Perle CLI IOLAN SCR1618 RDAC Console Server Reference Guide

Perle CLI IOLAN SCR1618 RDAC Console Server Reference Guide
Add to My manuals

Perle CLI is a command-line interface that provides a comprehensive set of commands for configuring and managing your Perle device. With Perle CLI, you can perform a wide range of tasks, including:

  • Managing users and groups
  • Configuring network settings
  • Monitoring system status
  • Troubleshooting and diagnostics

Perle CLI is a powerful tool that can help you to get the most out of your Perle device.

advertisement

Assistant Bot

Need help? Our chatbot has already read the manual and is ready to assist you. Feel free to ask any questions about the device, but providing details will make the conversation more productive.

Perle CLI IOLAN SCR1618 RDAC Console Server Reference Guide | Manualzz

Perle IOLAN SCR CLI

Command Reference Guide

Modified: May 2020

Version 05.06.2020

Document Part# 5500464

Copyright Statement

This document must not be reproduced in any way whatsoever, either printed or electronically, without the consent of:

Perle Systems Limited,

60 Renfrew Drive

Markham, ON

Canada

L3R 0E1

Perle reserves the right to make changes without further notice, to any products to improve reliability, function, or design.

Table of Contents

Preface ...............................................................................13

About This Book ........................................................................ 13

Intended Audience..................................................................... 13

Typeface Conventions............................................................... 13

Chapter 1 Using the Command-Line Interface ...............14

Command Modes.................................................................................... 14

Command Shortcuts .............................................................................. 15

Command Options ................................................................................. 15

Common Commands ............................................................................. 15 default..................................................................................... 15 disable.................................................................................... 15

do-exec................................................................................... 16 enable..................................................................................... 16 exit .......................................................................................... 16 help......................................................................................... 16 login........................................................................................ 16 logout ..................................................................................... 16 no............................................................................................ 16

Chapter 2 User Exec Mode...............................................19

clear ip dhcp binding................................................................. 19 enable.......................................................................................... 19

line-attach................................................................................... 20 logout .......................................................................................... 20

ping ............................................................................................. 21 release dhcp | dhcpv6 ............................................................... 21

renew dhcp | dhcpv6 ................................................................. 22

show alarm ................................................................................. 23

show arp ..................................................................................... 24

show clock.................................................................................. 24 show crypto................................................................................ 24

show dot1x ................................................................................. 25

show eap..................................................................................... 26

show environment ..................................................................... 27

show facility-alarm..................................................................... 28 show flash: ................................................................................. 28

show hosts ................................................................................. 29

show ip arp ................................................................................. 30 show ip ddns .............................................................................. 30

show ip dhcp.............................................................................. 31 show ip host-group.................................................................... 31

show ip http................................................................................ 32 show ip interface........................................................................ 32

show ip ssh ................................................................................ 33

show ipv6.................................................................................... 34

show line..................................................................................... 35 show mab ................................................................................... 35

show ntp ..................................................................................... 36

show nvram ................................................................................ 37

show radius................................................................................ 38 show snmp ................................................................................. 38

show ssh..................................................................................... 39 show tacacs................................................................................ 39

show terminal............................................................................. 40

show users ................................................................................. 40

show version.............................................................................. 41

ssh............................................................................................... 42 telnet ........................................................................................... 42

terminal ....................................................................................... 43 traceroute ................................................................................... 43

Chapter 3 Privileged EXEC mode ....................................45

archive ........................................................................................ 45

boot ............................................................................................. 48

cd................................................................................................. 49 clear aaa...................................................................................... 49

clear arp-cache........................................................................... 50 clear counters ............................................................................ 50

clear ip ........................................................................................ 51

clear ipv6 .................................................................................... 52 clear line ..................................................................................... 52

clear logging............................................................................... 53 clear radius................................................................................. 53

clear tacacs ................................................................................ 54 clock............................................................................................ 54

configure..................................................................................... 55

copy............................................................................................. 56

debug .......................................................................................... 57

delete........................................................................................... 59 dir ................................................................................................ 59

disable......................................................................................... 60 disconnect .................................................................................. 60

dot1x ........................................................................................... 61

exit............................................................................................... 62 kill................................................................................................ 62

line-attach................................................................................... 63 logout .......................................................................................... 63

mkdir ........................................................................................... 64 more ............................................................................................ 64

ping ............................................................................................. 66

pwd.............................................................................................. 67 release dhcp | dhcpv6 ............................................................... 67

reload .......................................................................................... 68

rename ........................................................................................ 69 renew........................................................................................... 69

reset ............................................................................................ 70

rmdir............................................................................................ 71 serialt .......................................................................................... 71

show aaa..................................................................................... 72 show alarm ................................................................................. 72

show archive .............................................................................. 73

show arp ..................................................................................... 74

show bgp .................................................................................... 75

show bridge................................................................................ 76

show clock.................................................................................. 77

show crypto................................................................................ 77

show debugging ........................................................................ 78 show dhcp .................................................................................. 78

show dot1x ................................................................................. 79

show eap..................................................................................... 80

show eee..................................................................................... 81

show email.................................................................................. 83 show environment ..................................................................... 83

show facility-alarm..................................................................... 84 show flash: ................................................................................. 84

show hosts ................................................................................. 86 show interfaces.......................................................................... 86

show ip access-lists .................................................................. 88 show ip alg ................................................................................. 88

show ip arp ................................................................................. 89

show ip bgp ................................................................................ 90 show ip community-list ............................................................. 90

show ip ddns.............................................................................. 91 show ip dhcp.............................................................................. 91

show ip dns ................................................................................ 92

show ip extcommunity-list........................................................ 93 show ip firewall .......................................................................... 93

show ip health ............................................................................ 94

show ip host-group.................................................................... 95 show ip http................................................................................ 95

show ip interface........................................................................ 96 show ip nat ................................................................................. 96

show ip ospf............................................................................... 97

show ip prefix-list ...................................................................... 98

show ip rip.................................................................................. 99 show ip route.............................................................................. 99

show ip route-policy ................................................................ 100

show ip ssh .............................................................................. 101 show ipv6.................................................................................. 101

show line................................................................................... 103

show logging............................................................................ 105

show mab ................................................................................. 106

show management-access ..................................................... 107 show nat66 ............................................................................... 107

show ntp ................................................................................... 108

show nvram:............................................................................. 109 show processes ....................................................................... 109

show radius...............................................................................110

show reload ...............................................................................111

show route-map ........................................................................111

show running-config ................................................................113

show serial ................................................................................115

show snmp ................................................................................116

show ssh....................................................................................117

show startup-config................................................................. 118

show system .............................................................................119

show tacacs.............................................................................. 121 show task-status...................................................................... 121

show tech-support................................................................... 122 show terminal........................................................................... 122

show users ............................................................................... 123

show version............................................................................ 124 show wan.................................................................................. 124

show zone-policy ..................................................................... 126 ssh............................................................................................. 126

telnet ......................................................................................... 127 terminal ..................................................................................... 127

traceroute ................................................................................. 128 undebug.................................................................................... 128

Chapter 4 Global Configuration Mode...........................130

aaa............................................................................................. 130

alarm ......................................................................................... 131

(config-alarm-profile) .......................................................... 131

archive ...................................................................................... 132

(config-archive) ................................................................... 132

arp ............................................................................................. 134

banner ....................................................................................... 135 bridge........................................................................................ 135

boot ........................................................................................... 136 clock.......................................................................................... 136

crypto ........................................................................................ 137

(config-client)....................................................................... 139

(config-connection)............................................................. 140

(config-esp)#........................................................................ 144

(config-ike)#......................................................................... 145

(config-12tp)#....................................................................... 147

dot1x ......................................................................................... 148

(config-dot1x-creden)# ....................................................... 149 eap............................................................................................. 149

(config-eap-profile)#............................................................ 150 email.......................................................................................... 150

enable........................................................................................ 151

hostname.................................................................................. 152 interface .................................................................................... 152

(config-if)# bvi...................................................................... 154

(config-if)# dialer ................................................................. 157

(config-if) ethernet............................................................... 159

(config-if)# openvpn-tunnel................................................ 163

(config-if)#tunnel................................................................. 165

(config-if)#range .................................................................. 167

ip................................................................................................ 171

(config-std-nacl)# ................................................................ 177

(config-dhcp)# ..................................................................... 177

(config-pbr)# ........................................................................ 179

(config-pbr-rules)# .............................................................. 179

ipv6............................................................................................ 181

(config--ipv6-acl)# ............................................................... 183

(dhcpv6-config)# ................................................................. 184

(config-fw6)#........................................................................ 185

(config-fw6-rules)# .............................................................. 186

key............................................................................................. 188

(config-key)#........................................................................ 188

(config-keychain-key)# ....................................................... 189

line............................................................................................. 189

logging...................................................................................... 190

login .......................................................................................... 192

management-access................................................................ 193

(management-access-LAN)# .............................................. 193

(management-access-WAN)#............................................. 194

nat66.......................................................................................... 195

ntp ............................................................................................. 196

power-supply............................................................................ 199

radius ........................................................................................ 200

(config-radius-server)# ....................................................... 200

radius-server ............................................................................ 201 router-map................................................................................ 201

(config-route-map)# ............................................................ 202

router......................................................................................... 203

(config-router)#.................................................................... 204

(config-router)#.................................................................... 207

(config-router)#.................................................................... 209

router-map.................................................................................211

(config-route-map)# .............................................................211

sdm............................................................................................ 213 serial.......................................................................................... 213

service....................................................................................... 215

snmp-server ............................................................................. 216

tacacs........................................................................................ 217

(config-tacacs-server)#....................................................... 218 tty............................................................................................... 218

username.................................................................................. 219

(config-user-serial)#............................................................ 219

(config-user-2factor)# ......................................................... 225 wan............................................................................................ 225

zone.......................................................................................................................................................227

(config-sec-zone)#............................................................... 228 zone-pair ................................................................................... 228

Chapter 5 Interface configuration .................................230

Interface .................................................................................... 230

(config-if)# bvi...................................................................... 231

(config-if)# dialer ................................................................. 234

(config-if) ethernet............................................................... 236

(config-if-range)#................................................................. 242

(config-if)# openvpn-tunnel................................................ 245

(config-if)# tunnel................................................................ 247

Chapter 6 Interface line mode........................................252

line............................................................................................. 252

(config-line)#console .......................................................... 252

(config-line)#tty ................................................................... 254

(config-line)#vty................................................................... 276

Preface

About This Book

This guide provides the information you need to:

 configure the IOLAN using the Command Line Interface (CLI)

Intended Audience

This guide is for administrators who will be configuring the Perle IOLAN SCR1618

RDAC hereafter knows as the IOLAN.

Some prerequisite knowledge is needed to understand the concepts and examples in this guide:

If you are using an external authentication application(s), working knowledge of the authentication application(s).

Knowledge of the transfer protocols the IOLAN uses.

Typeface Conventions

Most text is presented in the typeface used in this paragraph. Other typefaces are used to help you identify certain types of information.

The other typefaces are:

Typeface Example clear

{[

ip dhcp binding

]}

<name-of-tacacs-server>

[

15 nopassword

] | [

secret 0

password>

]

| 5

] | [

privilege 1

<cleartext-

<hidden-user-

] |

secret>

|

<cleartext-password>

]

Usage

Commands are in bold blue text and keywords for those command use bold green text.

Arguments in which you supply the values are in purple italics.

Square brackets means optional elements, but not required to complete the command. Such as command username does not require nopassword, privilege or secret for completion.

Vertical bars within this example separate alternative choices and can be viewed as an or between parameters.

Curly braces surround the entire command.

snmp-server

{[

contact

<contact-name>

]}

IOLAN User’s Guide

see

About This Book

for more information.

This typeface indicates a book or document title.

This indicates a cross-reference to another chapter or section that you can click on to jump to that section.

IOLAN SCR Command Line Reference Guide

13

1

Using the Command-Line Interface

Chapter 1

This book provides the command line interface (CLI) options available for the Perle

IOLAN SCR1618 RDAC. This chapter describes how to use the command-line interface (CLI) to configure software features. Commands are grouped by Command modes.

Command Modes

Command Mode

User EXEC mode

Privileged EXEC mode

Prompt

PerleSCR>

PerleSCR#

Global configuration mode PerleSCR#

Interface configuration mode

Line configuration mode

PerleSCR(config-if)#

PerleSCR(config-if-range)#

PerleSCR(config-line)#

Exit Mode logout

command

disable end

or command

exit

command

Access Next

Mode enable

command

configure

command

interface

command

end

command

interface

command, interface type, interface number

end

command

interface

command, interface type, interface number

Each command is broken down into several categories:

Description

—Provides a brief explanation of how the command is used.

Syntax

—Shows the actual command line options. The options can be typed in any order on the command line. The syntax explanation will use the following command to break down the command syntax:

For example: telnet 172.16.4.92

This command will open a telnet session to the host with the IP address of 172.16.4.92. If you use a name rather than an IP address, you can use the /ipv4 option to force the connection to use an IPv4 format for the network address.

For example: sdm [default|dual-ipv4-and-ipv6]

This command sdm has an option of either default or dual ipv4 and ipv6. You can specify either option but not both.

Braces ({}) group required choices and vertical bars (|) separate the alternative choices. Square brackets ([]) show the options that are available for the command.

You can type a command with each option individually, or string options together in any order you want. Brace and vertical bars within square brackets {[]} means requires a choice within and optional element. The pipe (|) within a square bracket means a choice between the elements.

IOLAN SCR Command Line Reference Guide

14

Using the Command-Line Interface

Command Shortcuts

When you type a command, you can specify the shortest unique version of that command or you can press the

TAB

key to complete the command. For example, the following command:

PerleSCR(config)#service dhcp<cr> can be typed as:

PerleSCR(config)#se d <cr> or, you can use the

TAB

key to complete the lines as you go along: se<

TAB

>d<

TAB

><cr> where the

TAB

key was pressed to complete the option as it was typed.

Command Options

When you are typing commands on the command line (while connected to the

IOLAN, you can view the options by typing a question mark (

?

), after any part of the command to see what options are available/valid. For example:

IOLAN# terminal?

help history length monitor no width

Common Commands default

For example, valid values for (config)#ip standard the same time.

]}

{

community-list

[

expanded

|

. Valid values are expanded or standard but you cannot select both at

Options

—Provides an explanation of each of the options for a command and the default value if there is one. Some commands do not have any options, so this category is absent.

UP arrow

—show a history of the previous commands entered.

Use the default command to set a command back to it’s defaults.

disable

Use the disable command to de-elevate from Privilege EXEC mode to User

Exec mode.

IOLAN SCR Command Line Reference Guide

15

Using the Command-Line Interface

do-exec

Run exec commands while in config mode.

enable

Use the enable command to elevate to Privilege EXEC mode from User Exec mode.

exit

The exit command in User EXEC mode logs you out of the IOLAN . In command mode it takes you to down one level of authority.

help

The help command gives you full help or partial help depending on your needs.

Usage Guidelines

Help may be requested at any point in a command by entering a question mark '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows available options.

Two styles of help are provided:

1. Full help is available when you are ready to enter a

command argument (e.g. show?.)

2. Partial help is provided when an abbreviated argument

and you want to know what arguments match the input

(e.g. 'show pr?'.) login

login

Log into the IOLAN . Default user name is admin and password is perle1.

logout no

Log out of the IOLAN.

Use the no command to negate a command.

IOLAN SCR Command Line Reference Guide

16

Using the Command-Line Interface

PerleSCR>? (User EXEC mode)

Exec commands: clear Reset functions enable Switch to privilege mode exit exit from EXEC help Description of the interactive help logout Logout of current user ping Send echo messages release Release a resource renew Renew a resource show Display internal settings ssh Open a secure shell client connection telnet Open a telnet connection terminal Set terminal characteristics traceroute Trace route to destination

PerleSCR>clear ? (User EXEC mode)

clear ip dhcp binding *

PerleSCR#? (Privilege EXEC mode) archive Manage archive files boot Modify system boot parameters cd Change current directory clear Reset functions clock Manage system clock configure Switch to (config)# copy Copy from one file to another debug Debugging functions (see also ’undebug’) delete Delete a file dir List files on a file system disable Leave privileged mode disconnect Disconnect an existing network connection dot1x IEEE 802.1X Exec commands exit Exit from the EXEC help Description of interactive help kill Reset the serial line attach-line Attach to a configured terminal line logout Logout of current user mkdir Create a new directory more Display the contents of a file

IOLAN SCR Command Line Reference Guide

17

Using the Command-Line Interface

no Negate a command or set its defaults

ping Send echo messages

pwd Display present working directory

release Release a resource

reload Reboot the IOLAN

rename Rename a file

renew Renew a Resource

reset Reset commands

rmdir Remove a directoy

serialt Take a serial trace

show Display internal settings ssh Open a secure shell client connection

telnet Open a telnet connection

terminal Set terminal characteristics

traceroute Trace route to destination

undebug Disable debugging function (see also ’debug’

PerleSCR#configure <cr>

Configuring from terminal <cr>

PerleSCR(config)# ((config)#)

PerleSCR(config)#interface eth 1<cr>

PerleSCR(config-if)#(Config interface mode)

IOLAN SCR Command Line Reference Guide

18

2

User Exec Mode

Chapter 2

Once you have accessed the IOLAN, you are automatically in User Exec mode. The following commands are valid in User EXEC mode.

clear ip dhcp binding clear ip dhcp binding

{[

*

|

A.B.C.D

]}

Syntax Description clear ip dhcp binding

[

*

|

A.B.C.D

]}

Type

*

to clear all automatic bindings.

Type the ip address of the specific binding to clear.

Command Modes

PerleSCR>

Usage Guidelines

You can clear all DHCP client bindings using the * parameter or clear only the binding for a specific IP address by entering in the IP address to clear.

Examples

This example show how to clear all DHCP client bindings.

PerleSCR clear ip dhcp binding * <cr>

This example shows you how to clear DHCP bindings for a specified IP address.

PerleSCR> clear ip dhcp binding 172.16.113.44 <cr>

Related Commands

show ip ddns

renew dhcp | dhcpv6

release dhcp | dhcpv6

enable

Syntax Description

Command Modes enable

PerleSCR>enable<cr>

Usage Guidelines

Takes the user from user exec level to privileged level.

Examples

This example show how to go from user level to privileged level.

PerleSCR> enable <cr>

Password:perle

PerleSCR>

Related Commands

disable

IOLAN SCR Command Line Reference Guide

19

User Exec Mode

line-attach

{[

tty

<1-16>

]}

Syntax Description

{[

tty

<1-16> <WORD>

]}

line-attach

Displays available serial ports configured for ssh or telnet protocol.

If the user logs in, line access privileges will be based on this authentication not the original authentication request.

<WORD>

SSH user name is optional. If it is not entered, the username which logged into the

IOLAN main session will be used.

PerleSCR#line-attach

Command Modes

Usage Guidelines

The line-attach feature allows you to connect to serial ports configured as Console

Management ports. The available ports for both Telnet and SSH will be displayed.

Examples

This example allows a user to connect to serial port 16 using the SSH protocol and ssh user sshlyn.

PerleSCR#line-attach tty 16 sshlyn<cr>

Related Command

show line

(config-line)#tty

logout

Syntax Description logout

Command Modes logout

Logout of the IOLAN.

PerleSCR>>

Usage Guidelines

Logs out of the IOLAN.

Examples

This example shows you how to logout of the IOLAN.

PerleSCR> logout

IOLAN SCR Command Line Reference Guide

20

User Exec Mode

ping ping

18024>

{[

<WORD>

data

<HEX DIGITS>

| repeat

<1–2147483647>

| size

<36–

]}

Syntax Description ping

{[

<WORD>

data

<HEX

DIGITS>

| repeat

<1–

2147483647>

| size

<36–18024>

]}

Type the destination.

IPv4 address or IPv6 address

Host name (pre-configured in your

IOLAN host table or a DNS server needs to be reachable

Data - input in hex data to repeat

Repeat - how many time to run the ping command

Size - specify the size of the packet to ping with

Command Default

Command Modes

56 (84) bytes of data

10 times

PerleSCR>

Usage Guidelines

Host name must be predefined in your host table or you need to use DNS lookup.

This example shows you how to ping a host with an ip address of 172.16.113.44 and repeat the ping 10 times.

PerleSCR> ping 172.16.113.44 repeat 10<cr>

64 bytes from 172.16.4.90: icmp_seq=1 ttl=64 time=2.91 ms

64 bytes from 172.16.4.90: icmp_seq=1 ttl=64 time=1.17 ms

64 bytes from 172.16.4.90: icmp_seq=1 ttl=64 time=2.93 ms

64 bytes from 172.16.4.90: icmp_seq=1 ttl=64 time=1.666 ms

64 bytes from 172.16.4.90: icmp_seq=1 ttl=64 time=0.921 ms

64 bytes from 172.16.4.90: icmp_seq=1 ttl=64 time=1.05 ms

64 bytes from 172.16.4.90: icmp_seq=1 ttl=64 time=1.118 ms

64 bytes from 172.16.4.90: icmp_seq=1 ttl=64 time=1.00 ms

64 bytes from 172.16.4.90: icmp_seq=1 ttl=64 time=1.50 ms

64 bytes from 172.16.4.90: icmp_seq=1 ttl=64 time=0.897 ms

Related Commands

debug

traceroute

renew dhcp | dhcpv6

release dhcp | dhcpv6

release dhcp | dhcpv6 release dhcp | dhcpv6

{[

bvi

<1–9999>

] |

IOLAN SCR Command Line Reference Guide

21

User Exec Mode

[

ethernet <-1-18> .

<1–4000>

]}

[

[

Syntax Description bvi

<1–9999>

] |

ethernet <1-18> .

<1–4000>

]}

release dhcp | dhcpv6

Type the bridge number (and sub interface) that you want to release the IP address. Values: bvi is 1–9999

Type the Ethernet interface that you want to release the DHCP IP address.

Values

<1-18>

sub-interfaces 1–4000

PerleSCR>

Command Modes

Usage Guidelines

This command will release the DHCP/DHCPV6 IP address that has been given to the IOLAN by a DHCP/DHCPV6 server. To obtain a new DHCP/DHCPV6 IP address lease, use the renew command.

Examples

This example shows how to release the DHCP IP address for Ethernet interface 3.

PerleSCR> release dhcp ethernet 3<cr>

Related Commands

renew dhcp | dhcpv6

renew dhcp | dhcpv6 renew dhcp | dhcpv6

{[

bvi

<1–9999>

] |

[

ethernet <1-18>

.

<1–4000>

]}

Syntax Description renew dhcp

[

bvi

<1–9999>

] |

Type the bridge number that you want to renew the DHCP IP address.

Values: bvi –1–9999

[

ethernet <1-18>

.<1–4000>

] }

Command Modes

Type the Ethernet interface (and sub interface) that you want to renew the

DHCP IP address.

Values

1-18

, sub interface 1– 4000

PerleSCR>

Usage Guidelines

This command will renew the DHCP IP address lease for your IOLAN from a DHCP server.

IOLAN SCR Command Line Reference Guide

22

User Exec Mode

Examples

This example shows how to renew the DHCP lP address lease on ethernet 1.

PerleSCR> renew dhcp eth 1<cr>

Related Commands

release dhcp | dhcpv6

show alarm show alarm

{[

description port

] |

[

profile

<WORD>

] |

[

settings enabled

]}

Syntax Description

{[

description port

] |

show alarm

1 – Link has failed

2 – Port not operating

Enter the alarm profile name to view.

[

profile

<WORD>

] |

[

settings enabled

]}

Command Modes

Show setting only for enabled alarms.

PerleSCR>

Usage Guidelines

Shows you alarm descriptions, profile and alarms enabled.

Examples

To show alarm descriptions.

PerleSCR> show alarms descriptions <cr>

1 Link Fault

2 Port Not Operating

PerleSCR> show alarms profiles<cr>

DefaultPort:

Interfaces eth1, eth2.eth3, eth4,eth5, eth6, eth7, eth8, eth9, eth10, eth11, eth12, eth13, eth14, eth15, eth16,eth17, eth18

Alarms link fault, not operating

Syslog link fault, not operating

Notifies link fault, not operating

Related Commands

alarm

IOLAN SCR Command Line Reference Guide

23

User Exec Mode

show arp show arp

{[

<A.B.C.D>

]}

Syntax Description

{[

<A.B.C.D>

]}

Command Modes show arp

Show arp entry in arp table.

PerleSCR>

Usage Guidelines

Shows you the arp table.

Examples

To show arp table.

IOLAN> show arp <cr>

Address HWtype HWaddress Flag Mask Iface

172.16.113.216 ether 87:2b:cb:a5:b4:0c C eth1

Related Commands

arp

show clock show clock

Syntax Description

Command Modes

Usage Guidelines

Shows you current clock information.

Examples

To show clock, type

PerleSCR show clock <cr>

Thu Nov 22 3:18:17:17 UTC 2019

Related Commands

clock

show clock

PerleSCR>

show crypto show crypto

{[

[ipsec client

<WORD>

<WORD>

| [ipsec.conf] | 12tp | status

] |

] | [esp-group

<WORD>

] | [ike-group

[

openvpn ca

<NAME>

| cert

<NAME>

| connection

<WORD>

| dh

<WORD>

| key

<NAME>

| secret

<NAME>

| status | template

<NAME>

] |

[

pki client [trustpoint] | [openvpn ca

<NAME>

cert | key] | server trustpoints

<WORD>

| status

] |

IOLAN SCR Command Line Reference Guide

24

User Exec Mode

[

ssl

]}

Syntax Description

{[

[ipsec client

<WORD>

] | [espgroup

<WORD>

] | [ike-group

<WORD>

| [ipsec.conf] | 12tp | status

] |

[

openvpn ca

<NAME>

| cert

<NAME>

| connection

<WORD>

| dh

<WORD>

| key

<NAME>

| secret

<NAME>

| status | template

<NAME>

] |

[

pki client [trustpoint] | [openvpn ca

<NAME>

cert | key] | server trustpoints

<WORD>

| status

] |

[

ssl

]}

show crypto

IPsec client (peer) – typically @leftside or a hostname.

Show details for esp-group, ike-group and ipsec.conf.

Show l2tp details

Show status.

Shows details about ca name, connection etc.

Shows details for pki client trustpoints and openvpn.

Show ssl information.

Command Modes

PerleSCR>

Usage Guidelines

This command is used to show sessions information for services that use encryption.

Examples

To show the version of ssl installed on the IOLAN.

PerleSCR# show crypto ssl

SSL cipher suite: TLS v1.2

Related Commands

crypto

show dot1x show dot1x

{

[

all

|

details

|

statistics

] |

[

credential

<WORD>

]

|

[

interface ethernet <1-18> details | statistics

] |

[

radius statistics interface ethernet <1-18>

]

}

Syntax Description show dot1x

[

all | details | statistics

] |

Type all for details for all dot1x connections. Select all statistics to view statistics for each dot1x connection.

IOLAN SCR Command Line Reference Guide

25

User Exec Mode

[

credential

<WORD>

]

|

[

interface ethernet <1-18> details | statistics

] |

[

radius statistics interface ethernet

<1-18>

]

}

Command Modes

Type credential to show the credential profile for the user.

Type Ethernet interface to show connections authenticated with dot1x.

Type radius to show radius statistics for authenticator mode.

PerleSCR>

Usage Guidelines

Shows the connection information for suppliant and authenticator dot1x connections.

Examples

This example shows all dot1x devices.

PerleSCR>show dot1x all

Sysauthcontrol Enabled

Dot1x Protocol Version 3

Dot1x Info for Ethernet9

====================================

PAE = AUTHENTICATOR

QuietPeriod = 60

SuppTimeout = 30

ReAuthMax = 2

MaxReq = 2

TxPeriod = 30

PerleSCR>show dot1x credential

Dot1x Credential Profile: lfelton

--------------------------------------------

Username: lfelton

Password:*******

Related Commands

dot1x

(config-dot1x-creden)#

show eap show eap

{[

profile

<WORD>

] |

[

registration

]}

Syntax Description

[

profile

<WORD>

]

|

show eap

Shows details for pre-defined eap profiles.

IOLAN SCR Command Line Reference Guide

26

User Exec Mode

registrations

]}

Command Modes

Shows registered EAP methods.

PerleSCR>

Usage Guidelines

Shows configured methods and pki-trustpoints for eap configured profiles. EAP profiles are configured using the eap profile <name> command. The registration show command shows the EAP methods supported by your IOLAN.

Examples

This example shows eap registrations.

PerleSCR>show eap registrations <cr>

Registered EAP Methods:

=======================

Method Type Name

4 Auth and Peer MD5

6 Auth and Peer GTC

13 Auth and Peer TLS

21 Auth and Peer TTLS

25 Auth and Peer PEAP

26 Auth and Peer MSCHAPV2

..........

PerleSCR>show eap profile <cr>

EAP Profile: md5chap

----------------------------------------

PKI-Trustpoint: None

Allowed Phase 1 methods:

-----------------------------------------

MD5

MSCHAPV2

Related Commands

(config-eap-profile)#

show eap

eap

show environment show environment

{[

all

] |

[

power status]

}

[

temperature status

]}

Syntax Description

[

all

]

|

[

power status]

}

show environment

Show all environment status.

Shows status of power supplies in dual power supply units.

IOLAN SCR Command Line Reference Guide

27

User Exec Mode

Command Modes

PerleSCR>

Usage Guidelines

Show PerleSCR’s environment.

Examples

This example shows the IOLAN environment.

PerleSCR>show environment all <cr>

POWER SUPPLY 1 is DC Not Present

Power sensor value: Not currently valid

POWER SUPPLY 2 is DC OK

Power sensor value: 5.00 Volts

Related Commands

show environment

show facility-alarm show facility-alarm

[

status

]}

|

Syntax Description status

]}

Command Modes show facility-alarm

Show the source and severity of alarm.

PerleSCR>

Usage Guidelines

Shows alarm statuses.

Examples

This example shows facility alarm status.

#show facility-alarm status<cr>

Source Severity Description Actions Time

----------------- -------- -------------------------------------- ----------------- -------------------

-

PerleSCR MAJOR Redundant Power missing or failed LOG May

1 2020 14:07

show flash: show flash:

Syntax Description

Command Modes show flash:

PerleSCR>

IOLAN SCR Command Line Reference Guide

28

User Exec Mode

Usage Guidelines

Show files on the internal flash drive.

Examples

PerleSCR> show flash:

83 drwx 4096 Sep 27 2019 10:39 -04:00 testcd

57 -rw- 2504 Jan 2 2019 20:58 -04:00 test-Jan-02-20-58-34-113

78 -rw- 3332 Sep 16 2019 11:58 -04:00 test-Sep-16-11-58-38-8462

37 -rw- 2124 Jan 2 2019 00:28 -04:00 test-Jan-02-00-28-14-37

49 -rw- 2124 Jan 2 2019 01:21 -04:00 test-Jan-02-01-21-17-23

70 -rw- 2513 Jan 3 2019 00:33 -04:00 test-Jan-03-00-33-56-69

39 -rw- 2124 Jan 2 2019 00:30 -04:00 test-Jan-02-00-30-16-39

74 -rw- 3509 Sep 10 2019 13:29 -04:00 test-Sep-10-13-29-21-5469

64 -rw- 2515 Jan 2 2019 23:16 -04:00 test-Jan-02-23-16-52-42

61 -rw- 2504 Jan 2 2019 22:27 -04:00 test-Jan-02-22-27-57-83

71 -rw- 3509 Sep 10 2019 13:26 -04:00 test-Sep-10-13-26-19-5466

43 -rw- 2124 Jan 2 2019 00:51 -04:00 test-Jan-02-00-51-17-17

68 -rw- 2513 Jan 3 2019 00:36 -04:00 test-Jan-03-00-36-58-72

Related Commands

copy

delete

mkdir

pwd

show hosts show hosts

Syntax Description

Command Modes show hosts

PerleSCR>

Usage Guidelines

Shows hosts that were added to the host table.

Examples

This example shows all configured hosts.

PerleSCR>show hosts<cr>

Default domain name is Perle

DNS lookup is enabled

Name servers are not configured

Host Table: accounting-host 172.16.77.99

banking-host 172.16.88.99

test-host 172.16.55.44

IOLAN SCR Command Line Reference Guide

29

User Exec Mode

Related Commands

hostname

show ip arp show ip arp

Syntax Description

Command Modes

Usage Guidelines

Shows arp entries.

Related Commands

arp

show ip arp

PerleSCR>

show ip ddns show ip ddns

{[

service interfaces bvi [

<1–9999>

] | [dialer

<0–15>

] | [ethernet

<1-18> ] | [openvpn-tunnel

<0–999

] | [tunnel

<0–999

]

] |

[

use-web interfaces bvi [

<1–9999>

] | [dialer

<0–15>

] | [ethernet <1-18>] |

[openvpn-tunnel

<0–999

] | [tunnel

<0–999

]

]}

Syntax Description show ip ddns

{[

service interfaces bvi [

<1–

9999>

] | [dialer

<0–15>

] |

[ethernet <1-18> | [openvpntunnel

<0–999

] | [tunnel

<0–999

]

]

|

Show interfaces with DDNS service enabled.

[

use-web interfaces bvi [

<1–

9999>

] | [dialer

<0–15>

] |

[ethernet <1-18> | [openvpntunnel

<0–999

] | [tunnel

<0–

999

]

]}

Web check used for obtaining the external

IP address.

Command Modes

PerleSCR>

Usage Guidelines

Display information for DDNS.

Related Commands

IOLAN SCR Command Line Reference Guide

30

User Exec Mode

Examples

This example shows the DDNS service configured on ethernet port 18.

PerleSCR> show ip ddns service ethernet 18<cr>

Service dyndns

Login testddns

Password ********

show ip dhcp show ip dhcp pool

]}

{[

bindings

|

Syntax Description

{[

bindings

|

|

pool

]}

show dhcp

Shows current bindings.

Command Modes

Shows current DHCP configured pools.

PerleSCR>

Usage Guidelines

Shows DHCP information.

Examples

This example will show all information about configured DHCP pools.

PerleSCR> show dhcp pool <cr>

Pool pooltest :

Total addresses: 11

Leased addresses : 2

Exluded addresses: 0

IP address Range: 172.16.113.60 - 172.16.113.70

Related Commands

show ip ddns

show ip host-group show ip host-group

{[

<WORD>

]}

Syntax Description show ip host-list

{[

<WORD>

]} Show IP host group.

PerleSCR>

Command Modes

Usage Guidelines

Shows the IP Host Group.

IOLAN SCR Command Line Reference Guide

31

User Exec Mode

Examples

This example shows how to display all IP host groups.

PerleSCR> show ip host-group <cr>

Host list: PerleSCR

172.16.66.99

radius

Rad2

Related Commands

ip

show ip http show ip http

{[

server status

]}

Syntax Description

{[

server status

]}

show ip http

Show configured parameters for http server.

PerleSCR>

Command Modes

Usage Guidelines

Shows the status of the HTTP server

Examples

This example displays the parameters for http server.

PerleSCR> show ip http server status <cr>

HTTP server status: Enabled

HTTP server port:80

User session idle timeout: 1440 seconds

HTTP secure server status: Enabled

HTTP secure server port: 443

Related Commands

show management-access

show ip interface show ip interface

Syntax Description

Command Modes

Usage Guidelines

Shows all interfaces on the IOLAN.

show ip interface

PerleSCR>

IOLAN SCR Command Line Reference Guide

32

User Exec Mode

Examples

This example displays all interfaces on the IOLAN.

PerleSCR> show ip interfaces <cr>

Interface IP Address Mask Admin Status Link Status Description

--------- ----------------- ----------------- ------------ ----------- ----------lo 127.0.0.1 255.0.0.0 up up eth1 172.16.28.1 255.255.0.0 up up eth2 - - up down eth3 - - up down eth4 - - up down eth5 - - up down eth6 - - up down eth7 - - up down eth8 - - up down eth9 - - up down eth10 - - up down eth11- - up up eth12- - up down eth13 - - up up eth14 - - up down eth15 - - up up eth16 - - up down eth17 - - up down eth18 - - up down br1 192.168.0.1 255.255.255.0 up up

Related Commands

(config-if)# bvi

(config-if)# dialer

(config-if) ethernet

(config-if-range)#

(config-if)# openvpn-tunnel

(config-if)# tunnel

show ip ssh show ip ssh

Syntax Description

Command Modes

Usage Guidelines

Shows ip ssh information.

show ip ssh

PerleSCR>

IOLAN SCR Command Line Reference Guide

33

User Exec Mode

Examples

This example shows you ssh information.

PerleSCR>show ip ssh <cr>

SSH version: 2

SSH server: Enabled

Authentication timeout: 120 seconds

Authentication retries: 3

SSH public key: ssh-rsa

AAAAB3NzaC1yc2EAAAADAQABAAABAQCgAtvWaaM0CeMWoZV1H00sni2J8TY alvSyysQGyBDIOAydaaKv1+s1Imj00FL2Boi3ke/SoKhvuLJQ+bMVFXD7kXw2fk71M o8f8Dd/rOuuF4kE6hKV+LLl44kJKwCUC2w2m4L1lH8Zn8HuX89Qcv2oqPUdkBfO1 nelU3gc6gN4v1ckC069Tgg9hrhghCiBECCCYxmAJUhIy4dQcPwO1DQ6Acp2p3lW2

RYdgUvRAlr8oLiVdrEvT7zZECpYgCMYWmfsTtUhvv8yZpvNAhV9nRm5E93Yl0V2J

15qlmIlSGKn0iiLRW42xjQ4MT5XmWdlXj+NpuMlQRtFzyYPkR2HMf+9

Related Commands

ip

show ipv6 show ipv6 neighbors

]

{[

dhcp bindings | [interface client-mode] | pool

]

interface

] | |

Syntax Description show ipv6

{[

dhcp bindings | interface client-mode | pool

] |

Show IPV6 DHCP information

interface

] |

neighbors

]}

Shows ipv6 interface details.

Shows ipv6 neighbors.

Examples

This example shows you configured IPv6 DHCP pools.

PerleSCR>show ipv6 dhcp pool <cr>

DHCPV6 pool: ipv6pool

Address allocation prefix: 1:2:3:4:5::6/16

Related Commands

ipv6

release dhcp | dhcpv6

renew dhcp | dhcpv6

clear ip dhcp binding

IOLAN SCR Command Line Reference Guide

34

User Exec Mode

show line show line

{[

console

<0–0>

]}

Syntax Description

{[

console

<0–0>

]}

show line

Show whether the console is using the

USB or serial port for console mode.

PerleSCR>

Command Modes

Usage Guidelines

Shows what mode the console is in.

Examples

Shows the parameters of the console. (results may be different depending on the model)

PerleRouter# show console 0 <cr>

Console in use: USB

Console in use: Serial

Baud rate (TX/RX) is 9600/9600, parity none, 1 stop bit, 8 data bit

Related Commands

(config-line)#console

line

show mab show mab

{[

all details | statistics

]

|

[

interface ethernet <1-18> details | statistics

]

|

[

radius statistics interface ethernet <1-18>

]}

Syntax Description show mab

{[

all details | statistics

] |

Specify all, interface or radius to view

MAB information.

[

interface ethernet <1-18> details | statistics

] |

[

radius statistics interface ethernet <1-18>

]}

Specify interface MAB details.

Specify Radius MAB details.

Command Modes

PerleSCR>

Usage Guidelines

Show MAB (Mac Authentication Bypass) for the Ethernet interfaces or RADIUS.

IOLAN SCR Command Line Reference Guide

35

User Exec Mode

Examples:

Shows the mab interface details for ethernet 3.

PerleSCR>show mab interface ethernet 3 details <cr>

Interface Mac-Auth-Bypass

------------------------------------

Ethernet3 Enabled

MAC Auth Bypass Client List

---------------------------

Supplicant = 00:16:d3:2f:62:bb

EAP Method = None

Port Control State = Auto

Auth SM State = AUTHENTICATED

Auth BkEnd SM State = IDLE

Session ID = B8B01A9D-00000001

Session Time = 855

Identity = 0016d32f62bb

Eapol Frame Counters:

Frames Rx = 2

Frames Tx = 0

Start Frames Rx = 2

Logoff Frames Rx = 0

RespId Frames Rx = 0

Resp Frames Rx = 0

ReqId Frames Tx = 0

Req Frames Tx = 0

Invalid Frames Rx = 0

Length Error Rx = 0

Last Frame Version = 1

Last Frame Source = 00:16:d3:2f 62:bb

Related Commands

(config-if) ethernet

show ntp show

{[

ntp associations

] |

[

status

]}

Syntax Description

{[

ntp associations

] |

[

status

]}

Command Modes show ntp

Shows where the IOLAN is getting clock from.

Show the status of NTP.

PerleSCR>

IOLAN SCR Command Line Reference Guide

36

User Exec Mode

Usage Guidelines

Shows ntp associations and status.

Examples

PerleSCR>show ntp associations>

remote refid st t when poll reach delay offset jitter

===============================================================

===============

172.16.55.77 .INIT. 16 u - 1024 0 0.000 0.000 0.000

172.16.113.55 .INIT. 16 s - 32 0 0.000 0.000 0.000

PerleSCR>show ntp status<cr>

Clock is not synchronized, stratum 16, no reference clock

Precision is 2**-18 s

Reference time is 00000000.00000000 (Thu, Feb 7 2036 2:28:16.000)

Clock offset is 0.000000 msec, root delay is 0.000 msec

Root dispersion is 1265.970 msec

System poll interval is 8 s

Related Commands

ntp

show nvram show

{[

nvram

]}

Syntax Description

{[

nvram

] |

Command Modes

Usage Guidelines

Shows the contents of nvram.

show nvram

Shows nvram file system.

PerleSCR>

IOLAN SCR Command Line Reference Guide

37

Examples

PerleSCR>show nvram <cr>

Directory of nvram:

50 -rw- 5225 Feb 18 2020 14:40

-05:00 startup-config.log.2

18 -rw- 285 Jan 8 2020 18:06

-05:00 no-default-config

21 -rw- 5848 Mar 3 2020 17:45

-05:00 startup-config

31 -rw- 5902 Feb 20 2020 14:03

-05:00 startup-config.log.1

43 -rw- 5902 Feb 26 2020 10:53

-05:00 startup-config.log

16 -rw- 636 Jan 8 2020 18:06

-05:00 default-config

1372160 KBytes total (1032192 KBytes free)

show radius show

{[

statistics details

]}

Syntax Description

{[

statistics details

]}

Command Modes show radius

Shows radius server statistics.

Usage Guidelines

Show radius details.

Examples

Shows the radius statistics.

PerleSCR# show radius statistics <cr>

All:

Auth. Acct.

Requests 3 3

Responses 3 3

Access Requests 3

Related Commands

clear radius

radius

radius-server

PerleSCR>

show snmp show snmp

[

location

]}

{[

contact

] |

Syntax Description show snmp

IOLAN SCR Command Line Reference Guide

User Exec Mode

38

User Exec Mode

[

{[

contact location

]

]}

|

Show the contact information for your

IOLAN.

Shows the location information for your

IOLAN.

PerleSCR>

Command Modes

Usage Guidelines

Shows mib object sysContact and mib object sysLocation.

Examples

PerleSCR>show snmp contact<cr>

Perle-lyn

PerleSCR>show location<cr>

60 Renrew Dr.

Related Commands

snmp-server

show ssh show ssh

Syntax

Description

Command Modes show ssh

IOLAN>

Usage Guidelines

Show users connected via ssh.

Examples

This example show which users are connected.

PerleSCR> show ssh<cr>

Line User Host Idle Location

1 vty 1 admin idle 00:28:26 172.16.113.31

Related Commands

show ip ssh

show tacacs show tacacs

{[

statistics details

]}

Syntax Description show tacacs

{[

statistics details

]}

Shows statistics for TACACS+ server.

Command Modes

PerleSCR>

IOLAN SCR Command Line Reference Guide

39

User Exec Mode

Usage Guidelines

Show details about your TACACS server.

Examples

Shows the tacacs statistics.

PerleSCR# show tacacs statistics <cr>

All:

Auth. Acct.

Requests 3 3

Responses 3 3

Access Requests 3

Related Commands

tacacs

(config-tacacs-server)#

show terminal show terminal

Syntax Description

Command Modes show terminal

PerleSCR>

Usage Guidelines

Shows the terminal parameters of length, width, history enabled, history size and logging monitor.

Examples

This examples displays the parameter for terminal.

PerleSCR> show terminal<cr>

Terminal length = 24

Terminal width = 79

Terminal history is enabled

Terminal history size = 11

Terminal logging monitor is OFF

Related Commands

(config-line)#console

show users show users

{[

all

] |

[

console

] |

[

vty

] |

[

web

]}

Syntax Description show users

IOLAN SCR Command Line Reference Guide

40

User Exec Mode

{[

all

|

[

console

] |

[

vty

] |

[

web

]}

Command Modes

All users.

Users connected to the console.

Users connected via ssh or telnet.

Show web users for HTTP and connections.

PerleSCR>

Usage Guidelines

Shows the active users on the IOLAN

Examples

This examples displays all attached web users.

PerleSCR>show users web<cr>

User IP Address Idle

Lyn 172.16.113.215 00:11:59

Related Commands

username

show version show

{[

backup

] |

[

flash:

] |

[

startup

] |

verbose

]}

Syntax Description

{[

backup

] |

[

flash:

|

[

startup

|

[

verbose

]}

show version

Backup version of software.

Version of software in on flash:

Version of software used for startup.

Command Modes

Details about software running on your

IOLAN.

PerleSCR>

Usage Guidelines

Shows information about versions of software running on your IOLAN.

Examples

This example shows the startup version of software.

PerleSCR>show version<cr>

IOLAN SCR Series Console Server, Version 4.2,

IOLAN SCR Command Line Reference Guide

41

User Exec Mode

ssh ssh

{[

-c | -h | -l | -p

<A.B.C.D>

|

<X:X:X:X::X>

]}

Syntax Description ssh

{[

-c | -h | -l | -p |

<A.B.C.D>

|

<X:X:X:X::X>

]}

-c select the encryption method)

-h select HMAC algorithm

-l log in using this user name)

-p connect to this port

<A.B.C.D> <X:X:X:X::X>

IPv4 or IPv6 address or hostname to connect to

Command Modes

PerleSCR>

Usage Guidelines

SSH from your IOLAN to a host supporting the SSH protocol.

Examples

This example shows how to connect to host (172.16.4.90) using lyn as the user.

PerleSCR> ssh -l lyn 172.16.4.90<cr>

Related Commands

telnet

telnet telnet

{[

<A.B.C.D>

|

<X:X:X:X::X>

]}

Syntax Description telnet

{[

<A.B.C.D>

|

<X:X:X:X::X>

]}

IP address or hostname to connect to.

Command Modes

PerleSCR>

Usage Guidelines

Telnet from your IOLAN into a host that supports the telnet protocol.

Examples

This example shows how to connect to host (172.16.4.90) using lyn as the user.

PerleSCR> ssh -l lyn 172.16.4.90<cr>

Related Commands

ssh

IOLAN SCR Command Line Reference Guide

42

User Exec Mode

terminal terminal

{[

history size

<0–256>

] |

[

length

<0–512>

] |

[

monitor

<0–512>

] |

[

width

<0–512>

]}

Syntax Description terminal

{[

history size

<0–256>

] |

Specify size of the history buffer.

[

length

<0–512>

] |

[

monitor

<0–512>

] |

Specify length of the screen

Copy debugging logging output to the current terminal line.

[

width

<0–512>

]}

Specify width of the screen

Command Default

Command Modes

length – 24 width – 132

PerleSCR>

Usage Guidelines

Configure parameters for your terminal session.

Examples

PerleSCR show terminal

Terminal length = 24

Terminal width = 132

Terminal history is enabled

Terminal history size =20

Terminal logging monitor is Off

traceroute traceroute

{[

<A.B.C.D>

]}

Syntax Description

{[

<A.B.C.D>

]}

traceroute

Destination hostname or address.

Command Modes

PerleSCR>

Usage Guidelines

Traceroute will list all the routers it passes through until it reaches its destination, or fails to and is discarded. In addition to this, it will tell you how long each 'hop' from router to router takes.

IOLAN SCR Command Line Reference Guide

43

User Exec Mode

Examples

This example shows the hops it takes from router to router to reach its destination of host 172.16.4.90.

PerleSCR#traceroute 172.16.4.90<cr.> (172.16.4.90), 30 hop max, 60 bytes packets

1 172.16.4.90 (172.16.4.90) 2.094ms 1.113 ms 0.826 ms

Related Commands

ping

debug

IOLAN SCR Command Line Reference Guide

44

3

Privileged EXEC mode

Chapter 3

This chapter contains the CLI commands for Privileged EXEC mode. Some commands may be omitted or changed depending on the IRG5000 model.

archive archive

{[

config

] |

[

download-sw [/force-reload] | [/no-version-check] | [/reload]

]

[flash:

perle-imagename.img

] | [ftp://

/[[username:password]@location]/directory]/perle-image-name.img

] |

[http:/ /

[[username:password]@][hostname | host-ip] [directory] /perle-image-name.img

]

|

[https:/

/

[[username:password]@][hostname | host-ip] [directory] /perle-imagename.img

]

[scp://

[[username@location]/directory]/perle-image-name.img

] |

[sftp://

[[//username:password]@location]/directory]/perle-image-name.img

] |

[tftp:

[[//location]/directory]/perle-image-name.img

]

] |

[upload-sw /force-reload]

name.img

] |

|

[/reload

|

check

] | [

upload-sw

]

[flash:

image-file

] | [ftp:

[[//username[:password]@location]/directory]/perle-image-

|

[http:/

/

[[username:password]@][hostname | host-ip] [directory]/perle-image-name.img

]

[https:/

/

[[username:password]@][hostname name.img

] |

|

host-ip] [directory] /perle-image-

[scp://

[[username:password@location]/directory]/perle-image-name.img

] |

[sftp:

[[//username[:password]@location]/directory]/perle-image-name.img

] |

[tftp:

[[//location]/directory]/perle-image-name.img

]

] |

[flash:

perle-image-name.img

] |

[ftp://

/[[username:password]@location]/directory]/perle-image-name.img

] |

[http:/

/

[[username:password]@][hostname

|

host-ip [directory] /perle-image-name.img

] |

[https:/

/

[[username:password]@][hostname

|

host-ip [directory] /perle-image-name.img

]

[scp://

[[username:password@location]/directory]/perle-image-name.img

] |

[sftp://

[[//username:password]@location]/directory]/perle-image-name.img

] |

[tftp:

[[//location]/directory]/perle-image-name.img

]

] |

[

[upload-sw flash:

image-file

] | [ftp:

[[//username[:password]@location]/directory]/perleimage-name.img

] |

[http:/

/

[[username:password]@][hostname

] |

|

host-ip [directory] /perle-image-name.img

|

[https:/

/

[[username:password]@][hostname

|

host-ip [directory] /perle-image-name.img

[scp:

[[username@location]/directory]/perle-image-name.img

] |

]

[sftp:

[[//username[:password]@location]/directory]/perle-image-name.img

] |

[tftp:

[[//location]/directory]/perle-image-name.img

]

]}

Syntax Description archive

IOLAN SCR Command Line Reference Guide

45

{[

config

] |

[

download-sw |

[flash:

perle-image-name.img

] |

[ftp://

/[[username:password]@location]/d irectory]/perle-image-name.img

] |

[http:/

/

[[username:password]@][hostnam e

|

host-ip [directory] /perle-imagename.img

] |

[https:/

/

[[username:password]@][hostna me

|

host-ip [directory] /perle-imagename.img

]

[scp://

[[username:password@location]/di rectory]/perle-image-name.img

] |

[sftp://

[[//username:password]@location]

/directory]/perle-image-name.img

] |

[tftp:

[[//location]/directory]/perle-imagename.img

]

] |

[

download-sw |

[flash:

perle-image-name.img

] |

[ftp://

/[[username:password]@location]/d irectory]/perle-image-name.img

] |

[http:/

/

[[username:password]@][hostnam e

|

host-ip [directory] /perle-imagename.img

] |

[https:/

/

[[username:password]@][hostna me

|

host-ip [directory] /perle-imagename.img

]

[scp://

[[username:password@location]/di rectory]/perle-image-name.img

] |

[sftp://

[[//username:password]@location]

/directory]/perle-image-name.img

] |

[tftp:

[[//location]/directory]/perle-imagename.img

]

]

|

Privileged EXEC mode

Archive the running configuration. This configuration will be saved to a predefined location as specified in the archive

command. See

(config-archive)

to

set up the path to where the config will be stored.

Download firmware to your

IOLAN.

/force-reload –

unconditionally forces a system reload after successfully downloading the software image.

/reload –

reloads the system (if no unsaved configuration changes have been made) after a successful upgrade.

/no-version-check –

download the software without verifying it’s version compatibility with the image that is running.

Download firmware to your

IOLAN.

/force-reload –

unconditionally forces a system reload after successfully downloading the software image.

/reload –

reloads the system (if no unsaved configuration changes have been made) after a successful upgrade.

/no-version-check –

download the software without verifying it’s version compatibility with the image that is running.

IOLAN SCR Command Line Reference Guide

46

Privileged EXEC mode

[

[upload-sw flash:

image-file

] |

[ftp:

[[//username[:password]@location]/d irectory]/perle-image-name.img

] |

[http:/

/

[[username:password]@][hostnam e

|

host-ip [directory] name.img

] |

[https:/

/

[[username:password]@][hostna me

|

name.img

] |

/perle-image-

host-ip [directory] /perle-image-

[scp:

[[username@location]/directory]/per le-image-name.img

] |

[sftp:

[[//username[:password]@location]/ directory]/perle-image-name.img

] |

[tftp:

[[//location]/directory]/perle-imagename.img

]

]}

Command Modes

Upload the firmware on the

IOLAN to a server.

PerleSCR#archive

Usage Guidelines

Where a username or password is required it can be specified in the IOLAN configuration using the "scp| ftp |sftp |http" command to configure the username and password to use instead of specifying it on the archive command.

The syntax for the local flash file system for downloads and uploads:

flash:

image-file

The syntax for FTP:

[ftp://

/[[username:password]@location]/directory]/perle-image-name.img

] |

The syntax for an HTTP server:

http:/

/

[[username:password]@][hostname | host-ip] [directory]/perle-imagename.img

The syntax for an HTTPS server:

https:/

/

[[username:password]@][hostname | host-ip [directory]/perle-imagename.img

The syntax for an SCP server:

[scp://

[[username:password@location]/directory]/perle-image-name.img

] |

The syntax for an SFTP server:

[sftp://

[[//username:password]@location]/directory]/perle-image-name.img

] |

The syntax for an TFTP server:

[tftp:

[[//location]/directory]/perle-image-name.img

]

|

IOLAN SCR Command Line Reference Guide

47

Privileged EXEC mode

Examples

This example shows you how to download software from a server with an IP address of 172.16.4.182 to your IOLAN using secure HTTP (https) and certificate named apache.crt

Step 1)

You need to download a secure certificate to the IOLAN.

PerleSCR#crypto pki import server apache pem url tftp://172.16.4.182/apach.crt

Step 2)

Configure the IOLAN to use the certificate you just downloaded.

PerleSCR#ip http client secure-trustpoint apache

Step 3)

Set validation off if you do not want to valid the certificate. (You must have created the certificate with validation if you want to valid the certificate)

PerleSCR# archive download-sw https://172.16.4.182/public/IOLAN-software.fit<cr>

The software will now download using secure https.

This example shows you how to upload software from a server with an IP address of

172.16.4.92 using scp.

PerleSCR#archive upload-sw scp://lyn:[email protected]/public/IOLAN.img

Related Commands

show archive

(config-archive)

boot boot

{[

system backup

]}

Syntax Description

{[

system backup

]}

boot

Copies backup software to startup software. Next reload will use backup software as startup software.

PerleSCR#boot

Command Modes

Usage Guidelines

This command allows you to go back to older saved software. Software can be stored as backup software using the archive command.

Examples

This example shows you how to make boot your IOLAN using the backup software.

<cr>

PerleSCR#boot system backup<cr>

IOLAN SCR Command Line Reference Guide

48

Privileged EXEC mode

cd cd

{[

flash: | nvram:

]}

Syntax Description

{[

flash:

|

nvram:

]}

cd

Command Default

Command Modes

Change directory on flash: or nvram:

None

PerlePerleSCR#cd

Usage Guidelines

The change directory (cd) command is part of the file management system commands.

The cd command is used to change directories within the flash or nvram file systems.

Examples

This example shows you how to make a directory under the flash file system then change directory to that new directory.

PerleSCR#mkdir flash:testdir <cr>

Created directory name testdir.

PerleSCR#cd flash:/testdir <cr>

Related Commands

copy

boot

delete

pwd

renew

clear aaa clear

{[

aaa local user fail-attempts all | username

<WORD>

| lockout all

]

|

[

username

<WORD>

]}

Syntax Description clear aaa

{[

aaa local user fail-attempts all | username

<WORD>

| lockout all

]

|

Reset a locked out user.

Reset this locked out user.

Reset all locked out users.

[

username

<WORD>

]}

Rests this user by username.

Command Modes

PerleSCR#clear aaa

Usage Guidelines

This command allows you to reset locked out users.

IOLAN SCR Command Line Reference Guide

49

Privileged EXEC mode

Examples

This example will reset user Marie that is currently locked out from the IOLAN.

PerleSCR#clear aaa local user lockout username Marie<cr>

Related Commands

username

clear arp-cache clear arp-cache

{[

<A.B.C.D>

| bvi

<0-999>

| dialer

<1-4000>

| openvpn-tunnel

<0-999>

| tunnel

<0-999>

<0-15>

]}

| ethernet<1-18>

.

Syntax Description clear arp-cache

{[

<A.B.C.D>

| bvi

<0-999>

| dialer

<0-

15>

| ethernet<1-18>

. <1-4000>

| openvpn-tunnel

<0-999>

|tunnel

<0-

999>

]}

Clear arp cache on IP address or interface.

Command Modes

PerleSCR#clear arp-cache

Usage Guidelines

Clears arp entries from the arp table.

Examples

This example shows you how to clear all arps from the arp table for Ethernet interface 1.

PerleSCR#clear arp-cache ethernet 1 <cr>

Related Commands

show arp

arp

clear counters clear counters

{[

bvi <1-9999> | ethernet <1-18> | loopback | openvpn-tunnel

<0-999>

| tunnel

<0-999>

]}

Syntax Description clear counters

{[

bvi <1-9999> | ethernet <1-18> | loopback | openvpn-tunnel

<0-999>

| tunnel

<0-999>

]}

Clear counters on specified interface.

Command Modes

PerleSCR#clear counters

Usage Guidelines

Clears counters back to zero on specified interface.

IOLAN SCR Command Line Reference Guide

50

Privileged EXEC mode

Examples

This example shows you how to clear all counters for Ethernet interface 1.

PerleSCR#clear counters ethernet 1<cr>

Clear "show interface" counters on this interface [confirm]

clear ip clear ip

{[

alg connections

]

|

[

bgp *(all) | [

<1-4294967295>

] |

<A.B.C.D>

| [

<X:X:X:X::X:X>

] | [ external in | out | soft

]

|

[

dhcp binding

<*

|

<A.B.C.D>

]

|

[

firewall

<WORD>

]

|

[

route-policy name

<WORD>

counters | rule

<1-9998>

counters

]}

Syntax Description clear ip

[

alg connections

]

|

Clear alg connections

[

bgp * |

<1-4294967295>

|

<A.B.C.D>

|

<X:X:X:X::X:X>

| external in | out | soft

]

|

Type

*

to clear all bgp sessions or connections.

Type the connection number, ipv4, or ipv6 address of the session or connection you want to reset.

Specify whether it is an inbound or outbound session. No in/out parameters clears both in and outbound.

[

dhcp binding

<*

|

<A.B.C.D>

]

|

Type

*

to clear all automatic client bindings

Type the ip address of the client you want to clear the dhcp binding.

[

firewall

<WORD>

]

|

Clear the specified firewall statistics.

[

route-policy name

<WORD>

counters | rule

<1-9998>

counters

]}

Clear counters for route policies.

Command Modes

PerleSCR#clear ip

Usage Guidelines

Use this command to clear all bgp or alg sessions or connections.

You can clear all DHCP bindings using the * parameter or clear only the binding for a specific IP address by entering in the IP address to clear.

IOLAN SCR Command Line Reference Guide

51

Privileged EXEC mode

Examples

This example shows you how to clear all dhcp ip bindings from your IOLAN table.

PerleSCR#clear ip dhcp bindings * <cr>

This example shows you how to clear all BGP connections.

PerleSCR#clear ip bgp * <cr>

clear ipv6 ipv6

{[

firewall

] |

[

neighbors

] |

[

route-policy

<NAME>

]}

Syntax Description

{[

firewall

] |

[

neighbors

] |

[

route-policy

<NAME>

]}

Command Modes clear ipv6

Clear ipv6 firewalls.

Clear ipv6 neighbors.

Clear route policies.

PerleSCR#

Usage Guidelines

Clear commands for the IPv6 protocol.

Examples

This example clears route policy warehouse.

PerleSCR#clear ipv6 route-policy warehouse<cr>

Related Commands

ipv6

clear line clear line

{[

console

0-0

|

vty

<1-2>

|

tty

<1-16>

]}

Syntax Description clear line

{[

console

0-0

|

vty

<1-2>

|

tty

<1-16>

]}

Select console or line to clear.

Command Modes

PerleSCR#clear line

Usage Guidelines

The vty session will be disconnected. Clear statistics on the serial ports.

IOLAN SCR Command Line Reference Guide

52

Privileged EXEC mode

Examples

This example clears vty line 1.

PerleSCR#clear line vty 1<cr>

[confirm]

[Dec 9 16:14:20 %REQHANDLE-6: Cleared VTY1 session

OK]

Related Commands

(config-line)#console

(config-line)#vty

clear logging clear

{[

logging

]}

Syntax Description

{[

logging

]}

clear logging

Clears the logging buffer on your

IOLAN.

None

Command Default

Command Modes

PerleSCR#clear logging

Usage Guidelines

Logging buffer size can be from 4096-32768.

Examples

This example clears the logging buffer on the PerleSCR.

PerleSCR# clear logging <cr>

Clear logging buffer[confirm]<cr>

Related Commands

show logging

clear radius clear

{[

radius statistics

]}

Syntax Description

{[

radius statistics

]}

Command Modes

Usage Guidelines

Clears radius information.

clear radius

Clears radius information on your

IOLAN.

PerleSCR#

IOLAN SCR Command Line Reference Guide

53

Examples

This example clears radius statistics information on your IOLAN.

PerleSCR#clear radius statistics<cr>

Related Commands

(config-radius-server)#

Privileged EXEC mode

clear tacacs clear

{[

tacacs statistics

]}

Syntax Description

{[

tacacs statistics

]}

clear tacacs

Clears tacacs information on your

PerleSCR.

PerleSCR#

Command Modes

Usage Guidelines

Clears tacacs statistical information.

Examples

This example clears tacacs statistics information your IOLAN.

PerleSCR#clear tacacs<cr>

Related Commands

tacacs

(config-tacacs-server)#

clock clock

{[

set hh:mm:ss 1-3 month year 2001-2037

] |

summer-time

<name-of-timezone >

date <

1-31> <month-to-start > <hh:mm> <1-

31> <month-to-end > < hh:mm > <1-1440-in-minutes>

| recurring <

1-4 >

<

first week> <last week>

] |

[

timezone <

name-of-time-zone> <-23 - 23 > <0-59>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description clock

{[

set hh:mm:ss 1-3 month year 2001-

2037

] |

Set the current time and date.

Month is January, February, March,

April, May, June, July, August,

September, November or December

IOLAN SCR Command Line Reference Guide

54

Privileged EXEC mode

[

[

summer-time date <

1-31> <month-to-start >

<hh:mm> <1-31> <month-to-end > < hh:mm > <1-1440-in-minutes>

| recurring <

1-4 >

<

first week> <last week>

]

|

timezone <

name-of-time-zone> <-23

- 23 > <0-59>

]}

<name-of-timezone >

Command Default

Command Modes

Usage Guidelines

Sets the clock.

Examples

This example sets the clock 5 hours off from UTC.

PerleSCR#clock timezone ont-time-zone -5 <cr>

Name of the summer time zone followed by start/end dates

-numeric value for the day of the month to start summer timezone 1-31, name of the month to start January, February,

March, April, May, June, July, August,

September, October, November,

December.

,

time to start in hours (24) and minutes

,

numeric value for the day of the month to end summer timezone

1-31, name of the month to end

(January, February, March, April, May,

June, July, August, September,

October, November, December), time to end in hours(24), offset in minutes

1-1440

Name of the timezone

-

Hours/minutes offset are going to be hours/minutes offset from utc

(universal time clock).

clock timezone EST 5 clock summer-time EDT recurring 2

Sun Mar 2:00 1 Sun Nov 2:00 60

PerleSCR#clock

Related Commands

boot

configure configure

{[

confirm

] | [

revert now | timer

<1-120

>

| idle

<

1-120>

] | [

terminal lock | revert timer

<

1-120>

| idle

<

1-120>

]}

Syntax Description configure

{[

confirm

] |

Cancels revert timer.

IOLAN SCR Command Line Reference Guide

55

Privileged EXEC mode

[

revert now

<

1-120>

] |

| timer

<1-120

>

| idle

Parameters for reverting this config using the rollback feature. Time to wait for confirmation

[

terminal lock | revert timer

<

1-120>

| idle

<

1-120>

]}

Command Modes

Allows you to lock configuration mode.

PerleSCR#configure

Usage Guidelines

Configuration mode on your IOLAN.

Examples

This example show you how to configure your IOLAN using your terminal connection.

PerleSCR#configure<cr>

Configuring from terminal, memory, or network [terminal]?

<cr>

PerleSCR(config)#

Related Commands

(config-archive)

archive

copy copy

{[

flash:

:

filename

| [

filename

http: config

filename

] | [

filename

]

ftp flash: | nvram: | running-config | startup-config

| [

https:

filename

] | [

nvram:

filename

] | [

running-

[

tftp:

filename

]}

] | [

scp:

filename

] | [

sftp:

filename

] | [

startup-config

filename

] |

Syntax Description copy

{[

flash:

filename

]

|

Copies a file to flash.

[

ftp flash: | nvram: | running-config | startup-config :

filename

] |

Copies a file using ftp.

[

http:

filename

] |

[

https:

filename

] |

[

nvram:

filename

] |

[

running-config

filename

] |

[

scp:

filename

] |

[

sftp:

filename

] |

Copies a file using http.

Copies a file using https.

Copies a file from nvram.

Copies running config to another file.

Copies a file using scp.

Copies a file using sftp.

IOLAN SCR Command Line Reference Guide

56

Privileged EXEC mode

[

startup-config

filename

[

tftp:

filename

]}

Command Modes

] |

Copies startup-config to another filename.

Copies a file using tftp.

PerleSCR#copy

Usage Guidelines

The copy command (copy) is part of the file management system commands.

Copy a file from one location to another.

Examples

This example shows how to copy a file from the flash: directory to a tftp server with an ipv4 address of 172.16.4.90.

PerleSCR#copy flash:running-config-save tftp:<cr>

Address or name of remote host[ ]?172.16.4.90<cr>

Destination filename [ ]?backup-running-config<cr>

4922 bytes copied in 0.013 seconds

Related Commands

copy

boot

delete

mkdir

pwd

renew

debug debug

{[

alarmmgr

] | [

all

] | [

bgp

] | [

clpd

] | [

dialer

] | [

dot1x-authenticator

] |

[

dot1x-supplicant

] | [

drmgrd

] | [

email

] | [

init

] | [

[ip dhcp client | relay-agent | server]

|rib]

] | [

|

[ospf events | ism | lsa | nsm | nssa | packets | rib] | [rip events | packets ip-sec

] | [

kernel

] | [

logging

[

wan-highavail

] | [

wanifmgr

]}

] | [

ntp

] | [

snmp

] |

Use the no form of this command to negate enable secret.

[

trapmgr

] | [

tty

] | [

vty

] |

Syntax Description debug

{[

alarmmgr

] |

Add alarm manager messages to logging

[

all

] |

Sets all debugging messages to the log on. Setting all debug on will seriously effect the speed of your

IOLAN.

[

bgp

] |

[

clpd

] |

Start debug for bgp.

Start debug for clpd.

IOLAN SCR Command Line Reference Guide

57

Privileged EXEC mode

[

[

[

[

dialer

]

dot1x-authenticator dot1x-supplicant drmgrd

|

] |

] |

] |

Start debug for Dial on Demand feature.

Start debug for dot1x authenticator mode.

Start debug for dot1x suppliant mode.

Device Remote manager daemon debugging.

Start debug for email.

[

email

] |

[

init

] |

[

[ip dhcp client | relay-agent | server]

|

[ospf events | ism | lsa | nsm | nssa | packets | rib] | [rip events | packets | rib]

] |

[

ip-sec

] |

[

kernel

] |

[

logging

] |

[

ntp

] |

[

snmp

] |

[

trapmgr

] |

[

tty

] |

[

vty

] |

Start debug for init.

Start debug for dhcp client, relay agent and server.

Start debug for ospf.

Start debug for rip.

Starts debug for ipsec.

Start debug for kernel.

Start debug for logging.

NTP logging

Start debug for smnp.

Start debug for trapmgr.

Start debug for tty.

[

[

wan-highavail wanifmgr

]}

] |

Start debug for vty devices ssh and telnet.

Start debug for wan high available connections.

Start debug for our internal wan manager.

All debug off

Command Default

Command Modes

PerleSCR#debug <cr>

Usage Guidelines

You can set debug on for features or functions within your IOLAN. Setting debug on for all features will seriously impact system performance on your IOLAN.

IOLAN SCR Command Line Reference Guide

58

Privileged EXEC mode

Examples

This example shows you how to set debug on for ntp.

PerleSCR#debug ntp <cr>

This example shows you how to set debug on for dhcp server.

PerleSCR#debug ip dhcp server <cr>

Related Commands

ping

traceroute

delete delete

{[

flash:

<filename>

] | [

nvram:

<filename

]}

Syntax Description

{[

flash:

<filename>

]

|

delete

Select the filename to delete.

[

nvram:

<filename>

]}

Select the filename to delete.

Command Modes

PerleSCR#delete

Usage Guidelines

The delete command is part of the file management system commands.

Deletes a file on flash or nvram.

Examples

This example shows how to delete a file on flash.

PerleSCR#delete flash:backup.config<cr>

Related Commands

copy

boot

mkdir

pwd

renew

dir dir

{[

flash:

|

nvram:

]}

Syntax Description

[

flash:

|

nvram:

]}

dir

Shows the contents of flash.

Shows the contents of nvram.

IOLAN SCR Command Line Reference Guide

59

Privileged EXEC mode

Command Default

Command Modes

None

PerleSCR#dir

Usage Guidelines

The dir command is part of the file management system commands.

Shows the contents of a file system on flash or nvram.

Examples

PerleSCR#dir <cr>

34 -rw- 1992 Mar 25 2019 17:39 -04:00 running-config

33 -rw- 368555308 Mar 25 2019 13:38 -04:00 perle.img

39 -rw- 2016 Mar 27 2019 12:35 -04:00 -Mar-27-12-35-22-0

24 -rw- 896 Jan 4 2001 16:46 -04:00 backup.config

42 -rw- 2068 Mar 28 2019 15:33 -04:00 -Mar-28-15-33-44-3

41 -rw- 2047 Mar 27 2019 16:24 -04:00 -Mar-27-16-24-31-2

40 -rw- 2047 Mar 27 2019 16:24 -04:00 -Mar-27-16-24-26-1

Related Commands

copy

boot

delete

mkdir

pwd

renew

disable disable

Syntax Description

Command Modes disable

PerleSCR#disable

Usage Guidelines

Disables leave privileged mode.

Examples

This example show how to go from privileged level to user level.

PerleSCR#disable <cr>

Related Commands

enable

disconnect disconnect

{[

ssh vty

<0-15>

]}

Syntax Description disconnect

IOLAN SCR Command Line Reference Guide

60

Privileged EXEC mode

Command Modes

PerleSCR#disconnect

Usage Guidelines

Disconnects an active ssh session.

Examples

This example disconnects active ssh session vty 1.

PerleSCR#disconnect ssh vty 1<cr>

[confirm]

[OK]

Related Commands

line

dot1x dot1x

{[

initialize interface ethernet <1-18> ethernet <1-18>

] [

]

|

[

re-authenticate interface test interface ethernet <1-18>

]}

Syntax Description dot1x

[

initialize interface ethernet <1-18>

]

|

Devices connected on this Ethernet interface will be forced to authenticate.

The connection is secured.

[

re-authenticate interface ethernet

<1-18>

]

|

Devices connected on this Ethernet interface will be forced to reauthenticate.

[

test interface ethernet <1-18>

]}

Run a 802.1x readiness test to detect any 802.1x clients that are EAPoL capable.

Command Modes

PerleSCR#dot1x

Usage Guidelines

Dot1x commands to initialize, re-authenticate and test connected dot1x devices.

IOLAN SCR Command Line Reference Guide

61

Privileged EXEC mode

Examples

This example will force devices on ethernet interface 9 to re-authenticate.

PerleSCR>enable

PerleSCR# dot1x re-authenticate interface eth 9<cr>

This example will test for EAPol capable devices.

PerleSCR> enable

PerleSCR# interface eth 9

PerleSCR(config-if)# dot1x pae authenticator

PerleSCR(config-if)#exit

PerleSCRPerleSCR# dot1x test eapol-capable interface eth cr>

PerleSCR# show logging <cr>

*Oct 18 02:41:15 %PORT-AUTH-6: eth2: STA 00:13:20:92:29:82 IEEE 802.1X:

INFO_EAPOL_PING_RESPONSE: The interface Ethernet1 has an 802.1x capable client with MAC (00.13.20.92.29.82)

*Oct 18 01 02:41:15 %PORT-AUTH-6: eth2: STA 00:16:d3:2f:62:bb IEEE 802.1X:

INFO_EAPOL_PING_RESPONSE: The interface Ethernet1 has an 802.1x capable client with MAC (00.16.d3.2f.62.bb)

Related Commands

show logging

dot1x

exit exit

Syntax Description

Command Modes

Usage Guidelines

Exit from EXEC mode.

Related Commands

disable

exit

PerleSCRexit

kill

{[

line tty

<1-16>

]}

Syntax Description

{[

line tty

<1-16>

]

}

Command Modes kill

Resets the line.

PerleSCR#kill line tty

IOLAN SCR Command Line Reference Guide

62

Privileged EXEC mode

Usage Guidelines

Killing a line will reset that serial line, then reload any new parameters you have configured for that line.

Examples

This example will reset (kill) the line for tty 10. Any users connected will be disconnected.

PerleSCR#kill line tty 10<cr>

Related Commands

line

line-attach

{[

tty

<1-16>

|

<WORD>

]}

Syntax Description

[

tty

<1-16>

|

<WORD>

]}

line-attach

Displays available serial ports configured for ssh or telnet protocol.

If the user logs in, line access privileges will be based on this authentication not the original authentication request.

<WORD>

SSH user name is optional. If it is not entered, the username which logged into the

IOLAN main session will be used.

PerleSCR#line-attach

Command Modes

Usage Guidelines

The line-attach feature allows you to connect to serial ports configured as Console

Management ports. The available ports for both Telnet and SSH will be displayed.

Examples

This example allows a user to connect to serial port 16 using the SSH protocol and ssh user sshlyn.

PerleSCR#line-attach tty 16 sshlyn<cr>

Related Command

show line

(config-line)#tty

logout

{[

logout

]}

Syntax Description logout

IOLAN SCR Command Line Reference Guide

63

Privileged EXEC mode

{[

logout

]}

Command Modes

Usage Guidelines

Logs you out of your IOLAN.

Logs out of the IOLAN.

PerleSCR#logout

mkdir mkdir

{

[

flash:

]

}

Syntax Description

{

[

flash:

]

}

Command Modes mkdir

Make a directory on the flash.

PerleSCR#mkdir

Usage Guidelines

The make directory (mkdir) command is part of the file management system commands.

Makes a new directory on flash.

Examples

This example shows you how to make a directory under the file system flash:

PerleSCR>enable<cr>

PerleSCR#mkdir flash:testing<cr>

PerleSCR#dir

Directory of flash:

130307 drwx 4096 Jan 2 2019 19:58 -05:00 testdir

130306 -rw- 1508 Jan 2 2019 17:46 -05:00 test-config

130308 drwx 4096 Jan 3 2019 18:49 -05:00 testing

Related Commands

boot

copy

delete

rename renew

pwd

more more

{[

/ascii

] |

[

/binary

] |

[

flash:

] |

[

nvram:

] |

[

running-config

] |

IOLAN SCR Command Line Reference Guide

64

Privileged EXEC mode

[

startup-config

]}

Syntax Description

{[

/ascii

] |

[

/binary

] |

[

flash:

] |

more

Forces the file type to ascii.

Force the filetype to binary.

[

[

nvram:

]

|

running-config

] |

Displays the content of a file within flash.

Displays the content of a file within nvram. system.

Merge running config with current system configuration.

Displays startup configuration.

[

startup-config

]}

Command Modes

PerleSCR#more

Usage Guidelines

The more command show you a file contents. You can specify whether to show the contents in ascii or binary format.

Examples

The example shows you how to view the file contents of nvram.

PerleSCR#more nvram:no-default-config<cr>

IOLAN SCR Command Line Reference Guide

65

Privileged EXEC mode interface BVI1

ip address 192.168.0.1 255.255.255.0

interface ethernet 2

ip address dhcp interface ethernet 25

no ip address

bridge-group 1 interface ethernet 26

no ip address

bridge-group 1 no ip address

bridge-group 1 interface ethernet 13

no ip address

bridge-group 1 interface ethernet 14

no ip address

bridge-group 1 interface ethernet 15

no ip address

bridge-group 1 interface ethernet 16

no ip address

bridge-group 1 no ip http server no ip http secure-server ip dns listen-address 192.168.0.1

ip dhcp pool default-pool

network 192.168.0.0 255.255.255.0 start 192.168.0.100 stop 192.168.0.200

authoritative enable

default-router 192.168.0.1

dns-server 192.168.0.1

ping ping

18024>

{[

<WORD>

data

<HEX DIGITS>

repeat

<1-2147483647>

size

<36-

]}

Syntax Description ping

Host name must be predefined in a host table. Data hex pattern is from

1 to 32 hex characters. Repeat count can be from 1-2147483647.

Datagram size can be from 36-

18024.

Command Modes

PerleSCR#ping

Usage Guidelines

Ping a host.

IOLAN SCR Command Line Reference Guide

66

Privileged EXEC mode

Examples

This example shows you how to ping a host with an ip address of 172.16.113.44 repeating the ping request 10 times.

PerleSCR ping 172.16.113.44 repeat 10 <cr>

This example show you how to ping a host with an ip address of 172.16.113.44 with hex data pattern of f1f1f1f1f1.

PerleSCR ping perlehost data f1f1f1f1f1<cr>

This example shows you how to ping a host with an ip address of 172.16.113.44 with a data packet size of 4o bytes.

PerleSCR ping perlehost size 40<cr>

Related Commands

traceroute

pwd pwd

Syntax Description

Command Modes pwd

PerleSCR#pwd

Usage Guidelines

The pwd command is part of the file management system commands.

Shows your current file system.

Examples

This command will show you what file system you are in.

PerleSCR#cd nvram:<cr>

PerleSCR#pwd<cr> nvram:

Related Commands

boot

copy

delete

rename renew

mkdir

release dhcp | dhcpv6

release dhcp | dhcpv6

{[

bvi

<1–9999>

] |

IOLAN SCR Command Line Reference Guide

67

Privileged EXEC mode

[

ethernet<1-18> .

<1–4000>

]}

[

Syntax Description

{[

bvi

<1–9999>

]

ethernet <1-18>

|

.

<1–4000>

]}

release

Release the dhcp address for the specified bridge interface.

Release the dhcp address for the specified ethernet interface.

PerleSCR#release

Command Modes

Usage Guidelines

Release the IPv4/IPv6 address from the specified interface. The IPv4/IPv6 address will be added back to the DHCP pool.

Examples

This example will release the ipv4 address from eth10.

PerleSCR# release dhcp eth10<cr>

Related Commands

release dhcp | dhcpv6

show dhcp

show ip arp

reload reload

{[

at

hh:mm

] | [

cancel

] | [

in

mmm

|

hh:mm

]}

Syntax Description reload

{[

at

hh:mm

]

|

at

– specify the time in hours and minutes when to reload the firmware on the IOLAN.

[

cancel

]

|

cancel

– cancel any pending reload commands.

[

in

mmm

| [

hh:mm

]}

in

– specify in minutes 1-999 or hours minutes when to reload the firmware on the IOLAN

Command Modes

PerleSCR#reload

Usage Guidelines

Reload the IOLAN firmware. The IOLAN will power off and then reboot. Any configuration not copied from running-config to startup-config will be lost.

IOLAN SCR Command Line Reference Guide

68

Privileged EXEC mode

Examples

Reloads the firmware on the IOLAN in 10 hours and 20 mins.

PerleSCR#reload 10:20 <cr>

Cancels the previous reload command.

PerleSCR#reload cancel <cr>

*****

***** ----SHUTDOWN ABORTED ---

******

Related Commands

show reload

Note:

Before reloading the IOLAN copy running config to startup config to save any changes that you want to save permanently.

rename rename

{[

flash:

<WORD>

] | [

nvram:

<WORD>

]}

Syntax Description rename

{[

flash:

<WORD>

]

|

[

nvram:

<WORD>

]}

Rename the file.

Command Modes

PerleSCR#rename

Usage Guidelines

The rename command is part of the file management system commands.

Rename a file on flash or nvram.

Examples

This example renames a file on flash from testdir to newdir.

PerleSCR#rename flash:testdir flash:backup<cr>

Destination file name[backup]?

Related Commands

boot

copy

delete

renew

pwd

mkdir

renew renew dhcp | dhcpv6

{[

bvi

<1–9999>

] |

IOLAN SCR Command Line Reference Guide

69

Privileged EXEC mode

[

ethernet <1-18>

]}

[

Syntax Description

{[

bvi

<1–9999>

ethernet<1-18>

] |

]}

renew

Renew the dhcp address for the specified bridge interface.

Renew the dhcp address for the specified Ethernet interface.

PerleSCR#renew

Command Modes

Usage Guidelines

Renew the IPv4/IPv6 address for specified interface. An IPv4/IPv6 address with be allocated from the DHCP pool.

Examples

This example will renew the DHCP IPv4 address for eth10.

PerleSCR# renew dhcp eth10<cr>

Related Commands

release dhcp | dhcpv6

show dhcp

show ip arp

reset reset

{[

factory

]}

Syntax Description

{[

factory

]}

reset

Resets the IOLAN to factory default, removing all configuration files, certificates and keys.

PerleSCR#reset

Command Modes

Usage Guidelines

Sets the IOLAN to factory defaults,

Related Commands

boot

copy

delete

rename

pwd

mkdir

IOLAN SCR Command Line Reference Guide

70

Privileged EXEC mode

rmdir rmdir

{[

flash:

<WORD>

]}

Syntax Description

{[

flash:

<WORD>

]}

Command Modes

Usage Guidelines

Remove a file on flash.

Examples

This example removes a file on flash.

PerleSCR# remove flash:testit <cr>

Remove Directory name [testit]?

Related Commands

boot

copy

delete

pwd

mkdir

rename

Remove the directory on flash.

PerleSCR#rmdir

serialt serialt

{[

#[mask] [...] [-full] [-size=# [-show]

]}

Syntax Description serialt

{[

#[mask] [...] [-full] [-size=# [-show]

]} Takes serial line trace.

Usage Guidelines

Captures data on serial line.

Examples

This example will capture all data on serial port 1 and display it on the screen.

PerleSCR# serialt 1 -show<cr>

SERIAL TRACE V1.00

To start a serial trace:

IOLAN SCR Command Line Reference Guide

71

Privileged EXEC mode serialt #[=mask] [...] [-full] [-size=#] [-show]

| | | | | |

| | | | | then show the trace file

| | | | size in kilobytes (2-1024)

| | | stop when trace file full else wrap

| | another port/mask to simultaneously trace

| optional trace mask any combination of:

| rx+tx+signals+special+ioctl or use: normal,all,same

port number 1->max

Serial trace file utilities: serialt [-show] [-remove]

| |

| remove the trace file

show the trace file

Related Commands

traceroute

ping

debug

show aaa show aaa

{[

local user lockout

]}

Syntax Description

{[

local user lockout

]}

show aaa

Shows users that are locked out of the

IOLAN.

PerleSCR#show aaa

Command Modes

Usage Guidelines

This command will show you the current locked out users on the IOLAN.

Examples

This example will show you the current locked out users on the IOLAN.

PerleSCR#show aaa local user lockout<cr>

Locked-out users: Lyn

Related Commands

aaa

show alarm show alarm

{[

description port

] |

[

profile

] |

[

settings

]}

Syntax Description show alarm

IOLAN SCR Command Line Reference Guide

72

Privileged EXEC mode

{[

description port

] |

[

profile

] |

[

settings

]}

Command Modes

Show description.

Show profile.

Show settings.

#show alarm

Usage Guidelines

Shows you alarm descriptions, profile and settings.

Examples

To show alarm descriptions.

PerleSCR>show alarm profile<cr> defaultPort:

Interfaces eth1, eth2, eth3, eth4, eth5, eth6, eth7, eth8, eth9, eth10, eth11, eth12, eth13, eth14, eth15, eth16, eth17, eth18

Alarms not-operating

Syslog not-operating

Notifies not-operating

Related Commands

alarm

show archive show

{[

archive config | rollback | timer

] |

[

update

]}

Syntax Description show archive

{[

archive config | rollback | timer

] |

Shows information for configuration rollback and timer.

[

update

]}

Shows whether the Check Software update is enabled.

Command Modes

PerleSCR#show archive

Usage Guidelines

Shows config rollback and update feature.

IOLAN SCR Command Line Reference Guide

73

Privileged EXEC mode

Examples

This example will show the config for the rollback feature.

PerleSCR#show archive<cr>

The maximum archive configurations allowed is 14.

There are currently 9 archive configurations saved.

The next archive file will be named flash:-<timestamp>-9

Archive # Name

1 flash:-May-19-14-14-16-0

2 flash:-May-19-14-17-50-1

3 flash:-May-1914-19-00-2

4 flash:-May-19-14-19-14-3

5 flash:-May-19-14-20-55-4

6 flash:-May-19-14-24-31-5

7 flash:-May-19-15-05-37-6

8 flash:-May-19-03-37-55-7

9 flash:-May-19-03-38-10-8 <- Most Recent

10

11

12

13

14

Related Commands

archive

show arp show

{[

arp

A.B.C.D

]}

Syntax Description

{[

arp

A.B.C.D

]}

Command Default show arp

Show arp table.

None

Command Modes

PerleSCR#show arp

Usage Guidelines

Use this command to show entries in the arp table.

Enter an ipv4 address to display the entry for this ip address in the arp table.

Examples

This example show you how to view the arp table.

PerleSCR#show arp<cr>

Address HWtype HWaddress Flags Mask Iface

172.16.113.20 ether 78:2b:cb:a5:b4:0c C eth1

172.16.23.122 ether 70:f3:95:18:7a:a3 C eth1

IOLAN SCR Command Line Reference Guide

74

Privileged EXEC mode

Related Commands

clear arp-cache

show bgp show

{[

bgp community

]

|

[

community-list

<1-500 >

exact-match

| <list-name>

]

|

[

filter-list

<access-list name>

]

|

[

memory

]

|

[

neighbors

<A.B.C.D> | <X:X::X:X>

]

|

[

prefix-list

<word>

]

|

[

regexp

<line>

]

|

[

route-map

<line>

]}

Syntax Description show bgp

{[

bgp community

] |

Show routes matching the communities.

[

community-list

<1-500 >

exact-match |

<list-name>

] |

[

filter-list

<access-list name>

] |

Show routes matching the community list.

Show routes conforming to the filter list.

[

memory

]

|

[

neighbors

<A.B.C.D> | <X:X::X:X>

]

|

Global BGP memory statistics.

Detailed list for TCP and BGP neighbor connections.

[

prefix-list

<word>

] |

Display routes matching the prefixlist.

[

regexp

<line>

]

|

Display routes matching the AS path regular expression.

[

route-map

<line>

]}

Display routes matching the routemap

Command Modes

PerleSCR#show bgp

Usage Guidelines

Show BGP information.

IOLAN SCR Command Line Reference Guide

75

Privileged EXEC mode

Examples

This example shows bgp neighbors.

PerleSCR# show bgp neighbors<cr>

BGP neighbor is 172.16.39.2, remote AS 65537, local AS 65536, external link

BGP version 4, remote router ID 172.16.39.2

BGP state = Established, up for 00:14:28

Last read 05:39:27, hold time is 180, keepalive interval is 60 seconds

Neighbor capabilities:

4 Byte AS: advertised and received

Route refresh: advertised and received(old & new)

Address family IPv4 Unicast: advertised and received

Message statistics:

Inq depth is 0

Outq depth is 0

Opens:

Notifications:

Sent Rcvd

1

Updates:

Keepalives:

Route Refresh:

Capability:

Total:

0

0 0

1

16

0

0

18

1

15

0

0

16

Minimum time between advertisement runs is 30 seconds

For address family: IPv4 Unicast

Community attribute sent to this neighbor(both)

1 accepted prefixes

Connections established 1; dropped 0

Last reset never

Local host: 172.16.39.1, Local port: 179

Foreign host: 172.16.39.2, Foreign port: 38216

Nexthop: 172.16.39.1

Nexthop global: 2011::2

Nexthop local: fe80::251:82ff:fe11:2201

BGP connection: non shared network

Read thread: on Write thread: off

Related Commands

router

debug

show bridge show

{[

bridge

]}

Syntax Description

{[

bridge

]}

show bridge

Show list of bridges

IOLAN SCR Command Line Reference Guide

76

Privileged EXEC mode

Command Default

Command Modes

None

PerleSCR#show bridge

Usage Guidelines

Use this command to list bridge information.

Examples

This example show you how to view bridge information.

PerleSCR#show bridge<cr>

Bridge Name Bridge ID br1 8000.00400298993b no eth10, eth11, eth12, eth13, eth14, eth15, eth16, eth25, eth26, eth27, eth28, eth29, eth30, eth31, eth32, eth9

Related Commands

bridge

show clock show

{[

clock

]}

Syntax Description

{[

clock

]}

Command Modes

Usage Guidelines

Shows current date and clock.

Examples

To show clock, type

PerleSCR# show clock <cr>

Thu Nov 22 3:18:17:17 UTC 2018

Related Commands

clock

show clock

Shows current date and clock.

PerleSCR#show clock

show crypto show

{[

crypto ipsec client |esp-group

<WORD>

| ike-group

<WORD>

| status

] |

[

openvpn | pki | ssl

]}

Syntax Description show crypto

|

{[

crypto ipsec client |esp-group

<WORD>

| ike-group

<WORD>

| status

]

Shows IPsec information.

IOLAN SCR Command Line Reference Guide

77

[

openvpn

] |

[

pki

] |

[

ssl

]}

Command Modes

Usage Guidelines

Show crypto information.

Examples

To show ipsec status, type

PerleSCR# show ipsec status <cr>

IPsec is enabled

IPsec is running

No connections active

Related Commands

crypto

Privileged EXEC mode

Show OpenVPN information.

Shows pki information.

Shows ssl information,

PerleSCR#show crypto

show debugging show

{[

debugging

]}

Syntax Description

{[

debugging

]}

show debugging

Shows which processes are in debugging mode.

PerleSCR#show debugging

Command Modes

Usage Guidelines

Shows which functions or commands have debug enabled.

Examples

This example shows the output of the debug command.

PerleSCR# show debugging<cr>

BGP events debugging is on

NTP debugging is on

debug

show dhcp show dhcp

{[

lease

]}

Syntax Description show dhcp

IOLAN SCR Command Line Reference Guide

78

Privileged EXEC mode

{[

lease

]}

Command Modes

Shows current devices with leases.

PerleSCR#show dhcp

Usage Guidelines

Shows all client dhcp leases with configured options.

Examples

This example will show all the dhcp leases.

PerleSCR# show dhcp lease<cr> dhcp-assigned-address 172.17.121.182

option subnet mask 255.255.0.0

option dhcp-lease time 86400 seconds option dhcp-server-identifier 172.17.3.13

renew Mon Jan 01 08:44:00 EST 2021 rebind Mon Jan 01 19:02:16 EST 2021 expire Mon Jan 01 22:02:16 EST 2021

Related Commands

show ip dhcp

show dot1x

{

[

all

|

details

|

statistics

] |

[

credential

<WORD>

]

|

[

interface ethernet <1-18> | details | statistics

] |

[

radius statistics interface ethernet <1-18>

]

}

show dot1x

Syntax Description show dot1x

[

all | details | statistics

] |

Type all for details for all dot1x connections. Select all statistics to view statistics for each dot1x connection.

[

credential

<WORD>

]

|

Type credential to show the credential profile for the user.

[

interface ethernet <1-18> details | statistics

] |

Type Ethernet interface to show connections authenticated with dot1x.

[

radius statistics interface ethernet <1-

18>

]

}

Type radius to show radius statistics for authenticator mode.

Command Modes

PerleSCR#show dot1x

IOLAN SCR Command Line Reference Guide

79

Privileged EXEC mode

Usage Guidelines

Shows the connection information for suppliant and authenticator dot1x connections.

Examples

This example shows the interfaces with dot1x enabled.

PerleSCR#show dot1x all

Sysauthcontrol Enabled

Dot1x Protocol Version 3

Dot1x Info for Ethernet2

====================================

PAE = AUTHENTICATOR

QuietPeriod = 60

SuppTimeout = 30

ReAuthMax = 2

MaxReq = 2

TxPeriod = 30

Dot1x Info for Ethernet3

====================================

PAE = SUPPLICANT

StartPeriod = 30 (fixed)

AuthPeriod = 30 (fixed)

HeldPeriod = 60 (fixed)

MaxStart = 3 (fixed)

Credentials profile = lfelton

EAP profile = md5chap

This example shows dot1x credentials.

PerleSCR#show dot1x credential

Dot1x Credential Profile: lfelton

--------------------------------------------

Username: lfelton

Password:*******

Related Commands

dot1x

show eap show eap

{[

profile

<WORD>

] |

[

registrations

]}

[

Syntax Description profile

<WORD>

]

|

show eap

Shows details for pre-defined eap

profiles. See

(config-eapprofile)#

to configure eap profile.

IOLAN SCR Command Line Reference Guide

80

Privileged EXEC mode

[

registrations

]}

Command Modes

Shows supported EAP.

PerleSCR>show eap

Usage Guidelines

Shows configured methods and pki-trustpoints for EAP configured profiles. EAP profiles are configured using the eap profile <name> command. The registration show command shows the EAP methods supported by your IOLAN.

Examples

This example shows eap registrations.

PerleSCR#show eap registrations <cr>

Registered EAP Methods:

=======================

Method Type Name

4 Auth and Peer MD5

6 Auth and Peer GTC

13 Auth and Peer TLS

21 Auth and Peer TTLS

25 Auth and Peer PEAP

26 Auth and Peer MSCHAPV2

..........

This example shows all eap profiles.

PerleSCR>show eap profiles<cr>

EAP Profile: md5chap

----------------------------------------

PKI-Trustpoint: None

Allowed Phase 1 methods:

-----------------------------------------

MD5

MSCHAPV2

Related Commands

crypto

show eee show eee

{[

capabilities interface ethernet <1-18>

]

[

status

]}

|

Syntax Description show eee

|

{[

capabilities interface ethernet <1-18>

] Shows whether the remote Ethernet interface is capable of Energy

Efficient Ethernet.

IOLAN SCR Command Line Reference Guide

81

[

status

]}

Command Modes

Usage Guidelines

Shows eee capabilities for Ethernet ports.

Examples

This example shows eee capabilities on the Ethernet ports.

PerleSCR# show eee capabilites.<cr>

Ethernet1

EEE: no

Ethernet2

EEE: no

Ethernet9

EEE: yes

Ethernet10

EEE: yes

Ethernet11

EEE: yes

Ethernet12

EEE: yes

Ethernet13

EEE:yes

Ethernet14

EEE:yes

Ethernet15

EEE:yes

Ethernet16

EEE:yes

Privileged EXEC mode

Shows the current status

Disagree – the remote interface cannot negotiate eee.

Link down – the remote interface is not connected.

Operational – both sides have agreed on eee capabilities.

Disabled – eee is disabled on this

Ethernet interface.

PerleSCR#show eee

IOLAN SCR Command Line Reference Guide

82

Privileged EXEC mode

Ethernet25

EEE:yes

Ethernet26

EEE:yes

Ethernet27

EEE:yes

Ethernet28

EEE:yes

Ethernet28

EEE:yes

Ethernet29

EEE:yes

Ethernet30

EEE:yes

Ethernet31

EEE:yes

Ethernet32

EEE:yes

show email show email

Syntax Description

Command Modes

Usage Guidelines

Shows configured email parameters.

Examples

This example shows email configuration.

PerleSCR# show email <cr>

Email: Disabled

SMTP Server: testsnmp from:

Encryption: none

Username: lyn

Password: test

Validate Certificate: Disabled

Related Commands

email

show email

PerleSC#show email

show environment show

{[

environment

[

all

]

|

[

power status

]

|

}

|

Syntax Description show environment

IOLAN SCR Command Line Reference Guide

83

Privileged EXEC mode

[

all

]

|

[

power status

]

|

[

temperature

]}

Show all environment status.

Shows status of power supplies.

Show temperature status.

Command Modes

PerleSCR#show environment

Usage Guidelines

Shows power supply statuses.

This example shows the IOLAN internal environment.

PerleSCR# show environment all<cr>

POWER SUPPLY 1 is DC Not Present

Power sensor value: Not currently valid

POWER SUPPLY 2 is DC OK

Power sensor value: 5.00 Volts

show facility-alarm show

{[

facility-alarm

]

|

[

status

]}

Syntax Description

{[

facility-alarm

] | [

status

]}

Command Modes show facility-alarms

Shows facility alarms by status

PerleSCR#show facility-alarm

Usage Guidelines

Shows facility alarms.

Examples

This example shows facility alarm statuses.

#show facility-alarm status<cr>

Source Severity Description Actions Time

-

----------------- -------- -------------------------------------- ----------------- -------------------

PerleSCR MAJOR Redundant Power missing or failed LOG May

1 2020 14:07

show flash: show flash:

Syntax Description

Command Modes

Usage Guidelines

Shows the contents of flash:.

show flash:

PerleSCR#flash:

IOLAN SCR Command Line Reference Guide

84

Examples

This example shows contents of the flash file system.

PerleSCR# show flash:<cr>

Directory of flash:

57 -rw- 2504 Jan 2 2019 20:58

-04:00 test-Jan-02-20-58-34-113

78 -rw- 3332 Sep 16 2019 11:58

-04:00 test-Sep-16-11-58-38-8462

37 -rw- 2124 Jan 2 2019 00:28

-04:00 test-Jan-02-00-28-14-37

49 -rw- 2124 Jan 2 2019 01:21

57 -rw- 2504 Jan 2 2019 20:58

-04:00 test-Jan-02-20-58-34-113

78 -rw- 3332 Sep 16 2019 11:58

-04:00 test-Sep-16-11-58-38-8462

37 -rw- 2124 Jan 2 2019 00:28

-04:00 test-Jan-02-00-28-14-37

49 -rw- 2124 Jan 2 2019 01:21

-04:00 test-Jan-02-01-21-17-23

70 -rw- 2513 Jan 3 2019 00:33

-04:00 test-Jan-03-00-33-56-69

39 -rw- 2124 Jan 2 2019 00:30

-04:00 test-Jan-02-00-30-16-39

74 -rw- 3509 Sep 10 2019 13:29

-04:00 test-Sep-10-13-29-21-5469

64 -rw- 2515 Jan 2 2019 23:16

-04:00 test-Jan-02-23-16-52-42

61 -rw- 2504 Jan 2 2019 22:27

-04:00 test-Jan-02-22-27-57-83

71 -rw- 3509 Sep 10 2019 13:26

-04:00 test-Sep-10-13-26-19-5466

43 -rw- 2124 Jan 2 2019 00:51

-04:00 test-Jan-02-00-51-17-17

20 -rw- 0 Dec 31 2018 22:13 -04:00 gnss.txt

Related Commands

copy

boot

delete

mkdir

pwd

renew

Privileged EXEC mode

IOLAN SCR Command Line Reference Guide

85

Privileged EXEC mode

show hosts show

{[

hosts

]}

Syntax Description

{[

hosts

]}

Command Modes

Usage Guidelines

Show a list of hosts listed in the host table.

Examples

This example shows the host table.

PerleSCR#show hosts<cr>

Default domain name is not set

DNS lookup is enabled

Name Servers are not configured

Host table:

PerleName 172.16.113.77

RADIUS_SERVER 172.16.55.88

TACACS_SERVER 172.16.55.99

Related Commands

hostname

show hosts

Configured hosts in the host table.

PerleSCR# show hosts

show interfaces show interfaces

{[

interfaces bvi [

<1-9999>

] |

[

dialer

<0-15>

] |

[

ethernet<1-18>

] |

[

loopback counters | description | stats | summary

] |

[

openvpn-tunnel

<0-999

] |

[

tunnel

<0-999

] |

[

counters

] |

[

description

] |

[

stats

] |

[

summary

]}

Syntax Description show interfaces

{[

interfaces bvi [

<1-9999>

] |

Show Bridge-Group Virtual interfaces.

[

dialer

<0-15>

] |

[

ethernet<1-18>

] |

Show Dialer interfaces.

Show Ethernet interfaces.

IOLAN SCR Command Line Reference Guide

86

Privileged EXEC mode

[

loopback counters | description | stats | summary

] |

[

openvpn-tunnel

<0-999

] |

[

tunnel

<0-999

] |

[

counters

] |

[

description

] |

Show loopback interface.

Show OpenVPN interfaces.

Show tunnels.

Show counters for all interfaces.

[

stats

] |

[

summary

]}

Command Modes

Show descriptions for all interfaces.

Show stats for all interfaces.

Show summary for all interfaces.

PerleSCR#show interfaces

Usage Guidelines

Shows interface details, including admin status and link statuses.

Examples

This example shows the host table.

PerleSCR#show interfaces description<cr>

Interface Admin Status Link Status Description

--------- ------------ ----------- ----------lo up up eth1 up up eth2 up down eth9 up down eth10 up down eth11 up down eth12 up down eth13 up down eth14 up down eth15 up down eth16 up down eth25 up down eth26 up down eth27 up down eth28 up down eth29 up down eth30 up down eth31 up down eth32 up down br1 up down

IOLAN SCR Command Line Reference Guide

87

Privileged EXEC mode

Related Commands

(config-if)# bvi

(config-if)# dialer

(config-if) ethernet

(config-if)# tunnel

(config-if)# openvpn-tunnel

Interface

show ip access-lists show ip access-lists

{[

extended

<100-199> <2000-2699>

|

[

standard

<1-99> <2000-2699>

]}

Syntax Description

|

{[

extended

<100-199> <2000-2699>

]

show ip access-lists

Extended IP access lists.

[

standard

<1-99> <2000-2699>

]}

Standard IP access lists.

Command Modes

PerleSCR#show ip access-lists

Usage Guidelines

Shows configured access lists.

Examples

PerleSCR#show ip access-lists

Extended IP access list 100

10 permit any any

Related Commands

(config-std-nacl)#

show ip alg show ip alg

{[

table

]}

Syntax Description

{[

table

]}

Command Modes

Usage Guidelines

Shows Application Level Gateway (ALG).

show ip alg table

Extended IP access lists.

PerleSCR#show ip alg table

IOLAN SCR Command Line Reference Guide

88

Privileged EXEC mode

Examples

This example shows ip alg table information.

PerleSCR#show ip alg table<cr>

CONN-ID Source Destination Protocol Timeout State

470387840 127.0.0.1:54322 127.0.0.1:199 tcp [6] 429781

ESTABLISHED

445100032 127.0.0.1:54326 127.0.0.1:199 tcp [6] 429781

ESTABLISHED

1030624192 127.0.0.1:41776 127.0.0.1:13514 tcp [6] 100

TIME_WAIT

470388160 127.0.0.1:54324 127.0.0.1:199 tcp [6] 429781

ESTABLISHED

445101312 172.16.113.216:50077 172.16.113.215:80 tcp [6] 424575

ESTABLISHED

470386240 127.0.0.1:41778 127.0.0.1:13514 tcp [6] 431999

ESTABLISHED

show ip arp show ip arp

{[

<A.B.C.D>

]}

Syntax Description

{[

<A.B.C.D>

]}

show ip arp

Show the arp entry for the specified ipv4 address.

None

Command Default

Command Modes

PerleSCR#show ip arp

Usage Guidelines

Show arp table details.

Examples

PerleSCR#show ip arp<cr>

Address HWtype HWaddress Flags Mask Iface

172.16.113.20 ether 78:2B:cb:a5:b4:0c CM eth1

IOLAN SCR Command Line Reference Guide

89

Privileged EXEC mode

show ip bgp

Syntax Description

Command Modes show ip bgp

PerleSCR#show ip bgp

Usage Guidelines

Shows BGP information.

Examples

This example shows how to display bgp information.

PerleSCR#show ip bgp<cr>

BGP table version is 0, local router ID is 172.16.113.215

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, R Removed

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 172.16.0.0 0.0.0.0 1 32768 i

Total number of prefixes 1

Related Commands

clear ip

show ip community-list

Syntax Description

Command Modes show ip community-list

PerleSCR#show ip communitylist

Usage Guidelines

Shows IP community list information.

Examples

This example shows how to display community lists.

PerleSCR#show ip community-list<cr>

Community ( expanded) access list 100 permit 50

Related Commands

show ip extcommunity-list

IOLAN SCR Command Line Reference Guide

90

Privileged EXEC mode

show ip ddns ip ddns

{[

service

|

use-web

]}

Syntax Description

{[

service use-web

]}

|

show ip ddns

Show the service being used for

DDNS.

Web check used for obtaining the external address.

PerleSCR#show ip ddns<cr>

Command Modes

Usage Guidelines

Show all DDNS settings.

Examples

This example shows DDNS service configured on ethernet port 18.

PerleSCR>show ip ddns service ethernet 18<cr>

Service dyndns

Login testddns

Password ********

Related Commands

ip

show ip dhcp ip dhcp

{[

binding

] |

[

pool

<WORD>

]}[

Syntax Description

[

{[

binding pool

] |

<WORD>

]}

Command Modes show ip dhcp

Type bindings to show all automatic DHCP IP bindings

Type the name of the DHCP IP pool to show the client leases or bindings. Also shows you

Fixed/Reserved leases.

PerleSCR#show ip dhcp bindings<cr>

Usage Guidelines

Show all DHCP IP bindings. Type in the name of the pool you want to see DHCP ip bindings for.

IOLAN SCR Command Line Reference Guide

91

Privileged EXEC mode

Examples

This example shows how to display all DHCP IP bindings.

PerleSCR#show ip dhcp pool testpool <cr> lease 172.16.0.4

lease expires Sun Jan 12 19:50:45 2019

hardware ethernet 78:2b:cb:a5:b4:0c;

client-hostname "DESKTOP-N5PC2JQ";

state: active

Fixed Reserved leases

IP address Client-ID/Hardware address

172.16.113.200 17:17:23:34:56:77

Related Commands

show dhcp

release dhcp | dhcpv6

renew dhcp | dhcpv6

clear arp-cache

show ip dns show ip dns

Syntax Description

Command Modes show ip dns

PerleSCR#show ip dns

Usage Guidelines

Shows IP DNS configuration and information.

Examples

This example shows how to display all DNS settings.

PerleSCR# show ip dns <cr>

IP DNS

======

DNS Lookup Enabled

Listen Addresses:

192.168.0.1

Cache Size 10000

Ignore Host File Off

Negative TTL 3600

No Name Servers Configured

Related Commands

ip

IOLAN SCR Command Line Reference Guide

92

Privileged EXEC mode

show ip extcommunity-list show ip extcommunity-list

Syntax Description

Command Modes show ip extcommunity-list

PerleSCR#show ip extcommunity-list

Usage Guidelines

Shows configured ip extcommunity lists.

Examples

This example shows how to display community lists.

PerleSCR#show ip extcommunity-list<cr>

Extended community standard list 99 denyso0:0:1:30

Related Commands

ip

show ip firewall show ip firewall

{[

<NAME>

]}

Syntax Description

{[

<NAME>

]}

Command Modes show ip firewall

The name of the firewall.

PerleSCR#show ip firewall

Usage Guidelines

Shows ip firewall configuration.

Examples

This example shows how to display active firewalls.

PerleSCR#show ip firewall<cr>

Active on

Rule Packets Bytes Action Proto Source Destination Rule Specs

----- ------- ------- ------- ------- ----------- ----------------- ---------------

10 0 0 accept ip 0.0.0.0/0 0.0.0.0/0

/* firewall1-10 */

10000 0 0 drop ip 0.0.0.0/0 0.0.0.0/0

/* firewall1-10000 default-action drop */

Related Commands

ip

IOLAN SCR Command Line Reference Guide

93

Privileged EXEC mode

show ip health show ip health

{[

interfaces | profiles | status

]}

Syntax Description show ip health

{[

interfaces | profiles | status

]}

Show health profile and statuses for interfaces.

Command Modes

PerleSCR# show ip health

Usage Guidelines

Show health status for interfaces.

Examples

This example shows how to display all health information for all configured interfaces.

PerleSCR# show ip health <cr>

IP Health Profiles and Tests Configuration:

===========================================

Profile Name : testHealth

Failure-count: 10

Success-count: 10

Test 1: Type: PING Response Timeout: 1 Target: 192.168.0.98

IP Interface Health-Profile Configuration:

==========================================

Ethernet1 testHealth

Ethernet2 testHealth

Ethernet3 testHealth

Ethernet4 testHealth

Ethernet5 testHealth

Ethernet6 testHealth

Ethernet7 testHealth

Ethernet8 testHealth

Ethernet9 testHealth

Ethernet10 testHealth

Ethernet11 testHealth

.................

IOLAN SCR Command Line Reference Guide

94

Privileged EXEC mode

Related Commands

(config-if)# dialer

(config-if)# bvi

(config-if) ethernet

(config-if)# openvpn-tunnel

(config-if)# tunnel

show ip host-group show ip host-group

{[

<WORD>

]}

Syntax Description

{[

<WORD>

]}

show ip host-group

Show ip host groups registered for

DDNS service.

PerleSCR#show ip host-group

Command Modes

Usage Guidelines

Show ip host groups registered for DDNS service.

Examples

This example shows how to display the host group tables.

PerleSCR# show ip host-group test<cr>

Host list:

172.16.77.88

1:2:3:4::5

Related Commands

ip

show ip http show http

{[

server status

]}

Syntax Description

{[

server status

]}

Command Modes

Usage Guidelines

Shows status of HTTP server.

show ip http

Show HTTP server status.

PerleSCR#show ip http

IOLAN SCR Command Line Reference Guide

95

Privileged EXEC mode

Examples

Shows status of HTTP server.

PerleSCR# show ip http <cr>

Http server status: Enabled

HTTP server port : 80

User session idle timeout: 1440 seconds

HTTP secure server status: Enabled

HTTP secure server port: 443

Related Commands

ip

show ip interface show ip interface

Syntax Description

Command Modes show ip interface

#show ip interfaces

Usage Guidelines

Shows interface statuses.

Examples

This example shows how to display all ip interfaces.

PerleSCR#show ip interface <cr>

Interface IP Address Mask Admin Status Link Status Description

--------- ----------------- ----------------- ------------ ----------- ----------- lo 127.0.0.1 255.0.0.0 up up eth1 - - admin down down eth2 - - up down wlm0 25.109.1.55 255.255.255.240 up up wlan0 - - up down br1 192.168.0.1 255.255.255.0 up up wlan1 - - up up

Related Commands

interface

show ip nat show ip nat

{[

statistics

|

translations

]}

Syntax Description show ip nat

IOLAN SCR Command Line Reference Guide

96

Privileged EXEC mode

{[

statistics

|

translations

}

Shows the NAT source statistics table.

Shows the pre-nat and post-nat translations. table.

#show ip nat

Command Modes

Usage Guidelines

Shows the IOLAN’s Network Address Translation Table (NAT) statistics and translations.

Example

This example shows ip nat translations.

PerleSCR#show ip nat translations<cr>

NAT Source Translations

Pre-NAT Post-NAT Prot Timeout

172.16.0.4 25.111.129.244 tcp 339052

NAT Destination Translations

Pre-Nat Post-NAT Port-Timeout

Related Commands

ip

show ip ospf show ip ospf translations

]}

{[

statistics

|

Syntax Description

{[

statistics

|

translations

]}

show ip ospf

Command Modes

PerleSCR#show ip ospf

Usage Guidelines

Shows the IOLAN’s Network Address Translation Table (NAT) statistics and translations.

IOLAN SCR Command Line Reference Guide

97

Privileged EXEC mode

Examples

PerleSCR#show ip ospf

OSPF Routing Process, Router ID: 172.16.39.2

Supports only single TOS (TOS0) routes

This implementation conforms to RFC2328

RFC1583Compatibility flag is disabled

OpaqueCapability flag is disabled

Initial SPF scheduling delay 200 millisec(s)

Minimum hold time between consecutive SPFs 1000 millisec(s)

Maximum hold time between consecutive SPFs 10000 millisec(s)

Hold time multiplier is currently 1

SPF algorithm last executed 7m53s ago

SPF timer is inactive

Refresh timer 10 secs

Number of external LSA 0. Checksum Sum 0x00000000

Number of opaque AS LSA 0. Checksum Sum 0x00000000

Number of areas attached to this router: 1

Area ID: 0.0.0.0 (Backbone)

Number of interfaces in this area: Total: 1, Active: 1

Number of fully adjacent neighbors in this area: 0

Area has no authentication

SPF algorithm executed 1 times

Number of LSA 1

Number of router LSA 1. Checksum Sum 0x00001e7a

Number of network LSA 0. Checksum Sum 0x00000000

Number of summary LSA 0. Checksum Sum 0x00000000

Number of ASBR summary LSA 0. Checksum Sum 0x00000000

Number of NSSA LSA 0. Checksum Sum 0x00000000

Number of opaque link LSA 0. Checksum Sum 0x00000000

Number of opaque area LSA 0. Checksum Sum 0x00000000

Related Commands

ip

show ip prefix-list show ip prefix-list

{[

WORD

]}

Syntax Description

{[

WORD

]}

Command Modes

Usage Guidelines

Shows prefix list table.

show ip prefix-list

PerleSCR#show ip prefix-list<cr>

IOLAN SCR Command Line Reference Guide

98

Privileged EXEC mode

Examples

Shows ip prefix list.

PerleSCR# show ip prefix-list<cr> ip prefix-list pefix-lab ( for lab users) seq 10 permit 172.17.0.0/16

Related Commands

ip

show ip rip show ip rip

{[

status

]}

Syntax Description

{[

status

]}

Command Modes show ip rip status

Show rip information.

PerleSCR# show ip rip status <cr>

Usage Guidelines

Shows ip routing table.

Examples

Shows rip routing table.

PerleSCR# show ip rip<cr>

Routing Protocol is "rip"

Sending updates every 30 seconds with +/-50%, next due in 30 seconds

Timeout after 180 seconds, garbage collect after 120 seconds

Outgoing update filter list for all interface is not set

Incoming update filter list for all interface is not set

Default redistribution metric is 1

Redistributing:

Default version control: send version 2, receive any version

Interface Send Recv Key-chain

Routing for Networks:

Routing Information Sources:

Gateway BadPackets BadRoutes Distance Last Update

Distance: (default is 120)

Related Commands

ip

show ip route show ip route

{[

table

<1-200>

]}

Syntax Description show ip route

IOLAN SCR Command Line Reference Guide

99

{[

table

<1-200>

]}

Command Default

Command Modes

Usage Guidelines

Shows configured tables for ip routing.

Examples

Shows rip route table entries.

PerleSCR# show ip route<cr> table:200

Related Commands

ip

Privileged EXEC mode

Show ip routes or route table.

Tables must be pre-defined by the user.

None

PerleSCR#show ip route

show ip route-policy show ip route-policy

{[

table

<1-200>

]}

Syntax Description show ip route-policy

{[

table

<1-200>

]}

Show ip routes or route table. Tables must be pre-defined by the user.

Command Modes

PerleSCR#show ip route-policy

Usage Guidelines

Show configured routing policies.

Examples

Shows ip route policies table.

PerleSCR#show ip route-policy

IPv4 Route-policy route1

Active on

Rule Packets Bytes Action Proto Source Destination Rule

Specs

----- ------- ------- ------- ------- -------------- -------------- ---------------

20 0 0 rtable-254 ip 0.0.0.0/0 0.0.0.0/0

/* route1-9999 */

10000 0 0 accept ip 0.0.0.0/0 0.0.0.0/0

/* route1-10000 default-action accept */

IOLAN SCR Command Line Reference Guide

100

Privileged EXEC mode

show ip ssh show ip ssh

Syntax Description

Command Modes show ip ssh

PerleSCR#show ip ssh

Usage Guidelines

Shows configuration for ssh.

Examples

This example shows ip ssh configuration.

PerleSCR#show ip ssh<cr>

SSH version: 2

SSH server: Enabled

Authentication timeout: 120 seconds

Authentication retries: 3

SSH public key: ssh-rsa

AAAAB3NzaC1yc2EAAAADAQABAAABAQCgAtvWaaM0CeMWoZV1H00sni2J8TY alvSyysQGyBDIOAydaaKv1+s1Imj00FL2Boi3ke/SoKhvuLJQ+bMVFXD7kXw2fk71

Mo8f8Dd/rOuuF4kE6hKV+LLl44kJKwCUC2w2m4L1lH8Zn8HuX89Qcv2oqPUdkBfO

1nelU3gc6gN4v1ckC069Tgg9hrhghCiBECCCYxmAJUhIy4dQcPwO1DQ6Acp2p3l

W2RYdgUvRAlr8oLiVdrEvT7zZECpYgCMYWmfsTtUhvv8yZpvNAhV9nRm5E93Yl0

V2J15qlmIlSGKn0iiLRW42xjQ4MT5XmWdlXj+NpuMlQRtFzyYPkR2HMf+9

Related Commands

ip

show ipv6 show ipv6

{[

access-lists

<WORD>

] |

[

bgp

<X:X:X:X::X> | <X:X:X:X::X/M>

] |

[

dhcp binding | interface client-mode | pool

] |

[

firewall

<WORD>

] |

[

interface

] |

[

neighbours bvi

<0-999>

| ethernet <1-18> | tunnel

<0-999>

] |

[

ospf area | border-routers | database | interface | linkstate | neighbor | redistribution | route

] |

[

prefix-list

<WORD>

] |

[

rip status

] |

[

route table

<1-200>

] |

[

route-policy

<WORD>

]}

Syntax Description show ipv6

{[

access-lists

<WORD>

] |

List all access lists.

IOLAN SCR Command Line Reference Guide

101

bgp

<X:X:X:X::X> | <X:X:X:X::X/M>

] |

[

dhcp binding | interface client-mode | pool

] |

[

firewall

<WORD>

] |

[

interface

] |

[

neighbors bvi

<0-999>

| ethernet<1-

18> | tunnel

<0-999>

] |

[

ospf area | border-routers | database | interface | linkstate | neighbor | redistribution | route

] |

[

prefix-list

<WORD>

] |

[

rip status

] |

[

route table

<1-200>

] |

[

route-policy

<WORD>

]}

Command Modes

Usage Guidelines

Show IPv6 information.

Privileged EXEC mode

Show BGP information.

Show DHCP parameters.

Show firewall information.

Show interface configuration and status.

Show neighbors cache entries.

Show OSPF information.

List IP prefix lists.

Show RIP status.

Show IP routing table.

Show route-policy information.

PerleSCR#show ipv6

IOLAN SCR Command Line Reference Guide

102

Examples

Shows rip routing table.

PerleSCR# show ipv6 interface<cr>

Interface IPv6 Address Admin Status Link

Status Description

--------- ---------------------------------- ------------

----------- ----------- lo ::1/128 up up eth1 - up up eth2 - up down eth9 - up down eth10 - up down eth11 - up down eth12 - up down eth13 - up down eth14 - up down eth15 - up down eth16 - up down eth17 - up up eth18 - up down br1 - up down

Related Commands

ipv6

Privileged EXEC mode

show line show line

{[

console

<0-0>

] |

[

tty

<1-16>

[modbus statistics master-tcp | master-udp | slave-tcp | slave-udp] | multihost | packet-forwarding | ppp | rlogin-client | settings | slip | ssh-client | ssl | statistics | telnet-client | udp | vmodem

]}

Syntax Description show line

{[

console

<0-0>

] |

Show configured console parameters.

Show statistics for tty lines.

tty

<1-16>

[modbus statistics master-tcp

| master-udp | slave-tcp | slave-udp] | multihost | packet-forwarding | ppp | rlogin-client | settings | slip | ssh-client | ssl | statistics | telnet-client | udp | vmodem

]}

Command Modes

PerleSCR#show line

Usage Guidelines

Show line configuration for serial ports.

IOLAN SCR Command Line Reference Guide

103

Examples

Show line parameters for tty1.

PerleSCR#show line tty 1<cr>

TTY 1

Service reverse raw

Port 10001

Multihost none

Break off

Break Delay 0

Break Length 0

Connection Method direct-connect

Data Logging Off

Dial Retries 0

Dial Timeout 0

Discard Characters 0

Received With Errors Off

Echo Suppression Off

Hotkey Prefix 0

Idle Timer 0

Interface eia-232

Initiate Connection any

Initiate Char 0 address is 0

Internet Address ::

Keepalive Off

Line Name

Line Termination On

Lock Off

Map CR to CRLF Off

Internet Address ::

Keepalive Off

Line Name

Line Termination On

Lock Off

Map CR to CRLF Off

Privileged EXEC mode

IOLAN SCR Command Line Reference Guide

104

Privileged EXEC mode

Microsoft SAC Support Off

Mode Disabled

Modem Init String

Monitor DCD Off

Monitor DSR Off

Monitor DTR Off

MOTD Off

Multisessions 0

Pages 0

Phone Number

Reset Off

Rev Sess Security Off

RTS Toggle Off

RTS Toggle Initial Delay 0

Session Strings

Initiate

Terminate

Delay 0

Terminal vt100

TX Driver Control auto

Session Timer 0

show logging show logging

Syntax Description

Command Modes show logging

PerleSCR#show logging

Usage Guidelines

Shows logging buffer.

Examples

This example shows the logging buffer.

PerleSCR>show logging<cr>

Syslog logging: enabled (764643 messages processed, 0 messages rate-limited, 0 overruns)

Console logging: level debugging, 71 messages logged

Monitor logging: level debugging, 71 messages logged

Logging to:

Buffer logging: level debugging, 1344 messages logged

File logging: disabled

Trap logging: level informational

Logging Source-Interface:

Log Buffer (16384 bytes):

Sep 26 20:51:57 %REQHANDLERD-6: CONSOLE: initializing usb serial console mode

Sep 26 20:52:02 %IPSEC_STARTER-6: Starting strongSwan 5.6.2 IPsec [starter]...

Sep 26 20:52:02 %IPSEC_STARTER-6: charon is already running

(/var/run/charon.pid exists) -- skipping daemon start

IOLAN SCR Command Line Reference Guide

105

Privileged EXEC mode

Related Commands

logging

show mab show mab

{[

all

] |

[

interface ethernet <1-18>

] |

[

radius statistics interface ethernet <1-18>

]}

Syntax Description show mab

{[

all

] |

Show all MAB (MAC authentication Bypass) devices.

[

interface ethernet <1-18>

] |

Show all MAB devices on specified Ethernet interface.

[

radius statistics interface ethernet <1-

18>

]}

Shows MAB radius information.

Command Default

#default aaa authentication dot1x default group

#default aaa authentication login default

#no aaa accounting dot1x default start-stop group

Command Modes

PerleSCR>

PerleSCR#show mab

Usage Guidelines

The devices configured for MAB will not need to be authenticated using DOT1x protocol.

Examples

This example shows the status of MAB.

PerleSCR>show mab<cr>

Sysauthcontrol disabled

Interface Mac-Auth-Bypass

----------------------------------------------

Ethernet 2 Enabled

Related Commands

(config-if) ethernet

IOLAN SCR Command Line Reference Guide

106

Privileged EXEC mode

show management-access show management-access

Syntax Description

Command Modes show management-access

PerleSCR>#show managementaccess

Usage Guidelines

Shows whether management access is enabled and access restrictions from the LAN and WAN side.

Examples

This example shows management access methods for LAN/WAN and TRUSTED interfaces.

PerleSCR#show management-access<cr>

Management Access is enable

LAN: eth1 eth2 eth9 eth10 eth11 eth12 eth13 eth14 eth15 eth16 eth25 eth26 eth27 eth28 eth29 eth30 eth31 eth32 br1

HTTP HTTPS TELNET SSH SNMP

ENABLE ENABLE ENABLE ENABLE ENABLE

WAN:

HTTP HTTPS TELNET SSH SNMP

DISABLE DISABLE DISABLE DISABLE DISABLE

TRUSTED:

Related Commands

management-access

show nat66 show nat66

{[

prefix

|

statistics

]}

Syntax Description

{[

prefix

|

statistics

]}

statistics

]}

Command Modes show nat66

Show NAT66 prefixes.

Usage Guidelines

Show Network address translations for IPv6 networks.

Show NAT66 statistics.

PerleSCR#show nat66

IOLAN SCR Command Line Reference Guide

107

Privileged EXEC mode

Examples

This example shows NAT66 statistics.

PerleSCR>show nat66 statistics<cr>

Global Stats:

ID:0

Packets translated In -> Out

1290003

Packets translate Out -> In

1290003

Related Commands

nat66

show ntp show

{[

ntp associations

] |

[

status

]}

Syntax Description

{[

ntp associations

]

|

status

]}

Command Modes show ntp

Associations made with NTP.

Current status of NTP.

PerleSCR#show ntp

Usage Guidelines

Shows NTP associations and status.

Examples

PerleSCR#show ntp associations<cr>

remote refid st t when poll reach delay offset jitter

===============================================================

===============

172.16.55.77 .INIT. 16 u - 1024 0 0.000 0.000 0.000

172.16.113.55 .INIT. 16 s - 32 0 0.000 0.000 0.000

PerleSCR#show ntp status

Clock is not synchronized, stratum 16, no reference clock

Precision is 2**-18 s

Reference time is 00000000.00000000 (Thu, Feb 7 2036 2:28:16.000)

Clock offset is 0.000000 msec, root delay is 0.000 msec

Root dispersion is 1265.970 msec

System poll interval is 8 s

Related Commands

ntp

IOLAN SCR Command Line Reference Guide

108

Privileged EXEC mode

show nvram: show nvram

:

Syntax Description

Command Modes

Usage Guidelines

Shows files stored on nvram.

Examples

PerleSCR#show nvram: <cr>

Directory of nvram:

show nvram:

PerleSCR#show nvram:

84 -rw- 1824 Sep 25 2019 14:16 -04:00 startup-config.log.2

18 -rw- 227 Sep 16 2019 12:21 -04:00 no-default-config

33 -rw- 3509 Sep 10 2019 13:29 -04:00 startup-config-safemode

25 -rw- 2601 Sep 27 2019 16:36 -04:00 startup-config

69 -rw- 1727 Sep 26 2019 09:52 -04:00 startup-config.log.1

42 -rw- 2203 Jan 2 2019 19:01 -04:00 startup-config-rollback

36 -rw- 2124 Jan 2 2019 00:31 -04:00 startup-config-replace

82 -rw- 3063 Sep 26 2019 16:51 -04:00 startup-config.log

16 -rw- 581 Sep 16 2019 12:21 -04:00 default-config

1372160 KBytes total (1032192 KBytes free)

Related Commands

boot

copy

delete

rename

pwd

mkdir

show processes show processes

Syntax Description

Command Modes

Usage Guidelines

Shows processes running on your IOLAN.

show processes

PerleSCR#show processes

IOLAN SCR Command Line Reference Guide

109

Privileged EXEC mode

Examples

PerleSCR#show processes <cr>

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.4 88468 5032 ? Ss 10:36 0:12 /sbin/init root 2 0.0 0.0 0 0 ? S 10:36 0:00 [kthreadd] root 4 0.0 0.0 0 0 ? I< 10:36 0:00 [kworker/0:0H] root 6 0.0 0.0 0 0 ? I< 10:36 0:00 [mm_percpu_wq] root 7 0.2 0.0 0 0 ? S 10:36 0:44 [ksoftirqd/0] root 8 0.1 0.0 0 0 ? I 10:36 0:39 [rcu_preempt] root 9 0.0 0.0 0 0 ? I 10:36 0:00 [rcu_sched] root 10 0.0 0.0 0 0 ? I 10:36 0:00 [rcu_bh] root 11 0.0 0.0 0 0 ? S 10:36 0:00 [migration/0] root 12 0.0 0.0 0 0 ? S 10:36 0:00 [cpuhp/0] root 13 0.0 0.0 0 0 ? S 10:36 0:00 [cpuhp/1] root 14 0.0 0.0 0 0 ? S 10:36 0:00 [migration/1] root 15 0.0 0.0 0 0 ? S 10:36 0:00 [ksoftirqd/1] root 17 0.0 0.0 0 0 ? I< 10:36 0:00 [kworker/1:0H] root 18 0.0 0.0 0 0 ? S 10:36 0:00 [kdevtmpfs] root 19 0.0 0.0 0 0 ? I< 10:36 0:00 [netns] root 22 0.0 0.0 0 0 ? S 10:36 0:00 [khungtaskd] root 23 0.0 0.0 0 0 ? S 10:36 0:00 [oom_reaper] root 24 0.0 0.0 0 0 ? I< 10:36 0:00 [writeback] root 25 0.0 0.0 0 0 ? S 10:36 0:00 [kcompactd0] root 26 0.0 0.0 0 0 ? SN 10:36 0:00 [ksmd] root 27 0.0 0.0 0 0 ? SN 10:36 0:00 [khugepaged] root 28 0.0 0.0 0 0 ? I< 10:36 0:00 [crypto] root 29 0.0 0.0 0 0 ? I< 10:36 0:00 [kintegrityd] root 30 0.0 0.0 0 0 ? I< 10:36 0:00 [kblockd]

show radius show radius

{[

statistics details

]}

Syntax Description

{[

statistics details

]}

Command Modes

Usage Guidelines

Shows Radius statistics details.

Examples

Shows the radius statistics.

PerleSCR#show radius statistics <cr>

All:

Auth. Acct.

Requests 3 3

Responses 3 3

Access Rejects 3

show radius

Show radius statistics details.

PerleSCR#show radius

IOLAN SCR Command Line Reference Guide

110

Related Commands

clear radius

radius

radius-server

show reload show reload

Syntax Description

Command Modes show reload

#show reload

Usage Guidelines

Shows scheduled reloads or reboots for the IOLAN.

Examples

This example show configured reloads.

PerleSCR#show reload<cr>

Reload scheduled for 18:00:00 EDT Oct 17 2019 (in 59 minutes)

Related Commands

reload

Privileged EXEC mode

show route-map show route-map

{[

<WORD>

]}

Syntax Description

{[

<WORD>

]}

Command Modes

Usage Guidelines

Show route map information.

show route-map

Shows specified route map.

PerleSCR#show route-map

IOLAN SCR Command Line Reference Guide

111

Example

Shows route map details.

PerleSCR#show route-map route1

RIB: route-map route1, permit, sequence 2

Match clauses:

Set clauses:

Call clause:

Action:

Exit routemap

RIP: route-map route1, permit, sequence 2

Match clauses:

Set clauses:

Call clause:

Action:

Exit routemap

RIPV6: route-map route1, permit, sequence 2

Match clauses:

Set clauses:

Call clause:

Action:

Exit routemap

OSPF: route-map route1, permit, sequence 2

Match clauses:

Set clauses:

Call clause:

Action:

Exit routemap

OSPF6: route-map route1, permit, sequence 2

Match clauses:

Set clauses:

Call clause:

Action:

Exit routemap

BGP: route-map route1, permit, sequence 2

Match clauses:

Set clauses:

Call clause:

Action:

Exit routemap

IOLAN SCR Command Line Reference Guide

Privileged EXEC mode

112

Privileged EXEC mode

Related Commands

router

show running-config show running-config

{[

all

]}

Syntax Description

{[

all

]}

Command Modes show running-config

Show all config including defaults.

PerleSCR#show running-config

Usage Guidelines

Shows the current configuration running on your IOLAN. To make this configuration permanent you must copy this configuration to the startup configuration.

Examples

This example shows running configuration.

PerleSCR#show running config<cr>

!

!

PerleSCR

Building running-config . . . version 4.1.A4

!

!

sdm prefer dual-ipv4-and-ipv6 default

!

!

service timestamps log datetime localtime show-timezone

!

no service dhcp server

IOLAN SCR Command Line Reference Guide

113

Privileged EXEC mode tty 1 mode line tty 2 mode line tty 3 mode line tty 4 mode line tty 5 mode line tty 6 mode line tty 7 mode line tty 8 mode line tty 9 mode line tty 10 mode line tty 11 mode line tty 12 mode line tty 13 mode line tty 14 mode line tty 15 mode line tty 16 mode line

!

hostname PerleSCR username admin privilege 15 secret 5 $1$8Vd1$vr7ikQKonK0V7m/yuNVKJ0 username admin serial

line-access readin 1 2 3 4 5 6 7 8 17 18 19 20 21 22 23 24 line-access readout 1 2 3 4 5 6 7 8 17 18 19 20 21 22 23 24 username barry secret 5 $1$0FI/$M5gVMUOAKkTn8.qtVH5v3.

username barry serial username testuser aaa authentication login default local tacacs radius server raddhk

address ipv4 172.16.28.108

key 7 G8QJeZ5s61FV acacs server tacdhk

address ipv4 172.16.4.90

key 7 G8QYaIl9QlY=

!

Related Commands

show startup-config

show sdm

{[

prefer

]}

Syntax Description

{[

prefer

]}

Command Default

Command Modes show sdm

Shows value of sdm.

Both IPv4 and IPv6

PerleSCR#show sdm

IOLAN SCR Command Line Reference Guide

114

Privileged EXEC mode

Usage Guidelines

Displays whether your IOLAN is running IPv4 or IPv6 or both protocols.

Examples

This example shows the current value for sdm.

PerleSCR#show sdm prefer<cr>

The current template is ‘dual-ipv4-and-ipv6 default template

Related Command

sdm

show serial show serial

{[

serial advanced

]

|

[

modbus

]

|

[

port-buffering

]

|

[

trueport

]

|

[

username

]

|

[

vmodem-phone

]}

Syntax Description

{[

serial advanced

] |

[

modbus

] |

[

port-buffering

|

[

trueport

] |

[

username

] |

show serial

Shows advanced configuration.

Shows modbus configuration.

Shows port buffering information.

Shows Trueport configuration

[

vmodem-phone

]}

Command Modes

Shows user configuration for serial port.

Show virtual modem phone number.

PerleSCR# show serial

Usage Guidelines

Use this command to view serial configuration.

IOLAN SCR Command Line Reference Guide

115

Privileged EXEC mode

Examples

This example shows the advanced configuration for serial.

PerleSCR#show serial advanced<cr>

Process Break Signals off

Flush on Close off

Single Telnet off

Data Logging Buffer Size 4K

Monitor Connection Interval 180 Seconds

Monitor Connection Number of Retries 5

Monitor Connection Retry Timeout 5 Seconds

Related Command

serial

show snmp show snmp

{[

community

] |

[

contact

] |

[

engine-id

] |

[

group

] |

[

host

] |

[

location

] |

[

mib

] |

[

user

] |

[

view

]}

Syntax Description

{[

community

] |

[

contact

] |

[

engine-id

] |

[

group

] |

[

host

] |

[

location

] |

[

mib

] |

[

user

] |

[

view

]}

Command Modes

IOLAN SCR Command Line Reference Guide show snmp

Shows community name.

Shows contact information

Show SNMP engine-id.

Shows snmp groups.

Shows host information

Shows location information.

Shows SNMP ifmib information.

Shows snmp users.

Shows snmp views.

PerleSCR#show snmp

116

Usage Guidelines

Shows configured options for SNMP.

Examples

This example show the configured options for SNMP.

PerleSCR#show snmp view<cr>

View name: IOLAN-view

include: iso, exclude

Related Commands

snmp-server

show ssh

Syntax Description

Command Modes show ssh

PerleSCR>show ssh

Usage Guidelines

Show users connected via ssh.

Examples

This example show which users are connected.

PerleSCR> show ssh<cr>

Line User Host Idle Location

1 vty 0 admin idle 00:28:26 172.16.113.31

2 vty 1 lyn idle 00:00:03 172.16.113.30

Related Commands

management-access

Privileged EXEC mode

IOLAN SCR Command Line Reference Guide

117

Privileged EXEC mode

show startup-config

Syntax Description

Command Modes show startup-config

PerleSCR#show startup-config

Usage Guidelines

This will be the configuration that the IOLAN uses when it boots up.

PerleSCR#show startup-config

!

! version 4.1.S15

! sdm prefer dual-ipv4-and-ipv6 default

!

service timestamps log datetime localtime

!

tty 2 mode line

!

hostname PerleSCR

!

enable secret 5

!

$1$aUfI$pN.R.tXeyhL4R9GkmXo5l0

username lyn privilege 15 secret 5

$1$LrWp$K1Ug0Y6FHfjHdqcKRHA24/

!

aaa authentication login newlist none clock timezone EST -5 clock summer-time EDT recurring archive

update-sw check

!

path flash: alarm profile defaultPort

alarm not-operating

syslog not-operating

notifies not-operating

IOLAN SCR Command Line Reference Guide

118

Privileged EXEC mode alarm profile test

alarm not-operating

!

alarm contact A description AUX-IO: Digital

Input A alarm contact B description AUX-IO: Digital

Input B alarm contact 1 description DC-POWER:

IGN alarm contact 2 description DC-POWER:

Related Commands

show running-config

show system show system

{[

hardware

] |

[

statuses

] |

[

uptime

] |

[

versions

]}

Syntax Description

{[

hardware

] |

[

statuses

] |

[

uptime

] |

[

versions

]}

Command Modes

Usage Guidelines

Shows system information about your IOLAN

show system

Show details about hardware.

Show system statuses for alarms, memory, flash etc:

Shows how long your IOLAN has been up.

Show versions of software running on your IOLAN.

PerleSCR# show system

IOLAN SCR Command Line Reference Guide

119

This example shows information about your IOLAN.

PerleSCR#show system statuses

System Statuses:

System Up Time................................ 7 hours 26 minutes 4 seconds

System Date and Time (local time zone)........ 2019-12-10 18:02:18

Startup-Configuration state................... In

Sync with

Running-configuration

Power Supply P1, State........................

Good

Power Supply P2, State........................

Absent

Last Alarm .................................... Link

Fault

This example shows information about your IOLAN.

PerleSCR#show system statuses

System Statuses:

System Up Time................................ 7 hours 26 minutes 4 seconds

System Date and Time (local time zone)........ 2019-12-10 18:02:18

Startup-Configuration state................... In Sync with

Running-configuration

Power Supply P1, State........................ Good

Power Supply P2, State........................ Absent

Last Alarm .................................... Link Fault

CPU Utilization............................... 4.55

Memory (kBytes free).......................... 55420

Flashdisk (Mbytes free)....................... 1008

IOLAN SCR Command Line Reference Guide

Privileged EXEC mode

120

Privileged EXEC mode

show tacacs show tacacs

{[

statistics details

]}

Syntax Description

{[

statistics details

]}

Command Modes

Usage Guidelines

Shows TACACS statistics details.

Examples

PerleSCR# show tacacs statistics <cr>

All:

Auth. Acct.

Requests 3 3

Responses 3 3

Access Rejects 0

Related Commands

tacacs

(config-tacacs-server)#

show tacacs

Shows TACACS statistics.

PerleSCR# show tacacs

show task-status show task-status

Syntax Description

Command Modes

Usage Guidelines

Shows system tasks running on the IOLAN.

Examples

PerleSCR# show task-status <cr> top - 18:20:32 up 7:44, 1 user, load average: 0.05, 0.16, 0.17

Tasks: 143 total, 1 running, 86 sleeping,

0 stopped, 0 zombie

%Cpu(s): 5.2 us, 4.7 sy, 0.0 ni, 89.7 id,

0.1 wa, 0.0 hi, 0.3 si, 0.0 st

KiB Mem: 1016508 total, 962032 used,

54476 free, 194928 buffers

KiB Swap: 0 total, 0 used, 0 free. 135468 cached Mem

show task-status

PerleSCR# show task-status

IOLAN SCR Command Line Reference Guide

121

Privileged EXEC mode

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

3332 root 20 0 6576 3112 2664 S 6.0 0.3 4:44.89 hostapd

26266 root 20 0 5268 2476 2104 R 6.0 0.2 0:00.07 top

1 root 20 0 88468 5032 2840 S 0.0 0.5 0:13.22 systemd

2 root 20 0 0 0 0 S 0.0 0.0 0:00.02 kthreadd

4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/0:+

6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_percpu_+

7 root 20 0 0 0 0 S 0.0 0.0 1:02.08 ksoftirqd/0

8 root 20 0 0 0 0 I 0.0 0.0 0:51.57 rcu_preempt

9 root 20 0 0 0 0 I 0.0 0.0 0:00.01 rcu_sched

10 root 20 0 0 0 0 I 0.0 0.0 0:00.00 rcu_bh

11 root rt 0 0 0 0 S 0.0 0.0 0:00.49 migration/0

12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/0

13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/1

14 root rt 0 0 0 0 S 0.0 0.0 0:00.48 migration/1

15 root 20 0 0 0 0 S 0.0 0.0 0:00.86 ksoftirqd/1

show tech-support show tech-support

Syntax Description

Command Modes show tech-support

PerleSCR>show tech-support

Usage Guidelines

Captures internal IOLAN information for you to send to Perle Technical Support if you need help.

Related Commands

debug

show terminal show terminal

Syntax Description

Command Modes

Usage Guidelines

Shows current terminal information.

show terminal

PerleSCR>

IOLAN SCR Command Line Reference Guide

122

Privileged EXEC mode

Examples

This example shows terminal configuration.

PerleSCR> show terminal <cr>

Terminal length = 24

Terminal width = 132

Terminal history is enabled

Terminal history size = 20

Terminal logging monitor is Off

Related Commands

line

show users show users

{[

all

] |

[

console

] |

[

vty

] |

[

web

]}

Syntax Description

{[

all

] |

[

console

] |

[

vty

] |

[

web

]}

Command Modes show users

Show all users connected to the IOLAN.

Show only console user.

Show all vty users.

Show all web users.

PerleSCR#show users

Usage Guidelines

Shows current users logged into the IOLAN.

Examples

PerleSC#show users all <cr>

Line User Host Idle Protocol Location

*0 con 0 idle 00:00:00

vty 0 lyn idle 01:04:42 Telnet 172.16.113.216

vty 1 lyn idle 01:04:42 SSH 172.16.113.216

Web Sessions:

User IP Address Idle lyn 172.16.113.216 00:24:53

IOLAN SCR Command Line Reference Guide

123

Privileged EXEC mode

Related Commands

username

show version show version

{[

backup

]

|

[

flash:

]

|

[

startup

]

|

[

verbose

]}

Syntax Description

{[

backup

] |

[

flash:

] |

[

startup

] |

show version

Show backup version of firmware.

Specify a firmware in flash to show.

[

verbose

]}

Show firmware that the IOLAN is going to startup with.

Show more version details.

Command Modes

PerleSCR>

PerleSCR#show version

Usage Guidelines

Shows information about versions of firmware on your IOLAN

Examples

This example show versions of firmware on the IOLAN.

PerleSCR#show version backup <cr>

Name: LTE Wireless Router

Version: 4.1.S12

Date created: Tue Sep 24 03:54:24 EDT 2019

Source: IOLAN software update

Downloaded: Tue Sep 24 09:39:27 EDT 2019

Size: 332652768 bytes

Related Commands

show reload

show wan show wan

{[

failover source-interface | status |wan-interface

]

[

high-availability

]

|

[

load-sharing rules | status

]}

|

Syntax Description show wan

IOLAN SCR Command Line Reference Guide

124

Privileged EXEC mode

{[

failover source-interface | status |waninterface

]

|

[

high-availability

]

|

[

load-sharing rules | status

]}

Show WAN source interface configuration and status.

Display WAN management.

Command Modes

Display load sharing configuration and status.

PerleSCR#show wan

Usage Guidelines

Show wan configured features for fail over, high-availability and load sharing.

Examples

This example displays WAN management.

PerleSCR#show wan high-availablity<cr>

WAN High Availability

=====================

Mode: DISABLED

WAN Failover Primary Active Interface:

======================================

DISABLED

WAN Load Failover Interfaces Health Status:

===========================================

DISABLED

WAN Load Share Global Settings:

===============================

Include Local Traffic: enabled

Source IP NAT: disabled

Track inbound Connections: enabled

Flush Connections on Failure: enabled

WAN Load Sharing Interfaces Health Status:

==========================================

DISABLED

WAN Load Share Global Settings:

===============================

Include Local Traffic: enabled

Source IP NAT: disabled

Track inbound Connections: enabled

Flush Connections on Failure: enabled

WAN Load Sharing Interfaces Health Status:

==========================================

DISABLED

IOLAN SCR Command Line Reference Guide

125

Privileged EXEC mode

Related Commands

boot

crypto

show zone-policy show zone-policy

{[

zone

<WORD>

]}

Syntax Description show zone-policy

{[

zone

<WORD>

]}

Show zone policy for specified zone.

Command Modes

PerleSCR#show zone-policy

Usage Guidelines

Use this command to show zone policy for the specified zone.

Related Commands

zone-pair

ssh ssh

{[

-c | -h | -l | -p

<A.B.C.D>

|

<X:X:X:X::X>

]}

Syntax Description ssh

{[

-c | -h | -l | -p |

<A.B.C.D>

|

<X:X:X:X::X>

]}

-c select the encryption method)

-h select HMAC algorithm

-l log in using this user name)

-p connect to this port

<A.B.C.D> <X:X:X:X::X>

IPv4 or IPv6 address or hostname to connect to

Command Modes

PerleSCR#ssh

Usage Guidelines

SSH from your IOLAN to a host supporting the ssh protocol.

Examples

This example shows how to connect to host (172.16.4.90) using lyn as the user.

PerleSCR#ssh -l lyn 172.16.4.90<cr>

Related Commands

telnet

IOLAN SCR Command Line Reference Guide

126

Privileged EXEC mode

telnet telnet

{[

<A.B.C.D>

|

<X:X:X:X::X>

]}

Syntax Description telnet

{[

<A.B.C.D>

|

<X:X:X:X::X>

]}

IP address or hostname to connect to

Command Modes

PerleSCR

Usage Guidelines

Telnet from your IOLAN into a host that supports the telnet protocol.

Examples

This example shows how to connect to host (172.16.4.90) using lyn as the user.

PerleSCR#telnet 172.16.4.90<cr>

Related Commands

ssh

terminal terminal

{[

history size

<0-256>

] |

[

length

<0-512>

] |

[

monitor

<0-512>

] |

[

width

<0-512>

]}

Syntax Description terminal

{[

history size

<0-256>

] |

Specify size of the history buffer.

[

length

<0-512>

] |

[

monitor

<0-512>

] |

[

width

<0-512>

]}

Specify length of the screen

Set monitor on tty to on.

Specify width of the screen

Command Default

Command Modes

length – 24 width – 132

PerleSCR#terminal

Usage Guidelines

Configure terminal (tty) parameters.

Examples

Set terminal width to 140.

PerleSCR#terminal width 140

IOLAN SCR Command Line Reference Guide

127

Privileged EXEC mode

Related Commands

logging

traceroute traceroute

{[

<A.B.C.D>

]}

Syntax Description

{[

<A.B.C.D>

]}

traceroute

Destination hostname or address.

Command Modes

PerleSCR>

Usage Guidelines

Traceroute will list all the routers it passes through until it reaches its destination, or fails to and is discarded. In addition to this, it will tell you how long each 'hop' from router to router it takes.

Examples

This example shows the hops it takes from router to router to reach its destination of host 172.16.4.90.

PerleSCR#traceroute 172.16.4.90<cr.> (172.16.4.90), 30 hop max, 60 bytes packets

1 172.16.4.90 (172.16.4.90) 2.094ms 1.113 ms 0.826 ms

Related Commands

ping

undebug undebug

{[

alarmgr | all | bgp | clpd | dialer | | dot1x-authenticator | dot11supplicant | drmgrd | email | init | ip | | ipsec | | kernel | logging | ntp | snmp | trapmgr | tty | vty | wan-highavail | wanifmgr

]}

Syntax Description undebug

{[

alarmgr | all | bgp | clpd | dialer | dot1x-authenticator | dot11-supplicant | drmgrd | email | init | ip | | ipsec | | kernel | logging | ntp | snmp | trapmgr | tty | vty | wanhighavail | wanifmgr

]}

Turn off the debug feature for a running application.

Command Modes

PerleSCR# undebug

Usage Guidelines

Use this command to turn off debugging for an application in debug mode.

IOLAN SCR Command Line Reference Guide

128

Examples

This example shows how to turn off debugging for alarmmgr.

PerleSCR#undebug alarmmgr <cr>

Alarm Manager debugging is off

Related Commands

debug

Privileged EXEC mode

IOLAN SCR Command Line Reference Guide

129

aaa

4

Global Configuration Mode

This chapter defines all the CLI commands in Global Configuration Mode.

Chapter 4

aaa

{[

accounting dot1x default start-stop group

<WORD>

radius | tacacs

] |

[

authentication attempts login

<1-25>

| [dot1x default group

<WORD>

| radius] |

[login

<WORD>

| default group | local | none | radius | tacacs] | [login

<WORD>

| default group | local | none | radius | tacacs | [two-factor pin-attempts

<1-10>

| pinsize

<4-6>

| pi n-tries

<1-10>

]

] |

[

authorization console | exec

<WORD>

| group | if-authenticated | local | none | radius

| tacacs

] |

[

group server radius

<WORD>

| tacacs

<WORD>

] |

[

local authentication attempts max-fail

<1-65535>

] |

[

password restriction min-group

<1-4>

| min-len

<1-64>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description aaa

{[

accounting dot1x default start-stop group

<WORD>

radius | tacacs

] |

Records when users access the router to manage it and also when the router is rebooted. If using groups a predefined group must have been previously created.

[

authentication attempts login

<1-25>

| [dot1x default group

<WORD>

| radius] | [login

<WORD>

| default group | local | none | radius | tacacs] |

[login

<WORD>

| default group | local

| none | radius | tacacs | [two-factor pin-attempts

<1-10>

| pin-size

<4-6>

| pin-tries

<1-10>

]

] |

[

authorization console | exec

<WORD>

| group | if-authenticated | local | none | radius | tacacs

] |

[

group server radius

<WORD>

| tacacs

<WORD>

] |

[

local authentication attempts max-fail

<1-65535>

] |

[

password restriction min-group

<1-

4>

| min-len

<1-64>

]}

Specify the authentication parameters.

Specify the authorization parameters.

Specify a group server for Radius or

TACACS if applicable.

Specify how many times a local user can attempt to authenticate.

Specify password restrictions.

Command Modes

PerleSCR(config)#aaa

Usage Guidelines

Set up Authentication, Authorization and Accounting.

130

Global Configuration Mode

Examples

This example shows you how to set authentication attempts to 10.

PerleSCR(config-archive)#aaa authentication attempts 10<cr>

Related Commands

show aaa

alarm alarm facility[power-supply rps disable | notifies | syslog]

| [

profile

<WORD>

Use the no form of this command to negate a command or set its defaults.

]}

Syntax Description alarm

[

facility rps disable | notifies | syslog

Redundant power supply settings

[

profile

<WORD>

]}

See

(config-alarm-profile)

for configuring parameters.

Command Modes

PerleSCR(config)#alarm

Usage Guidelines

Set up environmental facilities.

Examples

This example enables syslog logger for redundant power supply messages.

PerleSCR(config)#alarm facility power-supply rps syslog<cr>

Related Commands

show alarm

(config-alarm-profile)

{[

alarm link-fault | not operating

] |

[

notifies link-fault | not operating

] |

[

relay minor | not operating

] | [

syslog link-fault | not operating

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description (config-alarm-profile)#

{[

alarm link-fault | not operating

]

|

Specify the type of alarm to monitor for.

IOLAN SCR Command Line Reference Guide

131

Global Configuration Mode

[

[

[

notifies relay-major link-fault | syslog link-fault link-fault

| not operating not operating

]}

] |

not operating

]

|

Sends a trap/notification to the configured SNMP host trap receivers on the triggering and clearing of the alarm.

Energizes/de-energizes relay on the triggering and clearing of an alarm

System messages will be logged to the configured logging destinations on the triggering and clearing of the alarm.

PerleSCR(config-alarm-profile)#

Command Modes

Usage Guidelines

Sets alarm profile parameters.

Examples

This example shows you how to configure alarm profile to monitor for link fault and send a syslog message tot the configured server.

PerleSCR(config))#alarm profile test-alarm<cr>

PerleSCR(config-alarm-profile)#alarm link-fault:<cr>

PerleSCR(config-alarm-profile)#syslog link-fault<cr>

Related Commands

show alarm

archive

(config-archive)

{[

maximum

1-14

] |

[

path flash: | ftp: | http: | https: | scp: | sftp | tftp:

] |

[

time-period

0-525600

] |

[

update-sw check

] |

[

write memory

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description (config-archive)#

{[

maximum

1-14

]

|

Number of archives copies of the configurations to be keep in the archive list. Archive list can contain between 1-14 configurations.

IOLAN SCR Command Line Reference Guide

132

Global Configuration Mode

[

[

[

[

path flash: | ftp: | http: | https: | scp: | sftp | tftp:

] |

time-period

0-525600

update-sw check write memory

]}

Command Default

Command Modes

] |

] |

Path must exist. Default path is the same as the no form of the command.

Time period is the time in minutes to automatically save the running configuration to a archive file.

Check weekly for any software updates

Write memory enables the saving of the configuration to an archive file every time you copy runningconfig to start-up config no path maximum 10 no time-period no write-memory

PerleSCR#archive <cr>

PerleSCR(config-archive)#

Usage Guidelines

This is the full path to where the archive configuration files will be kept.

flash:

perle-image-name.img

ftp:

[[//username[:password]@location]/directory]/perle-image-name.img

http:/

/

[[username:password]@][hostname name.img

|

host-ip [directory] /perle-image-

https:/

/

[[username:password]@][hostname name.img

|

scp:

|

host-ip [directory] /perle-image-

[[username@location]/directory]/perle-image-name.img

|

sftp:

[[//username[:password]@location]/directory]/perle-image-name.img

tftp:

[[//location]/directory]/perle-image-name.img

|

IOLAN SCR Command Line Reference Guide

133

Global Configuration Mode

Examples

This example shows you how to set up a archive path to be used with the writememory command.

PerleSCR(config-archive)#path flash:<cr>

PerleSCR(config-archive)#exit<cr>

PerleSCR(config)#exit

PerleSCR#copy running-config startup-config

Destination filename[startup-config]?<cr>

5643 bytes copied

Copy in progress...

5643 bytes copied

If no file name is supplied by you, then your running config will be named with the current date and time. See below.

PerleSCR#dir flash:

Directory of flash:

130322 -rw- 5643 May 12 2016 14:17 -04:00 -May-12-14-17-50-1

130321 -rw- 5643 May 12 2016 14:14 -04:00 -May-12-14-14-16-0

Related Commands

show archive

arp arp

{

<A.B.C.D> <H.H.H>

}

Use the no form of this command to negate a command or set its defaults.

Syntax Description arp

{

<A.B.C.D> <H.H.H>

}

Adds static arp entry to the arp table.

Command Modes

PerleSCR(config)#arp

Usage Guidelines

Adds arp entry to arp table.

Examples

Add this arp to the arp table.

PerleSCR(config)#arp 172.16.44.55 1234.1234.1234 <cr>

Related Commands

show arp

IOLAN SCR Command Line Reference Guide

134

Global Configuration Mode

banner banner

{[

<LINE>

]

|

|

[

login

<LINE>

]

|

[

motd

<LINE>

]

|

[

prompt-timeout

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description banner

{[

<LINE>

] | c banner-text c (c is used as the delimiting character).

[

login

<LINE>

]

|

Configure the prompt to be displayed before the login prompt.

[

motd

<LINE>

] |

Specify message of the day (motd) for your users to see on login.

[

prompt-time

<LINE>

]}

|

This message will be displayed if the user does not login in based on time parameter under users.

Command Modes

PerleRouter(config)#banner

Usage Guidelines

Banner applies to all consoles and vty sessions.

Examples

Display a message of the day at login.

PerleSCR(config)#banner motd line<cr>

Enter text message. End with the character ’l’ l

Good morning crew

Enter configuration commands, one per line. End with CNTL/Z

Related Commands

(config-line)#console

(config-line)#vty

bridge bridge

{[

<1-9999>

protocol ieee

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description bridge

{[

<1-9999>

protocol ieee

]}

Set bridge to use protocol IEEE

802.3 for routing.

Command Modes

PerleSCR(config)#bridge

IOLAN SCR Command Line Reference Guide

135

Global Configuration Mode

Usage Guidelines

Set the bridge to use ieee protocol.

Examples

Set bridge 1 to use protocol ieee.

PerleSCR(config)#bridge 1 protocol ieee<cr>

boot boot

{[

host dhcp | retry timeout

<600-65535>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description boot

{[

host dhcp | retry timeout

<600-

65535>

]} host dhcp – enables ZTP (Zero

Touch provisioning). Download configuration via DHCP.

host retry timeout – sets the time in seconds to wait for ZTP to complete

(including time to download config or software) no boot host retry timeout – waits indefinitely for ZTP to complete

Command Modes

PerleSCR(config)#boot

Usage Guidelines

Use this command to enable ZTP. This command allows you to download your config and firmware via your DHCP server.

Examples

This example sets ZTP so that configuration and firmware files will be downloaded from your DHCP server.

PerleSCR(config)#boot host dhcp<cr>

clock clock

{[

summer-time

<name-of-timezone >

] |

date <

1-31> <month-to-start >

<hh:mm> <1-31> <month-to-end > < hh:mm > <1-1440-in-minutes>

| recurring

<

1-4 >

<

first week> <last week>

[

timezone <

name-of-time-zone> <-23 - 23 > <0-59>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description clock

IOLAN SCR Command Line Reference Guide

136

Global Configuration Mode

[

[

summer-time date <

1-31> <month-to-start >

<hh:mm> <1-31> <month-to-end > < hh:mm > <1-1440-in-minutes>

| recurring <

1-4 >

<

first week> <last week>

]

|

timezone <

23 > <0-59> name-of-time-zone> <-23 -

]}

<name-of-timezone >

Command Default

Name of the summer time zone followed by start/end dates

numeric value for the day of the month to start summer timezone 1-

31, name of the month to start

January, February, March, April,

May, June, July, August, September,

October, November, December.

,

time to start in hours (24) and minutes

,

numeric value for the day of the month to end summer timezone 1-31, name of the month to end (January, February, March,

April, May, June, July, August,

September, October, November,

December), time to end in hours(24), offset in minutes 1-1440

Name of the timezone

-

Hours/minutes offset are going to be hours/minutes offset from utc

(universal time clock).

clock timezone EST 5 clock summer-time EDT recurring 2

Sun Mar 2:00 1 Sun Nov 2:00 60

PerleSCR(config)#

Command Modes

Usage Guidelines

Configure time of day clock.

Examples

This example sets the clock 5 hours off from UTC.

PerleSCR(config)#clock timezone ont-time-zone -5 <cr>

Related Commands

show clock

crypto crypto

{[

[ipsec client

<WORD>

|enable | esp-group

<WORD>

| ike-group

<WORD>

| import ipsec.conf terminal | url flash: | ftp: | https: | https: | scp: | sftp: | tftp:] | l2tp | nat-network

<A.B.C.D/16>

| nat-traversal

] |

[

key export rsa public | terminal | des

<WORD>

| url flash: | ftp: | http: | https: | scp: | sftp: | tftp:] | [generate rsa modulus

<1024-4096>

] | [import client rsa pem

| pkcs12 terminal password

<LINE>

| url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | ssh-host rsa terminal

<LINE>

| [zeroize rsa]

] |

IOLAN SCR Command Line Reference Guide

137

Global Configuration Mode

[

[openvpn connection

<WORD>

] | [enable] | [generate secret

<NAME>

] | [import ca

<NAME>

| cert

<NAME>

| dh

<WORD>

| key

<NAME>

| secret

<NAME>

| template

<NAME> |

terminal | url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | zeroize ca

<NAME>

| cert

<NAME>

key

<NAME>

] | [cert

<NAME>

terminal | url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | [dh

<WORD>

] | [key

<NAME>

terminal | url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | secret

<NAME>

] |

[template

<NAME>

]

] |

[

pki import client pem | pkcs12 terminal password

<LINE>

| url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | https pem | pkcs12 terminal password

<LINE>

url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | https pem | pkcs12 terminal password

<LINE>

| url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | [https pem

| pkcs12 terminal password

<LINE>

url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | openvpn ca

<NAME>

| cert

<NAME>

| key

<NAME>

] | server pem | pkcs12 erminal password

<LINE>

url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | [zeroize https openvpn ca

<NAME>

cert

<NAME>

key

<NAME>

] |

[

ssl algorithm encryption suite-b-tls | tls-1.2

]}

Use the no form of this command to negate a command or set its defaults

Syntax Description crypto

[

[ipsec client

<WORD>

|enable | esp-group

<WORD>

| ike-group

<WORD>

| import ipsec.conf terminal | url flash: | ftp: | https: | https: | scp: | sftp: | tftp:] | l2tp | nat-network

<A.B.C.D/16>

| nat-traversal

] |

Configure IPSEC client.

[

key export rsa public | terminal | url flash: | ftp: | http: | https: | scp: | sftp: | tftp:] |

[generate rsa modulus

<1024-4096>

] | [import client rsa pem | pkcs12 terminal password

<LINE>

| url flash: | ftp: | http: | https | scp: | sftp: | tftp: |ssh-host rsa terminal | url | flash: | ftp: | http: | https | scp: | sftp: | tftp:] | [zeroize rsa]

] |

[

[openvpn connection

<WORD>

] | [enable] |

[generate secret

<NAME>

] | [import ca

<NAME>

| cert

<NAME>

| dh

<WORD>

| key

<NAME>

| secret

<NAME>

| template

<NAME> |

terminal | url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | zeroize ca

<NAME>

| cert

<NAME>

key

<NAME>

] |

Key and Certificates.

OpenVPN configuration.

IOLAN SCR Command Line Reference Guide

138

[

pki import client pem | pkcs12 terminal password

<LINE>

| url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | https pem | pkcs12 terminal password

<LINE>

url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | https pem | pkcs12 terminal password

<LINE>

| url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | [https pem | pkcs12 terminal password

<LINE>

url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | openvpn ca

<NAME>

| cert

<NAME>

| key

<NAME>

] | server pem | pkcs12 erminal password

<LINE>

url flash: | ftp: | http: | https

| scp: | sftp: | tftp:] | [zeroize https openvpn ca

<NAME>

cert

<NAME>

key

<NAME>

| server

<WORD>

] |

[

ssl algorithm encryption suite-b-tls | tls-1.2

]}

Command Modes

Usage Guidelines

Set encryption parameters.

Examples

This example sets ipsec to enable.

PerleSCR(config)# crypto ipsec enable<cr>

Related Commands

show crypto

Global Configuration Mode

Keys and Certifications.

Set SSL encryption method.

PerleSCRconfig)#crypto

(config-client)

{[

authentication identify

<WORD>

| pre-shared-key

<WORD>

| remote-identity

<WORD>

| x509

<LINE>

| trustpoint <

CA-FILE>

] |

[

connection-type disable | initiate | respond

] |

[

ike-group

<WORD>

] |

[

local-address

<A.B.C.D>

|

<X:X:X:X::X:X>

| any

] |

[

tunnel

<1-429467295>

] |

esp-group

<WORD>

|

local-address

<A.B.C.D/N | X:X:X:X::X/N>

| remoteaddress

<A.B.C.D/N | X:X:X:X::X/N>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-client)

IOLAN SCR Command Line Reference Guide

139

Global Configuration Mode

{[

authentication identify

<WORD>

| preshared-key

<WORD>

| remote-identity

<WORD>

| x509

<LINE>

| trustpoint <

CA-

FILE>

] |

Sets the local authentication identity.

[

connection-type disable | initiate | respond

] |

Set connection type:

 initiate respond disable

[

ike-group

<WORD>

] |

[

local-address

<A.B.C.D>

|

<X:X:X:X::X:X>

| any

] |

[

tunnel

<1-429467295>

|

esp-group

<WORD>

|

local-address

<A.B.C.D/N | X:X:X:X::X/N>

| remote-address

<A.B.C.D/N |

X:X:X:X::X/N>

]}

Sets IPSEC IKE configuration.

Sets local IPSEC interface.

Sets client tunnel definitions.

Command Modes

PerleSCR(config-client)#

Usage Guidelines

Configure IPSEC.

Examples

This example sets IPSEC client type to initiate.

PerleSCR(config-client)# connection-type initiate <cr>

Related Commands

show crypto

(config-connection)

{[

ca

<WORD>

] |

[

cert

<NAME>

] |

[

cipher aes-128-cbc | aes-128-gcm | aes-192-cbc | aes-192-gcm | aes-256-cbc | aes-

256-gcm | bf-cbc | camellia-128-cbc | camellia-192-cbc | camellia-256-cbc | cast5-cbc | des-cbc | des-ede-cbc | des-ede3cbc | des-cbc | rc2-40-cbc | rc2-64-cbc | rc2-cbc | seed-cbc

[

client

] |

[

comp-lzo adaptive | no | yes

] |

] |

[

dev

<0-999>

] | [

dh

<WORD>

] |

[

dh

<WORD>

] |

[

ifconfig

<A.B.C.D> <WORD> <A.B.C.D><WORD>

] |

IOLAN SCR Command Line Reference Guide

140

Global Configuration Mode

[

keepalive

<1-65535> <1-65535>

] |

[

key

<WORD>

] |

[

lport

<1-65535>

] | [

persist-tun

] | [

port

<1-65535>

] |

[

pull

] |

[

remote

<A.B.C.D> <WORD> <X:X:X:X::X> <1-65535>

| tcp | udp

] |

[

remote-cert-tls client | server

] |

[

rport

<1-65535>

] |

[

secret

<NAME>

] |

[

server

<A.B.C.D> <A.B.C.D>

no pool

] |

[

server-ipv6

<X:X:X:X::X>

] |

[

template

<WORD>

] |

[

tls-client

] |

[

tls-server

] |

[

user-pass

<WORD> <WORD>

0 | 7

] |

[

verb

<0-11>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-connection)

{[

ca

<WORD>

] |

[

cert

<NAME>

] |

Sets PKI CA trustpoint.

Sets PKI certificate.

Set cipher to use in this connection.

[

cipher aes-128-cbc | aes-128-gcm | aes-

192-cbc | aes-192-gcm | aes-256-cbc | aes-

256-gcm | bf-cbc | camellia-128-cbc | camellia-192-cbc | camellia-256-cbc | cast5-cbc | des-cbc | des-ede-cbc | desede3-cbc | des-cbc | rc2-40-cbc | rc2-64cbc | rc2-cbc | seed-cbc

] |

[

client

] | Enable client mode if TCP mode is used with the remote command or if you receive the OpenVPN message "Options error: --proto tcp is ambiguous in this context.

Please specify --proto tcp-server or --proto tcp-client

IOLAN SCR Command Line Reference Guide

141

Global Configuration Mode

[

[

[

[

[

[

[

[

[

comp-lzo adaptive | no | yes dev dh keepalive key pull

<0-999>

<WORD>

lport

] |

[

ifconfig

<A.B.C.D> <WORD> <A.B.C.D>

<WORD>

] |

<WORD>

<1-65535>

persist-tun port

] |

] |

] |

]

<1-65535>

|

]

]

|

|

] |

<1-65535> <1-65535>

] |

Compression is *not* recommended for security reasons.

In cases where the OpenVPN server pushes the request "complzo no" to connecting clients, the client side will break with repeated "write to TUN/TAP :

Invalid argument (code=22)" errors unless it too has already specified "comp-lzo no. If you are a client and are using `pull` to get settings from the server, the connection may fail with that same message. To overcome this issue `comp-lzo no` must be defined in your connection.

Note:

the "no comp-lzo" (the default) turns off the entire compression subsystem which is required for connections not using compression.

Set the OpenVPN interface number.

Sets Diffie-Hellman parameters.

Configure the local and the remote IP addresses for each side of the connection. Reverse the ip addresses when configuring "the other end".

Sets the keepalive interval (in seconds) and the keepalive timeout (in seconds).

Sets PKI private key.

Set the port to use on the local side.

default is 1194

Keep tun device between restarts.

Sets the port to use on both sides of the connection.

Pull the configuration from the server.

IOLAN SCR Command Line Reference Guide

142

Global Configuration Mode

[

[

[

remote

<A.B.C.D> <WORD>

<X:X:X:X::X> <1-65535>

| tcp | udp

] |

remote-cert-tls client | server rport

<1-65535>

] |

] |

Set the remote host for connection.

Sets peer certificate checking as client or server.

When this is used with a TLS connection, the peer's certificate credentials are validated using the CA certificate referred to by the "ca" command.

This is recommended to mitigate man-in-the-middle attacks but can be left off if the signing CA certificate is not currently available.

Sets the port to use on the remote side.

Set the Pre-Shared secret key.

[

[

[

secret

<NAME>

] |

server

<A.B.C.D> <A.B.C.D>

server-ipv6

<X:X:X:X::X>

] |

no pool

] |

Sets OpenVPN IPv4 server parameters.

Sets OpenVPN IPv6 server parameters.

Set connection template.

[

template

<WORD>

] |

[

tls-client

] |

[

tls-server

] |

[

user-pass

<WORD> <WORD>

0 | 7

] |

Set to act as a TLS client.

Set to act as a TLS server.

Set authentication parameters for the client (your IOLAN to login

OpenVpn servers.

Sets verbosity level. (debug)

[

verb

<0-11>

]}

Command Modes

PerleRoute(config-connection)#

Usage Guidelines

Configure IPSEC parameters.

Examples

Set cipher for IPSEC connection.

PerleSCRr(config-connection)# cipher aes-128-cbc<cr>

IOLAN SCR Command Line Reference Guide

143

Global Configuration Mode

Related Commands

show crypto

(config-esp)#

{[

compression

] |

[

lifetime

<30-86400>

] |

[

mode transport | tunnel

] |

[

pfs

] |

[

proposal

<1-65535>

[encryption 3des | aes128 | aes128gcm182 | aes256 | aes256gcm128 | chacha20poly1305] | [hash md5 | sha1 | sha256 | sha384 | sha512]

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-esp)#

{[

compression

] |

Sets compression for IPsec connection.

[

lifetime

<30-86400>

] |

The tunnel will expires after no activity.

Range is 30 – 86400

Default is 1800 seconds

[

mode transport | tunnel

] |

Sets the tunnel mode.

Transport mode – payload encrypted; headers clear

Transport mode – both headers and payload encrypted.

[

pfs

] |

PFS on will improve security forcing a new key exchange for each new session. Both sides of the VPN tunnel must be able to support this option.

Enabling PFS by renewing keys more often will have a little performance impact but provide further security.

[

proposal

<1-65535>

[encryption 3des

| aes128 | aes128gcm182 | aes256 | aes256gcm128 | chacha20poly1305] |

[hash md5 | sha1 | sha256 | sha384 | sha512]

]}

Sets IKE/ESP proposal.

Command Modes

PerleSCR(config-esp)#

Usage Guidelines

Sets IPsec configuration.

IOLAN SCR Command Line Reference Guide

144

Global Configuration Mode

Examples

Set esp group mode to transport.

PerleSCR(config-esp)# mode transport <cr>

Related Commands

show crypto

(config-ike)#

{[

aggressive-mode

] |

[

dpd action clear | hold | restart

] |

[

dpd action clear | hold | restart

|

interval

<2-86400>

| timeout

<10-86400>

] |

[

ike-version ike | ikev1 | ikev2

] | [

lifetime

<30-86400>

] | [

proposal [dh-group 2 | 5

| 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26] | [encryption 3des | aes128 | aes128gcm128 | aes256 | aes256gcm256 | chacha20poly1305] | [hash md5 | sha1 | sha256 | sha384 | sha512]

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-ike)#

{[

aggressive-mode

] |

Aggressive mode takes part in fewer packet exchanges.

Aggressive mode does not give identity protection of the two IKE peers, unless digital certificates are used. This means VPN peers exchange their identities without encryption (clear text). It is not as secure as main mode, but the advantage to aggressive mode is that it is faster than Main mode.

You must use aggressive mode if one or both peers have dynamic external IP addresses or if you need to use Network Address

Translation Traversal (NAT-T)

Default is off

IOLAN SCR Command Line Reference Guide

145

Global Configuration Mode

[

[

[

dpd action clear | hold | restart ike-version ike | ikev1 | ikev2 lifetime

<30-86400>

] |

] |

] |

[

proposal [dh-group 2 | 5 | 14 | 15 | 16 | 17

| 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26] |

[encryption 3des | aes128 | aes128gcm128 | aes256 | aes256gcm256 | chacha20poly1305] | [hash md5 | sha1 | sha256 | sha384 | sha512]

]}

Command Modes

DPD is a method of detecting a dead Internet Key Exchange

(IKE) peer. This method uses

IPsec traffic patterns to minimize the number of messages required to confirm the availability of a peer. DPD is used to reclaim the lost resources in case a peer is found dead.

Clear –terminate the VPN connection over the detection timeout. You must manually re-initiate the VPN connection.

We recommend that you use

Clear when the remote peer uses dynamic IP address.

Hold –traffic from your local network to the remote network can trigger the router to reinitiate the VPN connection over the detection timeout. We recommend that you use Hold when the remote peer uses a static IP address

Restart –re-initiate the VPN connection for three times over the detection timeout.

Default Action is Hold

Interval is 30 seconds

Timeout is 120 seconds

Select IKE version to use. IKE will use IKEv2 but switch to

IKEv1 depending on the peer.

Default is IKEv2

Time to keep connection alive.

Range is 30-86400

Default is 3600 seconds

Sets IKE/ESP proposal.

Dh-default is 2

Encryption default is aes256

Hash default is SHA1

PerleSCR(config-ike)#

IOLAN SCR Command Line Reference Guide

146

Global Configuration Mode

Usage Guidelines

Sets IKE configuration.

Examples

Set dead peer detection to restart.

PerleSCR(config-ike)# dpd action restart <cr>

Related Commands

show crypto

(config-12tp)#

{[

client-ip-pool

<A.B.C.D> <A.B.C.D>

] |

[

dns-server

<1-2> <A.B.C.D>

] |

[

outside-address

<A.B.C.D>

] |

[

pre-shared-key

<WORD>

] |

[

username

<WORD>

password

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-l2tp)#

{[

client-ip-pool

<A.B.C.D> <A.B.C.D>

] |

Sets L2TP client ip pool addresses to be used by the clients.

[

dns-server

<1-2> <A.B.C.D>

] |

[

outside-address

<A.B.C.D>

] |

Sets L2TP DNS servers.

Sets the L2TP server remote address.

[

pre-shared-key

<WORD>

] |

Use the given pre-shared secret.

[

username

<WORD>

password

<WORD>

]}

Configure L2TP user name and password for this connection.

Command Modes

PerleSCR(config-l2tp)#

Usage Guidelines

Use these commands to setup parameters for L2TP connections.

L2TP connections.

Examples

Set username and password for L2TP connection.

PerleSCR(config-l2tp)# username lyn password test <cr>

IOLAN SCR Command Line Reference Guide

147

Global Configuration Mode

Related Commands

show crypto

dot1x dot1x

{[

credential

<profile-name>

] |

[

logging

] |

[

system-auth-control

] |

[

test timeout

<1-65535>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description dot1x

{[

credential

<profile-name>

] |

Create a dot1x credential profile.

[

logging

] |

[

system-auth-control

] |

Log dot1x messages

You must enable dot1x systemauth-control if you want to use

802.1x access controls on any port on the router. You can then use the port control command on each specific port on which you want

802.1x access controls to be used.

[

test timeout

<1-65535>

]}

The readiness check is typically used before 802.1x is enabled on the router. Set the timeout for

EAPOL devices that don’t respond in the specified time frame.

Command Modes

PerleSCR(config)#

Usage Guidelines

The 802.1x readiness check monitors 802.1x activity on all the IOLAN serial ports and displays information about the devices connected to the ports that support

802.1x. You can use this feature to determine if the devices connected to the IOLAN serial ports are 802.1x-capable

Examples:

This example will create a credential profile called testcrd, then you need to set dotx1 authentication on Ethernet interfaces in order to multihost.

Note: You must enable system -auth-control if you want to authenticate dot1x devices.

PerleSCR(config)#dot1x credential testcred<cr>

PerleSCR(config)#interface ethernet 1 <cr>

PerleSCR(config-if)#authentication mult-auth <cr>

IOLAN SCR Command Line Reference Guide

148

Global Configuration Mode

Related Commands

(config-dot1x-creden)#

show eee

(config-dot1x-creden)#

{[

password

< 0 > <LINE> | <7 > <LINE>

] |

[

username

<name>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-dot1x-creden)#

{[

password

< 0 > <LINE> | <7>

<LINE> | hex-string>

] |

0 - specifies that an unencrypted password will follow.

7- specifies that an hidden password will follow.

[

username

<name>

]

}

Specify a username.

Command Modes

PerlesCR(config)#dot1x credential your-name

PerleSCR(config-dot1x-creden)#

Usage Guidelines

Sets dot1x credentials.

Examples

This example will set the set the password for profile name testing to an encrypted password.

PerleSCR(config)#dot1x credential testing<cr>

PerleSCR(config-dot1x-creden)# password 7 DB0UeI1lynwOKW/j1 <cr>

Related Commands

dot1x

show eee

eap eap

{[

profile

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description eap

{[

profile

<WORD>

]}

Configure EAP profiles.

Command Modes

PerleSCRconfig)#

Usage Guidelines

Use this command to create EAP profiles.

IOLAN SCR Command Line Reference Guide

149

Global Configuration Mode

Related Commands

username

(config-eap-profile)#

{[

method gtc | leap | md5 | mschapv2 | peap | tls | [ttls chap |eap-gtc |eap-md5 | eap-mschapv2 | mschap | mschapv2 | pap]

] | [

pki-trustpoint

<WORD>

Use the no form of this command to negate a command or set its defaults.

]}

Syntax Description (config-eap-profile)#

|

{[

method gtc | leap | md5 | mschapv2 | peap | tls | [ttls chap |eap-gtc |eap-md5 | eap-mschapv2 | mschap | mschapv2 | pap]

]

Select the method of encapsulating sensitive information such as passwords to be authenticated from the

IOLAN

[

pki-trustpoint

<WORD>

]}

The certificate authority you trust. This is a self-signed certificate that you create here

eap

Command Modes

PerleSCR(config)#

Usage Guidelines

EAP is simply an authentication framework that defines the transport and usage of identity credentials. EAP encapsulates the usernames, passwords, certificates, and tokens, etc. that a client is sending for purposes of authentication.

A trustpoint is basically a certificate authority who you trust, and it is called a trustpoint because you implicitly trust this authority. The idea is that by trusting a given self-signed certificate, then your PKI system will automatically trust any other certificates signed with that trusted certificate

You need to create an eap profile before you can set these parameters.

Examples

This example shows you how to set the method to gtc.

PerleSCR(config)#method gtc<cr>

Related Commands

dot1x

email email

{[

enabled

] |

[

encryption

<none | ssl | tls>

] |

[

from

<WORD>

] |

IOLAN SCR Command Line Reference Guide

150

Global Configuration Mode

[

recipient

<WORD>

] |

[

smtp-server

<WORD> | <A.B.C.D> | <X:X:X:X::X:X>

] |

[

username certificate

]}

<WORD>

| password

<0 LINE> | 7 <WORD> | LINE>

] | [

Use the no form of this command to negate a command or set its defaults.

validate-

Syntax Description email

{[

enabled

] |

Enable the email feature.

{[

encryption

<none | ssl | tls>

] |

[

from

<WORD>

] |

Use selected encryption.

Format is [email protected]

[

recipient

<WORD>

] |

Format is [email protected]

[

smtp-server

<WORD> | <A.B.C.D> |

<X:X:X:X::X:X>

] |

[

username

<WORD>

| password

<0

<LINE> | 7 <WORD>

|

LINE>

] | [

password

<0 <LINE> | 7 <WORD> |

LINE>

] |

[

validate-certificate

]}

SMNP server to use for mail requests.

Username for server authentication.

Password for server authentication.

Valid email certificate.

Command Modes

PerleSCR(config)#

Usage Guidelines

Sets email notification parameters.

Examples

This example shows how enable the email feature and to specify the smnp server for email requests.

PerleSCR(config)#email enabled <cr>

PerleSCR(config)#email snmp-server 172.16.55.77 <cr>

Related Commands

show email

enable enable

{[

secret

<0 | 5 | LINE>

]}

Use the no form of this command to negate enable secret.

Syntax Description enable

IOLAN SCR Command Line Reference Guide

151

Global Configuration Mode

{[

secret

<0 | 5 | LINE>

]}

Command Modes

Usage Guidelines

This is the password to be used to enable privilege mode.

Examples

This example shows how to set a password for enable mode.

PerleSCR(config)#enable secret testsecret<cr>

0 – Specifies an unencrypted password to follow

5 – Specifies a encrypted password to follow

LINE – the unencrypted

(cleartext) secret

PerleRouter(config)#enable

Related Commands

username

hostname hostname

{[<

WORD

>]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

{[<

WORD

>]}

hostname

Type in the name you want to call your router.

Command Modes

PerleSCR(config)#hostname

Usage Guidelines

Set the hostname on the IOLAN.

Examples

This example will set the hostname to TestHost.

PerleSCR(config)#hostname TestHost<cr>

TestHost#

Related Commands

show hosts

interface interface

{[

bvi

<1-9999>

] |

[

dialer

<0-15>

] |

IOLAN SCR Command Line Reference Guide

152

Global Configuration Mode

[

ethernet

<1-18>

] |

[

loopback

] |

[

openvpn-tunnel

<0-999>

tap | tun

] |

[

tunnel

<0-999>

] |

[

range ethernet

<1-18> , <1-18>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description interface

{[

bvi

<1-9999>

]

|

Specify the bridge interface you want to configure.

[

dialer

<0-15>

] |

Specify the dialer interface you want to configure.

[

ethernet

<1-18>

]

|

Specify the Ethernet interface you want to configure.

[

[

[

loopback

] |

openvpn-tunnel

[tunnel

<0-999>

range ethernet

] |

<0-999>

tap | tun

<1-18> , <1-18>

Command Modes

]

] |

Specify the loopback interface you want to configure.

Specify a openvpn tunnel you want to configure.

Specify the tunnel you want to configure.

Specify a Ethernet range you want to configure.

PerleSCR(config)#interface ethernet 1

PerleSCR(config-if)#

Usage Guidelines

Set interface command.

Examples

This example will allow you to config parameters for Ethernet interface 1.

PerleSCR(config)# interface ethernet 1<cr>

IOLAN SCR Command Line Reference Guide

153

Global Configuration Mode

Related Commands

(config-if)# bvi

(config-if)# dialer

(config-if) ethernet

(config-if)# openvpn-tunnel

(config-if)# tunnel

show interfaces

(config-if)# bvi

{[

arp disable-arp-filter | enable-arp-accept | enable-arp-announce | enable-arpignore | timeout

<1-2147483>

] |

[

description

<LINE>

] |

[

ip address

<A.B.C.D> <A.B.C.D>

| dhcp client [class-id

<LINE>

| auto] |

[client-id ethernet

<1-18>

| ascii

<WORD>

| auto | hex

<hex-string>

] | hostname

<WORD>

| ddns service dyndns | update

<WORD>

| use-web skip | url

<WORD>

] | dns dhcp | [firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helper-address

<A.B.C.D>

] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-

65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [message-digestkey

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-to-point | point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-

65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

ipsec restrict

] |

[

ipv6 address

<X:X:X:X::X/<0-128>

|

dhcp | firewall in | out | local

<WORD>

|

[nd dad attempt

<0-500>

| managed config-flag | other-config-flag | prefix

<X:X:X:X::X/<0-128> <0-4294967294> |

infinite | [ra dns server

<X:X:X:X::X>

|

[hop-limit <1-255> | unspecified] | [interval

<4-1800> <3-1350>

| lifetime

<0> |

<4-9000>

| suppress] | reachable time

<0-3600000>

| retransmission-time

<0-

3600000>

| router-preference high | low |medium] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| deadinterval

<1-65535>

| hello-interval

<1-65535>

| [message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-to-point

| point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

mtu

<68-1500>

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-65534> |

minpoll

<4-17>

| version

<1-4>

] |

[

role lan |trusted | wan

] |

IOLAN SCR Command Line Reference Guide

154

Global Configuration Mode

[

shutdown

] |

[

zone-member security

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-if)# bvi

{[

arp disable-arp-filter | enable-arpaccept | enable-arp-announce | enablearp-ignore | timeout

<1-2147483>

] |

[

description

<LINE>

] |

Customize arp messages for this interface.

Type in a description for this interface.

[

ip address

<A.B.C.D> <A.B.C.D>

| dhcp client [class-id

<LINE>

| auto] | [client-id ethernet

<1-18>

| ascii

<WORD>

| auto | hex

<hex-string>

] | hostname

<WORD>

| ddns service dyndns | update

<WORD>

| use-web skip | url

<WORD>

] | dns dhcp |

[firewall in | local | out

<WORD>

] |

[health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helper-address

<A.B.C.D>

] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

|

[message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-to-point

| point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmitdelay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] | [

ipsec restrict

] |

[

ipsec restrict

] |

Specify an IP parameters.

Do not allow ipsec to run on this interface.

IOLAN SCR Command Line Reference Guide

155

Global Configuration Mode

[

ipv6 address

<X:X:X:X::X/<0-128>

|

dhcp | firewall in | out | local

<WORD>

|

[nd dad attempt

<0-500>

| managed config-flag | other-config-flag | prefix

<X:X:X:X::X/<0-128> <0-4294967294> |

infinite | [ra dns server

<X:X:X:X::X>

|

[hop-limit <1-255> | unspecified] |

[interval

<4-1800> <3-1350>

| lifetime

0 |

<4-9000>

| suppress] | reachable time

<0-

3600000>

| retransmission-time

<0-

3600000>

| router-preference high | low

|medium] | [ospf authentication messagedigest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [messagedigest-key

<1-255>

md5

<LINE>

] | mtuignore | [network broadcast | nonbroadcast | point-to-point | point-tomultipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmitdelay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

mtu

<68-1500>

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-

17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-

65534> |

minpoll

<4-17>

| version

<1-4>

] |

[

role lan |trusted | wan

] |

[

shutdown

] |

[

zone-member security

<WORD>

]}

Command Modes

Usage Guidelines

Sets option parameters for bridge.

Enable IPv6 on this interface.

Specify the mtu (maximum transmit unit) for this interface.

Configure for this interface.

Select the role for this interface.

Shutdown this interface.

This interface belongs to zone security name.

PerleSCR(config)#interface

PerleSCR(config-if)#

IOLAN SCR Command Line Reference Guide

156

Global Configuration Mode

Examples

This example configures an IP address on bvi 10.

PerleSCR>enable<cr>

PerleSCR#config<cr>

PerleSCR#interface bvi 10<cr>

PerleSCR(config-if)#ip address 172.16.113.45 255.255.0.0<cr>

Related Commands

(config-if)# bvi

(config-if)# dialer

(config-if) ethernet

(config-if)# openvpn-tunnel

(config-if)# tunnel

show interfaces

(config-if)# dialer

{[

dialer description

<LINE>

] |

[

encapsulation ppp

] |

[

ip address

<A.B.C.D> <A.B.C.D>

| ddns service dyndns | update

<WORD>

| use-web skip | url

<WORD>

] | dns dhcp | firewall in | out | local

<WORD>

|

[health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helper-address

<A.B.C.D>

] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

|

[message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-to-point | point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

ipsec restrict

] | [

[ipv6 firewall in | out | local

<WORD>

| [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| deadinterval

<1-65535>

| hello-interval

<1-65535>

| [message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-to-point

| point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

mtu

<64-1500>

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-65534> |

minpoll

<4-17>

| version

<1-4>

<LINE>

| 7

<WORD>

|

<LINE>

| timeout idle

<1-4294967>

[

role lan | trusted | wan

] |

[

shutdown

] |

] |

] |

[

ppp access-concentrator

<LINE>

| chap hostname

<WORD>

| password 0

IOLAN SCR Command Line Reference Guide

157

Global Configuration Mode

[

zone-member security

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description (config-if)# dialer

{[

dialer description

<LINE>

] |

Specify a name for this interface.

[

encapsulation ppp

] |

[

ip address

<A.B.C.D> <A.B.C.D>

| ddns service dyndns | update

<WORD>

| use-web skip | url

<WORD>

] | dns dhcp | firewall in | out | local

<WORD>

| [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helper-address

<A.B.C.D>

] | [ospf authentication message-digest | null] | authenticationkey

<LINE>

| cost

<1-65535>

| deadinterval

<1-65535>

| hello-interval

<1-

65535>

| [message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-topoint | point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-

65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

ipsec restrict

] |

Set encapsulation type.

Sets IP configuration parameters for this interface.

Enable or disable IPv6.

[

ipv6 firewall in | out | local

<WORD>

|

[ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-

65535>

| hello-interval

<1-65535>

|

[message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-topoint | point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-

65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

mtu

<64-1500>

] |

Set IPv6 sub commands.

Sets Maximum transmission unit size.

IOLAN SCR Command Line Reference Guide

158

Global Configuration Mode

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-65534> |

minpoll

<4-17>

| version

<1-4>

] |

[

ppp access-concentrator

<LINE>

| chap hostname

<WORD>

| password 0

<LINE>

| 7

<WORD>

|

<LINE>

| timeout idle

<1-4294967>

] |

[

role lan | trusted | wan

] |

[

shutdown

] |

[

zone-member security

<WORD>

]}

Configure NTP (Network Time

Protocol).

Configure Point to Point protocol.

Select the role for this interface.

Shutdown this interface.

Command Modes

This interface is a member of zone security.

PerleSCR(config-if)#

Usage Guidelines

Sets parameters for dialer interface.

Examples

This example will set the role for the dialer interface.

PerleSCR(config-if)role wan<cr>

Related Commands

(config-if)# bvi(config-if)# dialer

(config-if) ethernet

(config-if)# openvpn-tunnel

(config-if)# tunnel

show interfaces

(config-if) ethernet

{[

alarm profile

<WORD>

] |

[

arp disable-arp-filter | enable-arp-accept | enable-arp-announce | enable-arpignore | timeout

<1-2147483>

] |

[

authentication [host-mode] | [multi-auth] | [multi-host] | single-host] | [periodic]

| [port-control [auto] | [forced-authorized] | force-unauthorized] | [timer reauthenticate

<1-65535>

| restart

<1-65535>

] | [

bridge-group

<1-9999>

] |

[

description

<LINE>

] |

IOLAN SCR Command Line Reference Guide

159

Global Configuration Mode

[

dot1x credential

<WORD>

| max-auth-req

<1-10>

| max-req

<1-10>

|

[

[pae authenticator | suppliant] | eap profile

<WORD>

[pae profile

<WORD>

] |

[timeout quiet-period

<1-65535>

| supp-period

<1-65535>

| tx-period

<1-65535>

]

|

[

duplex auto | half | full

] |

[

ip address

<A.B.C.D> <A.B.C.D>

| [dhcp client [class-id

<LINE>

| auto] |

[client-id ethernet

<1-18>

| ascii

<WORD>

| auto | hex

<hex-string>

] | hostname

<WORD>

| ddns service dyndns | update

<WORD>

| use-web skip | url

<WORD>

]

| dns dhcp | [firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helper-address

<A.B.C.D>

] | [ospf authentication messagedigest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-

65535>

| hello-interval

<1-65535>

| [message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-to-point | point-tomultipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

ipsec restrict

] | [

ipv6 address

<X:X:X:X::X/<0-128>

| autoconfig | dhcp] enable

| firewall in | out | local

<WORD>

| [nd dad attempt

<0-500>

| managed configflag | other-config-flag | prefix

<X:X:X:X::X/<0-128> <0-4294967294> |

infinite |

[ra dns server

<X:X:X:X::X>

| [hop-limit <1-255> | unspecified] | [interval

<4-

1800> <3-1350>

| lifetime

0 | <4-9000>

| suppress] | reachable time

<0-3600000>

| retransmission-time

<0-3600000>

| router-preference high | low |medium]

] |

[

mab eap

] | [

mtu

<64-9000>

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

|

disable

|

multicast

< A.B.C.D> <X:X:X:X::X:X>

| client

< A.B.C.D> < X:X:X:X::X:X>

| key

<1-65534>

| minpoll | version

<1-4>

] |

[

power efficient-ethernet auto

] |

[

role lan | trusted | wan

] |

[

shutdown

] |

[

speed 10 |100 |1000 |auto

] |

[

zone-member security

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-if) ethernet

{[

alarm profile

<WORD>

] |

Use this alarm profile for this interface.

[

arp disable-arp-filter | enable-arp-accept | enable-arp-announce | enable-arp-ignore | timeout

<1-2147483>

] |

Customize arp messages for this interface.

IOLAN SCR Command Line Reference Guide

160

[

[

authentication [host-mode] | [multi-auth] |

[multi-host] | single-host] | [periodic] | [portcontrol [auto] | [forced-authorized] | forceunauthorized] | [timer reauthenticate

<1-

65535>

| restart

<1-65535>

] |

[

bridge-group

<1-9999>

] |

[

description

<LINE>

] |

[

dot1x credential

<WORD>

| max-auth-req

<1-10>

| max-req

<1-10>

|

[

[pae authenticator | suppliant] | eap profile

<WORD>

[pae profile

<WORD>

] | [timeout quiet-period

<1-65535>

| supp-period

<1-

65535>

| tx-period

<1-65535>

] |

duplex auto | half | full

] |

Global Configuration Mode

Select authentication mode to use on this interface when using Dot1x devices.

Add this interface to the specified bridge-group.

Description for this interface.

Sets the Port Access Entity

(PAE) type.

Supplicant

—The interface acts only as a supplicant and does not respond to messages that are meant for an authenticator.

Authenticator

—The interface acts only as an authenticator and does not respond to any messages meant for a supplicant.

Both

—The interface behaves both as a supplicant and as an authenticator and thus does respond to all dot1x messages.

Select duplex for this interface. In most cases this parameter should be left at auto.

IOLAN SCR Command Line Reference Guide

161

Global Configuration Mode

[

ip address

<A.B.C.D> <A.B.C.D>

| [dhcp client [class-id

<LINE>

| auto] | [client-id ethernet

<1-18>

| ascii

<WORD>

| auto | hex

<hex-string>

] | ddns service dyndns | update

<WORD>

| use-web skip | url

<WORD>

] | dns dhcp | [firewall in | local | out

<WORD>

]

| [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helper-address

<A.B.C.D>

] | [ospf authentication messagedigest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [message-digestkey

<1-255>

md5

<LINE>

] | mtu-ignore |

[network broadcast | non-broadcast | pointto-point | point-to-multipoint] | priority

<0-

255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy routepolicy

<WORD>

| rip authentication keychain | mode

<WORD>

] |

[

ipsec restrict

] |

Setup parameters for IP communications on this interface.

[

ipv6 address

X:X:X:X::X:X/<0-128>

| autoconfig | dhcp | enable | firewall in | out | local

<WORD>

| [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-

65535>

| hello-interval

<1-65535>

| [messagedigest-key

<1-255>

md5

<LINE>

] | mtuignore | [network broadcast | non-broadcast | point-to-point | point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-

65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

mab eap

] |

No ipsec allow on this interface.

If using IPv6, then setup

IPv6 communication parameters.

[

mtu

<64-9000>

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

|

disable

|

multicast

< A.B.C.D>

<X:X:X:X::X:X>

| client

< A.B.C.D> <

X:X:X:X::X:X>

| key

<1-65534>

| minpoll | version

<1-4>

] |

IOLAN SCR Command Line Reference Guide

Sets MAC authentication bypass interface commands.

Sets maximum transmission unit.

Configure NTP (Network

Time Protocol).

162

Global Configuration Mode

[

[

power efficient-ethernet auto role lan |trusted | wan

] |

] |

Configure interface power settings.

Set the role for this interface.

Shutdown this interface.

[

[

[

shutdown

] |

speed 10 |100 |1000 |auto zone-member security

]}

<WORD>

]}

Command Modes

Usage Guidelines

Set up Ethernet parameters for this interface.

Examples

This example will set the speed for this interface to 100.

PerleSCR(config-if)# speed 100<cr>

Set the speed for this interface.

This interface is a member of zone security.

PerleSCR(config-if)#

Related Commands

(config-if)# bvi

(config-if)# dialer

(config-if) ethernet

(config-if)# openvpn-tunnel

(config-if)# tunnel

show interfaces

(config-if)# openvpn-tunnel

{[

bridge-group

<1-9999>

] | [

description

<LINE>

] |

[

ip ddns service dyndns | update

<WORD>

| use-web skip | url

<WORD>

] |

[[firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [ospf authentication message-digest | null] | authenticationkey

<LINE>

| cost

<1-65535>

| dead-interval

<1-65535>

| hello-interval

<1-

65535>

| [message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-to-point] | point-to-multipoint] | priority

<0-

255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

] |

[

ipv6 | enable | firewall in | local |out | nd prefix

<X:X:X:X::X:X/0-128>

| ifmtu

<1-65535>

| instance-id

<0-255>

| mtu-ignore | passive | priority

<0-255>

retransmit -interval

<1-65535>

| transmit-delay

<1-65535>

| [ospf | cost

<1-

65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| instance-id

<0-

255>

| mtu-ignore | passive | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

] | [policy route-policy

<WORD>

] | [rip authentication key-chain | mode

<WORD>

| split-horizon disabled | poisoned-reverse

] |

IOLAN SCR Command Line Reference Guide

163

Global Configuration Mode

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-65534> |

minpoll

<4-17>

| version

<1-4>

] |

[

role lan | trusted | wan

] |

[

zone-member security

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description (config-if)# openvpn-tunnel

{[

bridge-group

<1-9999>

] |

Sets transparent bridging interface parameters.

[

description

<LINE>

] |

[

ip ddns service dyndns | update

<WORD>

| use-web skip | url

<WORD>

] | [[firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-

65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [messagedigest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | nonbroadcast | point-to-point] | point-tomultipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

] |

[

ipsec restrict

] |

Description for this interface.

Specify IP parameters.

Do not allow ipsec to run on this interface.

[

ipv6 | enable | firewall in | local |out | nd prefix

<X:X:X:X::X:X/0-128>

| ifmtu

<1-65535>

| instance-id

<0-255>

| mtuignore | passive | priority

<0-255>

retransmit -interval

<1-65535>

| transmit-delay

<1-65535>

| [ospf | cost

<1-65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| instance-id

<0-255>

| mtu-ignore | passive | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

] |

[policy route-policy

<WORD>

] | [rip authentication key-chain | mode

<WORD>

| split-horizon disabled | poisoned-reverse

] |

Set IPv6 configuration parameters.

IOLAN SCR Command Line Reference Guide

164

Global Configuration Mode

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-

17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-

65534> |

minpoll

<4-17>

| version

<1-

4>

] |

[

role lan | trusted | wan

] |

[

zone-member security

<WORD>

]}

Configure NTP (Network Time

Protocol).

Set the role for this interface.

Command Modes

This interface is a member of zone security.

PerleSCR(config-if)#

Usage Guidelines

Set configuration parameters for OPEN-VPN tunnel.

Examples

This example will set no authentication when using ospf.

PerleSCR(config-if)# ip ospf authentication null<cr>

Related Commands

(config-if)# bvi

(config-if)# dialer

(config-if) ethernet

(config-if)# openvpn-tunnel

(config-if)# tunnel

show interfaces

(config-if)#tunnel

{[

arp disable-arp-filter | enable-arp-accept-enable-arp-announce | enable-arpignore

] |

[

description

<LINE>

] |

[

ip address

<A.B.C.D> <A.B.C.D>

] |

[

ipsec restrict

] |

[

ipv6 address<x:x:x:x::x | [firewall in | out | local] | [nd dad attempts

<0-600>

|

[managed-config-flag | other-config | [prefix

<X:X:X:X::X>

] | [ra dns server

<X:X:X:X::X>] | [hop-limit

<1-255>

| unspecified] | [interval

<4-1800> <3-135>

]

| [lifetime

<0 | <4-9000>

] | suppress] | reachable-time

<0-3600000>

| retransmission-time

<0-3600000>

| [router-preference high | low | medium] |

[ospf cost

<1-65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| ifmtu

<1-65535>

| instance-id

<0-255>

| mtu-ignore | passive | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| [policy route-policy

<WORD>

] | [rip enable | split-horizon disable | poisoned-reverse]

] |

[

mtu

<64-1500>

] |

IOLAN SCR Command Line Reference Guide

165

Global Configuration Mode

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<4-17>

| disable | multicast

<A.B.C.D> <X:X:X:X::X>

| client <a.b.c.d>

<x:x:x:x::x| key

<1-65534>

| minpoll

<4-17>

| version

<4-17>

] |

[

role lan | trusted | wan

] |

[

shutdown

] |

[

tunnel destination

<A.B.C.D>

| multicast | source

<A.B.C.D>

| ethernet

<1-18>

| tos

<0-99>

| ttl

<1-255>

] |

[

zone-member security

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description (config-if)# tunnel

[arp disable-arp-filter | enable-arp-acceptenable-arp-announce | enable-arp-ignore] |

Set arp options for this interface.

[

description

<LINE>

] |

[

ip address

<A.B.C.D> <A.B.C.D>

] |

Interface description.

[

ipsec restrict

] |

Set an ip address for this interface.

Restrict or permit ipsec on this interface.

[

ipv6 address <x:x:x:x::x | [firewall in | out

| local] | [nd dad attempts

<0-600>

|

[managed-config-flag | other-config |

[prefix

<X:X:X:X::X>

] | [ra dns server

<X:X:X:X::X>] | [hop-limit

<1-255>

| unspecified] | [interval

<4-1800> <3-135>

] |

[lifetime

<0 | <4-9000>

] | suppress] | reachable-time

<0-3600000>

| retransmission-time

<0-3600000>

| [routerpreference high | low | medium] | [ospf cost

<1-65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| ifmtu

<1-65535>

| instance-id

<0-255>

| mtu-ignore | passive | priority

<0-255>

| retransmit-interval

<1-

65535>

| transmit-delay

<1-65535>

]

| [

policy route-policy

<WORD>

] | [

rip enable | split-horizon disable | poisonedreverse

] |

[

mtu

<64-1500>

] |

Set IPv6 parameters.

Set mtu sze.

IOLAN SCR Command Line Reference Guide

166

Global Configuration Mode

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-

17>

| version

<4-17>

| disable | multicast

<A.B.C.D> <X:X:X:X::X>

| client <a.b.c.d>

<x:x:x:x::x| key

<1-65534>

| minpoll

<4-

17>

| version

<4-17>

] |

[

role lan | trusted | wan

] |

[

shutdown

] |

[

tunnel destination

<A.B.C.D>

| multicast | source

<A.B.C.D>

| ethernet

<1-18>

| tos

<0-99>

| ttl

<1-255>

] |

[

zone-member security

<WORD>

]}

Command Modes

Set NTP parameters.

Set the role.

Shutdown this interface.

Specify tunnel parameters.

Specify zone member.

PerleSCR(config-if)#

Usage Guidelines

Sets parameters for tunnel interface.

Examples

This example will enable arp accepts on this interface.

PerleSCR(config-if)# arp enable-arp-accept<cr>

Related Commands

(config-if)# bvi

(config-if)# dialer

(config-if) ethernet

(config-if)# openvpn-tunnel

(config-if)# tunnel

show interfaces

(config-if)#range

{[

range ethernet

, -

|

<1-18> , - <1-18>

] |

[

alarm profile

<WORD>

] | [

arp disable-arp-filter | enable-arp-accept | enablearp-announce | enable-arp-ignore | timeout

<1-2147483>

] |

[

authentication [host-mode] | [multi-auth] | [multi-host] | single-host] | [periodic]

| [port-control [auto] | [forced-authorized] | force-unauthorized] | [timer reauthenticate

<1-65535>

| restart

<1-65535>

] | [

bridge-group

<1-9999>

] |

[

description

<LINE>

] | [

dot1x credential

<WORD>

| max-auth-req

<1-10>

| max-req

<1-10>

|

IOLAN SCR Command Line Reference Guide

167

Global Configuration Mode

[

[pae authenticator | suppliant] | eap profile

<WORD>

[pae profile

<WORD>

] |

[timeout quiet-period

<1-65535>

| supp-period

<1-65535>

| tx-period

<1-65535>

]

| [

duplex auto | half | full

] |

[

ip address

<A.B.C.D> <A.B.C.D>

| [dhcp client [class-id

<LINE>

| auto] |

[client-id ethernet

<1-18>

| ascii

<WORD>

| auto | hex

<hex-string>

] | ddns service dyndns | update

<WORD>

| use-web skip | url

<WORD>

] | dns dhcp] |

[ipsec restrict] | [firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helper-address

<A.B.C.D>

] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| deadinterval

<1-65535>

| hello-interval

<1-65535>

| [message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-to-point

| point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

ipsec restrict

] | [

ipv6 address

<X:X:X:X::X/<0-128>

| autoconfig | dhcp] | enable | firewall in | out | local

<WORD>

| [nd dad attempt

<0-500>

| managed config-flag | other-config-flag | prefix

<X:X:X:X::X/<0-128> <0-4294967294> |

infinite | [ra dns server

<X:X:X:X::X>

| [hop-limit <1-255> | unspecified] |

[interval

<4-1800> <3-1350>

| lifetime

0 | <4-9000>

| suppress] | reachable time

<0-3600000>

| retransmission-time

<0-3600000>

| router-preference high | low

|medium]

] |

[

mab eap

] |

[

mtu

<64-9000>

] | [

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

| disable | multicast

< A.B.C.D>

<X:X:X:X::X:X>

| client

< A.B.C.D> < X:X:X:X::X:X>

| key

<1-65534>

| minpoll

| version

<1-4>

] | [

power efficient-ethernet auto

] |

[

role lan | trusted | wan

] |

[

shutdown

] | [

speed 10 |100 |1000 |auto

] |

[

zone-member security

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-if)#range

{[

range ethernet

, -

|

<1-18> , - <1-

18>

] |

{[

alarm profile

<WORD>

] |

Specify the from to range.

Use this alarm profile for this interface.

[

arp disable-arp-filter | enable-arpaccept | enable-arp-announce | enablearp-ignore | timeout

<1-2147483>

] |

Customize arp messages for this interface.

IOLAN SCR Command Line Reference Guide

168

[

[

authentication [host-mode] | [multiauth] | [multi-host] | single-host] |

[periodic] | [port-control [auto] |

[forced-authorized] | forceunauthorized] | [timer reauthenticate

<1-65535>

| restart

<1-65535>

] |

[

bridge-group

<1-9999>

] |

[

description

<LINE>

] |

[

dot1x credential

<WORD>

| maxauth-req

<1-10>

| max-req

<1-10>

|

[

[pae authenticator | suppliant] | eap profile

<WORD>

[pae profile

<WORD>

] | [timeout quiet-period

<1-

65535>

| supp-period

<1-65535>

| txperiod

<1-65535>

] |

duplex auto | half | full

] |

Global Configuration Mode

Select authentication mode to use on this interface when using Dot1x devices.

Add this interface to the specified bridge-group.

Description for this interface.

Sets the Port Access Entity (PAE) type.

Supplicant

—The interface acts only as a supplicant and does not respond to messages that are meant for an authenticator.

Authenticator

—The interface acts only as an authenticator and does not respond to any messages meant for a supplicant.

Both

—The interface behaves both as a supplicant and as an authenticator and thus does respond to all dot1x messages.

Select duplex for this interface. In most cases this parameter should be left at auto.

IOLAN SCR Command Line Reference Guide

169

[

ip address

<A.B.C.D> <A.B.C.D>

|

[dhcp client [class-id

<LINE>

| auto] |

[client-id ethernet

<1-18>

| ascii

<WORD>

| auto | hex

<hex-string>

] | ddns service dyndns | update

<WORD>

| use-web skip | url

<WORD>

] | dns dhcp | [firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helperaddress

<A.B.C.D>

] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-

65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [messagedigest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | nonbroadcast | point-to-point | point-tomultipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

ipsec restrict

] |

[

ipv6 address

X:X:X:X::X:X/<0-128>

| autoconfig | dhcp | enable | firewall in | out | local

<WORD>

| [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-

65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [messagedigest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | nonbroadcast | point-to-point | point-tomultipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

mab eap

] |

[

mtu

<64-9000>

] |

Global Configuration Mode

Setup parameters for IP communications on this interface.

No ipsec allow on this interface.

If using IPv6, then setup IPv6 communication parameters.

Sets MAC authentication bypass interface commands.

Sets maximum transmission unit.

IOLAN SCR Command Line Reference Guide

170

ip

Global Configuration Mode

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

|

disable

|

multicast

< A.B.C.D>

<X:X:X:X::X:X>

| client

< A.B.C.D> <

X:X:X:X::X:X>

| key

<1-65534>

| minpoll | version

<1-4>

] |

[

power efficient-ethernet auto

] |

[

role lan |trusted | wan

] |

[

shutdown

] |

[

speed 10 |100 |1000 |auto

]}

[

zone-member security

<WORD>

]}

Configure NTP (Network Time

Protocol).

Configure interface power settings.

Set the role for this interface.

Shutdown this interface.

Set the speed for this interface.

Command Modes

This interface is a member of zone security.

PerleSCR(config-if)#

Usage Guidelines

Set up a range to configure Ethernet parameters for this interface.

Examples

This example disables ipv6 on this range of ethernet interfaces.

PerleSCR(config)#interface range ethernet 10 , 15<cr>

PerleSCR(config-if-range)# ipsec restrict<cr>

Related Commands

(config-if)# bvi

(config-if)# dialer

(config-if) ethernet

(config-if)# openvpn-tunnel

(config-if)# tunnel

show interfaces

ip

{[

access-list extended

<100-199> <2000-2699>

| [resequence extended

<100-

199> <2000-2699> <1-2147483647> <1-2147483647>

| standard

<1-99> <1300-

1999> <1-2147483647> <1-2147483647>

] | standard

<1-99> <1300-1999>

expanded | standard

<100-500> <1-65535

] |

[

alg modules ftp | gre | h323 | nfs | pptp | sip | sqlnet | tftp disable

] |

[

as-path access-list

<WORD>

<1-65535> deny | permit

<LINE>

] |

] | [

aspath access-list

<WORD> <1-65535>

deny | permit

<LINE>

] | [

community-list

IOLAN SCR Command Line Reference Guide

171

Global Configuration Mode

[

community-list expanded

<100-500> <1-65535>

deny

<TEST>

| permit

<LINE>

| standard

<1-99> <1-65535>

deny

<1-4294967295>

| internet | local-as

|no-advertise | no-export | permit

<1-4294967295>

| internet | local-as | noadvertise | no-export | permit

<LINE>

] |

[

default-gateway

<A.B.C.D>

] |

[

dhcp excluded-address

<A.B.C.D>

| pool

<name>

| relay information hop-count

<1-255>

| packet-size

<64-1400>

| policy

drop | encapsulate | keep | replace

| port

<1-655535>

] |

[

dns cache-size

<1-1000>

| domain

<NAME>

server

<A.B.C.D> <X:X:X:X::X>

| ignore-hosts-file | listen-address

<A.B.C.D> <X:X:X:X::X>

| negative-ttl

<0-

7200>

] |

[

domain lookup

] |

[

domain-name

<WORD>

] |

[

extcommunity-list expanded

<100-500> <1-65535>

deny

<TEST>

| permit

<LINE>

| standard

<1-99> <1-65535>

deny rt | soo

<asn:nn>

] |

[

firewall

<NAME>

| all-ping enable | broadcast-ping enable | config-trap enable | ip-src-route enable | ipv6-receive-redirects enable | ipv6-src-route | log-martians enable | receive-redirects enable | send-redirects enable | [source-validation disable | loose | strict] | [state-policy established accept | drop | reject] | [invalid accept | drop | reject] |

[

related action accept | drop | reject] | syn-cookies enable | twa-hazards-protection enable

] |

[

ftp passive | password 0

<LINE>

| 7

<WORD>

|

<LINE>

| username

<WORD>

]

|

[

health profile

<WORD>

] |

[

host

<WORD> <A.B.C.D>

] |

[

host-group

<WORD>

] |

[

http [accounting exec

<WORD>

| default] | authentication aaa loginauthentication

<WORD>

| default] | [client password 0

<LINE>

| 7

<WORD>

|

<LINE>

proxy-server

<WORD>

proxy-port

<1-65535>

secure-trust-point

<WORD>

| username

<WORD>

| verify-server] | [secure-port

<1024-65535>

] |

[server] | [session-idle-timeout

<1-1440>

] |

[

name-server

<A.B.C.D>

] |

[

nat inside source [any interface bvi

<1-9999>

| ethernet

<1-18>

over load

| pool

<WORD> <A.B.C.D> <A.B.C.D> <A.B.C.D>

| list

<1-2699>

| static tcp

< A.B.C.D> <0-65535>

| inbound-interface bvi

<1-

9999>

| | ethernet

<1-18>

|

< 0-65535>

| udp

< A.B.C.D> <0-65535>

inbound- interface bvi

<1-9999>

| | ethernet

<1-4>

|

<0-65535>

] |

[

passthrough enable

|

interface ethernet address

<A.B.C.D>

| hardware-address

<H.H.H>

] |

[

prefix-list

<WORD>

deny

<A.B.C.D> </n | A.B.C.D>

ge | le

<1-32>

| description

<LINE>

| permit

<A.B.C.D> </n | A.B.C.D>

ge | le

<1-32>

| seq <1-65535> deny

IOLAN SCR Command Line Reference Guide

172

Global Configuration Mode

<A.B.C.D> </n | A.B.C.D>

ge | le

<1-32>

| permit

<A.B.C.D> </n | A.B.C.D>

ge | le

<1-32>

] |

[

radius source-interface bvi

<0-9999>

| | dialer

<0-15>

| | ethernet

<1-4 . <1-

4000

> | openvpn-tunnel

<1-999>

| tunnel

<1-999>

] |

[

route

< A.B.C.D> <A.B.C.D> < A.B.C.D> <1-255>

| bvi

<1-9999>

| | ethernet

<1-4> <1-255>

dhcp | null

<1-255>

| table

<1-200> <A.B.C.D> <A.B.C.D> <

A.B.C.D>

| bvi

<1-9999>

| | dialer

<0-15>

| | ethernet

<1-18>

null | openvpn

<0-

999>

| tunnel

<0-999>

|

<1-255>

| dhcp

] |

[

route-policy

<WORD

] |

[

scp password 0

<LINE>

| 7

<WORD>

|

<LINE>

| username

<WORD>

] |

[

sftp username <word> | password <0 | 7 | LINE>

] |

[

ssh authentication-retries

<0-5>

| client algorithms mac hmac hmac-sha1 | [email protected] | hmac-sha2-256 | [email protected] | hmac-sha2-512 | hmac-sha2-512 [email protected] | umac-

[email protected] | [email protected] | [email protected] | [email protected]

]}

] |

[

tacacs source-interface bvi

<0-9999>

| | dialer

<0-15>

| | ethernet

<1-18> . <1-

4000

> | openvpn-tunnel

<1-999>

| tunnel

<1-999>

] |

[

telnet server

Use the no form of this command to negate a command or set its defaults.

Syntax Description ip

{[

access-list extended

<100-199> <2000-

2699>

| [resequence extended

<100-199>

<2000-2699> <1-2147483647> <1-

2147483647>

| standard

<1-99> <1300-

1999> <1-2147483647> <1-2147483647>

]

| standard

<1-99> <1300-1999>

] |

ACL standard type: allows you to filter based on source IP address of a packet.

ACL extended type: allows you to filtering on source addresses, but also on destination addresses, protocols, and even applications, based on their port number.

[

alg modules ftp | gre | h323 | nfs | pptp | sip | sqlnet | tftp disable

] |

By default all alg modules are enabled. Use the disable command to disable modules.

[

as-path access-list

<WORD>

<1-65535> deny | permit

<LINE>

] |

Use this command to configure an access-list filter for Border

Gateway Protocol (BGP) autonomous system (AS) numbers.

IOLAN SCR Command Line Reference Guide

173

[

extcommunity-list expanded

<100-500>

<1-65535>

deny

<TEST>

| permit

<LINE>

| standard

<1-99> <1-65535>

deny

<1-4294967295>

| internet |local-as

|no-advertise | no-export | permit

<1-

4294967295>

| internet |local-as |noadvertise | no-export | permit

<LINE>

] |

[

default-gateway

<A.B.C.D>

] |

[

dhcp excluded-address

<A.B.C.D>

| pool

<name>

| relay information hop-count

<1-255>

| packet-size

<64-1400>

| policy

drop | encapsulate | keep | replace

| port

<1-655535>

] |

[

dns cache-size

<1-1000>

| domain

<NAME>

server

<A.B.C.D>

<X:X:X:X::X>

| ignore-hosts-file | listenaddress

<A.B.C.D> <X:X:X:X::X>

| negative-ttl

<0-7200>

] |

[

domain lookup

] |

[

domain-name

<WORD>

] |

[

extcommunity-list expanded

<100-500>

<1-65535>

deny

<TEST>

| permit

<LINE>

| standard

<1-99> <1-65535>

deny rt | soo

<asn:nn>

] |

[

firewall

<name>

| all-ping enable | broadcast-ping enable | config-trap enable | ip-src-route enable | ipv6receive-redirects enable | ipv6-src-route | log-martians enable | receive-redirects enable | send-redirects enable | [sourcevalidation disable | loose | strict] | [statepolicy established accept | drop | reject] |

[invalid accept | drop | reject] |

[

related action accept | drop | reject] | syn-cookies enable | twa-hazards-protection enable

] |

Global Configuration Mode

Add an extended community list entry.

Specify a default gateway.

Exclude an address range or configure dhcp pools.

Set values for DNS server.

Enables IP Domain Name System hostname translation.

Default domain name.

Set extcommnity parameters.

rt – Route Target extended community soo – Site of Origin extended community

Configure parameters associated with the firewall.

IOLAN SCR Command Line Reference Guide

174

Global Configuration Mode

[

ftp passive | password 0

<LINE>

<WORD>

|

<LINE>

| username

<WORD>

] |

| 7

[

health profile

<WORD>

] |

[

host

<WORD> <A.B.C.D>

] |

[

host-group

<WORD>

] |

|

[

http [accounting exec

<WORD>

| default] | authentication aaa loginauthentication

<WORD>

| default] |

[client password 0

<LINE>

| 7

<WORD>

|

<LINE>

proxy-server

<WORD>

proxyport

<1-65535>

secure-trust-point

<WORD>

| username

<WORD>

| verifyserver] | [secure-port

<1024- 65535>

] |

[server] | [session-idle-timeout

<1-1440>

]

[

name-server

<A.B.C.D>

] |

[

nat inside source [any interface bvi

<1-

9999>

| | | ethernet

<1-18>

over load

| pool

<WORD> <A.B.C.D> <A.B.C.D>

<A.B.C.D>

| list

<1-2699>

| static tcp

< A.B.C.D> <0-

65535>

| inbound interface bvi

<1-9999>

|

| dot11radio | ethernet

<1-18>

|

< 0-

65535>

| udp

< A.B.C.D> <0-65535>

inbound- interface bvi

<1-9999>

| | | ethernet

<1-

18>

|

<0-65535>

] |

[

prefix-list

<WORD>

deny

<A.B.C.D>

</n | A.B.C.D>

ge | le

<1-32>

| description

<LINE>

| permit

<A.B.C.D> </n |

A.B.C.D>

ge | le

<1-32>

| seq <1-65535> deny

<A.B.C.D> </n | A.B.C.D>

ge | le

<1-

32>

| permit

<A.B.C.D> </n | A.B.C.D>

ge

| le

<1-32>

] |

Configure ftp parameters.

Passive - indicates to the server that the client will be opening the file transfer session. This option would be used if the client was behind a firewall.

Configure IP health profile.

Add a host to the host table.

Name of host list.

Provide the parameters for HTTP client connections.

Specify the address of the name server to use.

Network Address Translation.

Network address translation is a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.

Use NAT when your IOLAN is on a private network and your internal PCs want to browse the internet.

Add pre-list filter.

IOLAN SCR Command Line Reference Guide

175

[

route

< A.B.C.D> <A.B.C.D> < A.B.C.D>

<1-255>

| bvi

<1-9999>

| | | ethernet

<1-

5> <1-255>

dhcp | null

<1-255>

] |

[

radius source-interface bvi

<0-9999>

| cellular

<0-0>

| dialer

<0-15>

| | ethernet

<1-4 . <1-4000

> | openvpn-tunnel

<1-999>

| tunnel

<1-999>

] |

[

route

< A.B.C.D> <A.B.C.D> < A.B.C.D>

<1-255>

| bvi

<1-9999>

| | ethernet

<1-

18> <1-255>

dhcp | null

<1-255>

| table

<1-200> <A.B.C.D> <A.B.C.D> <

A.B.C.D>

| bvi

<1-9999>

| | dialer

<0-15>

| | ethernet

<1-4>

null | openvpn

<0-999>

| tunnel

<0-999>

|

<1-255>

| dhcp

] |

[

route-policy

<WORD

]}

[

scp password 0

<LINE>

| 7

<WORD>

|

<LINE>

| username

<WORD>

] |

[

sftp username <word> | password <0 | 7

| LINE>

] |

[

ssh authentication-retries

<0-5>

| client algorithms mac hmac hmac-sha1 | [email protected] | hmac-sha2-256

| [email protected] | hmac-sha2-512 | hmac-sha2-512 [email protected] | [email protected] | umac-

[email protected] | [email protected] | umac-

[email protected]

] |

[

tacacs source-interface bvi

<0-9999>

| | dialer

<0-15>

| | ethernet

<1-18> . <1-

4000

> | openvpn-tunnel

<1-999>

| tunnel

<1-999>

] |

[

telnet server

]}

Command Modes

Usage Guidelines

Enable and configure IP parameters.

Global Configuration Mode

Establish static routes.

Configure the source interface for

RADIUS requests.

Establish static routes.

The routing table is used with policy-routing. In policy-routing rules you can define the routing table is to used. Then policyrouting can be applied to any interface.

Route policy.

SCP configuration commands.

SFTP configuration commands.

Configure SSH options.

Configure the source interface for

TACACS requests.

Configure telnet server options.

PerleSCR(config)#ip

IOLAN SCR Command Line Reference Guide

176

Global Configuration Mode

Examples

This example sets ftp servers to use ftp passive mode when connecting to our

IOLAN.

PerleSCR(config)#ip ftp passive<cr>

Related Commands

telnet

(config-std-nacl)#

{[

<1-65535>

deny | permit

<A.B.C.D>/hostname> <A.B.C.D>/hostname>

| any | host

<A.B.C.D>/hostname>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-std-nacl)#

{[

<1-2147483647>

deny | permit

<A.B.C.D>/hostname>

<A.B.C.D>/hostname>

| any | host

<A.B.C.D>/hostname>

]}

Configure access lists.

Command Modes

PerleRouter(config-std-nacl)#

Usage Guidelines

When specifying IP address use notation as eg; 172.16.113.66

Examples

This example will specify a default domain name of TestUnit.

PerleSCR(config-std-nacl)#ip domain-name TestUnit<cr>

(config-dhcp)#

{[

address

<A.B.C.D>

hardware-address

<H.H.H>

] |

[

authoritative enable

] |

[

bootfile

<WORD>

] |

[

default-router

<A.B.C.D>/hostname

] |

[

description

<LINE>

] |

[

dns-server

<A.B.C.D>/hostname

] |

[

domain-name

<WORD>

] |

[

enable

] |

[

lease

<0-365> <0-23> <0-59>

| infinite

] |

[

network

</nn | A.B.C.D>

start

<A.B.C.D>

stop

<A.B.C.D>

] |

[

option

<1-254>

ascii

<LINE>

| hex

<hex-string>

| ip

<A.B.C.D>/hostname

] |

[

static-route

<A.B.C.D> <A.B.C.D> <A.B.C.D>

]}

IOLAN SCR Command Line Reference Guide

177

Global Configuration Mode

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-dhcp)#

{[

address

<A.B.C.D>

hardwareaddress

<H.H.H>

] |

Specify the IP address that you want to reserve for the client. This IP address will only be assigned to the client with this hardware address.

[

authoritative enable

] |

Set authoritative to enabled if this is the only DHCP server on your network. This will allow roaming clients to get a new DHCP address even if their lease has been assigned from another network and is still valid

(lease has not expired) This will prevent a client lock out situation.

[

bootfile

<filename>

] |

For the DHCP server to support client auto-configuration, you must specify the IP address or name of a TFTP server and the bootfile name.

[

default-router

<A.B.C.D>

] |

Specify the default router to use after a

DHCP client has booted. The IP address of the default router should be on the same subnet as the client.

[

description

<pool-name>

] |

Provide a description for the DHCP pool.

[

dns-server

<A.B.C.D>

] |

Specify a DNS server to use for clients using this DHCP pool. A DNS server needs to be specified if you want to browse the internet.

[

domain-name

<A.B.C.D>

] |

[

enable

] |

[

lease

<0-365> <0-23> <0-59>

| infinite

] |

If needed. specify a domain name.

Enable this dhcp pool.

Specify a lease time for client connecting using this DHCP pool.

Typically 24 lease times are suitable, however if your situation is a public hotspot then shorter time be warranted.

[

network

</nn | A.B.C.D>

start

<A.B.C.D>

stop

<A.B.C.D>

] |

[

option ascii

<string>

| hex

<hexstring>

| ip

<A.B.C.D>

] |

Specify the network, start and stop IP addresses for DHCP lease ranges.

If needed, specify DHCP options to be sent to the client. NVT ascii strig

IOLAN SCR Command Line Reference Guide

178

Global Configuration Mode

[

static-route

<A.B.C.D> <A.B.C.D>

<A.B.C.D>

]}

Command Modes

If needed, specify a static route.

PerleSCR(config)#

Usage Guidelines

When specifying IP address use notation as eg; 172.16.113.66

Examples

This example will set authoritative mode to enable.

PerleSCR(config-dhcp)#ip authoritative enable<cr>

Related Commands

ip

(config-pbr)#

{[

description

<LINE>

| enable-default-log | rule

<1-9998>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-pbr)#

{[

description

<LINE>

| enable-defaultlog | rule

<1-9998>

]}

Configure a policy rule.

Command Modes

PerleRouter(config-pbr)#

Usage Guidelines

Use this command to create a policy rule.

Examples

This example will specify rule number 10, then enter sub menu mode.

PerleSCR(config-pbr)#rule 10<cr>

PerleSCR(config-pbr-rules)#

(config-pbr-rules)#

{[

description

<LINE>

] | [

log-enable

] | [

match [destination address

<A.B.C.D>

<A.B.C.D>

| not

<A.B.C.D> <A.B.C.D>

| start

<A.B.C.D>

stop

<A.B.C.D>

] |

[port

<1-65535>

| not

<1-65535>

| start

<1-65535>

stop

<1-65535>

] | [fragment | fragment | non-fragment] | [icmp type

<0-255>

code

<0-255>

] | [ipsec ipsec |nonipsec] | [protocol <0-255> ah | dccp | dsr | egp | eigrp | encap | esp | esp | etherip | ggp | gre | hmp | icmp | idpr | igmp | igp | ip | ipip | ipv6 | ipv6-frag | ipc6-icmp | ipv6-nonxt | ipv6-opts | ipv6-route | isis | l2tp | manet | mpls-in-ip | narp | not | osfp | pim | rdp | rohc | rsvp | sctp | sdrp | shim6 | skip | tcp | udp | udplite | vrrp | xns-idp] | [recent count

<1-255>

| time

<1-4294967295>

] | [source address

<A.B.C.D> <A.B.C.D>

| not

<A.B.C.D>

| start

<A.B.C.D>

stop

<A.B.C.D>

| mac-

IOLAN SCR Command Line Reference Guide

179

Global Configuration Mode

address

<H.H.H>

| not

<A.B.C.D>

| [state established disable | enable] | [invalid disable | enable] | [new disable | enable] | related tcp-flags ack | all | fin | psh | rst

| syn | urg | not

] | [

set action drop | dscp

<0-63>

| mark

<1-2147483647>

[routing-table

<1-200>

| main] | tcp-mss

<500-1460>

| pmtu

] | [

|

[time monthdays

<1-31>

| not

<1-31>

] | startdate month

<WORD> <1-31> <2001-2037>

|

[starttime

<hh:mm:ss>

] | stopdate month

<WORD> <1-31> <2001-2037>

| stoptime

<hh:mm:ss>

| utc | weekedays

<DAY>

| not

<DAY>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-pbr-rules)#

{[

description

<LINE>

] |

Provide a description for this policy rule.

[

log-enable

] |

[

match [destination address

<A.B.C.D>

<A.B.C.D>

| not

<A.B.C.D> <A.B.C.D>

| start

<A.B.C.D>

stop

<A.B.C.D>

] |

[port

<1-65535>

| not

<1-65535>

| start

<1-65535>

stop

<1-65535>

] | [fragment | fragment | non-fragment] | [icmp type

<0-255>

code

<0-255>

] | [ipsec ipsec

|non-ipsec] | [protocol <0-255> ah | dccp

| dsr | egp | eigrp | encap | esp | esp | etherip | ggp | gre | hmp | icmp | idpr | igmp | igp | ip | ipip | ipv6 | ipv6-frag | ipc6-icmp | ipv6-nonxt | ipv6-opts | ipv6-route | isis | l2tp | manet | mpls-inip | narp | not | osfp | pim | rdp | rohc | rsvp | sctp | sdrp | shim6 | skip | tcp | udp | udplite | vrrp | xns-idp] | [recent count

<1-255>

| time

<1-4294967295>

] |

[source address

<A.B.C.D> <A.B.C.D>

| not

<A.B.C.D>

| start

<A.B.C.D>

stop

<A.B.C.D>

| mac-address

<H.H.H>

| not

<A.B.C.D>

| [state established disable | enable] | [invalid disable | enable] | [new disable | enable] | related tcp-flags ack | all | fin | psh | rst | syn | urg | not

] |

[

set action drop | dscp

<0-63>

| mark

<1-2147483647>

| [routing-table

<1-

200>

| main] | tcp-mss

<500-1460>

| pmtu

]}

Log packet matching the rule.

Match values as define to the routing table.

Set action for policy rules.

IOLAN SCR Command Line Reference Guide

180

Global Configuration Mode

[

[time monthdays

<1-31>

| not

<1-31>

] | startdate month

<WORD> <1-31>

<2001-2037>

| [starttime

<hh:mm:ss>

] | stopdate month

<WORD> <1-31>

<2001-2037>

| stoptime

<hh:mm:ss>

| utc | weekedays

<DAY>

| not

<DAY>

]}

Command Modes

Set the time to match the rules.

PerleSCR(config-pbr-rules)#

Usage Guidelines

Use these commands to set policy rules.

Examples

This example sets the action for the packets that match this defined rule.

PerleSCR(config-prb-rules)# set action drop<cr>

This example uses policy-based routing to route all HTTP traffic protocol tcp, destination port 80 through a policy route called http-firewall.

PerleSCR(config)# ip route 0.0.0.0 0.0.0.0 10.10.200.9

PerleSCR(config)#i p route table 2 0.0.0.0 0.0.0.0 172.16.0.8

PerleSCR(config-prb)# ip route-policy http-firewall<cr>

PerleSCR(config-prb))# rule 2<cr>

PerleSCR(config-prb-rules)# set routing-table 2 <cr>

PerleSCR(config-prb-rules)# match protocol tcp <cr>

PerleSCR(config-prb-rules)# match destination port 80<cr>

PerleSCR(config)# interface ethernet 2 <cr>

PerleSCR(config)# ip address 192.168.2.1 255.255.255.0<cr>

PerleSCR(config)# ip policy route-policy http-firewall<cr>

ipv6

IPv6

{

[

access-list

<WORD>

] |

[

dhcp pool

<WORD>

] |

[

dns domain

<WORD>

server

<X:X:X:X::X>

| listen-address

<X:X:X:X::X>

] |

[

firewall

<WORD>

| ipv6-receive-redirects enable | ipv6-src-route enable | statepolicy [established action accept | drop | reject] | [invalid action accept | drop | reject] | [related accept | drop | reject]

] |

[

host

<WORD>

|

<X:X:X:X::X>

] |

[

name-server

<X:X:X:X::X>

] |

[

prefix-list

<WORD>

] |

[

radius source-interface bvi

<1-9999>

| | dialer

<0-15>

| ethernet

<1-18>

.

<1-

4000>

openvpn-tunnel

<0-999>

tunnel

<0-999>

]

|

[

route

<A.B.C.D> <A.B.C.D>

| bvi

<1-9999>

| | dialer

<0-15>

| | ethernet

<1-

18>

.

<1-4000>

| open-vpn-tunnel

<0-999>

| tunnel

<0-999> <X:X:x:X::X <1-

255>

] |

IOLAN SCR Command Line Reference Guide

181

Global Configuration Mode

[

route-policy

<WORD>

] |

[

router osfp | rip

] |

[

tacacs source-interface bvi

<1-9999>

| | dialer

<0-15>

| ethernet

<1-18>

.

<1-

4000>

openvpn-tunnel

<0-999>

tunnel

<0-999>

] |

[

unicast-routing

]}

Syntax Description ipv6

{[

access-list

<WORD>

]

|

Set the access list to use.

[

dhcp pool

<WORD>

]

|

[

dns domain

<WORD>

server

<X:X:X:X::X>

| listen-address

<X:X:X:X::X>

] |

Set the dhcp pool to use.

Set DNS domain parameters.

[

firewall

<WORD>

| ipv6-receive-redirects enable | ipv6-src-route enable | statepolicy [established action accept | drop | reject] | [invalid action accept | drop | reject] | [related accept | drop | reject]

]

|

[

host

<WORD>

|

<X:X:X:X::X>

]

|

[

name-server

<X:X:X:X::X>

]

|

Firewall options.

Configure static host names

Specify the address of the name server to use.

[

prefix-list

<WORD>

] |

[

radius source-interface bvi

<1-9999>

| | dialer

<0-15>

| ethernet

<1-18>

.

<1-

4000>

openvpn-tunnel

<0-999>

tunnel

<0-

999>

]

|

[

route

<A.B.C.D> <A.B.C.D>

| bvi

<1-

9999>

| | dialer

<0-15>

| | ethernet

<1-

18>

.

<1-4000>

| open-vpn-tunnel

<0-999>

| tunnel

<0-999> <X:X:x:X::X <1-255>

] |

[

route

<A.B.C.D> <A.B.C.D>

| bvi

<1-

9999>

| | dialer

<0-15>

| | ethernet

<1-

18>

.

<1-4000>

| open-vpn-tunnel

<0-999>

| tunnel

<0-999> <X:X:x:X::X <1-255>

] |

[

route-policy

<WORD>

] |

[

router osfp | rip

] |

IP prefix-list filter.

RADIUS configuration parameters.

Establish static routes.

IPV6 route policy.

Enable a IPV6 routing process.

IOLAN SCR Command Line Reference Guide

182

Global Configuration Mode

[

tacacs source-interface bvi

<1-9999>

| | dialer

<0-15>

| ethernet

<1-18>

.

<1-

4000>

openvpn-tunnel

<0-999>

tunnel

<0-

999>

] |

[

unicast-routing

]}

Usage Guidelines

Set IPv6 parameters.

Examples

This example sets the DHCP to pool name.

PerleSCR(config)# ipv6 dhcp pool ipv6pool1<cr>

TACACS configuration parameters.

Enable unicast routing.

Related Commands

show ipv6

(config--ipv6-acl)#

<1-65535>

] |

[

deny

| <X:X:X:X::X/0-128 |any>

] |

[

permit

<X:X:X:X::X/0-128 | any>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config--ipv6-acl)#

<1-65535>

] |

[

deny

<X:X:X:X::X/0-128 | any>

exactmatch

] |

[

permit

<X:X:X:X::X/0-128 | any>

exactmatch

] |

Command Modes

Specify the sequence number.

Deny specified packets.

Deny specified packets.

PerleRouter(config-ipv6-acl)#

Usage Guidelines

Configure network packets to deny or permit using Access Control List.

Examples

This example will deny packets from this network.

PerleSCR(config-ipv6-acl# deny 172.16.0.0/16 exact-match<cr>

Related Commands

ipv6

IOLAN SCR Command Line Reference Guide

183

Global Configuration Mode

(dhcpv6-config)#

{[

address prefix

<X:X:X:X::X/0-128>

] |

[

dns-server

<X:X:X:X::X>

|

[

domain-name

<WORD>

] |

[

host

<WORD>

] |

[

lifetime default

<0-4294967294>

maximum

<0-4294967294>

minimum

<0-

4294967294>

] |

[

nis address

<X:X:X:X::X>

| domain-name

<WORD>

] |

[

nisp address

<X:X:X:X::X>

| domain-name

<WORD>

] |

[

sip address

<X:X:X:X::X>

| domain-name

<WORD>

] |

[

sntp address

<X:X:X:X::X>

] |

[

subnet

<X:X:X:X::X/<1-128>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(dhcpv6-config)#

{[

address prefix

<X:X:X:X::X/0-128

] |

Specify the IPv6 address prefix.

[

dns-server

<X:X:X:X::X>

|

Specify a DNS server to use for clients using this DHCP pool. A

DNS server needs to be specified if you want to browse the internet.

If needed. specify a domain name.

[

domain-name

<WORD>

] |

[

host

<WORD>

] |

[

lifetime default

<0-4294967294>

maximum

<0-4294967294>

minimum

<0-

4294967294>

]

[

nis address

<X:X:X:X::X>

| domain-name

<WORD>

] |

Configure lifetime prefixes.

Configure the address and domain name of your nis server.

[

nisp address

<X:X:X:X::X>

| domainname

<WORD>

] |

[

sip address

<X:X:X:X::X>

| domain-name

<WORD>

] |

[

sntp address

<X:X:X:X::X>

] |

Configure the address and domain name of your nisp server.

Configure the address and domain name of your sip server.

Configure the address of your

SNTP server.

IOLAN SCR Command Line Reference Guide

184

Global Configuration Mode

[

subnet

<X:X:X:X::X/<1-128>

]}

Command Modes

PerleSCR(config)#

Usage Guidelines

Configure IPv6 DHCP paramters.

Examples

This example will set the dns-server address to 1:2:3:4:5::6.

PerleSCR(dhcpv6-config)#dns-server 1:2:3:4:5::6<cr>

Related Commands

ipv6

(config-fw6)#

{[

default-action accept | drop | reject

] |

[

description

<LINE>

] |

[

enable-default-logfile

] |

[

rule

<1-9999>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-fw6)#

{[

default-action accept | drop | reject

] |

[

description

<LINE>

] |

[

enable-default-logfile

] |

Default action for firewall rules.

Description for the firewall rules.

Log packets matching default action.

[

rule

<1-9999>

]}

Create rules, go into submenu.

Command Modes

PerleSCR(config-fw6)#

Usage Guidelines

Configure IPv6 firewall options.

Examples

This example will set default action for firewall rules.

PerleSCR(config-fw6)# default-action drop<cr>

Related Commands

ipv6

IOLAN SCR Command Line Reference Guide

185

Global Configuration Mode

(config-fw6-rules)#

{[

description

<WORD>

] |

[

disable

] |

[

log-enable

] |

[

match destination [address

<X:X:X::X/0-128>

| not

<X:X:X::X/0-128>

| start

<X:X:X::X>

stop

<X:X:X::X>

] | port <1-65535> not

<X:X:X::X/0-128>

| start

<X:X:X::X>

stop

<X:X:X::X>

] | [fragment fragment | non-fragment] | icmp type

<0-255>

code

<0-255>

| typenane address-unreachable | bad-header | communication-prohibited | destination-unreachable | echo-reply | echo-request

| neighbour-advertisement | neighbour-solicitation | no-route | packet-too-big | parameter-problem | port-unreachable | route-advertisement | routersolicitation | time-exceeded | ttl-zero-during-reassembly | ttl-zero-during-transit | unknown-header-type | unknown-option] | ipsec ipsec | non-ipsec | [protocol <0-

255> | ah |dccp |dsr | egp | eigrp | encap | esp | etherip | ggp | gre | hmp | icmp |

[

idpr | igmp | igp | p | ipip | ipv6 | ipv6-frag | ipv6-icmp | ipv6-nonxt | ipv6-opts | ipv6-route | isis | l2tp | manet | mpls-in-ip | narp | not | ospf pim | rdp | roho |rvsp

| sctp | sdrp | shim6 | skip | tcp | udp | udplite |vrrp | xnc-idp] | [recent count

<1-

255>

| time

<1-4294967295>

] |

source

address

<X:X:X::X/0-128>

| not

<X:X:X::X/0-128>

| start

<X:X:X::X>

stop

<X:X:X::X>

] | [mac-address

<H.H.H>

not

<H.H.H>

] | [port

<1-65535>

| not

<1-65535>

| start

<1-65535>

|

stop <1-

65535>

] | state [established disable | enable] | [invalid disable | enable] | [new enable | disable] | [related disable | enable] | tcp-flags ack | all | fin | psh | rst | syn

|urg | not ack | all | fin | psh | rst | syn | urg]

[ set action drop | dscp

<0-63>

| mark

] |

<1-2147483647>

| routing table

<1-200>

| main | tcp-mss

<500-1460>

| pmtu

] |

[

time monthdays

<1-31>

| not

<1-31>

] | startdate

<MONTH> <1-31> <2001-

2037>

| stopdate

<MONTH> <1-31> <2001-2037>

| starttime stoptime

<hh:mm:ss>

| utc | weekdays

<DAY>

| not

<DAY>

]

<hh:mm:ss>

]}

Use the no form of this command to negate a command or set its defaults.

|

Syntax Description

(config-fw6-rules)#

{[

description

<WORD>

] |

Configure a description for the policy rule.

[

disable

] |

[

log-enable

] |

Disable the policy rule.

Log packet matching the rule.

IOLAN SCR Command Line Reference Guide

186

Global Configuration Mode

[

match destination [address

<X:X:X::X/0-

128>

| not

<X:X:X::X/0-128>

| start

<X:X:X::X>

stop

<X:X:X::X>

] | port <1-

65535> not

<X:X:X::X/0-128>

| start

<X:X:X::X>

stop

<X:X:X::X>

] | [fragment fragment | non-fragment] | icmp type

<0-

255>

code

<0-255>

| typenane addressunreachable | bad-header | communicationprohibited | destination-unreachable | echoreply | echo-request | neighbouradvertisement | neighbour-solicitation | noroute | packet-too-big | parameter-problem

| port-unreachable | route-advertisement | router-solicitation | time-exceeded | ttl-zeroduring-reassembly | ttl-zero-during-transit

| unknown-header-type | unknown-option] | ipsec ipsec | non-ipsec | [protocol <0-255> | ah |dccp |dsr | egp | eigrp | encap | esp | etherip | ggp | gre | hmp | icmp | idpr | igmp | igp | p | ipip | ipv6 | ipv6-frag | ipv6icmp | ipv6-nonxt | ipv6-opts | ipv6-route | isis | l2tp | manet | mpls-in-ip | narp | not | ospf pim | rdp | roho |rvsp | sctp | sdrp |

| shim6 | skip | tcp | udp | udplite | | xnc-idp]

[recent count

<1-255>

| time

<1-

4294967295>

] |

source

address

<X:X:X::X/0-128>

| not

<X:X:X::X/0-128>

| start

<X:X:X::X>

stop

<X:X:X::X>

] | [macaddress

<H.H.H>

not

<H.H.H>

] | [port

<1-

65535>

| not

<1-65535>

| start

<1-65535>

|

stop <1-65535>

] | state [established disable | enable] | [invalid disable | enable] | [new enable | disable] | [related disable | enable] | tcp-flags ack | all | fin | psh | rst | syn |urg | not ack | all | fin | psh | rst | syn | urg]

] |

[

[ set action drop | dscp

<0-63>

| mark

<1-

2147483647>

| routing table

<1-200>

| main

| tcp-mss

<500-1460>

| pmtu

] |

[

time monthdays

<1-31>

| not

<1-31>

] | startdate

<MONTH> <1-31> <2001-2037>

| stopdate

<MONTH> <1-31> <2001-2037>

| starttime

<hh:mm:ss>

| stoptime

<hh:mm:ss>

| utc | weekdays

<DAY>

| not

<DAY>

]

]}

Match the values from the routing table.

Packet modifications.

Time parameters.

IOLAN SCR Command Line Reference Guide

187

Global Configuration Mode

Command Modes

Usage Guidelines

Set up firewall rules for IPv6.

Examples

This example will set the action for matched packets.

PerleSCR(config-fw6-rules)# set action accept<cr>

PerleSCR(config-fw6-rules)#

Related Commands

ipv6

key

{[

chain

< WORD

]}

Syntax Description

{[

chain

< WORD

]}

Command Default

Command Modes key

Key-chain management.

PerleSCR#(config)# key

Usage Guidelines

A key chain is a series of keys that can be created to help ensure secure communication between routers in a network. Authentication occurs whenever neighboring routers exchange information. Plain text authentication sends a plain text key with each message, and plain text is vulnerable to snooping.

Examples

This example create key chain 1, then go into sub menu key.

PerleSCR(config)#key chain key1<cr>

Related Commands

(config-keychain-key)#

(config-key)#

{[

key

<1-2147483647

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-key)#

{[

key

<1-2147483647

]}

Specify a number for this key.

Command Modes

PerleSCR#(config-key)# key

IOLAN SCR Command Line Reference Guide

188

Global Configuration Mode

Usage Guidelines

This command is used in conjunction with (config-keychain-key) to set a key string.

Examples

Specify a key number.

PerleSCR(config-key)# key 250<cr>

Related Commands

key

(config-keychain-key)#

{[

string

<0 | 7 | WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-keychain-key)#

{[

string

<0 | 7 | WORD>

]}

Sets key string

0 – specifies an unencrypted password

7 – specifies a hidden password with follow

WORD - the unencrypted

(cleartext) user password.

Command Modes

PerleSCR(config-keychain-key)

#string

Usage Guidelines

Specify a password for keychain.

Examples

Specify a password for key chain.

PerleSCR(config-keychain-key)# string password123<cr>

Related Commands

key

l ine line

{[

console

<0-0 >

|

tty

< 1-2>

|

vty

<0-15>

]}

Syntax Description line

Command Modes

PerleSCR#(config)#line

IOLAN SCR Command Line Reference Guide

189

Global Configuration Mode

Usage Guidelines

Use this command to change to line mode.

Examples

Configure line parameters.

Related Commands

(config-line)#console

(config-line)#tty

(config-line)#vty

logging logging

{[

<hostname> | <A.B.C.D>

] |

[

[

alarm

<2-3>

buffered

| major | minor

<0-7>

|

] |

<4096-32768>

| alert | critical] | debugging | emergencies | errors | informational | notifications | warnings

|

[

console

<0-7>

|

<4096-32768>

| alert | critical] | debugging | emergencies | errors

| informational | notifications | warnings

] |

[

delimiter tcp

] |

[

facility auth | cron | daemon | kern | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | sys10 | sys11 | sys12 | sys13 | sys14 | sys9

| syslog | user | ucp

] |

[

file flash:

<filename> <0-7>

|

<4096-32768>

| alert | critical | debugging | emergencies | errors | informational | notifications | warnings

] |

[

host

<A.B.C.D>

transport tcp port

<1-65535>

| udp port

<1-65535>

] |

[

monitor

<0-7> | <4096-32768>

| alert | critical] | debugging | emergencies |

] |

errors | informational | notifications | warnings

[

on

] |

[

origin-id hostname | ip | ipv6 | string

] |

[

rate-limit

<1-10000>

except

<0-7> | <4096-32768>

| alert | critical] | debugging | emergencies | errors | informational | notifications | warnings

] |

[

source interface bvi

<1-9999>

| | ethernet

<1-18>

| openvpn-tunnel

<0-999>

| tunnel

<0-999>

] |

[

trap

<0-7> | <4096-32768>

| alert | critical] | debugging | emergencies | errors | informational | notifications | warnings

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description logging

{[

<hostname> | <A.B.C.D>

] |

Specify the address of the logging host.

IOLAN SCR Command Line Reference Guide

190

Global Configuration Mode

[

alarm

<2-3>

| major | minor

] |

[

buffered

<0-7>

|

<4096-32768>

| alert | critical] | debugging | emergencies | errors | informational | notifications | warnings

] |

[

console

<0-7> | <4096-32768>

| alert | critical] | debugging | emergencies | errors | informational | notifications | warnings

] |

[

delimiter tcp

] |

[

facility auth | cron | daemon | kern | local0 | local1 | local2 | local3 | local4 | local5 | local6

| local7 | lpr | mail | news | sys10 | sys11 | sys12 | sys13 | sys14 | sys9 | syslog | user | ucp

] |

[

file flash:

<filename> <0-7>

|

<4096-32768>

| alert | critical | debugging | emergencies | errors | informational | notifications | warnings

] |

[

host

<A.B.C.D>

transport tcp port

<

1-

65535>

| udp port

<

1-65535>

] |

[

monitor

<0-7> | <4096-32768>

| alert | critical] | debugging | emergencies | errors | informational | notifications | warnings

] |

[

on

] |

[

origin-id hostname | ip | ipv6 | string

] |

[

rate-limit

<1-10000>

except

<0-7>

|

<4096-

32768>

| alert | critical] | debugging | emergencies | errors | informational | notifications | warnings

] |

[

source interface bvi

<1-9999>

| | ethernet

<1-18>

| openvpn-tunnel

<0-999>

| tunnel

<0-999>

] |

Set severity alarm level.

major – immediate action needed (severity 2) minor – minor warning conditions (severity 3)

Set buffered logging parameters.

Set console logging parameters.

Append delimiter to syslog messages.

Set facility parameter for syslog messages.

Set file logging parameters.

Set the syslog server IP address and parameters.

Set terminal line (monitor) logging parameters.

Enable logging to all enabled destinations.

Add origin ID to syslog messages.

Set message per second limit.

Set the interface for source address in logging transactions.

IOLAN SCR Command Line Reference Guide

191

Global Configuration Mode

[

trap

<0-7>

|

<4096-32768>

| alert | critical]

| debugging | emergencies | errors | informational | notifications | warnings

]}

Command Default

Set syslog server logging level.

Command Modes

Usage Guidelines

Enable logging setting.

Examples

This example will enable logging to the host 172.16.55.88.

PerleSCR(config)#logging 172.16.55.88<cr> logging buffered 4096 debugging logging console debugging logging monitor debugging

PerleSCRconfig)#logging

Related Commands

show logging

login login

[

on-failure every

<1-65535>

| log every

<1-65535>

| trap every

<1-65535>

]

|

on-success every

<1-65535>

| log every

<1-65535>

| trap every

<1-65535>

]}

Syntax Description login

[

on-failure every

<1-65535>

| log every

<1-

65535>

| trap every

<1-65535>

] |

Set options for failed login attempt.

[

on-success every

<1-65535>

| log every

<1-65535>

| trap every

<1-65535>

]}

Set options for successful login attempt.

Command Modes

PerleRouter(config)#login

Usage Guidelines

Set parameters for users login in attempts.

Examples

This example will log failed login attempts.

PerleSCR(config)#login on-failure<cr>

Related Commands

logging

IOLAN SCR Command Line Reference Guide

192

Global Configuration Mode

management-access management-access

{[

enable

] | [

from-lan

] | [

from-wan

]}

Syntax Description management-access

{[

enable

] |

Enable management access.

[

from-lan

] |

Allow management access from

LAN devices.

[

from-wan

]}

Allow management access from

WAN devices.

Command Default

Command Modes

All management access methods are enabled for LAN by default.

All management access methods are disabled for WAN by default.

PerleSCR(config)#managementaccess<cr>

Usage Guidelines

This command allows you to set per interface the management access methods for that interface.

Management Methods are:

Enable – all management Access methods for this interface

HTTP – Enable HTTP (Web) management Access for this interface

HTTPS – Enable HTTPS (Web) management access for this interface

Telnet – Enable Telnet management access for this interface

SSH – Enable SSH management access for this interface

SNMP – Enable SNMP management access for this interface

Examples

This example sets management access HTTPS off for interface Ethernet 1.

PerleSCR>enable<cr>

PerleSCR#config<cr>

PerleSCR#management-access from-LAN<cr>

Related Commands

(management-access-LAN)#

(management-access-WAN)#

(management-access-LAN)#

{[

http enable

] | [

https enable

] | [

snmp enable

] | [

ssh enable

] | [

telnet enable

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(management-access-LAN)#

IOLAN SCR Command Line Reference Guide

193

Global Configuration Mode

[

[

[

[

http enable https enable snmp enable ssh enable

] |

|

]

] |

|

Enable devices connected from the

LAN side with Role set to LAN to use HTTP to connect to the router.

Enable devices connected from the

LAN side with Role set to LAN to use HTTPS to connect to the router.

Enable devices connected from the

LAN side with Role set to LAN to use HTTPS to connect to the router.

Enable devices connected from the

LAN side with Role set to LAN to use ssh to connect to the router.

[

telnet enable

]}

Command Default

Enable devices connected from the

LAN side with Role set to LAN to use telnet to connect to the router.

All methods are enabled on the

LAN side. All methods are disabled on the WAN side.

Command Modes

PerleSCR#management-accesslan<cr>

Usage Guidelines

Set protocols to allow entry from the LAN side to manage the IOLAN.

Examples

This example sets management access telnet for LAN devices.

PerleSCR(config)#management-access--lan<cr>

PerleSCR(management-access-lan)#telnet enable<cr>

Related Commands

(management-access-LAN)#

(management-access-WAN)#

(management-access-WAN)#

{[

http enable

] | [

https enable

] | [

snmp enable

] | [

ssh enable

] | [

telnet enable

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(management-access-WAN)#

{[

http enable

|

Enable devices connected from the

WAN side with Role set to WAN to use HTTP to connect to the router.

IOLAN SCR Command Line Reference Guide

194

Global Configuration Mode

[

[

[

[

https enable snmp enable ssh enable

]

telnet enable

|

]

]

]}

|

|

Enable devices connected from the

WAN side with Role set to WAN to use HTTPS to connect to the router.

Enable devices connected from the

WAN side with Role set to WAN to use SNMP to connect to the router.

Enable devices connected from the

WAN side with Role set to WAN to use ssh to connect to the router.

Enable devices connected from the

WAN side with Role set to WAN to use telnet to connect to the router.

All protocols are disabled.

Command Default

Command Modes

PerleSCR>enable <cr>

PerleRouter#config <cr>

PerleRouter(config)#managementaccessfrom-lan<cr>

Usage Guide

Set protocols to allow entry from the LAN side to manage the IOLAN.

Examples

Specify management access for wan devices using ssh.

PerleSCR(config)# management-access from-wan<cr>

PerleSCR(config-management-access-WAN)# ssh enable<cr>

Related Commands

management-access

nat66 nat66

{[

prefix outside

]}

<X:X:X:X::X:X>

/

<0-128>

inside

<X:X:X:X::X:X>

999>

| tunnel

<0-999>

Use the no form of this command to negate a command or set its defaults.

/

<0-

128>

outside-interface bvi

<0-9999>

| | ethernet

<1-18>

| openvpn-tunnel

<0-

Syntax Description nat66

IOLAN SCR Command Line Reference Guide

195

Global Configuration Mode

{[

prefix outside

<X:X:X:X::X:X>

/

<0-128>

inside

<X:X:X:X::X:X>

/

<0-128>

outsideinterface bvi

<0-9999>

| | ethernet

<1-18>

| openvpn-tunnel

<0-999>

| tunnel

<0-

999>

]}

Set parameters for NAT66.

Command Modes

PerleSCR(config)# nat66

Usage Guidelines

NAR66 is used to map one IPv6 address prefix to another IPv6 address prefix as each

IPv6 packets transits the entry from the

IOLAN.

Use NAT when your

IOLAN is on a private network and your internal PCs want to browse the Internet

.

Related Commands

show nat66

ntp ntp

{[

authentication

] |

[

authentication-key

<1-65534>

md5

<WORD> <0 | 7>

] |

[

broadcastdelay

<1-999999>

] |

[

logging

] |

[

master

<1-15>

] | [

peer

<A.B.C.D> <WORD> <X:X:X:X::X>

ip

<

hostname-ofpeer>

ipv6

<

hostname-of-peer>

| key

<1-65534>

| maxpoll

<4-17>

| minpoll

<4-

17>

| prefer | version

<1-4>

] |

[

server

<A.B.C.D> <WORD> <X:X:X:X::X>

ip

<

hostname-of-peer>

ipv6

<

hostname-of-peer>

| key

<1-65534>

| maxpoll

<4-17>

| minpoll

<4-17>

| prefer | version

<1-4>

] |

[

trusted-key

1-65534

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description ntp

[

authentication

] |

The time sources must authenticate with each other before synchronizing clock time.

[

authentication-key

<1-65534>

md5

<WORD> <0 | 7>

] |

When authentication is enabled, the configured authentication key must be exchanged between time sources before clock synchronizing can begin.

0 – unencrypted key

7 – encrypted key

IOLAN SCR Command Line Reference Guide

196

[

[

[

broadcastdelay logging master

] |

<1-15>

] |

<1-999999>

] |

[

peer

<A.B.C.D> <WORD> <X:X:X:X::X>

ip

<WORD>

ipv6

<WORD>>

| key

<1-

65534>

| maxpoll

<4-17>

| minpoll

<4-17>

| prefer | version

<1-4>

] |

Global Configuration Mode

By default, the router will set broadcast delay to Autonegotiate. Select the autonegotiate broadcast delay off if you wish to set your own broadcast delay time in microseconds. Broadcast delay time is the estimated round-trip delay between the broadcast

NTP server and the router.

Log NTP messages to the router’s internal log.

Select this router as the master source clock. The stratum defines how far away the clock is away from the Authoritative

Time Source.

The highest stratum is 1. It is reserved for atomic clocks, GPS clocks or radio clock which generates a very accurate time.

This type of time source is defined as the “Authoritative time source”. The stratum defines how many hops a node is from the “authoritative time source”. Stratum x nodes are synchronized to stratum x‐1 nodes.

Stratum numbers range from 1 to

15.

Configure the IPv4/IPv6 address or hostname of the NTP peer that you will be getting the clock from. Select prefer to use this

NTP source over another. A preferred peer's responses are discarded only if they vary greatly from the other time sources. Otherwise, the preferred peer is used for synchronization without consideration of the other time sources.

IOLAN SCR Command Line Reference Guide

197

Global Configuration Mode

[

[

server

<A.B.C.D> <WORD>

<X:X:X:X::X>

ip

<WORD>

ipv6

<WORD>>

| key

<1-65534>

| maxpoll

<4-

17>

| minpoll

<4-17>

| prefer | version

<1-

4>

] |

trusted-key

1-65534

Command Modes

]}

Configure the IPv4/IPv6 address or hostname of the NTP peer that you will be getting the clock from. Select prefer to use this

NTP source over another. A preferred server’s responses are discarded only if they vary greatly from the other time sources. Otherwise, the preferred server is used for synchronization without consideration of the other time sources.

Changes to the polling interval is not recommended and is discouraged. NTP dynamically selects the optimal poll interval between the values of minpoll and maxpoll, which defaults to

64 and 1024 seconds respectively and are correct for most environments.

Shorter values are used to correct large errors and larger values are to refine accuracy.

Default is Minimum poll 64.

Versions 1-4 are supported

Configure a trusted key to be used for trusted time sources.

PerleSCR>enable <cr>

PerleSCR#config t<cr> erleSCR(config)#ntp

Usage Guidelines

Network Time Protocol (NTP) is used as a method of distributing and maintaining synchronization of time information between nodes in a network. NTP server uses

UTC (Universal Coordinated Time). When initially launched, it can take NTP as much as 5 minutes to obtain an accurate time.This is due to the algorithm used to determine what NTP master(s) the IOLAN should synchronize with. NTP will not synchronize with nodes whose time is significantly off even if its stratum is lower.

During this “settling” period, the router may not have the correct time. NTP can usually achieve time synchronization between two systems in the order of a few milliseconds. This can be achieved with a time transmission rate of as little as one packet per minute.

IOLAN SCR Command Line Reference Guide

198

Global Configuration Mode

Examples

PerleSCR(config)# ntp server 172.16.4.181<cr>

23:40:31: %NTPD-5: ntpd [email protected] Wed May 18 14:33:49 UTC 2016

(10): Starting

23:40:31: %NTPD-6: Command line: ntpd -n -g

23:40:31: %RSYSLOGD-6:LOGGINGHOST_STARTSTOP: Logging to UDP host

172.16.55.88 port 514 started

23:40:31: %NTPD-6: proto: precision = 3.840 usec (-18)

23:40:31: %NTPD-6: Listen and drop on 0 v6wildcard [::]:123

23:40:31: %NTPD-6: Listen and drop on 1 v4wildcard 0.0.0.0:123

23:40:31: %NTPD-6: Listen normally on 2 lo 127.0.0.1:123

23:40:31: %NTPD-6: Listen normally on 3 Vl1 172.16.113.77:123

23:40:31: %NTPD-6: Listen normally on 4 lo [::1]:123

23:40:31: %NTPD-6: Listen normally on 5 Gi2 [fe80::6ac9:bff:fec1:58da%4]:123

23:40:31: %NTPD-6: Listen normally on 6 Gi1 [fe80::6ac9:bff:fec1:58d9%3]:123

23:40:31: %NTPD-6: Listen normally on 7 eth0 [fe80::6ac9:bff:fec1:58d8%2]:123

23:40:31: %NTPD-6: Listening on routing socket on fd #38 for interface updates

23:40:31: %NTPD-3: Unable to listen for broadcasts, no broadcast interfaces available

23:40:31: %NTPD-6: 0.0.0.0 c01d 0d kern kernel time sync enabled

23:40:31: %NTPD-6: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM

23:40:31: %NTPD-6: 0.0.0.0 c011 01 freq_not_set

23:40:31: %NTPD-6: 0.0.0.0 c016 06 restart

Examples

PerleSCR(config)# ntp status <cr>

Clock is synchronized, stratum 12, reference is 172.16.4.180

Precision is 2**-18 s

Reference time is dae84dc5.33013328 (Thu, May 19 2016 10:35:49.199)

Clock offset is 7.595002 msec, root delay is 0.439 msec

Root dispersion is 7956.293 msec

Related Commands

show ntp

Feature Details / Application Notes

power-supply

{[

dual

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description power-supply

{[

dual

]} |

Enable monitoring of dual power supplies

Command Modes

PerleSCR(config)#power-supply

IOLAN SCR Command Line Reference Guide

199

Global Configuration Mode

Examples

To enable monitoring of both power supplies.

PerleSCR(config)# power-supply dual<cr>

radius radius

{[

server

<radius-server-name>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description radius server

{[

server

<radius-server-name>

]}

Specify the name of the Radius server

Command Modes

PerleSCR(config)#radius

Examples

This example shows you set the radius server name.

PerleSCR(config)# radius server testrad<cr>

Related Commands

clear radius

show radius

(config-radius-server)#

{[

address ipv4

<A.B.C.D>

acct-port

<0-65536> |

auth-port

<0-65536>

] | [

key 0 |

7 |

<word>

] | [

retransmit

<1-100>

] | [

timeout

<1-1000>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-radius-server)#

{[

address ipv4

<A.B.C.D>

acct-port

<0-

65536> |

auth-port

<0-65536>

] |

[

key 0 | 7 |

<word>

] |

Specify the Radius server address.

Specify an encryption key to be shared with the Radius servers.

retransmit

<1-100>

]

Specify the number of retries to the active server

[

timeout

<1-1000>

]}

Specify the time to wait for

Radius server to reply.

Command Modes

PerleSCR(config)#

IOLAN SCR Command Line Reference Guide

200

IOLAN SCR Command Line Reference Guide

Global Configuration Mode

Examples

This example sets the timeout to 5 minutes for a predefined Radius server.

PerleSCR(config-radius-server)# timeout 5<cr>

Related Commands

clear radius

show radius

radius-server radius-server

100>

] |

timeout

{[

deadtime <1-1440>

<1-1000>

]}

] | [

key 0 | 7 |

<word>

] | [

retransmit

Use the no form of this command to negate a command or set its defaults.

<1-

Syntax Description radius-server

{[

deadtime <1-1440>

] |

Specify a time to stop using a server that doesn’t respond.

[

key 0 | 7 |

<word>

] |

Specify the encryption key to be shared with the Radius servers.

[

retransmit

<1-100>

] |

Number of times to try to connect the radius server.

Default is 3.

timeout

<1-1000>

]}

Wait time for the radius server to respond. Default is 5 seconds.

Command Modes

PerleSCR(config)#

Usage Guidelines

These are the global parameters for Radius. You can set some of these parameter for each Radius server separately.

Examples

This example shows you how to set deadtime of 5 minutes.

PerleSCR(config)#radius-server deadtime 5<cr>

Related Commands

clear radius

show radius

router-map router-map

{[<

WORD> <1-65535>

deny

<1-65535>

| permit

<1-65535>

]}

201

Global Configuration Mode

Use the no form of this command to negate a command or set its defaults.

Syntax Description router-map

{[

WORD> <1-65535>

deny | permit

]}

Insert, delete, deny or permit from existing route map table.

Command Modes

PerleRouter(config)#router-map

Usage Guidelines

Create route maps or enter route map command mode.

Examples

This example creates a route map called test-route.

PerleSCR(config)#route-map test-route<cr>

Related Commands

show route-map

(config-route-map)#

{

[

call

<WORD>

] |

[

continue

<1-65535>

[

description

<LINE>

] |

] |

[

match | as-path

<WORD>

| community

<1-500>

| extcommunity

<1-500>

| interface bvi

<1-9999>

| dialer

<0-15>

| ethernet

<1-18> . <1-4000>

| openvpntunnel

<0-999>

| tunnel

<0-999>

| [ip address

<1-199>

|

<1300-2699>

| prefix-list]

| [ipv6

<WORD>

| prefix-list] | metric

<1-4294967295>

| [origin egp | igp | unknown] | peer

<A.B.C.D>

| tag

<1-65535>

] |

[

on-match goto <1-65535> | next

] |

[

set aggregator as

<1-4294967295> <A.B.C.D>

| as-path exclude

<1-4294967295>

| prepend

<1-4294967295>

| atomic -aggregate | comm-list

<1-500>

delete |

[community

<1-4294967295> | <AA:NN>

| internet | local-as | no-advertise | no export] | extended-community rt

<AA:NN>

| soo

<AA:NN>

| ip nexthop

<A.B.C.D>

| [ipv6 nexthop global

<X:X:X:X::X>

| local

<X:X:X:X::X>

] | localpreference

<0-4294967295>

| metric

<1-4294967295>

| [metric-type

type-1 | type-

2

] | [origin epg | igp | unknown] | originator-id

<A.B.C.D>

| src

<A.B.C.D>

| tag

<1-65535>

| weight

<0-4294967295>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-route-map)#

{

[

call

<WORD>

] |

Jump to another route-map after match-set

IOLAN SCR Command Line Reference Guide

202

Global Configuration Mode

[

continue

<1-65535>

] |

[

match | as-path

<WORD>

| community

<1-500>

| extcommunity

<1-500>

| interface bvi

<1-9999>

| | dialer

<0-15>

| | ethernet

<1-18> . <1-4000>

| openvpntunnel

<0-999>

| tunnel

<0-999>

| [ip address

<1-199>

|

<1300-2699>

| prefixlist] | [ipv6

<WORD>

| prefix-list] | metric

<1-4294967295>

| [origin egp | igp | unknown] | peer

<A.B.C.D>

| tag

<1-

65535>

] |

[

on-match goto <1-65535> | next

] |

[

set aggregator as

<1-4294967295>

<A.B.C.D>

| as-path exclude

<1-

4294967295>

| prepend

<1-4294967295>

| atomic -aggregate | comm-list

<1-500>

delete | [community

<1-4294967295> |

<AA:NN>

| internet | local-as | noadvertise | no export] | extendedcommunity rt

<AA:NN>

| soo

<AA:NN>

| ip nexthop

<A.B.C.D>

| [ipv6 nexthop global

<X:X:X:X::X>

| local

<X:X:X:X::X>

] | local-preference

<0-

4294967295>

| metric

<1-4294967295>

|

[metric-type

type-1 | type-2

] | [origin epg | igp | unknown] | originator-id

<A.B.C.D>

| src

<A.B.C.D>

| tag

<1-65535>

| weight

<0-

4294967295>

]}

Command Modes

Continue on a different entry within the route-map.

Match values from routing table.

Exit policy on matches.

Set values in destination routing protocol.

PerleSCR(config-route-map)#

Usage Guidelines

Set up route map configuration parameters.

Examples

This rule defines a match rule for community list BGP 50.

PerleSCR(config-route-map)#match community 50 <cr>

Related Commands

router

router router

{[

bgp

<1-4294967295>

|

ospf

|

rip

]}

IOLAN SCR Command Line Reference Guide

203

Global Configuration Mode

Use the no form of this command to negate a command or set its defaults.

Syntax Description router

{[

bgp

<1-4294967295>

|

Broader Gateway Protocol (BGP) is an independent routing protocol that is used exclusively for the internet. If using your router to connect to the internet, bgp should be enabled.

[

ospf

|

Open Shortest Path First (ospf) is a protocol used to find the best paths for packets as they pass through a set of connected networks. OSFP was designed to replace the RIP protocol as it optimizes the updating up of the routing table. OSPF should be enabled on your IOLAN.

rip

]}

Routing Information Protocol

(rip). Older protocol for finding the shortest path for routing information using a routing metric/hop count algorithm. RIP should be enabled on your

IOLAN if there are older routers on your network that need to use

RIP.

Command Modes

PerleSCR(config)#

Usage Guidelines

Select the routing protocol for your IOLAN.

Examples

This example sets the routing protocol to BGP.

PerleSCR(config)# router bgp 10<cr>

Related Commands

show bgp

show ip ospf

show ip rip

(config-router)#

{

[

bgp [address-family ipv4 | ipv6 unicast]

] |

[

aggregate address

<A.B.C.D>

<A.B.C.D>

as-set | summary-only]

] |

[

bgp always-compare-med

|

[bestpath as-

IOLAN SCR Command Line Reference Guide

204

Global Configuration Mode

path | confed | ignore] | compare-router-id | med confed | missing-as-worst]

|

[client-to-client reflection] | cluster-id

<1-4294967295>

| confederation identifier

<1-4294967295>

|

peers

<1-4294967295> <1-4294967295>

| dampening

<1-45>

|

<1-20000>

|

<1-20000>

|

<1-255>

| deterministic-med | enforce-first-as | fastexternal-failover | graceful-restart stalepath-time

<1-3600>

| log-neighborchanges | network import-check | router-id

<A.B.C.D>

| scan-time

<5-60>

] |

[

distance

<1-255>

bgp distance

<1-255> <1-255> <1-255>

] |

[

maximum-paths <1-255> ibgp

] |

[

neighbour

<A.B.C.D> <X:X:X:X::X>

advertisement-interval

<0-600>

| allowasin

<1-10>

| asoverride | [attribute-unchanged as-path | med | next-hop] |

[capability dynamic | orf prefix-list both | receive | send] | default originate route-map

<NAME>

| description

<LINE>

| [disable-connected-check | distributed-list

<1-99>

in | out

<1300-2699>

in | out] | dont’t-capabilitynegotiate | ebgp-multihop

<1-255>

| filter-list

<WORD>

| local-as

<1-

4294967295>

no-prepend | maximum-prefix

<1-4294967295>

| next-hop-self | override-capability | passive | password

<LINE>

| port

<1-65535>

| prefix-list

<WORD>

| remote-as

<1-4294967295>

| remove-private-as | [route-map

<WORD>

in | out] | route-reflector -client | route-server-client | [sendcommunity both | extended | standard] | shutdown | soft-reconfiguration | strictcapability-match | timers connect | ttl-security | unsuppress-map | update-source

| weight

]

|

[

passive-interface bvi

<1-9999>

| | dialer

<0-15>

| | ethernet

<1-18> . <1-4000>

| openvpn-tunnel

<0-999>

| tunnel

<0-999>

]}

] |

[

network

<A.B.C.D> <A.B.C.D>

| backdoor | route-map

<WORD>

] |

[

redistribute connected | kernel | ospf | rip | static | metric

<1-4294967295>

| route-map

<WORD>

] |

[

timers bgp

<0-65535> <0-65335>

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-router)#

{

[

bgp [address-family ipv4 | ipv6 unicast]

] |

Enter address family mode.

aggregate address

<A.B.C.D> <A.B.C.D>

asset | summary-only]

] |

Configure BGP aggregate entries.

IOLAN SCR Command Line Reference Guide

205

Global Configuration Mode

[

bgp always-compare-med

|

[bestpath aspath | confed | ignore] | compare-router-id | med confed | missing-as-worst]

|

[client-toclient reflection] | cluster-id

<1-4294967295>

| confederation identifier

<1-4294967295>

|

peers

<1-4294967295> <1-4294967295>

| dampening

<1-45>

|

<1-20000>

|

<1-20000>

|

<1-255>

| deterministic-med | enforce-first-as

| fast-external-failover | graceful-restart stalepath-time

<1-3600>

| log-neighborchanges | network import-check | router-id

<A.B.C.D>

| scan-time

<5-60>

] |

[

distance

<1-255>

bgp distance

<1-255> <1-

255> <1-255>

] |

[

maximum-paths <1-255> ibgp

] |

[

neighbour

<A.B.C.D> <X:X:X:X::X>

advertisement-interval

<0-600>

| allowas-in

<1-10>

| asoverride | [attribute-unchanged as-path | med | next-hop] | [capability dynamic | orf prefix-list both | receive | send] | default originate route-map

<NAME>

| description

<LINE>

| [disable-connectedcheck | distributed-list

<1-99>

in | out

<1300-

2699>

in | out] | dont’t-capability-negotiate | ebgp-multihop

<1-255>

| filter-list

<WORD>

| local-as

<1-4294967295>

no-prepend | maximum-prefix

<1-4294967295>

| next-hopself | override-capability | passive | password

<LINE>

| port

<1-65535>

| prefix-list

<WORD>

| remote-as

<1-4294967295>

| remove-private-as | [route-map

<WORD>

in | out] | route-reflector -client | route-serverclient | [send-community both | extended | standard] | shutdown | soft-reconfiguration | strict-capability-match | timers connect | ttlsecurity | unsuppress-map | update-source | weight

]

|

[

network

<A.B.C.D> <A.B.C.D>

| backdoor | route-map

<WORD>

] |

[

passive-interface bvi

<1-9999>

| | dialer

<0-

15>

| | ethernet

<1-18> . <1-4000>

| openvpntunnel

<0-999>

| tunnel

<0-999>

] |

Set parameters for BGP.

Define administrative distances.

Forward packets over multiple paths.

Set neighbor configuration parameters.

Specify a network to announce via BGP.

Suppress routing updates on an interface.

IOLAN SCR Command Line Reference Guide

206

Global Configuration Mode

[

redistribute connected | kernel | ospf | rip | static | metric

<1-4294967295>

| route-map

<WORD>

] |

[

timers bgp

<0-65535> <0-65335>

]}

Command Modes

Redistribute information from another routing protocol.

Adjust routing timers.

PerleSCR(config-router)#

Usage Guidelines

Set up parameters for BGP protocol.

Examples

This example sets BGP timers keepalive to 10 and hold time to 20 seconds.

PerleSCR(config)#<cr>timers bgp 10 20 <cr>

Related Commands

show bgp

(config-router)#

{

[

ospf area

<0-4294967295>

|

<A.B.C.D>

authentication message-digest | default-cost

<1-6777215>

| nssa no-summary | translate |-always | translatecandidate | translate-never | range

<A.B.C.D> <A.B.C.D>

advertise | notadvertise cost

<0-16777215>

| substitute

<A.B.C.D> <A.B.C.D>

cost

<0-

16777215>

| [shortcut enable | disable | default] | stub no-summary | [virtual-link

<A.B.C.D>

authentication-key

<WORD>

| message-digest message-digest-key

<1-255>

md5

<LINE>

| null] | dead-interval

<1-65535>

| hello-interval

<1-65535>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

] |

[

auto-cost reference-bandwidth

<1-4294967>

] |

[

capability opaque

] |

[

compatibility rfc1583

] |

[

default-information originate always | metric

<0-16777214>

| metric-type

<1-2>

| route-map

<WORD>

] |

[

default-metric

<0-16777214>

] |

[

max-metric router-lsa administrative | on-shutdown

<5-86400>

| on-startup

<5-

86400>

] |

[

neighbor poll-interval

<1-65535>

| priority

<0-255>

[

network

<A.B.C.D> <A.B.C.D>

area

<0-4294967295>

[

passive-interface bvi

<1-9999>

| | dialer

<0-15>

| | ethernet

<1-18> . <1-4000>

| openvpn-tunnel

<0-999>

| tunnel

<0-999>

route-map

<WORD>

] |

[

refresh timer

<5-1800>

] |

] |

] |

] |

[

redistribute connected | kernel | ospf | rip | static | metric

<1-4294967295>

|

IOLAN SCR Command Line Reference Guide

207

Global Configuration Mode

[

router-id

<A.B.C.D>

] |

[

timers throttle spf

<1-600000> <1-600000><1-600000>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-router)#

{

[

ospf area

<1-4294967295>

|

<A.B.C.D>

authentication message-digest | defaultcost

<1-6777215>

| nssa no-summary | translate |-always | translate-candidate | translate-never | range

<A.B.C.D>

<A.B.C.D>

advertise | not-advertise cost

<0-16777215>

| substitute

<A.B.C.D>

<A.B.C.D>

cost

<0-16777215>

| [shortcut enable | disable | default] | stub nosummary | [virtual-link

<A.B.C.D>

authentication-key

<WORD>

| messagedigest message-digest-key

<1-255>

md5

<LINE>

| null] | dead-interval

<1-65535>

| hello-interval

<1-65535>

| retransmitinterval

<1-65535>

| transmit-delay

<1-

65535>

] |

[

auto-cost reference-bandwidth

<1-

4294967>

] |

[

capability opaque

] |

[

compatibility rfc1583

] |

Specify OSPF area parameters.

Calculate OSPF interface cost according to bandwidth.

Enable opaque feature.

OSPF compatibly list.

[

default-information originate always | metric

<0-16777214>

| metric-type

<1-2>

| route-map

<WORD>

] |

[

default-metric

<0-16777214>

] |

Control distribution of default information.

Set metric of redistributed routes.

Define administrative distance.

[

max-metric router-lsa administrative | onshutdown

<5-86400>

| on-startup

<5-

86400>

] |

[

neighbor poll-interval

<1-65535>

| priority

<0-255>

] |

[

network

<A.B.C.D> <A.B.C.D>

area

<0-

4294967295>

]

Specify a neighbor router.

Specify a network to enable IP routing.

[

passive-interface bvi <1-9999> | | dialer

<0-15>

| | ethernet

< <1-18> . <1-4000>

| tunnel

<0-999>

] |

Suppress routing updates on an interface.

IOLAN SCR Command Line Reference Guide

208

[

redistribute connected | kernel | ospf | rip | static | metric

<1-4294967295>

| route-map

<WORD>

] |

[

refresh timer

<5-1800>

] |

[

router-id

<A.B.C.D>

] |

[

timers throttle spf

<1-600000> <1-

600000><1-600000>

]}

Command Modes

Usage Guidelines

Set up parameters for OSPF protocol.

Examples

This example sets opaque feature for OSPF.

PerleSCR(config)#capability opaque<cr>

Related Commands

show ip ospf

Global Configuration Mode

Redistribute information from other routing protocol.

Adjust refresh timers.

Router ID for this OSPF process.

Adjust routing timers.

PerleSCR(config-router)#

(config-router)#

{

[

rip default-information originate

] |

[

default-metric

<1-16>

[

distance

<1-255>

] |

] |

[

distribution-list

<1-99>

in | out bvi <1-9999> | | dialer

<0-15>

| | ethernet

<1-

18> . <1-4000>

| openvpn-tunnel

<0-999>

| tunnel

<0-999>

|

<1300-2699>

in | out bvi <1-9999> | | dialer

<0-15>

| | ethernet

<1-18> . <1-4000>

| openvpn-tunnel

<0-999>

| tunnel

<0-999>

prefix

<WORD>

in | out bvi <1-9999> | | dialer

<0-15>

| | ethernet

<1-18> . <1-4000>

| openvpn-tunnel

<0-999>

| tunnel

<0-999>

[

neighbor

<A.B.C.D>

] |

] |

[

network

<A.B.C.D> <A.B.C.D>

] |

[

passive-interface bvi

<1-9999>

| | dialer

<0-15>

| | ethernet

<1-18> . <1-4000>

| openvpn-tunnel

<0-999>

| tunnel

<0-999>

] |

[

redistribute connected | kernel | ospf | rip | static | metric

<1-4294967295>

| route-map

<WORD>

] |

[

timers basic

<5-2147483>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-router)#

IOLAN SCR Command Line Reference Guide

209

Global Configuration Mode

[

rip default-information originate

[

default-metric

<1-16>

] |

] |

Control distribution of default information.

Set the metric for redistributed routes.

Set the administrative distance.

[

distance

<1-255>

] |

[

distribution-list

<1-99>

in | out bvi <1-

9999> | | dialer

<0-15>

| | ethernet

<1-18>

. <1-4000>

| openvpn-tunnel

<0-999>

| tunnel

<0-999>

|

<1300-2699>

in | out bvi

<1-9999>

| | dialer

<0-15>

| | ethernet

<1-

18> . <1-4000>

| openvpn-tunnel

<0-999>

| tunnel

<0-999>

| prefix

<WORD>

in | out bvi <1-9999> | | dialer

<0-15>

| | ethernet

<1-18> . <1-4000>

| openvpn-tunnel

<0-

999>

| tunnel

<0-999>

] |

[

neighbor

<A.B.C.D>

] |

[

network

<A.B.C.D> <A.B.C.D>

] |

Filter networks in routing updates.

Specify a neighbor router.

|

[

passive-interface bvi

<1-9999>

| | dialer

<0-15>

| | ethernet

<1-18> . <1-4000>

| openvpn-tunnel

<0-999>

| tunnel

<0-999>

]

[

redistribute connected | kernel | ospf | rip | static | metric

<1-4294967295>

| route-map

<WORD>

] |

[

timers basic

<5-2147483>

]}

Enable routing on a IP network.

Suppress routing updates on an interface.

Redistribute information from other routing protocol.

Command Modes

Interval between updates for

RIP.

PerleSCR(config-router)#

Usage Guidelines

Set parameters for RIP protocol.

Examples

This example sets timer for RIP updates to every 5 minutes.

PerleSCR(config)#timers basic 5 <cr>

Related Commands

router

IOLAN SCR Command Line Reference Guide

210

Global Configuration Mode

router-map router-map

{[<

WORD> <1-65535>

deny

<1-65535>

| permit

<1-65535>

Use the no form of this command to negate a command or set its defaults.

]}

Syntax Description router-map

{[

WORD> <1-65535>

deny | permit

]}

Insert, delete, deny or permit from existing route map table.

Command Modes

PerleRouter(config)#router-map

Usage Guidelines

Create route maps or enter route map command mode.

Examples

This example creates a route map called test-route.

PerleSCR(config)#route-map test-route<cr>

Related Commands

show route-map

(config-route-map)#

{

[

call

<WORD>

] |

[

continue

<1-65535>

[

description

<LINE>

] |

] |

[

match | as-path

<WORD>

| community

<1-500>

| extcommunity

<1-500>

| interface bvi

<1-9999>

| | dialer

<0-15>

| | ethernet

<1-18> . <1-4000>

| openvpn-tunnel

<0-999>

| tunnel

<0-999>

| [ip address

<1-199>

|

<1300-2699>

| prefix-list] | [ipv6

<WORD>

| prefix-list] | metric

<1-4294967295>

| [origin egp | igp | unknown] | peer

<A.B.C.D>

| tag

<1-65535>

] |

[

on-match goto <1-65535> | next

] |

[

set aggregator as

<1-4294967295> <A.B.C.D>

| as-path exclude

<1-4294967295>

| prepend

<1-4294967295>

| atomic -aggregate | comm-list

<1-500>

delete |

[community

<1-4294967295> | <AA:NN>

| internet | local-as | no-advertise | no export] | extended-community rt

<AA:NN>

| soo

<AA:NN>

| ip nexthop

<A.B.C.D>

| [ipv6 nexthop global

<X:X:X:X::X>

| local

<X:X:X:X::X>

] | localpreference

<0-4294967295>

| metric

<1-4294967295>

| [metric-type

type-1 | type-

2

] | [origin epg | igp | unknown] | originator-id

<A.B.C.D>

| src

<A.B.C.D>

| tag

<1-65535>

| weight

<0-4294967295>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-route-map)#

IOLAN SCR Command Line Reference Guide

211

Global Configuration Mode

{

[

call

<WORD>

] |

[

continue

<1-65535>

] |

[

match | as-path

<WORD>

| community

<1-500>

| extcommunity

<1-500>

| interface bvi

<1-9999>

| | dialer

<0-15>

| | ethernet

<1-18> . <1-4000>

| openvpntunnel

<0-999>

| tunnel

<0-999>

| [ip address

<1-199>

|

<1300-2699>

| prefixlist] | [ipv6

<WORD>

| prefix-list] | metric

<1-4294967295>

| [origin egp | igp | unknown] | peer

<A.B.C.D>

| tag

<1-

65535>

] |

[

on-match goto <1-65535> | next

] |

[

set aggregator as

<1-4294967295>

<A.B.C.D>

| as-path exclude

<1-

4294967295>

| prepend

<1-4294967295>

| atomic -aggregate | comm-list

<1-500>

delete | [community

<1-4294967295> |

<AA:NN>

| internet | local-as | noadvertise | no export] | extendedcommunity rt

<AA:NN>

| soo

<AA:NN>

| ip nexthop

<A.B.C.D>

| [ipv6 nexthop global

<X:X:X:X::X>

| local

<X:X:X:X::X>

] | local-preference

<0-

4294967295>

| metric

<1-4294967295>

|

[metric-type

<type-1> | <type-2>

] | [origin epg | igp | unknown] | originator-id

<A.B.C.D>

| src

<A.B.C.D>

| tag

<1-

65535>

| weight

<0-4294967295>

]}

Command Modes

Jump to another route-map after match-set

Continue on a different entry within the route-map.

Match values from routing table.

Exit policy on matches.

Set values in destination routing protocol.

PerleRouter(config-route-map)#

Usage Guidelines

Set up route map configuration parameters.

Examples

This rule defines a match rule for community list BGP 50.

PerleSCR(config-route-map)#match community 50 <cr>

Related Commands

router

IOLAN SCR Command Line Reference Guide

212

Global Configuration Mode

sdm sdm

{[

prefer default | dual-ipv4-and-ipv6 default

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description sdm

{[

prefer default | dual-ipv4-and-ipv6 default

]}

The sdm command is used to set IP protocols on your router.

Command Default

Command Modes

sdm perfer dual-ipv4-and-ipv6

(both IPV4 and IPV6 enabled)

PerleRouter(config)#sdm

Usage Guidelines

By default the IOLAN is set to enable both IPv4 and IPV6.

Examples

This example shows you how to set your IOLAN to IPV4 only.

PerleRouter(config)# sdm prefer default<cr>

Related Commands

show running-config

{[

all

]}

serial serial

{[

accounting

<WORD>

| default

] |

[

advanced [break off | on] | data_logging_buffer_size

<1-2000>

| [flush-on-close off | on] | [line-menu-string

<WORD>

] |[monitor-connection-every

<1-32767>

] | monitor-connection-number

<1-32767>

] | monitor-connection-timeout

<1-

32767>

| single-telnet off | on]

] |

[

authentication aaa login-authentication

<WORD>

| default

] |

[

authorization exec

<WORD>

| default

] |

[

modbus gateway addr-mod embedded | re-mapped] | [broadcast on | off] | chartimeout

<10-10000>

| [exceptions off | on] | [idle-timer

<0-300>

] | [ip-aliasing off

| on] | mess-timeout

<10-10000>

| next-req-delay

<0-1000>

| port

<1-65535>

| remapped-id

<1-247>

| [req- off | on]

|

[ssl on | off]

|

[

port buffering key-stroke-buffering on | off] | mode both | local | off | remote | nsf-directory

<WORD>

| nfs-encryption off | on | [nfs-host

<A.B.C.D> <WORD>

<X:X:X:X::X>

] | syslog [level alert | critical | emergency | error | info | notice | warning] | off | on] | [time-stamp off | on] | view-port-buffer-string

<WORD>

] |

IOLAN SCR Command Line Reference Guide

213

Global Configuration Mode

[

trueport [remap 110 | 1200 | 134 | 150 | 1800 | 19200 | 200 | 2400 | 300 | 38400 |

4800 | 50 | 600 | 75 | 9600]

|

[|115200 | 1200 | 1800 | 19200 | 23400 | 2400 | 38400 |

4800 | 57600 | 600 | 9600 | custom

] |

[

vmodem-phone entry

<1-8>

phone-number

<phone -number>

| host

<A.B.C.D>

<WORD> <X:X:X:X::X> <tcp-port>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description serial

{[

accounting

<WORD>

| default

] |

Accounting parameters.

[

advanced [break off | on] | data_logging_buffer_size

<1-2000>

| [flushon-close off | on] | [line-menu-string

<WORD>

] | [monitor-connection-every

<1-

32767>

] | monitor-connection-number

<1-

32767>

] | monitor-connection-timeout

<1-

32767>

| single-telnet off | on]

] |

[

authentication aaa login-authentication

<WORD>

| default

] |

[

authorization exec

<WORD>

| default

] |

Sets advanced features for serial devices.

Default for line-menu-string is

~menu

Authentication parameters.

Authorization parameters.

[

modbus gateway addr-mod embedded | remapped] | [broadcast on | off] | char-timeout

<10-10000>

| [exceptions off | on] | [idle-timer

<0-300>

] | [ip-aliasing off | on] | mess-timeout

<10-10000>

| next-req-delay

<0-1000>

| port

<1-65535>

| remapped-id

<1-247>

| [req- off | on]

|

[ssl on | off]

] |

[

port buffering key-stroke-buffering on | off] | mode both | local | off | remote | nsf-directory

<WORD>

| nfs-encryption off | on | [nfs-host

<A.B.C.D> <WORD> <X:X:X:X::X>

] | syslog

[level alert | critical | emergency | error | info | notice | warning] | off | on] | [time-stamp off | on] | view-port-buffer-string

<WORD>

] |

[

trueport [remap 110 | 1200 | 134 | 150 | 1800 |

19200 | 200 | 2400 | 300 | 38400 | 4800 | 50 | 600

| 75 | 9600] | 115200 | 1200 | 1800 | 19200 |

23400 | 2400 | 38400 | 4800 | 57600 | 600 | 9600

| custom

] |

Sets modbus gateway parameters.

Set port buffering parameters.

Sets remap baud rates for

Trueport devices.

IOLAN SCR Command Line Reference Guide

214

Global Configuration Mode

[

vmodem-phone entry

<1-8>

phone-number

<phone -number>

| host

<A.B.C.D> <WORD>

<X:X:X:X::X> <tcp-port>

]}

Command Modes

Sets parameters for virtual modem.

PerleRouter(config)#serial

Usage Guidelines

Serial advanced feature settings

Examples

This example will set the vmodem phone number to 416-666-9900 for host

172.16.77.88.

PerleSCR(config)#serial vmodem entry 1 phone-number 416-666-9900 host

172.16.77.88.

Related Commands

serial

service service

{[

dhcp relay-agent | server

] | [

sequence-numbers datetime | localtime | msec | showtime-zone | year

] |

uptime

] |

]}

[

timestamps log

Use the no form of this command to negate a command or set its defaults.

Syntax Description service

{[

dhcp relay-agent | server

] |

Enable dhcp server or relay agent.

[

sequence-numbers

] |

[

timestamps log datetime | localtime | msec | showtime-zone | year

]

| uptime

]}

Command Modes

Stamp the logger messages with a sequence number.

Timestamp with date and time.

Timestamp with system uptime.

PerleRouter(config)#service

Usage Guidelines

Set parameters for DHCP relay-agent or server.

Examples

This example shows you how to add date, time and year to log messages.

PerleSCR(config)# service timestamp log datetime localtime year<cr>

IOLAN SCR Command Line Reference Guide

215

Global Configuration Mode

Related Commands

show logging

snmp-server

[

smnp-server ro

|

rw

]

contact

{[

community

<WORD>

[

ip-access

<A.B.C.D> | <X:X:X:X::X:X> |

| [network [

<LINE>

<A.B.C.D> | <A.B.C.D>

]

|

[

<X:X:X:X::X:X>

]

]

|

[

enable traps | [alarms

<2 | 3>

| major | minor] | authentication | bgp | entity | envon | ipsec | openvpn | ospf | snmp

]

|

[

engine-id local

<TEXT>

]

|

[

group

<WORD>

]

|

[

[host

<A.B.C.D> <X:X:X:X::X:X> <WORD>

| udp-port

<0-65535>

] | [version 2c udp-port

<0-65535>

] | [3 auth | informs | noauth | prv | traps]

]

|

[

location

<WORD>

]

|

[

listen-address

<A.B.C.D> <X:X:X:X::X:X>

udp-port

<0-65535>

]

|

[

user

<WORD> <WORD>

v3 [auth md5 | sha

<WORD>

priv aes | des

<WORD>

]

[encrypted auth md5

<WORD>

priv aes

<WORD>

| sha

<WORD>

]

|

[

view

<WORD>

excluded

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description snmp-server

{[

community

<WORD>

[

ip-access

<A.B.C.D> | <X:X:X:X::X:X> |

ro

|

rw

[network [

<A.B.C.D> | <A.B.C.D>

]

|

[

<X:X:X:X::X:X>

]

]

|

]

|

Set community strings and access privileges.

Maximum value is 64 bytes

[

contact

<LINE>

]

|

Type in the contact name. (mib object sysContact).

[

enable traps | [alarms

<2 | 3>

| major | minor] | authentication | bgp | cellular-gnss

| cellular-lte | dot11 | entity | envon | ipsec | openvpn | ospf | snmp

]

|

[

engine-id

<text>

]

|

Enables trap messages to go to your snmp server.

Engine ID of the local or remote SNMPv3 agent.

[

group

<WORD>

] |

Define a SNMPv3 user security model.

[

[host

<A.B.C.D> <X:X:X:X::X:X>

<WORD>

udp-port

<0-65535>

] | [version

2c

<WORD>

udp-port

<0-65535>

] | [3 auth

| informs | noauth | prv | traps]

] |

Specify hosts to receive SNMP notifications

IOLAN SCR Command Line Reference Guide

216

Global Configuration Mode

[

location

<LINE>

] |

[

listen-address

<A.B.C.D> <X:X:X:X::X:X>

udp-port

<0-65535>

] |

[

user

<WORD> <WORD>

v3 [auth md5 | sha

<WORD>

priv aes | des

<WORD>

]

[encrypted auth md5

<WORD>

priv aes

<WORD>

| sha

<WORD>

]

|

[

view

<WORD>

excluded

<WORD>

]}

Type text for MIB object sysLocation

Address to listen on for incoming requests.

Configure options for SNMP

V3 user.

Define an SNMPv3 MIB family view,

Exclude this family MIB from the view.

PerleSCR(config)#snmp-server

Command Modes

Examples

This example will set community name to public and contact person to admin, then enable trap messages for authentication.

PerleSCR(config)#community public<cr>

PerleSCR(config)#snamp-server contact admin<cr>

PerleSCR( config)#snmp-server enable traps authentication<cr>

Related Commands

show snmp

tacacs tacacs

{[

server

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description tacacs

{[

server

<WORD>

]}

Specify the name of the TACACS server.

Command Modes

PerleSCR(config)#tacacs

Examples

This example specifies the name of the TACACS server as TACTEST.

PerleSCR(config)#tacacs server TACTEST<cr>

Related Commands

clear tacacs

show tacacs

IOLAN SCR Command Line Reference Guide

217

tty

Global Configuration Mode

(config-tacacs-server)#

{[

address ipv4 <

hostname

|

<A.B.C.D>

| ipv6

<hostname

|

X:X:X:X::X> < key 0 |

7 | WORD>

| [

timeout

<1-1000>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-tacacs-server)#

{[

address ipv4 <

hostname

|

<A.B.C.D>

| ipv6

<hostname

|

X:X:X:X::X> < key 0 | 7 |

WORD>

|

[

key 0 | 7 |

<WORD>

] |

Set the IPv4 or IPv6 address for your TACACS server.

Set the encryption key to be shared with the TACACS server.

[

timeout

<1-1000>

]}

Set the timeout if the TACACS server doesn’t respond,

Command Modes

PerleRouter(config-tacacsserver)#

Usage Guidelines

Set up parameters for your TACACS server.

Examples

This example shows you how to set the IPv4 address for your TACACS server.

PerleRouter(config-tacacs-server)# address ipv4 172.17.88.99<cr>

Related Commands

tacacs

clear tacacs

show tacacs

tty

{[

<1-16> ,<1-16>

mode disable | line

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description tty

{[

<1-16> ,<1-16>

mode disable | line

]}

Select the mode for the serial port.

Command Default

Console

PerleSCR(config)#tty

Command Modes

Usage Guidelines

Changed the mode of the tty port.

IOLAN SCR Command Line Reference Guide

218

Global Configuration Mode

Examples

This example set tty port 1 to line mode.

PerleSCR(config)#tty 1 mode line<cr>

username username factor

]}

{[

<WORD>

nopassword | privilege

1

|

15

| secret | serial | two-

Use the no form of this command to negate a command or set its defaults.

Syntax Description username

{[

<WORD>

nopassword | privilege

1

|

15

| secret | serial | two-factor

]}

Add local user names and passwords

Command Modes

PerleSCR(config)#username

Usage Guidelines

Command Options

Privilege level

1 specifies user privilege level (user exec)

15 specifies privilege exec level (privilege exec)

Secret

0 - Specifies that an UNENCRYPTED password will follow.

7 Specifies an ENCRYPTED password will follow

LINE - the UNENCRYPTED (cleartxt) password.

Examples

This example creates a user with user exec privileges and a clear text password.

PerleSCR(config)#username lyn privilege 1 secret password123<cr>

Related Commands

show users

(config-user-serial)#

{[

callback off | on

] | [

framed-compression off | on

] |

[

framed-interface-id

<ipv6 interfac id>

] |

[

framed-ip

<A.B.C.D>

] |

[

framed-mtu

<64-1500>

] |

[

host-ip

<Hostname>

|

<A.B.C.D>

|

<X:X:X:X::X>

] |

[

hotkey-prefix

<1-ff>

] |

[

idle-timer

<0-4294967>

] |

[

line-access readin

<1-8> <17-24>

| readout

<1-8> <17-24>

| readwrite

<1-8>

<17-24>

] |

IOLAN SCR Command Line Reference Guide

219

Global Configuration Mode

[

netmask

<A.B.C.D>

] |

[

phone-number

<phone-number> <A.B.C.D>

] |

[

port ssh

<1-65535>

| ssl_raw

<1-65535>

| tcp-clear

<1-65535>

| telnet

<1-

65535>

] |

[

routing listen | none | send | send-and-listen

] |

[

service dsprompt | ppp | rlogin | slip | ssh | ssl-raw | tcp-clear | telnet

] | [

sesstimer

<0-4294967>

] |

[

session

<1-4>

[auto off | on] | [rlogin-options host

<hostname> | <A.B.C.D> |

<X:X:X:X::X>

| termtype

<WORD>

] | ssh-options | telnet-options echo

<0-0x7f>

| eof

<0-0x7f>

| erase

<0-0x7f>

| escape

<0-0x7f>

| host

<hostname> | <A.B.C.D> |

<X:X:X:X::X>

| intr

<0-0x7f>

| [line-mode off | on] | [local-echo off | on] | [mapcr-crlf on | off] | port

<1-65535>

| quit

<0-0x7f>

| termtype

<WORD>

] |

type [off | rlogin | ssh | telnet]

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-user-serial)#

{[

callback off | on

] |

Set the port for callback mode.

[

framed-compression off | on

] |

When enabled, Van

Jacobson Compression is used on this port.

[

framed-interface-id

<ipv6 interface id>

] |

IPv6 interface identifier.

The second part of an IPv6 unicast or anycast address is typically a 64-bit interface identifier used to identify a host's network interface.

For example, if the MAC address of a nework card is

00:BB:CC:DD:11:22 the interface ID would be

02BBCCFFFEDD1122

[

framed-ip

<A.B.C.D>

] |

[

framed-mtu

<64-1500>

] |

IPv4 address

Specify Maximum

Transmission Unit size.

Default is 1500

Values are 64 -1500

[

host-ip

<Hostname> | <A.B.C.D> |

<X:X:X:X::X>

] |

Specify a hostname, IPv4 or IPv6 address.

IOLAN SCR Command Line Reference Guide

220

[

hotkey-prefix

<1-ff>

] |

Global Configuration Mode

The prefix that a user types to control the current session.

Data Options:

IOLAN SCR Command Line Reference Guide

221

Global Configuration Mode

^a number – To switch from one session to another, press ^a (Ctrla) and then the required session number. For example, ^2 would switch you to session 2.

Pressing ^a 0 will return you to the router Menu.

^a n –Display the next session. The current session will remain active. The lowest numbered active session will be displayed.

^a p – Display the previous session. The current session will remain active. The highest numbered active session will be displayed.

^a m – To exit a session and return to the router.

You will be returned to the menu. The session will be left running.

^a l – (Lowercase L)

Locks the serial port until the user unlocks it.

The user is prompted for a password (any password, excluding spaces) and the serial port is locked. The user must retype the password to unlock the serial port.

^r – When you switch from a session back to the Menu, the screen may not be redrawn correctly. If this happens, use this command to redraw it properly. This is always

Ctrl R, regardless of the

Hotkey Prefix.

IOLAN SCR Command Line Reference Guide

222

[

idle-timer

<0-4294967>

] |

[

line-access readin

<1-8> <17-24>

| readout

<1-8> <17-24>

| readwrite

<1-8>

<17-24>

] |

[

netmask

<A.B.C.D>

] |

[

phone-number

<phone-number>

<A.B.C.D>

] |

[

port ssh

<1-65535>

| ssl_raw

<1-65535>

| tcp-clear

<1-65535>

| telnet

<1-65535>

] |

Global Configuration Mode

The User Hotkey Prefix value overrides the Serial

Port Hotkey Prefix value.

You can use the Hotkey

Prefix keys to lock a serial port only when the serial port’s Allow Port locking parameter is enabled.

Default is Hex 01 (Ctrl -a or ^a)

Specify a session inactivity timer in seconds.

Default is 0 seconds so the port will never timeout.

Values are 0-4294967 seconds

Specify the access for the serial lines.

IPv4 netmask

Enter the call back phone number.

Specify the service to be used for outbound sessions on this port.

 ssh

 ssl-raw tcp-clear telnet

IOLAN SCR Command Line Reference Guide

223

Global Configuration Mode

[

[

[

routing listen | none | send | send-andlisten

]

service

|

dsprompt | ppp | rlogin | slip | ssh

| ssl-raw | tcp-clear | telnet sess-timer

<0-4294967>

]

]

|

|

[

session

<1-4>

[auto off | on] | [rloginoptions host

<hostname> | <A.B.C.D> |

<X:X:X:X::X>

| termtype

<WORD>

] | sshoptions | telnet-options echo

<0-0x7f>

| eof

<0-0x7f>

| erase

<0-0x7f>

| escape

<0-

0x7f>

| host

<hostname> | <A.B.C.D> |

<X:X:X:X::X>

| intr

<0-0x7f>

| [line-mode off | on] | [local-echo off | on] | [map-cr-crlf on | off] | port

<1-65535>

| quit

<0-0x7f>

| termtype

<WORD>

| type [off | rlogin | ssh

| telnet]

]

}

IOLAN SCR Command Line Reference Guide

Set the routing mode (RIP,

Routing Information

Protocol) used on the

PPP/SLIP interface.

 listen – enable

PPP/SLIP receiving of

RIP none – disable

PPP/SLIP sending and receiving of RIP send – enable PPP/SLIP sending and receivng of

RIP send-and-listen – enable

PP/SLIP sending and receiving of RIP

Set service for outbound sessions.

 dsprompt ppp

 rlogin slip ssh ssl-raw tc-clear telnet

Enter maximum session time in seconds.

Default is 0 seconds so the port will never timeout.

Values are 0-4294967 seconds

Configure parameters for user sessions.

224

Global Configuration Mode

Command Modes

PerleRouter(config-userserial)#

Usage Guidelines

Sets serial parameters for the user.

Examples

This example shows you how to set outbound telnet session for user fred.

PerleRouter(config)#username lyn serial

PerleRouter(config-user-serial)# service telnet<cr>

(config-user-2factor)#

{[

email

<WORD>

] | [

method email

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-user-2factor)#

{[

email

<WORD>

] |

Specific an email address to receive the 2factor authentication request.

[

method email

]}

Select to send 2factor authentication by email.

Command

PerleRouter(config-user-

2factor)#

Usage Guidelines

Set up 2factor authentication for a user.

Examples

This example shows you how to set email authentication for 2factor authentication for user fred

PerleRouter(config)#username fred serial two-factor<cr>

PerleRouter(config-user-2factor)# email [email protected]<cr>

Related Commands

email

wan wan

{[

failover | [high-availability disable | failover | load-sharing] | loadsharing flush-connections | local traffic | rule | source-nat | sticky-inbound

Use the no form of this command to negate a command or set its defaults.

]}

Syntax Description wan

IOLAN SCR Command Line Reference Guide

225

{[

failover | [high-availability disable | failover | load-sharing] | load-sharing flush-connections | local traffic | rule | source-nat | sticky-inbound

]}

Global Configuration Mode

Failover is defined as a mode where 2 or more

WANinterfaces are configured, but only 1 interface is active at a time.

Once IP HEALTH has detected that a WAN interface no longer has internet connectivity, it will

"failover" to the next active

(via IP HEALTH status)

WAN interface.

Note:

IP HEALTH profile(s) (ie. Ping or traceroute tests) and IP-

HEALTH on EACH of the

WAN interfaces, must be configured when using

WAN HIGH-

AVAILABILITY. The IP

HEALTH feature is used to determine whether an WAN interface has internet connectivity (one or more of the ping or traceroute tests MUST pass)

Load Sharing is defined as a mode where you define how routed traffic can be sent over one or more defined active WAN interfaces. Unlike failover mode where ALL routed traffic is cut over to the next highest priority active WAN interface, this mode defines how specific or all traffic is to be shared or divided over multiple active WAN interfaces.

IOLAN SCR Command Line Reference Guide

226

Global Configuration Mode

This is accomplished by defining one or more loadsharing rules.

Flush-connections – enable flushing to flush data on WAN interface outage.

Local traffic – enable all local traffic in the rule.

Rule – configures a load– sharing rule.

Rule – Configures a loadsharing rule.

Source-nat enables/disables source address translation on this rule.

sticky-inbound – enables/disables inbound connection tracking.

PerleSCR(config)#wan

Command Modes

Usage Guidelines

Use Wan commands to configure high availability, failover and load-sharing features.

Related Commands

show wan

zone

{[

security

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description zone

{[

security

<WORD>

]}

Add firewall with zoning.

Command Modes

PerleSCR(config)#zone

Usage Guidelines

Use this command to set zoning options.

Examples

This example creates a zone with the name zonetest.

PerleSCR(config)#zone security zonetest<cr>

IOLAN SCR Command Line Reference Guide

227

Global Configuration Mode

Related Commands

zone-pair

(config-sec-zone)#

{[

[default-action drop | reject] | description

<WORD>

| local-zone

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-sec-zone)#

{[

[default-action drop | reject]

|description

<WORD>

| localzone

]}

Specify the default action for traffic coming into this zone.

Drop will silently drop the packets

Reject will drop and notify the source

Enter a zone description.

Zone to be local-zoned.

Command Modes

PerleSCR(config-sec-zone)#

Usage Guidelines

Use this command to setup firewall zoning.

Examples

This example will show you how to reject all incoming packets to this zone.

PerleSCR(config)# default-action reject<cr>

Related Commands

show zone-policy

zone-pair zone-pair

{[

from

<WORD>

to

<WORD>

firewall

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description zone-pair

{[

from

<WORD>

to

<WORD>

firewall

<WORD>

]}

Specify options for zone pairing.

Command Modes

PerleSCR(config)#zone-pair

Usage Guidelines

Filter traffic from this zone.

IOLAN SCR Command Line Reference Guide

228

Related Commands

zone

Global Configuration Mode

IOLAN SCR Command Line Reference Guide

229

5

Interface configuration

Chapter 5

Interface interface

{[

bvi

<1-9999>

] |

[

dialer

<0-15>

] |

[

ethernet <1-18>

] |

[

loopback

] |

[

openvpn-tunnel

<0-999>

| tap | tun

] |

[

tunnel

<0-999>

] |

[

range ethernet <1-18> , <1-18>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description interface

{[

bvi

<1-9999>

]

|

Specify the bridge interface you want to configure.

[

dialer

<0-15>

] |

Specify the dialer interface you want to configure.

[

ethernet <1-18>

]

|

Specify the Ethernet interface you want to configure.

[

loopback

] |

Specify the loopback interface you want to configure.

[

openvpn-tunnel

<0-999>

tap | tun

] |

Specify a openvpn tunnel you want to configure.

[tunnel

<0-999>

] |

Specify the tunnel you want to configure.

[

range ethernet <1-18> , <1-18>

]}

Specify a Ethernet range you want to configure.

Command Modes

PerleSCR(config))#interface ethernet 1

PerleSCR(config-if)#

Usage Guidelines

Set interface command.

Examples

This example will allow you to config parameters for Ethernet interface 1.

PerleSCR# interface ethernet 1<cr>

IOLAN SCR User’s Guide

230

Interface configuration

Related Commands

(config-if)# bvi

(config-if)# dialer

(config-if) ethernet

(config-if)# openvpn-tunnel

(config-if)# tunnel

(config-if)# bvi

{[

arp disable-arp-filter | enable-arp-accept | enable-arp-announce | enable-arpignore | timeout

<1-2147483>

] |

[

description

<LINE>

] |

[

ip address

<A.B.C.D> <A.B.C.D>

| dhcp [client class-id

<LINE>

auto] | [clientid ethernet <1-18>

|

ascii

<WORD>

| auto | hex

<hex-string>

] | client-id hostname

<WORD>

] |

[

ipsec restrict

] |

]

| ddns service dyndns | use-web skip | url

<WORD>

] | dns dhcp | [firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helper-address

<A.B.C.D>

] | [ospf authentication messagedigest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-

65535>

| hello-interval

<1-65535>

| [message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-to-point | point-tomultipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

[

ipv6 address

<X:X:X:X::X/<0-128>

|

dhcp | firewall in | out | local

<WORD>

|

[nd dad attempt

<0-500>

| managed config-flag | other-config-flag | prefix

<X:X:X:X::X/<0-128> <0-4294967294> |

infinite | [ra dns server

<X:X:X:X::X>

|

[hop-limit <1-255> | unspecified] | [interval

<4-1800> <3-1350>

| lifetime

<0> |

<4-9000>

| suppress] | reachable time

<0-3600000>

| retransmission-time

<0-

3600000>

| router-preference high | low |medium] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| deadinterval

<1-65535>

| hello-interval

<1-65535>

| [message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-to-point

| point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

mtu

<68-1500>

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-65534> |

minpoll

<4-17>

| version

<1-4>

] |

[

role lan |trusted | wan

] |

[

shutdown

] |

IOLAN SCR User’s Guide

231

Interface configuration

[

zone-member security

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-if)# bvi

{[

arp disable-arp-filter | enable-arpaccept | enable-arp-announce | enablearp-ignore | timeout

<1-2147483>

] |

[

description

<LINE>

] |

Customize arp messages for this interface.

Type in a description for this interface.

[

ip address

<A.B.C.D> <A.B.C.D>

| dhcp [client class-id

<LINE>

auto] |

[client-id ethernet <1-18>

|

ascii

<WORD>

| auto | hex

<hex-string>

] | client-id hostname

<WORD>

] |

]

| ddns service dyndns | use-web skip | url

<WORD>

] | dns dhcp | [firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] |

[helper-address

<A.B.C.D>

] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-

65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [messagedigest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | nonbroadcast | point-to-point | point-tomultipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

[

ipsec restrict

] |

Specify IP parameters.

Do not allow ipsec to run on this interface.

IOLAN SCR User’s Guide

232

[

ipv6 address

<X:X:X:X::X/<0-128>

|

dhcp | firewall in | out | local

<WORD>

|

[nd dad attempt

<0-500>

| managed config-flag | other-config-flag | prefix

<X:X:X:X::X/<0-128> <0-4294967294>

|

infinite | [ra dns server

<X:X:X:X::X>

| [hop-limit <1-255> | unspecified] |

[interval

<4-1800> <3-1350>

| lifetime

0 | <4-9000>

| suppress] | reachable time

<0-3600000>

| retransmission-time

<0-

3600000>

| router-preference high | low

|medium] | [ospf authentication message-digest | null] | authenticationkey

<LINE>

| cost

<1-65535>

| deadinterval

<1-65535>

| hello-interval

<1-

65535>

| [message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-topoint | point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-

65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

mtu

<68-1500>

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-

17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-

65534> |

minpoll

<4-17>

| version

<1-

4>

] |

[

role lan | trusted | wan

] |

[

shutdown

] |

[

zone-member security

<WORD>

]}

Command Modes

Usage Guidelines

Sets option parameters for bridge.

Interface configuration

Enable IPv6 on this interface.

Specify the mtu (maximum transmit unit) for this interface.

Configure for this interface.

Select the role for this interface.

Shutdown this interface.

This interface belongs to zone security name.

PerleSCR(config-if)#

IOLAN SCR User’s Guide

233

Examples

This example enables an IP address on bvi 10.

PerleSCR>enable<cr>

PerleSCR#config<cr>

PerleSCR#interface bvi 10<cr>

PerleRouter(config-if)#ip address 172.16.113.45 255.255.0.0<cr>

Related Commands

Interface configuration

(config-if)# dialer

{[

dialer description

<LINE>

] |

[

encapsulation ppp

] |

[

ip address

<A.B.C.D> <A.B.C.D>

| ddns service dyndns | use-web skip | url

<WORD>

] | dns dhcp | firewall in | out | local

<WORD>

| [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helper-address

<A.B.C.D>

] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-

65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [message-digestkey

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-to-point | point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-

65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

ipsec restrict

] | [

[ipv6 firewall in | out | local

<WORD>

| [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| deadinterval

<1-65535>

| hello-interval

<1-65535>

| [message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-to-point

| point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

mtu

<64-1500>

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-65534> |

minpoll

<4-17>

| version

<1-4>

] |

] |

[

ppp access-concentrator

<LINE>

| chap hostname

<WORD>

| password 0

<LINE>

| 7

<WORD>

|

<LINE>

| timeout idle

<1-4294967>

[

role lan | trusted | wan

] |

[

shutdown

] |

[

zone-member security

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description (config-if)# dialer

{[

dialer description

<LINE>

] |

Specify a name for this interface.

IOLAN SCR User’s Guide

234

Interface configuration

[

encapsulation ppp

] |

|

[

ip address

<A.B.C.D> <A.B.C.D>

| ddns service dyndns | use-web skip | url

<WORD>

] | dns dhcp | firewall in | out | local

<WORD>

| [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helperaddress

<A.B.C.D>

] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

|

[message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast

| non-broadcast | point-to-point | point-tomultipoint] | priority

<0-255>

| retransmitinterval

<1-65535>

| transmit-delay

<1-

65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

]

[

ipsec restrict

] |

[

ipv6 firewall in | out | local

<WORD>

|

[ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-

65535>

| dead-interval

<1-65535>

| hellointerval

<1-65535>

| [message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore |

[network broadcast | non-broadcast | point-to-point | point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-

65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

mtu

<64-1500>

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-

17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-65534>

|

minpoll

<4-17>

| version

<1-4>

] |

[

ppp access-concentrator

<LINE>

| chap hostname

<WORD>

| password 0

<LINE>

| 7

<WORD>

|

<LINE>

| timeout idle

<1-

4294967>

] |

IOLAN SCR User’s Guide

Set sencapsulation type.

Sets Ip configuration parameters for this interface.

Enable or disable IPv6.

Set IPv6 sub commands.

Sets Maximum transmission unit size.

Configure NTP (Network Time

Protocol).

Configure Point to Point protocol.

235

Interface configuration

[

role lan | trusted | wan

] |

[

shutdown

] |

[

zone-member security

<WORD>

]}

Command Modes

Usage Guidelines

Sets parameters for dailer interface.

Examples

This example will set the role for this interface.

PerleSCR(config-if)role wan<cr>

Related Commands

show interfaces

Select the role for this interface.

Shutdown this interface.

This interface is a member of zone security.

PerleSCR(config-if)#

(config-if) ethernet

{[

alarm profile

<WORD>

] |

[

arp disable-arp-filter | enable-arp-accept | enable-arp-announce | enable-arpignore | timeout

<1-2147483>

] |

[

authentication [host-mode] | [multi-auth] | [multi-host] | single-host] | [periodic]

| [port-control [auto] | [forced-authorized] | force-unauthorized] | [timer reauthenticate

<1-65535>

| restart

<1-65535>

] | [

bridge-group

<1-9999>

] |

[

description

<LINE>

] |

[

dot1x credential

<WORD>

| max-auth-req

<1-10>

| max-req

<1-10>

|

[

[pae authenticator | suppliant] | eap profile

<WORD>

[pae profile

<WORD>

] |

[timeout quiet-period

<1-65535>

| supp-period

<1-65535>

| tx-period

<1-65535>

]

|

[

duplex auto | half | full

] |

[

ip address

<A.B.C.D> <A.B.C.D>

| dhcp | ddns service dyndns | use-web skip | url

<WORD>

] | dns dhcp | [firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helper-address

<A.B.C.D>

] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-

65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [message-digestkey

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-to-point | point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-

65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[

ipsec restrict

] | [

ipv6 address

<X:X:X:X::X/<0-128>

| autoconfig | dhcp] enable

| firewall in | out | local

<WORD>

| [nd dad attempt

<0-500>

| managed configflag | other-config-flag | prefix

<X:X:X:X::X/<0-128> <0-4294967294> |

infinite |

IOLAN SCR User’s Guide

236

Interface configuration

[ra dns server

<X:X:X:X::X>

| [hop-limit <1-255> | unspecified] | [interval

<4-

1800> <3-1350>

| lifetime

0 | <4-9000>

| suppress] | reachable time

<0-3600000>

| retransmission-time

<0-3600000>

| router-preference high | low |medium]

] |

[

mab eap

] | [

mtu

<64-9000>

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

|

disable

|

multicast

< A.B.C.D> <X:X:X:X::X:X>

| client

< A.B.C.D> < X:X:X:X::X:X>

| key

<1-65534>

| minpoll | version

<1-4>

] |

[

power efficient-ethernet auto

] |

[

role lan | trusted | wan

] |

[

sgmii

] |

[

shutdown

] |

[

speed 10 |100 |1000 |auto | 2500

] |

[

zone-member security

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.ip

Syntax Description

(config-if) ethernet

{[

alarm profile

<WORD>

] |

Use this alarm profile for this interface.

[

arp disable-arp-filter | enable-arp-accept | enable-arp-announce | enable-arp-ignore | timeout

<1-2147483>

] |

[

authentication [host-mode] | [multi-auth] |

[multi-host] | single-host] | [periodic] | [portcontrol [auto] | [forced-authorized] | forceunauthorized] | [timer reauthenticate

<1-

65535>

| restart

<1-65535>

] |

[

bridge-group

<1-9999>

] |

Customize arp messages for this interface.

Select authentication mode to use on this interface when using Dot1x devices.

Add this interface to the specified bridge-group.

[

description

<LINE>

] |

Description for this interface.

IOLAN SCR User’s Guide

237

[

dot1x

<1-10>

| credential max-req

<WORD>

<1-10>

|

[

| max-auth-req

[pae authenticator | suppliant] | eap profile

<WORD>

[pae profile

<WORD>

] | [timeout quiet-period

<1-65535>

| supp-period

<1-

65535>

| tx-period

<1-65535>

] |

[

duplex auto | half | full

] |

[

ip address

<A.B.C.D> <A.B.C.D>

| dhcp | ddns service dyndns | use-web skip | url

<WORD>

] | dns dhcp | [firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helper-address

<A.B.C.D>

] | [ospf authentication messagedigest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [message-digestkey

<1-255>

md5

<LINE>

] | mtu-ignore |

[network broadcast | non-broadcast | pointto-point | point-to-multipoint] | priority

<0-

255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy routepolicy

<WORD>

| rip authentication keychain | mode

<WORD>

] |

[

ipsec restrict

] |

Interface configuration

Sets the Port Access Entity

(PAE) type.

Supplicant

—The interface acts only as a supplicant and does not respond to messages that are meant for an authenticator.

Authenticator

—The interface acts only as an authenticator and does not respond to any messages meant for a supplicant.

Both

—The interface behaves both as a supplicant and as an authenticator and thus does respond to all dot1x messages.

Select duplex for this interface. In most cases this parameter should be left at auto.

Setup parameters for IP communications on this interface.

No ipsec allow on this interface.

IOLAN SCR User’s Guide

238

[

ipv6 address

X:X:X:X::X:X/<0-128>

| autoconfig | dhcp | enable | firewall in | out | local

<WORD>

| [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-

65535>

| hello-interval

<1-65535>

| [messagedigest-key

<1-255>

md5

<LINE>

] | mtuignore | [network broadcast | non-broadcast | point-to-point | point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy routepolicy

<WORD>

| rip authentication keychain | mode

<WORD>

] |

[

mab eap

] |

[

mtu

<64-9000>

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-

4>

|

disable

|

multicast

< A.B.C.D>

<X:X:X:X::X:X>

| client

< A.B.C.D> <

X:X:X:X::X:X>

| key

<1-65534>

| minpoll | version

<1-4>

] |

[

power efficient-ethernet auto

] |

[

role lan |trusted | wan

] |

[

sgmii

] |

Interface configuration

If using IPv6, then setup

IPv6 communication parameters.

Sets MAC authentication bypass interface commands.

Sets maximum transmission unit.

Configure NTP (Network

Time Protocol).

[

[

shutdown

] |

speed 10 |100 |1000 |auto | 2500

]}

[

zone-member security

<WORD>

]}

IOLAN SCR User’s Guide

Configure interface power settings.

Set the role for this interface.

Set SFP interface for

SGMII mode,

SGMII mode only pallies to interface SFP 1 and 2.

Shutdown this interface.

Set speed of 1000 or 2500 for Ethernet SFP ports 17 and 18.

Set speed of 10, 100, 1000 or auto for Ethernet ports

1-18

This interface is a member of zone security.

239

Interface configuration

Command Modes

Usage Guidelines

Set up Ethernet parameters for this interface.

Examples

This example will set the speed for this interface to 100.

PerleSCR(config-if)# speed 100<cr>

PerleSCR#

Related Commands

show interfaces

{[

arp disable-arp-filter | enable-arp-accept | enable-arp-announce | enable-arpignore | enable-proxy-arp | timeout

<1-2147483>

[

bridge-group

<1-9999>

] |

[

description

<LINE>

] |

[

encapsulation dot1q

<1-4000>

] |

] |

[

ip address

<A.B.C.D> < A.B.C.D>

| dhcp] | firewall in | local | out

<WORD>

| policy route-policy

<WORD>

| [rip authentication key-chain

<WORD>

] | [mode md5 | text string

<LINE>

] | [split-horizon disable | poison-reverse]

] |

[

ipsec restrict

] |

[

ipv6

<X:X:X:X::X:X> <A.B.C.D>

| enable | nd prefix

<X:X:X:X::X:X/0-128>

| ra

] |

dns server

<X:X:X::X:X>

[

mtu

<64-9000>

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

|

disable

|

multicast

< A.B.C.D> < X:X:X:X::X>

| client

<A.B.C.D>

< X:X:X:X::X>

| key

<1-65534>

| minpoll | version

<1-4>

] |

[

role lan | trusted | wan

] |

[

shutdown

] |

[

zone-member security

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description (config-subif)#

{[

arp disable-arp-filter | enable-arpaccept | enable-arp-announce | enablearp-ignore | enable-proxy-arp | timeout

<1-2147483>

] |

Configure arp parameters.

[

bridge-group

<1-9999>

] |

Add this interface to the specified bridge group.

[

description

] |

Type in a description for this sub interface.

IOLAN SCR User’s Guide

240

Interface configuration

[

[

[

[

encapsulation dot1q

<1-4000>

] |

[

ip address

<A.B.C.D> <ip_mask

A.B.C.D>

| dhcp | firewall in | local | out

<WORD>

] |

[

ipsec restrict

] |

[

ipv6

<X:X:X:X::X:X> <A.B.C.D>

| enable | nd prefix

<X:X:X:X::X:X/0-128>

| ra dns server

<X:X:X::X:X>

] |

[

mtu

<64-9000>

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

|

disable

|

multicast

< A.B.C.D> < X:X:X:X::X>

| client

<A.B.C.D> < X:X:X:X::X>

| key

<1-65534>

| minpoll | version

<1-4>

]

| }

role lan | trusted | wan shutdown

] |

zone-member security

Command Modes

] |

<WORD>

]}

Usage Guidelines

Set parameters on more then one Ethernet port.

Examples

This sub interface is configured to encapsulation data on the specified vlan 1-4000.

Set IP parameters for this interface.

Rrestict IPsec for this sub interface.

Configure IPv6 parameters.

Specify the mtu (maximum transmit unit).

Set time parameters if using

Network Time Protocol.

Select the role for this interface.

Shutdown this interface.

Set interface to be a member of this security zone.

PerleSCR(config)#interface ethernet 1 . 10 <cr>

PerleSCR(config-subif)#

Related Commands

IOLAN SCR User’s Guide

241

Interface configuration

(config-if-range)#

{[

alarm profile

<WORD>

] |

[

address

<A.B.C.D>

| dhcp

] |

[

arp disable-arp-filter | enable-arp-accept | enable-arp-announce | enable-arpignore | timeout

<1-2147483>

] |

[

authentication [host-mode] | [multi-auth] | [multi-host] | single-host] | [periodic]

| [port-control [auto] | [forced-authorized] | force-unauthorized] | [timer reauthenticate

<1-65535>

| restart

<1-65535>

] |

[

bridge-group

<1-9999>

] |

[

description

<LINE>

] |

[

dot1x credential

<WORD>

| max-auth-req

<1-10>

| max-req

<1-10>

|

[

[pae authenticator | suppliant] | eap profile

<WORD>

[pae profile

<WORD>

] |

[timeout quiet-period

<1-65535>

| supp-period

<1-65535>

| tx-period

<1-65535>

]

|

[

duplex auto | half | full

] |

[

ip address

<A.B.C.D>

| dhcp | ddns service dyndns | use-web skip | url

<WORD>

] | dhcp-relay | [firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [message-digest-key

<1-255>

md5

<LINE>

] | mtuignore | [network broadcast | non-broadcast | point-to-point | point-tomultipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

] | policy route-policy

<WORD>

| rip authentication key-chain

<WORD>

| mode md5 | text string

<0 | 7 | WORD>

| [split-horizon disable | poisoned-reverse]

] |

[

ipsec restrict

] |

[

ipv6 address

<X:X:X:X::X/<0-128>

| autoconfig | dhcp] enable | firewall in | out

| local

<WORD>

| [nd dad attempt

<0-500>

| managed config-flag | other-configflag | prefix

<X:X:X:X::X/<0-128> <0-4294967294> |

infinite | [ra dns server

<X:X:X:X::X>

| [hop-limit <1-255> | unspecified] | [interval

<4-1800> <3-1350>

| lifetime

0 | <4-9000>

| suppress] | reachable time

<0-3600000>

| retransmissiontime

<0-3600000>

| router-preference high | low |medium]

] | [

mab eap

] |

[

mab eap

] | |

[

mtu

<64-9000>

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

|

disable

|

multicast

< A.B.C.D> <X:X:X:X::X:X>

| client

< A.B.C.D> < X:X:X:X::X:X>

| key

<1-65534>

| minpoll | version

<1-4>

] |

[

power efficient-ethernet auto

] |

[

role lan | trusted | wan

] |

[

shutdown

] |

[

speed 10 | 100 | 1000 | auto

] |

[

zone-member security

<WORD>

]}

IOLAN SCR User’s Guide

242

Interface configuration

Use the no form of this command to negate a command or set its defaults.

Syntax Description (config-if-range)#

{[

alarm profile

<WORD>

] |

Use this alarm profile for this interface.

[

arp disable-arp-filter | enable-arpaccept | enable-arp-announce | enablearp-ignore | timeout

<1-2147483>

] |

[

authentication [host-mode] | [multiauth] | [multi-host] | single-host] |

[periodic] | [port-control [auto] |

[forced-authorized] | forceunauthorized] | [timer reauthenticate

<1-65535>

| restart

<1-65535>

] |

[

bridge-group

<1-9999>

] |

Customize arp messages for this interface.

Select authentication mode to use on this interface when using Dot1x devices.

Add this interface to the specified bridge-group.

[

description

<LINE>

] |

[

dot1x credential

<WORD>

| max-authreq

<1-10>

| max-req

<1-10>

|

[

[pae authenticator | suppliant] | eap profile

<WORD>

[pae profile

<WORD>

] |

[timeout quiet-period

<1-65535>

| suppperiod

<1-65535>

| tx-period

<1-

65535>

] |

Description for this interface.

Sets the Port Access Entity (PAE) type.

Supplicant

—The interface acts only as a supplicant and does not respond to messages that are meant for an authenticator.

Authenticator

—The interface acts only as an authenticator and does not respond to any messages meant for a supplicant.

Both

—The interface behaves both as a supplicant and as an authenticator and thus does respond to all dot1x messages.

[

duplex auto | half | full

] |

Select duplex for this interface. In most cases this parameter should be left at auto.

IOLAN SCR User’s Guide

243

Interface configuration

[

ip address

<A.B.C.D>

| dhcp | ddns service dyndns | use-web skip | url

<WORD>

] | dhcp-relay | [firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] |

[ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [messagedigest-key

<1-255>

md5

<LINE>

] | mtuignore | [network broadcast | nonbroadcast | point-to-point | point-tomultipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

] | policy route-policy

<WORD>

| rip authentication key-chain

<WORD>

| mode md5 | text string

<0 | 7 | WORD>

|

[split-horizon disable | poisonedreverse]

] |

[

ipsec restrict

] |

|

[

ipv6 address

<X:X:X:X::X/<0-128>

| autoconfig | dhcp] enable | firewall in | out | local

<WORD>

| [nd dad attempt

<0-500>

| managed config-flag | otherconfig-flag | prefix

<X:X:X:X::X/<0-

128> <0-4294967294> |

infinite | [ra dns server

<X:X:X:X::X>

| [hop-limit <1-

255> | unspecified] | [interval

<4-1800>

<3-1350>

| lifetime

0 | <4-9000>

| suppress] | reachable time

<0-3600000>

| retransmission-time

<0-3600000>

| router-preference high | low |medium]

]

[

mab eap

] | |

Setup parameters for IP communications on this interface.

No ipsec allow on these interfaces.

If using IPv6, then setup IPv6 communication parameters.

[

mtu

<64-9000>

] |

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

|

disable

|

multicast

< A.B.C.D> <X:X:X:X::X:X>

| client

< A.B.C.D> < X:X:X:X::X:X>

| key

<1-

65534>

| minpoll | version

<1-4>

] |

IOLAN SCR User’s Guide

Sets MAC authentication bypass interface commands.

Sets maximum transmission unit.

Configure NTP (Network Time

Protocol).

244

Interface configuration

[

power efficient-ethernet auto

] |

[

role lan | trusted | wan

] |

[

shutdown

] |

[

speed 10 | 100 | 1000 | auto

] |

[

zone-member security

<WORD>

]}

Configure interface power settings.

Set the role for this interface.

Shutdown this interface.

Set the speed for this interface.

Command Modes

This interface is a member of zone security.

PerleSCR(config-if)#

Usage Guidelines

Set parameters for multiple Ethernet ports.

Examples

This example will restrict IPv6 on Ethernet port range 6-8.

PerleSCR(config) interface range ethernet 6 , 8<cr>

PerleSCR(config-if-range)# ipsec restrict<cr>

(config-if)# openvpn-tunnel

{[

bridge-group

<1-9999>

] | [

description

<LINE>

] |

[

ip ddns service dyndns | use-web skip | url

<WORD>

] | [[firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-

65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [message-digestkey

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-to-point] | point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-

65535>

| transmit-delay

<1-65535>

] |

[

ipv6 | enable | firewall in | local |out | nd prefix

<X:X:X:X::X:X/0-128>

| ifmtu

<1-65535>

| instance-id

<0-255>

| mtu-ignore | passive | priority

<0-255>

retransmit -interval

<1-65535>

| transmit-delay

<1-65535>

| [ospf | cost

<1-

65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| instance-id

<0-

255>

| mtu-ignore | passive | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

] | [policy route-policy

<WORD>

] | [rip authentication key-chain | mode

<WORD>

| split-horizon disabled | poisoned-reverse

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-65534> |

minpoll

<4-17>

| version

<1-4>

] |

[

role lan | trusted | wan

] |

[

zone-member security

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description (config-if)# openvpn-tunnel

{[

bridge-group

<1-9999>

] |

Sets transparent bridging interface parameters.

IOLAN SCR User’s Guide

245

Interface configuration

[

description

<LINE>

] |

[

ip ddns service dyndns | use-web skip | url

<WORD>

] | [firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-

65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [messagedigest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | nonbroadcast | point-to-point] | point-tomultipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

] |

[

ipsec restrict

] |

Description for this interface.

Specify IP parameters.

[

[

ipv6 | enable | firewall in | local |out | nd prefix

<X:X:X:X::X:X/0-128>

| ifmtu

<1-65535>

| instance-id

<0-255>

| mtuignore | passive | priority

<0-255>

retransmit -interval

<1-65535>

| transmit-delay

<1-65535>

| [ospf | cost

<1-65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| instance-id

<0-255>

| mtu-ignore | passive | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

] |

[policy route-policy

<WORD>

] | [rip authentication key-chain | mode

<WORD>

| split-horizon disabled | poisoned-reverse

] |

[

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-

17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-

65534> |

minpoll

<4-17>

| version

<1-

4>

] |

[

role lan | trusted | wan

] |

zone-member security

Command Modes

<WORD>

]}

IOLAN SCR User’s Guide

Do not allow ipsec to run on this interface.

Set IPv6 configuration parameters.

Configure NTP (Network Time

Protocol).

Set the role for this interface.

This interface is a member of zone security.

PerleRouter(config-if)#

246

Interface configuration

Usage Guidelines

Set configuration parameters for OPEN-VPN tunnel.

Examples

This example will set no authentication when using ospf.

PerleRouter(config-if)# ip ospf authentication null<cr>

Related Commands

(config-if)# tunnel

{[

tunnel

<0-999>

mode gre ip arp disable-arp-filter | enable-arp-accept | enablearp-announce | enable-arp-ignore | timeout

<1-2147483>

] | [description

<LINE>

] | [ip address

<A.B.C.D> <A.B.C.D>

| dhcp | ddns service dyndns | useweb skip | url

<WORD>

] | dns dhcp | [firewall in | local | out

<WORD>

] | [healthprofile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helper-address

<A.B.C.D>

] |

[ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [messagedigest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | nonbroadcast | point-to-point | point-to-multipoint] | priority

<0-255>

| retransmitinterval

<1-65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] | [ipsec restrict] | [ipv6

<X:X:X:X::X:X/0-128>

| enable | [firewall in | local | out

<WORD>

] |nd prefix

<X:X:X:X::X:X/0-128>

| ifmtu

<1-65535>

| instance-id

<0-255>

| mtu-ignore | passive | priority

<0-255>

retransmit -interval

<1-65535>

| transmit-delay

<1-

65535>

| policy route-policy

<WORD>

| rip disable | poisoned-reverse] | [mtu

<64-1500>

] | [

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-65534> |

minpoll

<4-17>

| version

<1-

4>

] | [role lan | trusted | wan] | [shutdown] | [tunnel destination

<A.B.C.D>

| multicast source

<A.B.C.D>

source <A.B.C.D>

|

cellular

<0-0>

| dot11radio

<0-

0>

| ethernet <1-18> .

<1-4000>

| tos

<0-99>

| ttl

<1-255>

] | [zone-member security

<WORD>

] |

[

ipv6ip 6in4 arp disable-arp-filter | enable-arp-accept | enable-arp-announce | enable-arp-ignore | timeout

<1-2147483>

] | [description

<LINE>

] | [firewall in | local | out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] |

[helper-address

<A.B.C.D>

] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-65535>

| dead-interval

<1-65535>

| hellointerval

<1-65535>

| [message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore |

[network broadcast | non-broadcast | point-to-point | point-to-multipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip authentication key-chain | mode

<WORD>

] |

[ipsec restrict] | [ipv6

<X:X:X:X::X:X/0-128>

| enable | [firewall in | local | out

<WORD>

] |nd prefix

<X:X:X:X::X:X/0-128>

| ifmtu

<1-65535>

| instance-id

<0-

IOLAN SCR User’s Guide

247

Interface configuration

255>

| mtu-ignore | passive | priority

<0-255>

retransmit -interval

<1-65535>

| transmit-delay

<1-65535>

| policy route-policy

<WORD>

| rip disable | poisonedreverse] | [mtu

<64-1500>

] | [ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-65534> |

minpoll

<4-

17>

| version

<1-4>

] | [

role lan | trusted | wan] | [shutdown] | [tunnel destination

<A.B.C.D>

| multicast source

<A.B.C.D>

source <A.B.C.D>

|

cellular

<0-0>

| dot11radio

<0-0>

| ethernet <1-18> .

<1-4000>

| tos

<0-99>

| ttl

<1-255>

] |

[zone-member security

<WORD>

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description (config-if)# tunnel

IOLAN SCR User’s Guide

248

Interface configuration

{[

tunnel

<0-999>

mode gre ip arp disable-arp-filter | enable-arp-accept | enable-arp-announce | enable-arpignore | timeout

<1-2147483>

] |

[description

<LINE>

] | [ip address

<A.B.C.D> <A.B.C.D>

| dhcp | ddns service dyndns | use-web skip | url

<WORD>

] | dns dhcp | [firewall in | local

| out

<WORD>

] | [health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] |

[helper-address

<A.B.C.D>

] | [ospf authentication message-digest | null] | authentication-key

<LINE>

| cost

<1-

65535>

| dead-interval

<1-65535>

| hello-interval

<1-65535>

| [messagedigest-key

<1-255>

md5

<LINE>

] | mtuignore | [network broadcast | nonbroadcast | point-to-point | point-tomultipoint] | priority

<0-255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy routepolicy

<WORD>

| rip authentication key-chain | mode

<WORD>

] | [ipsec restrict] | [ipv6

<X:X:X:X::X:X/0-128>

| enable | [firewall in | local | out

<WORD>

] |nd prefix

<X:X:X:X::X:X/0-

128>

| ifmtu

<1-65535>

| instance-id

<0-

255>

| mtu-ignore | passive | priority

<0-

255>

retransmit -interval

<1-65535>

| transmit-delay

<1-65535>

| policy routepolicy

<WORD>

| rip disable | poisonedreverse] | [mtu

<64-1500>

] | [

ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-

65534> |

minpoll

<4-17>

| version

<1-4>

]

| [role lan | trusted | wan] | [shutdown] |

[tunnel destination

<A.B.C.D>

| multicast source

<A.B.C.D>

source

<A.B.C.D>

|

cellular

<0-0>

| ethernet

<0-0>

| dot11radio

<1-4>

.

<1-4000>

| tos

<0-99>

| ttl

<1-

255>

] | [zone-member security

<WORD>

] |

IOLAN SCR User’s Guide

Sets mode gre and tunnel interface parameters.

249

[

ipv6ip 6in4 arp disable-arp-filter | enable-arp-accept | enable-arpannounce | enable-arp-ignore | timeout

<1-2147483>

] | [description

<LINE>

] |

[firewall in | local | out

<WORD>

] |

[health-profile

<WORD>

nexthop

<A.B.C.D>

| dhcp] | [helper-address

<A.B.C.D>

] | [ospf authentication message-digest | null] | authenticationkey

<LINE>

| cost

<1-65535>

| deadinterval

<1-65535>

| hello-interval

<1-

65535>

| [message-digest-key

<1-255>

md5

<LINE>

] | mtu-ignore | [network broadcast | non-broadcast | point-topoint | point-to-multipoint] | priority

<0-

255>

| retransmit-interval

<1-65535>

| transmit-delay

<1-65535>

| policy routepolicy

<WORD>

| rip authentication key-chain | mode

<WORD>

] | [ipsec restrict] | [ipv6

<X:X:X:X::X:X/0-128>

| enable | [firewall in | local | out

<WORD>

] |nd prefix

<X:X:X:X::X:X/0-

128>

| ifmtu

<1-65535>

| instance-id

<0-

255>

| mtu-ignore | passive | priority

<0-

255>

retransmit -interval

<1-65535>

| transmit-delay

<1-65535>

| policy routepolicy

<WORD>

| rip disable | poisonedreverse] | [mtu

<64-1500>

] | [ntp broadcast client | destination

<A.B.C.D>

| key

<1-65534>

| minpoll

<4-17>

| version

<1-4>

| disable | multicast

<A.B.C.D>

|

<X:X:X:X::X>

| client

<A.B.C.D>

|

<X:X:X:X::X>

| key

<1-

65534> |

minpoll

<4-17>

| version

<1-4>

]

| [

role lan | trusted | wan] | [shutdown] |

[tunnel destination

<A.B.C.D>

| multicast source

<A.B.C.D>

source

<A.B.C.D>

|

cellular

<0-0>

| dot11radio

<0-0>

| ethernet <1-18> .

<1-4000>

| tos

<0-99>

| ttl

<1-255>

] | [zone-member security

<WORD>

]}

Command Modes

Usage Guidelines

Sets parameters for tunnel interface.

Interface configuration

Sets IPv6 parameters for this interface.

PerleSCR(config-if)#

IOLAN SCR User’s Guide

250

Examples

This example will enable arp accepts on this interface.

PerleSCR(config-if)# arp enable-accepts<cr>

Interface configuration

IOLAN SCR User’s Guide

251

line

6

I

nterface line mode

Chapter 6

This chapter defines all the CLI commands associated with configuring the console and tty ports.

line

{[

console

<0-0>

|

tty

<1-16>

|

vty

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description line

{[

console

<0-0>

|

Set parameters for the console port.

tty

<1-16>

Set parameters for the tty ports.

vty

]}

Command Modes

Set parameters for the vty port.

PerleSCR>enable

PerleSCR>config

PerleSCR#line

Usage Guidelines

Use this command to change to line mode.

Examples

This example set terminal width to 80.

PerleSCR# line vty<cr>

PerleSCR#width 80

Related Commands

(config-line)#tty

(config-line)#vty

|

(config-line)#console

{[

accounting exec

<WORD>

|

<default>

] | [

authorization exec

<WORD>

|

<default>

]

[

databits

256>

] | [

length odd | none

]

<7 | 8>

| [

] | [

exec]

0-512>

login response

<1-300>

] | [

|

[exec-timeout

<0-35791> <0-2147483>

login authentication

<WORD>

speed | 115200 | 19200 | 38400 | 57600 | 9600

] | [

transport all | none | ssh |telnet

|

]

]

<default>

|

|

[

[

]

]

stopbits width

|

Use the no form of this command to negate a command or set its defaults.

|

[

[

history size parity

1 | 2

]

<0-512>

| [

]}

[

0-

even | timeout

Syntax Description

(config-line)#console

{[

accounting exec

<WORD>

|

<default>

] |

Use an accounting list with a specified name or default list.

[

authorization exec

<WORD>

|

<default>

] |

Use an authorization with a specified name or default list.

IOLAN SCR Command Line Reference Guide

252

[

databits

<7 | 8>

] |

[

exec]

|

[

exec-timeout

<0-35791> <0-2147483>

]

|

[

history size

0-256>

] |

[

length

0-512>

] |

[

login authentication

<WORD>

|

<default>

]

|

[

parity

[

even | odd | none

] |

[

speed | 115200 | 19200 | 38400 | 57600 |

9600

] |

[

stopbits 1 | 2

] |

[

timeout login response

<1-300>

] |

[

transport all | none | ssh |telnet

] |

[

width

<0-512>

]}

Command Default

Interface line mode

Type 7 or 8 to set databits.

Enable EXEC CLI session

Time in minutes and seconds for CLI to timeout on the console session.

Sets the size of the history buffer.

Number of lines displayed on the screen. Type 0 for no pausing at end of page.

Use a specified list for authentication requests or use default list.

Set parity for console mode.

Set speed for console mode.

Set stop bits for console mode.

Timeout for user responses during the login sequence.

Allows the user on the console port to telnet or ssh out of the IOLAN.

Set the width of the terminal display.

console 0 timeout login response 30 login authentication default databits 8 parity none stopbits 1 speed 9600

IOLAN SCR Command Line Reference Guide

253

Interface line mode

Command Modes

PerleSCRR>enable

PerleSCR>config

PerleSCR#line config

0<cr>

PerleSCR(config-line)#

Usage Guidelines

Use these commands to set parameters for console mode.

Examples

These commands will set your console to speed 38400, databits 7 and stopbits 2.

PerleSCR#speed 38400<cr>

PerleSCR#databits 7<cr>

PerleSCR#stopbits 2<cr>

Related Commands

(config-line)#tty

(config-line)#tty

{[

break | break-interrupted | local | off |remote

] | [

break-delay

<1-65535>

] |

[

break-length

1-65535>

] |

[

connection-method dial-in

|

dial-out | dial-in-out | direct-connect | ms-directguest | ms-direct-host

] |

[

cts-toggle off | on

] |

[

cts-toggle-final-delay

<0-1000>

] |

[

cts-toggle-inital-delay

<0-1000>

] |

[

databits 5 | 6 | 7 | 8

] |

[

data-logging off | on

] |

[

dial-retries

<0-99>

] |

dial-timeouts

<0-99>

|

[

discard-characters-rxd-with-errors off |on

] |

[

echo-suppression off | on

] |

[

flow both | hard | none | soft

] |

[

flowin off | on

] |

[

flowout off | on

] |

[

hotkey-prefix

<0-ff>

] |

[

idle-timer

<0-4294967>

] |

[

initiate-connection any-char | specific-char

<0-ff>

] |

[

internet address

<A.B.C.D>

|

<X:X:X::X>

] |

[

keepalive off | on

] |

[

lock off | on

] |

[

map-cr-crlf off | on

] |

[

modbus [master crlf | entry | protocol] | [slave cflf | protocol | uid-range

] |

[

modem-init-string

<WORD>

] |

[

monitor-dsr-dtr on | off

] |

IOLAN SCR Command Line Reference Guide

254

Interface line mode

[

motd off | on

] |

[

multihost entry

<1-49> <A.B.C.D>

|

<X:X:X::X>

port

<1-65535>

] |

[

multisessions

<1-8>

] |

[

name

<WORD>

] |

[

packet-forwarding delay-between-messages

<1-65535>

| [enable-end-tigger1 on

| off] | [enable-end-tigger2 on | off] | [enable-eof1 on | off ] | [enable-eof2 on | off] |

[enable-sof1 on | off] | [enable-sof2 on | off] | end-trigger1

<0-0xff>

| end-trigger2

<0-0xff>

| eof1

<0-0xff>

| eof2

<0-0xff>

| force-transmit-timer

<1-65535>

|

[forwarding-rule strip-trigger | trigger | trigger+1 | trigger+2] | idle-timer

<1-

65535>

| [mode custom-on-frame-definition | custom-on-specific-events | minimize-latency | optimize-network-throughput | prevent-messagefragmentation] | packet-size

<1-1024>

| sof1

<0-0xff>

| sof2

<0-0xff>

| start-frametransmit off | on

] |

[

pages

<1-7>

] |

[

parity even | mark| none | odd | space

] |

[

phone -number

<WORD>

] |

[

ppp accm

<8 hex digits>

| [address-comp on | off] | auth-tmout

<1-255>

|

[authentication chap | pap | none] | challenge-interval

<0-255>

| cr-retry

<0-255>

| cr-timeout

<1-255>

| [dynamic-dns on | off hostname | password | username

<WORD>

] echo-retry

<0-255>

| echo-timeout

<0-255>

| [ipaddr-neg on | off] | ipv6-global-network-prefix

<WORD>

| ipv6-local-interface

<WORD >

| ipv6remote interface

<WORD>

| lipaddr

<A.B.C.D>

| magic-neg on | off | mtu

<64-

1500>

| [ms-direct host | guest] | nak-retry

<0-255>

| netmask

<A.B.C.D>

| password

<word>

| [proto-comp off | on] | ripaddr

<A.B.C.D>

| [roamingcallback off | on] | [routing listen | none | send | send-and-listen] | rpassword

<WORD>

| ruser

<WORD>

| tr-retry

<0-255>

| tr-timeout

<1-255> |

user

<WORD> |

vj-comp on | off

] |

[

reset off | on

] |

[

rev-session-security off | on

] |

[

rlogin-client termtype

<WORD>

] |

[

send-port-id off | on

] | [

service bidir

<A.B.C.D> <1-65535> <1-65535>

] |

[

service client-tunnel

<A.B.C.D> <1-65535>

] |

[

service direct raw

<A.B.C.D>

| rlogin

<A.B.C.D>

| ssh

<1-65535>

| telnet

<A.B.C.D> <1-65535>

] |

[

service dslogin

] |

[

service modbus-master

] |

[

service modbus-slave

] |

[

service ppp

] | [

service printer

] |

[

service reverse raw [multihost on | off | tcp-port

<1-65535>

| multihost] | ssh

<1-

65535>

| telnet

<1-65535>

] |

[

service server-tunnel

<1-65535>

] | [

service silent raw

<1-65535>

| multihost all | backup

< A.B.C.D> <1-65535> <1-65535>

| none

] | [

service slip

] |

[

service trueport client-initiated off

<A.B.C.D> <1-65535>

[multihost all | backup | none] signal-active off | on] | on

<1-65535>

[multihost all | backup | none] | signal-active off | on]

] |

[

service udp

<1-65535>

] | [

service vmodem

<1-65535>

] |

[

sess-timer

<0-4294967>

] |

IOLAN SCR Command Line Reference Guide

255

Interface line mode

[

session-strings delay

<0-65535>

| initiate

<WORD>

| terminate

<WORD>

] |

[

slip lipaddr | mtu |

<A.B.C.D>

| netmask

<A.B.C.D>

| ripaddr

<A.B.C.D>

]

routing listen | none | send | send-and-listen | vj-comp on | off

] |

[

speed 115200 | 1200 | 1800 | 19200 | 230400 | 2400 | 28800 | 300 | 38400 | 4800 |

57600 | 600 | 9600 | custom

] |

[

ssh-client authentication [dsa on | off] | [keyboard-interactive on|off] | [rsa on | off] | [compression on | off] | [login on | off] | name

<WORD>

| password

<WORD>

| [ssh-2-cipher-list 3des | aes | aes-ctr | aes-gcm | arcfour | blowfish | cast | chacha20-poly1305] | strict-host-key-checking on | off | termtype

<WORD>

| verbose on | off

] |

[

ssl cipher-suite option

<1-5>

| [encryption 3des | aes | aes-gcm | any | arcfour | arctwo | des min-key-size 128 | 168 | 256 | 40 | 56 | 64] | [max-key-size 128 | 168 |

256 | 40 | 56 | 64] | [key-exchange adh | any | ecdh-ecdsa | edh-dss | edh-rsa | rsa] |

[hmac any | md5 | sha1 | sha256 | sha384] | [enable on | off] | [type client | server]

| validation-criteria common-name

<WORD>

| country

<WORD>

| | email

<WORD>

| | locality

<WORD>

| | organisaton

<WORD>

| organisation-unit

<WORD>

| state-province

<WORD>

| [verify-peer off | on] | [version any tlsv1 | tlsv1.1 | tlsv1.2]

] |

[

stop-bits 1 | 2

] |

[

telnet-client echo

<0-0x7f>

| eof

<0-0x7f>

| erase

<0-0x7f>

| escape

<0-0x7f>

| intr

<0-0x7f>

| line-mode off | on | local-echo off | on | map-cr-crlf on | off | quit

<0-0x7f>

] |

[

termtype ansi | dumb | hp700 | ibm3151te | term1 | term2 | term3 | tvi925 | vt100

| vt320 | wyse60

] |

[

udp entry

<1-4>

| both auto-learn

<A.B.C.D>

|

<X:X:X:X::X>

specific

<1-

65535> <WORD>

| in any-port

<A.B.C.D>

|

<X:X:X:X::X>

|

<A.B.C.D>

|

<X:X:X:X::X>

| none | out

<1-65535>

|

<A.B.C.D>

|

<X:X:X:X::X>

] |

[

user

<WORD>

] |

| [

vmodem echo off | on] | [failure-string

<WORD>

] | [host

<A.B.C.D>

|

<X:X:X:X::X>

] | [init-string

<WORD>

| mode [auto | manual] | port

<1-65535>

| response-delay

<1-999>

| [signals cts always-high | represent-ri] | dcd alwayshigh | follow-connection] | [style numeric | verbose] | success-string

<WORD>

| suppress off | on

]}

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-line)#tty

{[

break |

Break signal from peer

[

break-interrupted | local | off |remote

]

|

Specifies how a break is interpreted.

Data Range:

None —The IOLAN ignores the break key completely and it is not passed through to the host.

IOLAN SCR Command Line Reference Guide

256

[

break-delay

<1-65535>

]

[

break-length

1-65535>

]

|

|

IOLAN SCR Command Line Reference Guide

Interface line mode

Local

—The router deals with the break locally. If the user is in a session, the break key has the same effect as a hot key.

Remote

—When the break key is pressed, the router translates this into a telnet break signal which it sends to the host machine.

Break Interrupt —On some systems such as

SunOS, XENIX, and AIX, a break received from the peripheral is not passed to the client properly. If the client wishes to make the break act like an interrupt key (for example, when the stty options - ignbrk and brkintr are set.

Default is None

This parameter defines the delay between the termination of a a break condition and the time data will be sent out the serial port.

Default is 0ms (no delay).

When the IOLAN receives a command from its peer to issue a break signal, this parameters defines the length of time the break condition will be asserted on the serial port

Default is 1000ms (1 second)

257

[

[

[

[

connection-method dial-in out | direct-connect | ms-direct-guest | direct-host

] |

cts-toggle off | on

]

cts-toggle-final-delay cts-toggle-inital-delay databits 5 | 6 | 7 | 8

]

|

|

[

data-logging off | on

]

|

|

dial-out | dial-in-

<0-1000>

<0-1000>

]

]

|

|

ms-

IOLAN SCR Command Line Reference Guide

Interface line mode

Dial in –

If the device is remote and will be dialing in via modem or ISDN

TA, enable this parameter.

Default is Disabled

Dial out–

If you want the modem to dial a number when the serial port is started, enable this parameter.

Default is Disabled

Enable CTS toggle.

CTS final delay in milliseconds.

Value is 1-1000

CTS initial delay in milliseconds.

Value is 1-1000

Specify the databits to use for this connection.

When enabled, serial data will be buffered if the TCP connection is lost. When the

TCP connection is reestablished, the buffered serial data will be sent to its destination. If using the

Trueport profile, data logging is only supported in

Lite mode Lite Mode. If the data buffer is filled, incoming serial data will overwrite the oldest data.

The minimum data buffer size is 4K. The maximum data buffer size is 256K.

Note: A kill line or a reboot of the IOLAN causes all buffered data to be lost.

Some profile features are not compatible with the data logging feature. See

serial

data-logging_buffer_size.

258

[

[

dial-retries

<0-99>

]

dial-timeouts

<0-99>

|

]

|

[

discard-characters-rxd-with-errors off |on

]

|

[

echo-suppression off | on

]

|

Interface line mode

The number of times the

IOLAN will attempt to reestablish a connection with a remote modem.

Range is 0-99

Default is 2

The number of seconds the

IOLAN will wait to establish a connection to a remote modem.

Range is 1-99

Default is 45 seconds

When enabled, the IOLAN will discard characters received with a parity or framing error.

Default is Disabled

This parameter applies to

EIA-485 half-duplex mode, all characters will be echoed to the user and transmitted across the serial ports.

Some EIA-485 applications require local echo to be enabled in order to monitor the loopback data to determine that line contention has occurred. If your application cannot handle loopback data, echo suppression should be enabled.

Default is Disabled

IOLAN SCR Command Line Reference Guide

259

[

flow both | hard | none | soft

]

|

[

flowin off | on

]

[

flowout off on

]

|

|

[

hotkey-prefix

<0-ff>

]

|

Interface line mode

Defines whether the data flow is handled by the software (soft), hardware

(hard), both or none. If you are using SLIP, set to Hard only. If you are using PPP set to either soft or hard

(hard is recommended). If you select soft with PPP, you must set the ACCM parameter when you configure PPP for the serial port.

Data Options: Soft, Hard,

Both, None

Default is None

Determines if input flow control is to be used.

Determines if output flow control is to be used.

Default is Enabled

The prefix that a user types to lock a serial port or redraw the Menu.

Data Range:

^a l—(Lowercase L)

Locks the serial port until the user unlocks it.

IOLAN SCR Command Line Reference Guide

260

[

idle-timer

<0-4294967>

]

|

IOLAN SCR Command Line Reference Guide

Interface line mode

The prefix that a user types to lock a serial port or redraw the Menu.

Data Range:

^a l—(Lowercase L)

Locks the serial port until the user unlocks it. The user is prompted for a password ( any password, excluding spaces) and locks the serial port. Next, the user must retype the password to unocj the serial port.

• ^r—When you switch from a session back to the

Menu, the screen may not be redrawn correctly. If this happens, use this command to redraw it properly. This is always Ctrl R, regardless of the Hot Key prefix

.

You can use the Hotkey

Prefix to lock a serial port only when the Allow Port

Locking parameter is enabled.

Default is hexadecimal 01

(Ctrl-a, ^a)

Use this timer to close a connection because of inactivity. When the idle timeout expires, the router will end the connection because of inactivity.

Range is 0-4294967 seconds (about 49 days)

Default is 0 seconds so the port will never timeout.

261

[

initiate-connection any-char | specific-char

<0-ff>

]

|

[

internet address

<A.B.C.D>

|

<X:X:X::X>

] |

[

ip-aliasing

] |

[

keepalive off | on

]

|

IOLAN SCR Command Line Reference Guide

Interface line mode

Initiates a connection to the specified host when any data is received on the serial port.

Default is Disabled

Initiates a connection to the specified host only when the specified character is received on the serial port.

Default is Disabled

The internet address of this serial port.

Enable and specify an IP address for the serial port.

Enables a per connection

TCP keep-alive feature.

After the configured number of seconds, the connection will send a gratuitous ACK to the network peer, thus either ensuring the connection stays active OR causing a dropped connection condition to be recognized.This parameter needs to be used in conjunction with the

Monitor Connection Status

Interval parameter found under config

serial

.

The interval specifies the inactivity period before

"testing" the connection.

Note: If a network connection is accidentally dropped, it can take as long as the specified interval before anyone can reconnect to the serial port.

Default is Disabled

262

[

lock off | on

] |

[

map-cr-crlf off | on

]

|

modbus [master crlf | entry | protocol] | [slave cflf | protocol | uid-range

]

|

[

modem-init-string

<WORD>

]

|

[

monitor-dsr-dtr on | off

] |

|

[

motd off | on

]

|

[

multihost entry

<1-49> <A.B.C.D>

|

<X:X:X::X>

port

<1-65535>

] |

[

multisessions

<1-8>

] |

[

name

<WORD>

] |

IOLAN SCR Command Line Reference Guide

Interface line mode

When enabled, the user can lock his terminal with a password using the hotkey prefix (ctrl-a) ^a (lowercase

L). The IOLAN prompts the user for a password and a confirmation.

Default is disabled.

When enabled, maps carriage returns (CR) to carriage return line feed

(CRLF).

Default is Disabled

When Modbus/Ascii is selected, adds a CR/LF to the end of the transmission; most Modbus devices require this option.

Default is enabled

Sent the configured initialization string to set up with attached modem.

Monitor for dsr-dtr.

Enables/disables the display of the message of the day.

Default is Disabled

Add a multihost to the multihost table.

The number of extra network connections available on a serial port, in addition to the single session that is always available. Enabling multisessions will permit multiple users to monitor the same console port.

Range is 1– 8

Default is 0

Specify a name.

263

[

packet-forwarding delay-between-messages

<1-65535>

| [enable-end-tigger1 on | off] |

[enable-end-tigger2 on | off] | [enable-eof1 on | off ] | [enable-eof2 on | off] | [enable-sof1 on | off] | [enable-sof2 on | off] | end-trigger1

<0-

0xff>

| end-trigger2

<0-0xff>

| eof1

<0-0xff>

| eof2

<0-0xff>

| force-transmit-timer

<1-65535>

| [forwarding-rule strip-trigger | trigger | trigger+1 | trigger+2] | idle-timer

<1-65535>

|

[mode custom-on-frame-definition | customon-specific-events | minimize-latency | optimize-network-throughput | preventmessage-fragmentation] | packet-size

<1-

1024>

| sof1

<0-0xff>

| sof2

<0-0xff>

| startframe-transmit off | on

] |

[

pages

<1-7>

]

|

[

parity even | mark | none | odd | space

]

[

phone-number

<number>

]

|

|

Interface line mode

This option allow you to define the packet forwarding rules based on the packet definition or the frame.

Default is disabled

When enabled, this group of parameters allows you to set a variety of packet definition options. The first criteria that is met cause the packet to be transmitted.

For example, if you set a

Force transmit timer of

1000 ms and a packet size of 100 bytes whichever criteria is met first is what will cause the packet to be transmitted.

Default is enabled

The number of video pages the terminal supports.

Range: 1-7

Default is 5 pages

Specify the type of parity being used for the data communications on the serial port.

If you want to force a parity type, you can specify

Mark for 1 and Space for 0.

Data Options are Even,

Odd, Mark, Space and

None.

The phone number to use when Dial Out is enabled.

IOLAN SCR Command Line Reference Guide

264

[

ppp accm

<8 hex digits>

| [address-comp on | off] | auth-tmout

<1-255>

| [authentication chap | pap | none] | challenge-interval

<0-255>

| cr-retry

<0-255>

| cr-timeout

<1-255>

|

[dynamic-dns on | off hostname | password | username

<WORD>

] echo-retry

<0-255>

| echo-timeout

<0-255>

| [ipaddr-neg on | off] | ipv6-global-network-prefix

<WORD>

| ipv6local-interface

<WORD >

| ipv6-remote interface

<WORD>

| lipaddr

<A.B.C.D>

| magic-neg on | off | mtu

<64-1500>

| [ms-direct host | guest] | nak-retry

<0-255>

| netmask

<A.B.C.D>

| password

<word>

| [proto-comp off | on] | ripaddr

<A.B.C.D>

| [roamingcallback off | on] | [routing listen | none | send | send-and-listen] | rpassword

<WORD>

| ruser

<WORD>

| tr-retry

<0-255>

| tr-timeout

<1-

255> |

user

<WORD> |

vj-comp on | off

] |

[

reset off | on

]

|

[

rev-session-security off | on

]

|

[

rlogin-client termtype

<WORD>

] |

Interface line mode

Set PPP parameters.

SLIP

– The IPv4 address of the router end of the SLIP link. For routing to work you must enter an IP address in this field. Choose an address that is part of the same network or subnetwork as the remote end; for example, if the remote end is address

192.101.34.146, your local

IP address can be

192.101.34.145. Do not use the router’s (main) IP address in this field; if you do so, routing will not take place correctly.

MTU –

The Maximum

Transmission Unit (MTU) parameter restricts the size of individual SLIP packets being sent by the router.

Enter a value between 256 and 1500. The default value is 256. If your user is authenticated by Radius, this value will be overwritten when you have set a Framed MTU in the

RADIUS server.

When enabled, resets the terminal definition connected to the serial port when a user logs out.

Default is disabled

Sets whether reverse telnet sessions will be authenticated.

Set the terminal type for rlogin sessions.

IOLAN SCR Command Line Reference Guide

265

[

send-name off | on

] |

[

send-port-id off | on

] |

[

service bidir

<A.B.C.D> <1-65535> <1-

65535>

] |

[

service client-tunnel

<A.B.C.D> <1-65535>

] |

[

service direct raw

<A.B.C.D>

| rlogin

<A.B.C.D>

| ssh

<1-65535>

| telnet

<A.B.C.D>

<1-65535>

] |

[

service dslogin

] |

[

service modbus-master

] |

[

service modbus-slave

] |

[

service ppp

]

|

[

service printer

] |

[

service reverse raw [multihost on | off | tcpport

<1-65535>

| multihost] | ssh

<1-65535>

| telnet

<1-65535>

] |

[

service server-tunnel

<1-65535>

] |

Interface line mode

When enabled, the port name will be sent to the host upon session initiation.

This will be done before any other data is sent or received to/from the host.

Default is disabled

Send port-id when enabled.

Used for TCP Sockets,

Reverse and Silent connections. Enter the host to connect to, server port number and host port number.

Enter the host to connect to and host port number.

Set service to direct raw.

Connect to the serial port in

Command Line Interface

(CLI) mode on this port.

Set service modbus master.

Set service to modbus slave.

Select service type as PPP for this serial port.

Select printer type as printer for this serial port.

Set parameters for a reverse raw connection.

Set service to server tunnel connection.

IOLAN SCR Command Line Reference Guide

266

[

service silent raw

<1-65535>

| multihost all | backup

< A.B.C.D> <1-65535> <1-65535>

| none

]

Interface line mode

Multihost – Used for connections coming from the network to the serial port for Trueport or Raw.

Multihost all allows multiple hosts to connect to the serial device.

Backup – Used for connections going from the serial port to the network for

Trueport or Silent Raw services, allows the serialport to communicate to either all the hosts in the multi-host list or a primary/backup host.

Set service to slip.

Set service to trueport.

[

service slip

]

|

[

service trueport client-initiated off

<A.B.C.D> <1-65535>

[multihost all | backup | none] signal-active off | on] | on

<1-65535>

[multihost all | backup | none] | signal-active off | on]

] |

[

service udp

<1-65535>

]

|

[

service vmodem

<1-65535>

]

|

[

sess-timer

<0-4294967>

] |

Set service to udp.

Set service to vmodem.

Use this timer to forcibly close the session/connection when the Session Timeout expires.

Default is 0 seconds so that the port never timeouts.

Range is 0-4294967 seconds (about 49 days)

IOLAN SCR Command Line Reference Guide

267

[

session-strings

<WORD>

| delay terminate

<0-65535>

<WORD>

|

] |

initiate

IOLAN SCR Command Line Reference Guide

Interface line mode

Delay after Send

– If configured, a delay time is sent to the device. This delay can be used to provide the serial device with time to process the string before the session is initiated.

Initiate at Start

– If configured, this string will be sent to the serial device on the power-up of the router or when a kill line command is issued on this serial port. If the "monitor

DSR" or "monitor DCD" options are set, the string will also be sent when the monitored signal is raised.

Range is

0-127 alphanumeric characters. Non printable ascii characters must be entered in this format <027>. The decimal numbers within the brackets must be 3 digits long

(example 003 not 3)

Send at Terminate

– If configured, this string will be sent to the serial device when the TCP session on the LAN is terminated. If multi-host is configured, this string will only be sent in listen mode to the serial device when all multi-host connections are terminated.

Range is

0-127 alphanumeric characters. Non printable ascii characters must be entered in this format <027>. The decimal numbers within the brackets must be 3 digits long

(example 003 not 3)

268

[

[

slip lipaddr | mtu |

<A.B.C.D>

| netmask

<A.B.C.D>

| ripaddr

<A.B.C.D>

| routing listen | none | send | send-and-listen | vj-comp on | off

]

[

speed 115200 | 1200 | 1800 | 19200 | 230400 |

2400 | 28800 | 300 | 38400 | 4800 | 57600 | 600 |

9600 | custom

] |

[

ssh-client authentication [dsa on | off] |

[keyboard-interactive on|off] | [rsa on | off] |

[compression on | off] | [login on | off] | name

<WORD>

| password

<WORD>

| [ssh-2-cipherlist 3des | aes | aes-ctr | aes-gcm | arcfour | blowfish | cast | chacha20-poly1305] | stricthost-key-checking on | off | termtype

<WORD>

| verbose on | off

] |

[

enable on | off

] |

[

type client | server

] |

verify-peer off | on

[

stop-bits 1 | 2

] |

] |

[

version any tlsv1 | tlsv1.1 | tlsv1.2

] |

Interface line mode

Set SLIP parameters.

Set the line speed.

Set up SSH client parameters.

Enable or disable ssl.

Select mode for ssl.

 client

 server

Specify whether the peer will be validated.

Specify the version of tlsv to use.

Specify the number of stop bits.

IOLAN SCR Command Line Reference Guide

269

[

telnet-client echo

<0-0x7f>

| eof

<0-0x7f>

| erase

<0-0x7f>

| escape

<0-0x7f>

| intr

<0-

0x7f>

| line-mode off | on | local-echo off | on

| map-cr-crlf on | off | quit

<0-0x7f>

| termtype

<WORD>

] |

Interface line mode

Echo

– t oggles between local echo of entered characters and suppressing local echo.

Local echo is used for normal processing, while suppressing the echo is convenient for entering text that should not be displayed on the screen, such as passwords. This parameter can be used only when

Enable Line mode is enabled.

Default is disabled

eof

– Defines the end-of-file character. When enabled

Line mode is enabled, entering the EOF character as the first character on a line sends the character to the remote host.

This value is in hexadecimal.

Default is 4 (ASCII value

^D)

This parameter can be used only when Enable Line mode is enabled.

Default is disabled

erase

–Defines the erase character. When Line mode is off, typing the erase character erases one character.

IOLAN SCR Command Line Reference Guide

270

Interface line mode

[

termtype ansi | dumb | hp700 | ibm3151te | term1 | term2 | term3 | tvi925 | vt100 | vt320 | wyse60

] |

IOLAN SCR Command Line Reference Guide

This value is in hexadecimal.

Default is 8 (ASCII value

^H)

escape

– Defines the escape character. Returns you to the command line mode.

This value is hexadecimal.

Default is 1d (ASCII value

GS)

line mode

– When enabled, keyboard input is not sent to the remote host until Enter is pressed, otherwise input is sent every time a key is pressed.

Default is disabled

Local echo

– Toggles between local echo of entered character and suppressing local echo

Local echo is used for normal processing, while suppressing the echo is convenient for entering text that should not be display on the screen such as passwords.

This parameter can only be used when Enable Line

Mode is enabled.

Default is disabled

map cr to crlf

– When enabled, maps carriage return (CR) to carriage return/line feed (CR/LF).

Default is disabled

Quit

Defines the quit character. Typing the quit character closes and exits the current telnet session.

This value is in hexadecimal. Default is 1c

(ASCII value FS)

Specify a terminal type.

271

[

udp entry

<1-4>

| [both | in | out | none] | auto-learn

<A.B.C.D>

|

<X:X:X:X::X>

specific

<1-65535> <A.B.C.D>

|

<X:X:X:X::X>

| in anyport

<A.B.C.D>

|

<X:X:X:X::X> <A.B.C.D>

|

<X:X:X:X::X>

| none | out

<1-65535>

<A.B.C.D>

|

<X:X:X:X::X>

] |

Interface line mode

Entry

– Selects which of the 4 available entries we wish to define/modify. For each entry the user can specify a different IP address range, UDP port and direction of data flow

both|in|out|none

The direction in which information is received or relayed:

None

—UDP service not enabled.

In

LAN to serial. The

IOLANwill listen on the port value configured in the

DS Port parameter for messages coming from the learned or configured port.

Out

Serial to LAN. The

IOLAN will forward data received on the serial port to the IP address range,

UDP port configured for this entry.

Both

—Messages are relayed in both directions.

For messages coming from the LAN to the serial device, the IOLAN must receive a UDP message before it can send one, since the UDP port number is learned from the received message.

IOLAN SCR Command Line Reference Guide

272

[

user

<WORD>

] |

Interface line mode

auto-learn

The IOLAN will only listen to the first port that it receives a UDP packet from.

Auto learn is applicable when direction is set to In or

Both.

any-port

The IOLAN will receive messages from any port sending UDP packets

Applicable when direction is set to In.

specific

The port that the IOLAN

<

start_IP_address

>

The first host IP address in the range of IP addresses

(for IPV4 or IPV6) that the router will listen for messages from and/or send messages to.

IOLAN

<

end_IP_address

>

The last host IP address in the range of IP addresses

(for IPV4, not required for

IPV6) that the IOLAN will listen for messages from and/or send messages to.

Specify a username.

IOLAN SCR Command Line Reference Guide

273

[

vmodem echo off | on] | [failure-string

<WORD>

] | [host

<A.B.C.D>

|

<X:X:X:X::X>

] |

[init-string

<WORD>

| mode [auto | manual] | port

<1-65535>

| response-delay

<1-999>

|

[signals cts always-high | represent-ri] | dcd always-high | follow-connection] | [style numeric | verbose] | success-string

<WORD>

| suppress off | on

]}

Interface line mode

Echo

When enabled, echoes back characters that are typed in

(equivalent to ATE0/ATE1 commands) Disabled by default

Failure-string

String that is sent to the serial device when a connection fails. If no string is entered, the string NO

CARRIER will be sent.

host

Host

The target host name

.

init-string

You can specify additional vmodem commands that will affect how vmodem starts. The following commands are supported:

ATQn, ATVn, ATEn, ATS0,

AT&Z1, AT&Sn,

AT&Rn, AT&Cn, AT&F,

ATS2, ATS12, and ATDS1.

See

VModem Initialization

Commands

in the

Router’s

User’s Guide

for a more detailed explanation of the support initialization commands.

mode

Auto mode establishes the connection when the line becomes active. You must supply the AT command or phone number that will start the connection.

port

The port number the target host is listening on for messages.

IOLAN SCR Command Line Reference Guide

274

Interface line mode

IOLAN SCR Command Line Reference Guide response-delay

The amount of time, in milliseconds, before an AT response is sent to the requesting device. The default is 250 ms.

signals dcd

Controls the state of the

DCD signal.

 always-high = DCD

 signal will always stay high follow-connection =

DCD signal will be high when an end to end connection is established and low when it is not

Since the IOLAN does not have a physical DCD pin, you need to re-map the

DTR or RTS signal to DCD to have the signal present.

(see next option).

signals dtr

You can specify how the

DTR signal pin acts during your modem application connection, as itself (DTR), as DCD, or as RI.

signals rts

You can specify how the

RTS signal pin acts during your modem application connection, as itself (RTS), as DCD, or as RI.

style

One of the following:

Verbose

—Return codes

(strings) are sent to the connected device.

Numeric

—The following characters can be sent to the connected device:

275

Interface line mode

0

OK

1

CONNECTED

2

RING

3

NO CARRIER

4

ERROR

6

INTERFACE DOWN

7

CONNECTION

REFUSED

8 NO LISTENER

success-string

String that is sent to the serial device when a connection succeeds. If no string is entered, then the string CONNECT will be sent with the connecting speed for example

CONNECT 9600

suppress

When enabled, the connection success/failure indication strings are sent to the connected device, otherwise these indications are suppressed. The default is disabled.

PerleSCR(config-line)#

Command Modes

Usage Guidelines

Set line tty parameters.

Examples

This example disables CLI mode for tty 8.

PerleSCR(config)#tty 8 mode disable<cr>

Related Commands

(config-line)#console

(config-line)#tty

[

(config-line)#vty

{[

accounting exec

<WORD>

| default login

<WORD>

default

]

|

[

width

] | [

|

exec-timeout

<0-35791> <0-2147483>

] |

authorization exec

[

<0-512>

history size

]}

0-256>

<WORD>

] | [

length

| default

0-512>

]

]

|

|

IOLAN SCR Command Line Reference Guide

276

Interface line mode

Use the no form of this command to negate a command or set its defaults.

Syntax Description

(config-line)#vty

[

accounting exec

<WORD>

| default

] |

|

[

authorization exec

<WORD>

| default

]

[

exec-timeout

<0-35791> <0-2147483>

|

Accounting parameters.

Authorization parameters.

Time in minutes and seconds for

CLI to timeout on the vty session.

[

history size

0-256>

] |

[

length

0-512>

] |

Sets the size of the history buffer.

Number of lines displayed on the screen. Type 0 for no pausing at end of page.

[

login

<WORD>

default

]

|

[

width

<0-512>

]}

Command Modes

Login authentication parameters.

Terminal screen width.

PerleSCR>enable

PerleSCR>config

PerleSCR#line vty<cr>

PerleSCR#

Usage Guidelines

Set line vty paramters.

Examples

Set terminal width to 132.

PerleSCR#line vty<cr>

PerleSCR#width 132<cr>

Related Commands

(config-line)#tty

(config-line)#console

IOLAN SCR Command Line Reference Guide

277

advertisement

Key Features

  • Comprehensive set of commands for configuring and managing Perle devices
  • Easy-to-use interface
  • Supports a wide range of Perle devices
  • Secure and reliable
  • Free to download and use

Questions & Answers

2024-06-28

P P G

How to save the current device configuration?
Use the command `copy running-config startup-config` to save the running configuration to the startup configuration, which is stored in non-volatile memory.

Frequently Answers and Questions

What is Perle CLI?
Perle CLI is a command-line interface that provides a comprehensive set of commands for configuring and managing your Perle device.
What can I do with Perle CLI?
With Perle CLI, you can perform a wide range of tasks, including managing users and groups, configuring network settings, monitoring system status, and troubleshooting and diagnostics.
Is Perle CLI easy to use?
Yes, Perle CLI is easy to use. It features a simple and intuitive interface that makes it easy to find the commands you need.
Is Perle CLI secure?
Yes, Perle CLI is secure. It uses a variety of security measures to protect your data, including encryption and authentication.
Is Perle CLI free to use?
Yes, Perle CLI is free to download and use.

Related manuals

Download PDF

advertisement

Table of contents