baccread ro
snmp-server community baccwrite rw
snmp-server contact <unknown>
snmp-server location <unknown>
snmp-server udp-port 8001
tacacs-server retries 2
tacacs-server timeout 5
|
show tftp files |
Displays the files that are stored in the DPE cache. You cannot use this command to display the files that are stored in the local directory. |
No keywords or arguments. |
The default is 500. |
This result occurs when you run the show tftp files command:
The list of TFTP files currently in DPE cache
unprov_packet_cable.bin 333
DPE caching 10 external files.
Listing the first 10 files, 0 files omitted
|
show version |
Displays the current version of DPE software. |
No keywords or arguments. |
No default behavior or values. |
This result occurs when you run the show version command:
Version: BAC 5.1 (BAC_LNX_TRUNK_20121203_2231_1128)
|
tacacs-server
Use the tacacs-server command to configure user authentication settings in TACACS+. Table 2-2 lists the keywords that you can use with this command.
Table 2-2 List of tacacs-server Commands
|
|
tacacs-server host |
Adds the TACACS+ server host address to the list of hosts. When you enable TACACS+ authentication, the client attempts to authenticate the user with the first reachable server. If the authentication succeeds the user is allowed to log in depending on the privileges obtained from the user group specified in the CISCO AV Pair (cp:groups). If the first server is not reachable, then the next server in the list is attempted till the list exhausts. To remove a TACACS+ server from the list of TACACS+ servers in the CLI, use the no form of this command. See no tacacs-server host. |
tacacs-server host host [ key encryption-key ]
- host —Specifies the IP address or the hostname of the TACACS+ server.
- encryption-key —Identifies the encryption key (optional).
|
No default behavior or values. |
This result occurs when you add a TACACS+ server using its IP address (10.0.1.1) without encryption.
bac_dpe#
tacacs-server host 10.0.1.1
This result occurs when you add a TACACS+ server using its IP address (10.0.1.1) and an encryption key (hg667YHHj).
bac_dpe#
tacacs-server host 10.0.1.1 key hg667YHHj
This result occurs when you add a TACACS+ server using its hostname (tacacs1.cisco.com) without encryption.
bac_dpe#
tacacs-server host tacacs1.example.com
This result occurs when you add a TACACS+ server using its hostname (tacacs1.cisco.com) and an encryption key (hg667YHHj).
bac_dpe#
tacacs-server host tacacs1.example.com key hg667YHHj
|
no tacacs-server host |
Removes the TACACS+ server host address from the list of hosts. To add a TACACS+ server, see tacacs-server host. |
no tacacs-server host host host— Specifies either the IP address or the hostname of the TACACS+ server. |
No default behavior or values. |
This result occurs when you remove a TACACS+ server using its IP address.
bac_dpe#
no tacacs-server host 10.0.1.1
This result occurs when you remove a TACACS+ server using its hostname.
bac_dpe#
no tacacs-server host tacacs1.example.com
|
tacacs-server retries |
Sets the maximum number of times the TACACS+ protocol exchange is tried before the TACACS+ client considers a specific TACACS+ server unreachable. When this limit is reached, the TACACS+ client moves to the next server in its TACACS+ server list till the list has been exhausted. |
tacacs-server retries value value —Specifies a dimensionless number from 1 to 100. This value applies to all TACACS+ servers. |
The default is 3. |
This result occurs when you configure retry value for TACACS+ server:
bac_dpe#
tacacs-server retries 10
|
tacacs-server timeout |
Sets the maximum length of time that the TACACS+ client waits for a response from the TACACS+ server before it considers the protocol exchange to have failed. |
tacacs-server timeout value value— Specifies the maximum length of time that the TACACS+ client waits for a TACACS+ server response. This value must be from 1 to 300 seconds, and applies to all TACACS+ servers. |
The default is 5 seconds. |
This result occurs when you configure timeout value for TACACS+ server:
bac_dpe#
tacacs-server timeout 10
|
radius-server
Use the radius-server command to configure user authentication settings in RADIUS. Table 2-3 lists the keywords that you can use with this command.
Table 2-3 List of radius-server Commands
|
|
radius-server host |
Adds the RADIUS server host address to the list of hosts. When you enable RADIUS authentication, the client attempts to authenticate the user with the first reachable server. If the authentication succeeds, the user is allowed to login depending on the privileges obtained from the user group specified in the CISCO AV Pair (cp:groups). If the first server is not reachable then the next server in the list is attempted till the list exhausts. The order of the commands that appears in show run is the order in which they are contacted. To remove a RADIUS server from the list of RADIUS servers in the CLI, use the no form of this command. See no radius-server host. |
radius-server host host [ key encryption-key ] [port port-number]
- host —Specifies the IP address or the hostname of the RADIUS server.
- encryption-key —Identifies the encryption key (optional).
- port-number—Identifies the port number (optional).
|
No default behavior or values. |
This result occurs when you add a RADIUS server using its IP address with key and port number.
bac_dpe#
radius-server host 10.10.10.10 key secret port 1812
|
no radius-server host |
Removes the RADIUS server host address from the list of hosts. For details about adding a RADIUS server, see radius-server host. |
no radius-server host host host— Specifies either the IP address or the hostname of the RADIUS server. |
No default behavior or values. |
This result occurs when you remove a RADIUS server using its IP address:
bac_dpe# no
radius-server host 10.10.10.10
% OK |
radius-server retries |
Sets the maximum number of times the RADIUS protocol exchange is tried before the RADIUS client considers a specific RADIUS server unreachable. When this limit is reached, the RADIUS client moves to the next server in its RADIUS server list till the list has been exhausted. |
radius-server retries value value —Specifies a dimensionless number from 1 to 10. This value applies to all RADIUS servers. |
The default is 3. |
This result occurs when you configure retry value for RADIUS server:
bac_dpe#
radius-server retries 10
|
radius-server timeout |
Sets the maximum length of time that the RADIUS client waits for a response from the RADIUS server before it considers the protocol exchange to have failed. |
radius-server timeout value value— Specifies maximum length of time that the RADIUS client waits for a RADIUS server response. This value must be from 1 to 30 seconds, and applies to all RADIUS servers. |
The default is 3 seconds. |
This result occurs when you configure timeout value for RADIUS server:
bac_dpe#
radius-server timeout 5
|
uptime
Use the uptime command to identify how long the system has been operational. This information is useful for determining how frequently the device is rebooted. It is also helpful when checking the reliability of the DPE when it is in a stable condition.
Syntax Description
No keywords or arguments.
Defaults
No default behavior or values.
Examples
1:47am up 496 day(s), 8:49, 1 user, load average: 0.14, 0.07, 0.06