Global Configuration Mode. Perle CLI
Perle CLI is a command-line interface that provides a comprehensive set of commands for configuring and managing your Perle device. With Perle CLI, you can perform a wide range of tasks, including:
- Managing users and groups
- Configuring network settings
- Monitoring system status
- Troubleshooting and diagnostics
Perle CLI is a powerful tool that can help you to get the most out of your Perle device.
Advertisement
Advertisement
aaa
4
Global Configuration Mode
This chapter defines all the CLI commands in Global Configuration Mode.
Chapter 4
aaa
{[
accounting dot1x default start-stop group
<WORD>
radius | tacacs
] |
[
authentication attempts login
<1-25>
| [dot1x default group
<WORD>
| radius] |
[login
<WORD>
| default group | local | none | radius | tacacs] | [login
<WORD>
| default group | local | none | radius | tacacs | [two-factor pin-attempts
<1-10>
| pinsize
<4-6>
| pi n-tries
<1-10>
]
] |
[
authorization console | exec
<WORD>
| group | if-authenticated | local | none | radius
| tacacs
] |
[
group server radius
<WORD>
| tacacs
<WORD>
] |
[
local authentication attempts max-fail
<1-65535>
] |
[
password restriction min-group
<1-4>
| min-len
<1-64>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description aaa
{[
accounting dot1x default start-stop group
<WORD>
radius | tacacs
] |
Records when users access the router to manage it and also when the router is rebooted. If using groups a predefined group must have been previously created.
[
authentication attempts login
<1-25>
| [dot1x default group
<WORD>
| radius] | [login
<WORD>
| default group | local | none | radius | tacacs] |
[login
<WORD>
| default group | local
| none | radius | tacacs | [two-factor pin-attempts
<1-10>
| pin-size
<4-6>
| pin-tries
<1-10>
]
] |
[
authorization console | exec
<WORD>
| group | if-authenticated | local | none | radius | tacacs
] |
[
group server radius
<WORD>
| tacacs
<WORD>
] |
[
local authentication attempts max-fail
<1-65535>
] |
[
password restriction min-group
<1-
4>
| min-len
<1-64>
]}
Specify the authentication parameters.
Specify the authorization parameters.
Specify a group server for Radius or
TACACS if applicable.
Specify how many times a local user can attempt to authenticate.
Specify password restrictions.
Command Modes
PerleSCR(config)#aaa
Usage Guidelines
Set up Authentication, Authorization and Accounting.
130
Global Configuration Mode
Examples
This example shows you how to set authentication attempts to 10.
PerleSCR(config-archive)#aaa authentication attempts 10<cr>
Related Commands
alarm alarm facility[power-supply rps disable | notifies | syslog]
| [
profile
<WORD>
Use the no form of this command to negate a command or set its defaults.
]}
Syntax Description alarm
[
facility rps disable | notifies | syslog
Redundant power supply settings
[
profile
<WORD>
]}
See
for configuring parameters.
Command Modes
PerleSCR(config)#alarm
Usage Guidelines
Set up environmental facilities.
Examples
This example enables syslog logger for redundant power supply messages.
PerleSCR(config)#alarm facility power-supply rps syslog<cr>
Related Commands
(config-alarm-profile)
{[
alarm link-fault | not operating
] |
[
notifies link-fault | not operating
] |
[
relay minor | not operating
] | [
syslog link-fault | not operating
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description (config-alarm-profile)#
{[
alarm link-fault | not operating
]
|
Specify the type of alarm to monitor for.
IOLAN SCR Command Line Reference Guide
131
Global Configuration Mode
[
[
[
notifies relay-major link-fault | syslog link-fault link-fault
| not operating not operating
]}
] |
not operating
]
|
Sends a trap/notification to the configured SNMP host trap receivers on the triggering and clearing of the alarm.
Energizes/de-energizes relay on the triggering and clearing of an alarm
System messages will be logged to the configured logging destinations on the triggering and clearing of the alarm.
PerleSCR(config-alarm-profile)#
Command Modes
Usage Guidelines
Sets alarm profile parameters.
Examples
This example shows you how to configure alarm profile to monitor for link fault and send a syslog message tot the configured server.
PerleSCR(config))#alarm profile test-alarm<cr>
PerleSCR(config-alarm-profile)#alarm link-fault:<cr>
PerleSCR(config-alarm-profile)#syslog link-fault<cr>
Related Commands
archive
(config-archive)
{[
maximum
1-14
] |
[
path flash: | ftp: | http: | https: | scp: | sftp | tftp:
] |
[
time-period
0-525600
] |
[
update-sw check
] |
[
write memory
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description (config-archive)#
{[
maximum
1-14
]
|
Number of archives copies of the configurations to be keep in the archive list. Archive list can contain between 1-14 configurations.
IOLAN SCR Command Line Reference Guide
132
Global Configuration Mode
[
[
[
[
path flash: | ftp: | http: | https: | scp: | sftp | tftp:
] |
time-period
0-525600
update-sw check write memory
]}
Command Default
Command Modes
] |
] |
Path must exist. Default path is the same as the no form of the command.
Time period is the time in minutes to automatically save the running configuration to a archive file.
Check weekly for any software updates
Write memory enables the saving of the configuration to an archive file every time you copy runningconfig to start-up config no path maximum 10 no time-period no write-memory
PerleSCR#archive <cr>
PerleSCR(config-archive)#
Usage Guidelines
This is the full path to where the archive configuration files will be kept.
flash:
perle-image-name.img
ftp:
[[//username[:password]@location]/directory]/perle-image-name.img
http:/
/
[[username:password]@][hostname name.img
|
host-ip [directory] /perle-image-
https:/
/
[[username:password]@][hostname name.img
|
scp:
|
host-ip [directory] /perle-image-
[[username@location]/directory]/perle-image-name.img
|
sftp:
[[//username[:password]@location]/directory]/perle-image-name.img
tftp:
[[//location]/directory]/perle-image-name.img
|
IOLAN SCR Command Line Reference Guide
133
Global Configuration Mode
Examples
This example shows you how to set up a archive path to be used with the writememory command.
PerleSCR(config-archive)#path flash:<cr>
PerleSCR(config-archive)#exit<cr>
PerleSCR(config)#exit
PerleSCR#copy running-config startup-config
Destination filename[startup-config]?<cr>
5643 bytes copied
Copy in progress...
5643 bytes copied
If no file name is supplied by you, then your running config will be named with the current date and time. See below.
PerleSCR#dir flash:
Directory of flash:
130322 -rw- 5643 May 12 2016 14:17 -04:00 -May-12-14-17-50-1
130321 -rw- 5643 May 12 2016 14:14 -04:00 -May-12-14-14-16-0
Related Commands
arp arp
{
<A.B.C.D> <H.H.H>
}
Use the no form of this command to negate a command or set its defaults.
Syntax Description arp
{
<A.B.C.D> <H.H.H>
}
Adds static arp entry to the arp table.
Command Modes
PerleSCR(config)#arp
Usage Guidelines
Adds arp entry to arp table.
Examples
Add this arp to the arp table.
PerleSCR(config)#arp 172.16.44.55 1234.1234.1234 <cr>
Related Commands
IOLAN SCR Command Line Reference Guide
134
Global Configuration Mode
banner banner
{[
<LINE>
]
|
|
[
login
<LINE>
]
|
[
motd
<LINE>
]
|
[
prompt-timeout
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description banner
{[
<LINE>
] | c banner-text c (c is used as the delimiting character).
[
login
<LINE>
]
|
Configure the prompt to be displayed before the login prompt.
[
motd
<LINE>
] |
Specify message of the day (motd) for your users to see on login.
[
prompt-time
<LINE>
]}
|
This message will be displayed if the user does not login in based on time parameter under users.
Command Modes
PerleRouter(config)#banner
Usage Guidelines
Banner applies to all consoles and vty sessions.
Examples
Display a message of the day at login.
PerleSCR(config)#banner motd line<cr>
Enter text message. End with the character ’l’ l
Good morning crew
Enter configuration commands, one per line. End with CNTL/Z
Related Commands
bridge bridge
{[
<1-9999>
protocol ieee
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description bridge
{[
<1-9999>
protocol ieee
]}
Set bridge to use protocol IEEE
802.3 for routing.
Command Modes
PerleSCR(config)#bridge
IOLAN SCR Command Line Reference Guide
135
Global Configuration Mode
Usage Guidelines
Set the bridge to use ieee protocol.
Examples
Set bridge 1 to use protocol ieee.
PerleSCR(config)#bridge 1 protocol ieee<cr>
boot boot
{[
host dhcp | retry timeout
<600-65535>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description boot
{[
host dhcp | retry timeout
<600-
65535>
]} host dhcp – enables ZTP (Zero
Touch provisioning). Download configuration via DHCP.
host retry timeout – sets the time in seconds to wait for ZTP to complete
(including time to download config or software) no boot host retry timeout – waits indefinitely for ZTP to complete
Command Modes
PerleSCR(config)#boot
Usage Guidelines
Use this command to enable ZTP. This command allows you to download your config and firmware via your DHCP server.
Examples
This example sets ZTP so that configuration and firmware files will be downloaded from your DHCP server.
PerleSCR(config)#boot host dhcp<cr>
clock clock
{[
summer-time
<name-of-timezone >
] |
date <
1-31> <month-to-start >
<hh:mm> <1-31> <month-to-end > < hh:mm > <1-1440-in-minutes>
| recurring
<
1-4 >
<
first week> <last week>
[
timezone <
name-of-time-zone> <-23 - 23 > <0-59>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description clock
IOLAN SCR Command Line Reference Guide
136
Global Configuration Mode
[
[
summer-time date <
1-31> <month-to-start >
<hh:mm> <1-31> <month-to-end > < hh:mm > <1-1440-in-minutes>
| recurring <
1-4 >
<
first week> <last week>
]
|
timezone <
23 > <0-59> name-of-time-zone> <-23 -
]}
<name-of-timezone >
Command Default
Name of the summer time zone followed by start/end dates
numeric value for the day of the month to start summer timezone 1-
31, name of the month to start
January, February, March, April,
May, June, July, August, September,
October, November, December.
,
time to start in hours (24) and minutes
,
numeric value for the day of the month to end summer timezone 1-31, name of the month to end (January, February, March,
April, May, June, July, August,
September, October, November,
December), time to end in hours(24), offset in minutes 1-1440
Name of the timezone
-
Hours/minutes offset are going to be hours/minutes offset from utc
(universal time clock).
clock timezone EST 5 clock summer-time EDT recurring 2
Sun Mar 2:00 1 Sun Nov 2:00 60
PerleSCR(config)#
Command Modes
Usage Guidelines
Configure time of day clock.
Examples
This example sets the clock 5 hours off from UTC.
PerleSCR(config)#clock timezone ont-time-zone -5 <cr>
Related Commands
crypto crypto
{[
[ipsec client
<WORD>
|enable | esp-group
<WORD>
| ike-group
<WORD>
| import ipsec.conf terminal | url flash: | ftp: | https: | https: | scp: | sftp: | tftp:] | l2tp | nat-network
<A.B.C.D/16>
| nat-traversal
] |
[
key export rsa public | terminal | des
<WORD>
| url flash: | ftp: | http: | https: | scp: | sftp: | tftp:] | [generate rsa modulus
<1024-4096>
] | [import client rsa pem
| pkcs12 terminal password
<LINE>
| url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | ssh-host rsa terminal
<LINE>
| [zeroize rsa]
] |
IOLAN SCR Command Line Reference Guide
137
Global Configuration Mode
[
[openvpn connection
<WORD>
] | [enable] | [generate secret
<NAME>
] | [import ca
<NAME>
| cert
<NAME>
| dh
<WORD>
| key
<NAME>
| secret
<NAME>
| template
<NAME> |
terminal | url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | zeroize ca
<NAME>
| cert
<NAME>
key
<NAME>
] | [cert
<NAME>
terminal | url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | [dh
<WORD>
] | [key
<NAME>
terminal | url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | secret
<NAME>
] |
[template
<NAME>
]
] |
[
pki import client pem | pkcs12 terminal password
<LINE>
| url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | https pem | pkcs12 terminal password
<LINE>
url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | https pem | pkcs12 terminal password
<LINE>
| url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | [https pem
| pkcs12 terminal password
<LINE>
url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | openvpn ca
<NAME>
| cert
<NAME>
| key
<NAME>
] | server pem | pkcs12 erminal password
<LINE>
url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | [zeroize https openvpn ca
<NAME>
cert
<NAME>
key
<NAME>
] |
[
ssl algorithm encryption suite-b-tls | tls-1.2
]}
Use the no form of this command to negate a command or set its defaults
Syntax Description crypto
[
[ipsec client
<WORD>
|enable | esp-group
<WORD>
| ike-group
<WORD>
| import ipsec.conf terminal | url flash: | ftp: | https: | https: | scp: | sftp: | tftp:] | l2tp | nat-network
<A.B.C.D/16>
| nat-traversal
] |
Configure IPSEC client.
[
key export rsa public | terminal | url flash: | ftp: | http: | https: | scp: | sftp: | tftp:] |
[generate rsa modulus
<1024-4096>
] | [import client rsa pem | pkcs12 terminal password
<LINE>
| url flash: | ftp: | http: | https | scp: | sftp: | tftp: |ssh-host rsa terminal | url | flash: | ftp: | http: | https | scp: | sftp: | tftp:] | [zeroize rsa]
] |
[
[openvpn connection
<WORD>
] | [enable] |
[generate secret
<NAME>
] | [import ca
<NAME>
| cert
<NAME>
| dh
<WORD>
| key
<NAME>
| secret
<NAME>
| template
<NAME> |
terminal | url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | zeroize ca
<NAME>
| cert
<NAME>
key
<NAME>
] |
Key and Certificates.
OpenVPN configuration.
IOLAN SCR Command Line Reference Guide
138
[
pki import client pem | pkcs12 terminal password
<LINE>
| url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | https pem | pkcs12 terminal password
<LINE>
url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | https pem | pkcs12 terminal password
<LINE>
| url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | [https pem | pkcs12 terminal password
<LINE>
url flash: | ftp: | http: | https | scp: | sftp: | tftp:] | openvpn ca
<NAME>
| cert
<NAME>
| key
<NAME>
] | server pem | pkcs12 erminal password
<LINE>
url flash: | ftp: | http: | https
| scp: | sftp: | tftp:] | [zeroize https openvpn ca
<NAME>
cert
<NAME>
key
<NAME>
| server
<WORD>
] |
[
ssl algorithm encryption suite-b-tls | tls-1.2
]}
Command Modes
Usage Guidelines
Set encryption parameters.
Examples
This example sets ipsec to enable.
PerleSCR(config)# crypto ipsec enable<cr>
Related Commands
Global Configuration Mode
Keys and Certifications.
Set SSL encryption method.
PerleSCRconfig)#crypto
(config-client)
{[
authentication identify
<WORD>
| pre-shared-key
<WORD>
| remote-identity
<WORD>
| x509
<LINE>
| trustpoint <
CA-FILE>
] |
[
connection-type disable | initiate | respond
] |
[
ike-group
<WORD>
] |
[
local-address
<A.B.C.D>
|
<X:X:X:X::X:X>
| any
] |
[
tunnel
<1-429467295>
] |
esp-group
<WORD>
|
local-address
<A.B.C.D/N | X:X:X:X::X/N>
| remoteaddress
<A.B.C.D/N | X:X:X:X::X/N>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-client)
IOLAN SCR Command Line Reference Guide
139
Global Configuration Mode
{[
authentication identify
<WORD>
| preshared-key
<WORD>
| remote-identity
<WORD>
| x509
<LINE>
| trustpoint <
CA-
FILE>
] |
Sets the local authentication identity.
[
connection-type disable | initiate | respond
] |
Set connection type:
initiate respond disable
[
ike-group
<WORD>
] |
[
local-address
<A.B.C.D>
|
<X:X:X:X::X:X>
| any
] |
[
tunnel
<1-429467295>
|
esp-group
<WORD>
|
local-address
<A.B.C.D/N | X:X:X:X::X/N>
| remote-address
<A.B.C.D/N |
X:X:X:X::X/N>
]}
Sets IPSEC IKE configuration.
Sets local IPSEC interface.
Sets client tunnel definitions.
Command Modes
PerleSCR(config-client)#
Usage Guidelines
Configure IPSEC.
Examples
This example sets IPSEC client type to initiate.
PerleSCR(config-client)# connection-type initiate <cr>
Related Commands
(config-connection)
{[
ca
<WORD>
] |
[
cert
<NAME>
] |
[
cipher aes-128-cbc | aes-128-gcm | aes-192-cbc | aes-192-gcm | aes-256-cbc | aes-
256-gcm | bf-cbc | camellia-128-cbc | camellia-192-cbc | camellia-256-cbc | cast5-cbc | des-cbc | des-ede-cbc | des-ede3cbc | des-cbc | rc2-40-cbc | rc2-64-cbc | rc2-cbc | seed-cbc
[
client
] |
[
comp-lzo adaptive | no | yes
] |
] |
[
dev
<0-999>
] | [
dh
<WORD>
] |
[
dh
<WORD>
] |
[
ifconfig
<A.B.C.D> <WORD> <A.B.C.D><WORD>
] |
IOLAN SCR Command Line Reference Guide
140
Global Configuration Mode
[
keepalive
<1-65535> <1-65535>
] |
[
key
<WORD>
] |
[
lport
<1-65535>
] | [
persist-tun
] | [
port
<1-65535>
] |
[
pull
] |
[
remote
<A.B.C.D> <WORD> <X:X:X:X::X> <1-65535>
| tcp | udp
] |
[
remote-cert-tls client | server
] |
[
rport
<1-65535>
] |
[
secret
<NAME>
] |
[
server
<A.B.C.D> <A.B.C.D>
no pool
] |
[
server-ipv6
<X:X:X:X::X>
] |
[
template
<WORD>
] |
[
tls-client
] |
[
tls-server
] |
[
user-pass
<WORD> <WORD>
0 | 7
] |
[
verb
<0-11>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-connection)
{[
ca
<WORD>
] |
[
cert
<NAME>
] |
Sets PKI CA trustpoint.
Sets PKI certificate.
Set cipher to use in this connection.
[
cipher aes-128-cbc | aes-128-gcm | aes-
192-cbc | aes-192-gcm | aes-256-cbc | aes-
256-gcm | bf-cbc | camellia-128-cbc | camellia-192-cbc | camellia-256-cbc | cast5-cbc | des-cbc | des-ede-cbc | desede3-cbc | des-cbc | rc2-40-cbc | rc2-64cbc | rc2-cbc | seed-cbc
] |
[
client
] | Enable client mode if TCP mode is used with the remote command or if you receive the OpenVPN message "Options error: --proto tcp is ambiguous in this context.
Please specify --proto tcp-server or --proto tcp-client
IOLAN SCR Command Line Reference Guide
141
Global Configuration Mode
[
[
[
[
[
[
[
[
[
comp-lzo adaptive | no | yes dev dh keepalive key pull
<0-999>
<WORD>
lport
] |
[
ifconfig
<A.B.C.D> <WORD> <A.B.C.D>
<WORD>
] |
<WORD>
<1-65535>
persist-tun port
] |
] |
] |
]
<1-65535>
|
]
]
|
|
] |
<1-65535> <1-65535>
] |
Compression is *not* recommended for security reasons.
In cases where the OpenVPN server pushes the request "complzo no" to connecting clients, the client side will break with repeated "write to TUN/TAP :
Invalid argument (code=22)" errors unless it too has already specified "comp-lzo no. If you are a client and are using `pull` to get settings from the server, the connection may fail with that same message. To overcome this issue `comp-lzo no` must be defined in your connection.
Note:
the "no comp-lzo" (the default) turns off the entire compression subsystem which is required for connections not using compression.
Set the OpenVPN interface number.
Sets Diffie-Hellman parameters.
Configure the local and the remote IP addresses for each side of the connection. Reverse the ip addresses when configuring "the other end".
Sets the keepalive interval (in seconds) and the keepalive timeout (in seconds).
Sets PKI private key.
Set the port to use on the local side.
default is 1194
Keep tun device between restarts.
Sets the port to use on both sides of the connection.
Pull the configuration from the server.
IOLAN SCR Command Line Reference Guide
142
Global Configuration Mode
[
[
[
remote
<A.B.C.D> <WORD>
<X:X:X:X::X> <1-65535>
| tcp | udp
] |
remote-cert-tls client | server rport
<1-65535>
] |
] |
Set the remote host for connection.
Sets peer certificate checking as client or server.
When this is used with a TLS connection, the peer's certificate credentials are validated using the CA certificate referred to by the "ca" command.
This is recommended to mitigate man-in-the-middle attacks but can be left off if the signing CA certificate is not currently available.
Sets the port to use on the remote side.
Set the Pre-Shared secret key.
[
[
[
secret
<NAME>
] |
server
<A.B.C.D> <A.B.C.D>
server-ipv6
<X:X:X:X::X>
] |
no pool
] |
Sets OpenVPN IPv4 server parameters.
Sets OpenVPN IPv6 server parameters.
Set connection template.
[
template
<WORD>
] |
[
tls-client
] |
[
tls-server
] |
[
user-pass
<WORD> <WORD>
0 | 7
] |
Set to act as a TLS client.
Set to act as a TLS server.
Set authentication parameters for the client (your IOLAN to login
OpenVpn servers.
Sets verbosity level. (debug)
[
verb
<0-11>
]}
Command Modes
PerleRoute(config-connection)#
Usage Guidelines
Configure IPSEC parameters.
Examples
Set cipher for IPSEC connection.
PerleSCRr(config-connection)# cipher aes-128-cbc<cr>
IOLAN SCR Command Line Reference Guide
143
Global Configuration Mode
Related Commands
(config-esp)#
{[
compression
] |
[
lifetime
<30-86400>
] |
[
mode transport | tunnel
] |
[
pfs
] |
[
proposal
<1-65535>
[encryption 3des | aes128 | aes128gcm182 | aes256 | aes256gcm128 | chacha20poly1305] | [hash md5 | sha1 | sha256 | sha384 | sha512]
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-esp)#
{[
compression
] |
Sets compression for IPsec connection.
[
lifetime
<30-86400>
] |
The tunnel will expires after no activity.
Range is 30 – 86400
Default is 1800 seconds
[
mode transport | tunnel
] |
Sets the tunnel mode.
Transport mode – payload encrypted; headers clear
Transport mode – both headers and payload encrypted.
[
pfs
] |
PFS on will improve security forcing a new key exchange for each new session. Both sides of the VPN tunnel must be able to support this option.
Enabling PFS by renewing keys more often will have a little performance impact but provide further security.
[
proposal
<1-65535>
[encryption 3des
| aes128 | aes128gcm182 | aes256 | aes256gcm128 | chacha20poly1305] |
[hash md5 | sha1 | sha256 | sha384 | sha512]
]}
Sets IKE/ESP proposal.
Command Modes
PerleSCR(config-esp)#
Usage Guidelines
Sets IPsec configuration.
IOLAN SCR Command Line Reference Guide
144
Global Configuration Mode
Examples
Set esp group mode to transport.
PerleSCR(config-esp)# mode transport <cr>
Related Commands
(config-ike)#
{[
aggressive-mode
] |
[
dpd action clear | hold | restart
] |
[
dpd action clear | hold | restart
|
interval
<2-86400>
| timeout
<10-86400>
] |
[
ike-version ike | ikev1 | ikev2
] | [
lifetime
<30-86400>
] | [
proposal [dh-group 2 | 5
| 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26] | [encryption 3des | aes128 | aes128gcm128 | aes256 | aes256gcm256 | chacha20poly1305] | [hash md5 | sha1 | sha256 | sha384 | sha512]
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-ike)#
{[
aggressive-mode
] |
Aggressive mode takes part in fewer packet exchanges.
Aggressive mode does not give identity protection of the two IKE peers, unless digital certificates are used. This means VPN peers exchange their identities without encryption (clear text). It is not as secure as main mode, but the advantage to aggressive mode is that it is faster than Main mode.
You must use aggressive mode if one or both peers have dynamic external IP addresses or if you need to use Network Address
Translation Traversal (NAT-T)
Default is off
IOLAN SCR Command Line Reference Guide
145
Global Configuration Mode
[
[
[
dpd action clear | hold | restart ike-version ike | ikev1 | ikev2 lifetime
<30-86400>
] |
] |
] |
[
proposal [dh-group 2 | 5 | 14 | 15 | 16 | 17
| 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26] |
[encryption 3des | aes128 | aes128gcm128 | aes256 | aes256gcm256 | chacha20poly1305] | [hash md5 | sha1 | sha256 | sha384 | sha512]
]}
Command Modes
DPD is a method of detecting a dead Internet Key Exchange
(IKE) peer. This method uses
IPsec traffic patterns to minimize the number of messages required to confirm the availability of a peer. DPD is used to reclaim the lost resources in case a peer is found dead.
Clear –terminate the VPN connection over the detection timeout. You must manually re-initiate the VPN connection.
We recommend that you use
Clear when the remote peer uses dynamic IP address.
Hold –traffic from your local network to the remote network can trigger the router to reinitiate the VPN connection over the detection timeout. We recommend that you use Hold when the remote peer uses a static IP address
Restart –re-initiate the VPN connection for three times over the detection timeout.
Default Action is Hold
Interval is 30 seconds
Timeout is 120 seconds
Select IKE version to use. IKE will use IKEv2 but switch to
IKEv1 depending on the peer.
Default is IKEv2
Time to keep connection alive.
Range is 30-86400
Default is 3600 seconds
Sets IKE/ESP proposal.
Dh-default is 2
Encryption default is aes256
Hash default is SHA1
PerleSCR(config-ike)#
IOLAN SCR Command Line Reference Guide
146
Global Configuration Mode
Usage Guidelines
Sets IKE configuration.
Examples
Set dead peer detection to restart.
PerleSCR(config-ike)# dpd action restart <cr>
Related Commands
(config-12tp)#
{[
client-ip-pool
<A.B.C.D> <A.B.C.D>
] |
[
dns-server
<1-2> <A.B.C.D>
] |
[
outside-address
<A.B.C.D>
] |
[
pre-shared-key
<WORD>
] |
[
username
<WORD>
password
<WORD>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-l2tp)#
{[
client-ip-pool
<A.B.C.D> <A.B.C.D>
] |
Sets L2TP client ip pool addresses to be used by the clients.
[
dns-server
<1-2> <A.B.C.D>
] |
[
outside-address
<A.B.C.D>
] |
Sets L2TP DNS servers.
Sets the L2TP server remote address.
[
pre-shared-key
<WORD>
] |
Use the given pre-shared secret.
[
username
<WORD>
password
<WORD>
]}
Configure L2TP user name and password for this connection.
Command Modes
PerleSCR(config-l2tp)#
Usage Guidelines
Use these commands to setup parameters for L2TP connections.
L2TP connections.
Examples
Set username and password for L2TP connection.
PerleSCR(config-l2tp)# username lyn password test <cr>
IOLAN SCR Command Line Reference Guide
147
Global Configuration Mode
Related Commands
dot1x dot1x
{[
credential
<profile-name>
] |
[
logging
] |
[
system-auth-control
] |
[
test timeout
<1-65535>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description dot1x
{[
credential
<profile-name>
] |
Create a dot1x credential profile.
[
logging
] |
[
system-auth-control
] |
Log dot1x messages
You must enable dot1x systemauth-control if you want to use
802.1x access controls on any port on the router. You can then use the port control command on each specific port on which you want
802.1x access controls to be used.
[
test timeout
<1-65535>
]}
The readiness check is typically used before 802.1x is enabled on the router. Set the timeout for
EAPOL devices that don’t respond in the specified time frame.
Command Modes
PerleSCR(config)#
Usage Guidelines
The 802.1x readiness check monitors 802.1x activity on all the IOLAN serial ports and displays information about the devices connected to the ports that support
802.1x. You can use this feature to determine if the devices connected to the IOLAN serial ports are 802.1x-capable
Examples:
This example will create a credential profile called testcrd, then you need to set dotx1 authentication on Ethernet interfaces in order to multihost.
Note: You must enable system -auth-control if you want to authenticate dot1x devices.
PerleSCR(config)#dot1x credential testcred<cr>
PerleSCR(config)#interface ethernet 1 <cr>
PerleSCR(config-if)#authentication mult-auth <cr>
IOLAN SCR Command Line Reference Guide
148
Global Configuration Mode
Related Commands
(config-dot1x-creden)#
{[
password
< 0 > <LINE> | <7 > <LINE>
] |
[
username
<name>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-dot1x-creden)#
{[
password
< 0 > <LINE> | <7>
<LINE> | hex-string>
] |
0 - specifies that an unencrypted password will follow.
7- specifies that an hidden password will follow.
[
username
<name>
]
}
Specify a username.
Command Modes
PerlesCR(config)#dot1x credential your-name
PerleSCR(config-dot1x-creden)#
Usage Guidelines
Sets dot1x credentials.
Examples
This example will set the set the password for profile name testing to an encrypted password.
PerleSCR(config)#dot1x credential testing<cr>
PerleSCR(config-dot1x-creden)# password 7 DB0UeI1lynwOKW/j1 <cr>
Related Commands
eap eap
{[
profile
<WORD>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description eap
{[
profile
<WORD>
]}
Configure EAP profiles.
Command Modes
PerleSCRconfig)#
Usage Guidelines
Use this command to create EAP profiles.
IOLAN SCR Command Line Reference Guide
149
Global Configuration Mode
Related Commands
(config-eap-profile)#
{[
method gtc | leap | md5 | mschapv2 | peap | tls | [ttls chap |eap-gtc |eap-md5 | eap-mschapv2 | mschap | mschapv2 | pap]
] | [
pki-trustpoint
<WORD>
Use the no form of this command to negate a command or set its defaults.
]}
Syntax Description (config-eap-profile)#
|
{[
method gtc | leap | md5 | mschapv2 | peap | tls | [ttls chap |eap-gtc |eap-md5 | eap-mschapv2 | mschap | mschapv2 | pap]
]
Select the method of encapsulating sensitive information such as passwords to be authenticated from the
IOLAN
[
pki-trustpoint
<WORD>
]}
The certificate authority you trust. This is a self-signed certificate that you create here
Command Modes
PerleSCR(config)#
Usage Guidelines
EAP is simply an authentication framework that defines the transport and usage of identity credentials. EAP encapsulates the usernames, passwords, certificates, and tokens, etc. that a client is sending for purposes of authentication.
A trustpoint is basically a certificate authority who you trust, and it is called a trustpoint because you implicitly trust this authority. The idea is that by trusting a given self-signed certificate, then your PKI system will automatically trust any other certificates signed with that trusted certificate
You need to create an eap profile before you can set these parameters.
Examples
This example shows you how to set the method to gtc.
PerleSCR(config)#method gtc<cr>
Related Commands
email email
{[
enabled
] |
[
encryption
<none | ssl | tls>
] |
[
from
<WORD>
] |
IOLAN SCR Command Line Reference Guide
150
Global Configuration Mode
[
recipient
<WORD>
] |
[
smtp-server
<WORD> | <A.B.C.D> | <X:X:X:X::X:X>
] |
[
username certificate
]}
<WORD>
| password
<0 LINE> | 7 <WORD> | LINE>
] | [
Use the no form of this command to negate a command or set its defaults.
validate-
Syntax Description email
{[
enabled
] |
Enable the email feature.
{[
encryption
<none | ssl | tls>
] |
[
from
<WORD>
] |
Use selected encryption.
Format is [email protected]
[
recipient
<WORD>
] |
Format is [email protected]
[
smtp-server
<WORD> | <A.B.C.D> |
<X:X:X:X::X:X>
] |
[
username
<WORD>
| password
<0
<LINE> | 7 <WORD>
|
LINE>
] | [
password
<0 <LINE> | 7 <WORD> |
LINE>
] |
[
validate-certificate
]}
SMNP server to use for mail requests.
Username for server authentication.
Password for server authentication.
Valid email certificate.
Command Modes
PerleSCR(config)#
Usage Guidelines
Sets email notification parameters.
Examples
This example shows how enable the email feature and to specify the smnp server for email requests.
PerleSCR(config)#email enabled <cr>
PerleSCR(config)#email snmp-server 172.16.55.77 <cr>
Related Commands
enable enable
{[
secret
<0 | 5 | LINE>
]}
Use the no form of this command to negate enable secret.
Syntax Description enable
IOLAN SCR Command Line Reference Guide
151
Global Configuration Mode
{[
secret
<0 | 5 | LINE>
]}
Command Modes
Usage Guidelines
This is the password to be used to enable privilege mode.
Examples
This example shows how to set a password for enable mode.
PerleSCR(config)#enable secret testsecret<cr>
0 – Specifies an unencrypted password to follow
5 – Specifies a encrypted password to follow
LINE – the unencrypted
(cleartext) secret
PerleRouter(config)#enable
Related Commands
hostname hostname
{[<
WORD
>]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
{[<
WORD
>]}
hostname
Type in the name you want to call your router.
Command Modes
PerleSCR(config)#hostname
Usage Guidelines
Set the hostname on the IOLAN.
Examples
This example will set the hostname to TestHost.
PerleSCR(config)#hostname TestHost<cr>
TestHost#
Related Commands
interface interface
{[
bvi
<1-9999>
] |
[
dialer
<0-15>
] |
IOLAN SCR Command Line Reference Guide
152
Global Configuration Mode
[
ethernet
<1-18>
] |
[
loopback
] |
[
openvpn-tunnel
<0-999>
tap | tun
] |
[
tunnel
<0-999>
] |
[
range ethernet
<1-18> , <1-18>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description interface
{[
bvi
<1-9999>
]
|
Specify the bridge interface you want to configure.
[
dialer
<0-15>
] |
Specify the dialer interface you want to configure.
[
ethernet
<1-18>
]
|
Specify the Ethernet interface you want to configure.
[
[
[
loopback
] |
openvpn-tunnel
[tunnel
<0-999>
range ethernet
] |
<0-999>
tap | tun
<1-18> , <1-18>
Command Modes
]
] |
Specify the loopback interface you want to configure.
Specify a openvpn tunnel you want to configure.
Specify the tunnel you want to configure.
Specify a Ethernet range you want to configure.
PerleSCR(config)#interface ethernet 1
PerleSCR(config-if)#
Usage Guidelines
Set interface command.
Examples
This example will allow you to config parameters for Ethernet interface 1.
PerleSCR(config)# interface ethernet 1<cr>
IOLAN SCR Command Line Reference Guide
153
Global Configuration Mode
Related Commands
(config-if)# bvi
{[
arp disable-arp-filter | enable-arp-accept | enable-arp-announce | enable-arpignore | timeout
<1-2147483>
] |
[
description
<LINE>
] |
[
ip address
<A.B.C.D> <A.B.C.D>
| dhcp client [class-id
<LINE>
| auto] |
[client-id ethernet
<1-18>
| ascii
<WORD>
| auto | hex
<hex-string>
] | hostname
<WORD>
| ddns service dyndns | update
<WORD>
| use-web skip | url
<WORD>
] | dns dhcp | [firewall in | local | out
<WORD>
] | [health-profile
<WORD>
nexthop
<A.B.C.D>
| dhcp] | [helper-address
<A.B.C.D>
] | [ospf authentication message-digest | null] | authentication-key
<LINE>
| cost
<1-
65535>
| dead-interval
<1-65535>
| hello-interval
<1-65535>
| [message-digestkey
<1-255>
md5
<LINE>
] | mtu-ignore | [network broadcast | non-broadcast | point-to-point | point-to-multipoint] | priority
<0-255>
| retransmit-interval
<1-
65535>
| transmit-delay
<1-65535>
| policy route-policy
<WORD>
| rip authentication key-chain | mode
<WORD>
] |
[
ipsec restrict
] |
[
ipv6 address
<X:X:X:X::X/<0-128>
|
dhcp | firewall in | out | local
<WORD>
|
[nd dad attempt
<0-500>
| managed config-flag | other-config-flag | prefix
<X:X:X:X::X/<0-128> <0-4294967294> |
infinite | [ra dns server
<X:X:X:X::X>
|
[hop-limit <1-255> | unspecified] | [interval
<4-1800> <3-1350>
| lifetime
<0> |
<4-9000>
| suppress] | reachable time
<0-3600000>
| retransmission-time
<0-
3600000>
| router-preference high | low |medium] | [ospf authentication message-digest | null] | authentication-key
<LINE>
| cost
<1-65535>
| deadinterval
<1-65535>
| hello-interval
<1-65535>
| [message-digest-key
<1-255>
md5
<LINE>
] | mtu-ignore | [network broadcast | non-broadcast | point-to-point
| point-to-multipoint] | priority
<0-255>
| retransmit-interval
<1-65535>
| transmit-delay
<1-65535>
| policy route-policy
<WORD>
| rip authentication key-chain | mode
<WORD>
] |
[
mtu
<68-1500>
] |
[
ntp broadcast client | destination
<A.B.C.D>
| key
<1-65534>
| minpoll
<4-17>
| version
<1-4>
| disable | multicast
<A.B.C.D>
|
<X:X:X:X::X>
| client
<A.B.C.D>
|
<X:X:X:X::X>
| key
<1-65534> |
minpoll
<4-17>
| version
<1-4>
] |
[
role lan |trusted | wan
] |
IOLAN SCR Command Line Reference Guide
154
Global Configuration Mode
[
shutdown
] |
[
zone-member security
<WORD>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-if)# bvi
{[
arp disable-arp-filter | enable-arpaccept | enable-arp-announce | enablearp-ignore | timeout
<1-2147483>
] |
[
description
<LINE>
] |
Customize arp messages for this interface.
Type in a description for this interface.
[
ip address
<A.B.C.D> <A.B.C.D>
| dhcp client [class-id
<LINE>
| auto] | [client-id ethernet
<1-18>
| ascii
<WORD>
| auto | hex
<hex-string>
] | hostname
<WORD>
| ddns service dyndns | update
<WORD>
| use-web skip | url
<WORD>
] | dns dhcp |
[firewall in | local | out
<WORD>
] |
[health-profile
<WORD>
nexthop
<A.B.C.D>
| dhcp] | [helper-address
<A.B.C.D>
] | [ospf authentication message-digest | null] | authentication-key
<LINE>
| cost
<1-65535>
| dead-interval
<1-65535>
| hello-interval
<1-65535>
|
[message-digest-key
<1-255>
md5
<LINE>
] | mtu-ignore | [network broadcast | non-broadcast | point-to-point
| point-to-multipoint] | priority
<0-255>
| retransmit-interval
<1-65535>
| transmitdelay
<1-65535>
| policy route-policy
<WORD>
| rip authentication key-chain | mode
<WORD>
] | [
ipsec restrict
] |
[
ipsec restrict
] |
Specify an IP parameters.
Do not allow ipsec to run on this interface.
IOLAN SCR Command Line Reference Guide
155
Global Configuration Mode
[
ipv6 address
<X:X:X:X::X/<0-128>
|
dhcp | firewall in | out | local
<WORD>
|
[nd dad attempt
<0-500>
| managed config-flag | other-config-flag | prefix
<X:X:X:X::X/<0-128> <0-4294967294> |
infinite | [ra dns server
<X:X:X:X::X>
|
[hop-limit <1-255> | unspecified] |
[interval
<4-1800> <3-1350>
| lifetime
0 |
<4-9000>
| suppress] | reachable time
<0-
3600000>
| retransmission-time
<0-
3600000>
| router-preference high | low
|medium] | [ospf authentication messagedigest | null] | authentication-key
<LINE>
| cost
<1-65535>
| dead-interval
<1-65535>
| hello-interval
<1-65535>
| [messagedigest-key
<1-255>
md5
<LINE>
] | mtuignore | [network broadcast | nonbroadcast | point-to-point | point-tomultipoint] | priority
<0-255>
| retransmit-interval
<1-65535>
| transmitdelay
<1-65535>
| policy route-policy
<WORD>
| rip authentication key-chain | mode
<WORD>
] |
[
mtu
<68-1500>
] |
[
ntp broadcast client | destination
<A.B.C.D>
| key
<1-65534>
| minpoll
<4-
17>
| version
<1-4>
| disable | multicast
<A.B.C.D>
|
<X:X:X:X::X>
| client
<A.B.C.D>
|
<X:X:X:X::X>
| key
<1-
65534> |
minpoll
<4-17>
| version
<1-4>
] |
[
role lan |trusted | wan
] |
[
shutdown
] |
[
zone-member security
<WORD>
]}
Command Modes
Usage Guidelines
Sets option parameters for bridge.
Enable IPv6 on this interface.
Specify the mtu (maximum transmit unit) for this interface.
Configure for this interface.
Select the role for this interface.
Shutdown this interface.
This interface belongs to zone security name.
PerleSCR(config)#interface
PerleSCR(config-if)#
IOLAN SCR Command Line Reference Guide
156
Global Configuration Mode
Examples
This example configures an IP address on bvi 10.
PerleSCR>enable<cr>
PerleSCR#config<cr>
PerleSCR#interface bvi 10<cr>
PerleSCR(config-if)#ip address 172.16.113.45 255.255.0.0<cr>
Related Commands
(config-if)# dialer
{[
dialer description
<LINE>
] |
[
encapsulation ppp
] |
[
ip address
<A.B.C.D> <A.B.C.D>
| ddns service dyndns | update
<WORD>
| use-web skip | url
<WORD>
] | dns dhcp | firewall in | out | local
<WORD>
|
[health-profile
<WORD>
nexthop
<A.B.C.D>
| dhcp] | [helper-address
<A.B.C.D>
] | [ospf authentication message-digest | null] | authentication-key
<LINE>
| cost
<1-65535>
| dead-interval
<1-65535>
| hello-interval
<1-65535>
|
[message-digest-key
<1-255>
md5
<LINE>
] | mtu-ignore | [network broadcast | non-broadcast | point-to-point | point-to-multipoint] | priority
<0-255>
| retransmit-interval
<1-65535>
| transmit-delay
<1-65535>
| policy route-policy
<WORD>
| rip authentication key-chain | mode
<WORD>
] |
[
ipsec restrict
] | [
[ipv6 firewall in | out | local
<WORD>
| [ospf authentication message-digest | null] | authentication-key
<LINE>
| cost
<1-65535>
| deadinterval
<1-65535>
| hello-interval
<1-65535>
| [message-digest-key
<1-255>
md5
<LINE>
] | mtu-ignore | [network broadcast | non-broadcast | point-to-point
| point-to-multipoint] | priority
<0-255>
| retransmit-interval
<1-65535>
| transmit-delay
<1-65535>
| policy route-policy
<WORD>
| rip authentication key-chain | mode
<WORD>
] |
[
mtu
<64-1500>
] |
[
ntp broadcast client | destination
<A.B.C.D>
| key
<1-65534>
| minpoll
<4-17>
| version
<1-4>
| disable | multicast
<A.B.C.D>
|
<X:X:X:X::X>
| client
<A.B.C.D>
|
<X:X:X:X::X>
| key
<1-65534> |
minpoll
<4-17>
| version
<1-4>
<LINE>
| 7
<WORD>
|
<LINE>
| timeout idle
<1-4294967>
[
role lan | trusted | wan
] |
[
shutdown
] |
] |
] |
[
ppp access-concentrator
<LINE>
| chap hostname
<WORD>
| password 0
IOLAN SCR Command Line Reference Guide
157
Global Configuration Mode
[
zone-member security
<WORD>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description (config-if)# dialer
{[
dialer description
<LINE>
] |
Specify a name for this interface.
[
encapsulation ppp
] |
[
ip address
<A.B.C.D> <A.B.C.D>
| ddns service dyndns | update
<WORD>
| use-web skip | url
<WORD>
] | dns dhcp | firewall in | out | local
<WORD>
| [health-profile
<WORD>
nexthop
<A.B.C.D>
| dhcp] | [helper-address
<A.B.C.D>
] | [ospf authentication message-digest | null] | authenticationkey
<LINE>
| cost
<1-65535>
| deadinterval
<1-65535>
| hello-interval
<1-
65535>
| [message-digest-key
<1-255>
md5
<LINE>
] | mtu-ignore | [network broadcast | non-broadcast | point-topoint | point-to-multipoint] | priority
<0-255>
| retransmit-interval
<1-
65535>
| transmit-delay
<1-65535>
| policy route-policy
<WORD>
| rip authentication key-chain | mode
<WORD>
] |
[
ipsec restrict
] |
Set encapsulation type.
Sets IP configuration parameters for this interface.
Enable or disable IPv6.
[
ipv6 firewall in | out | local
<WORD>
|
[ospf authentication message-digest | null] | authentication-key
<LINE>
| cost
<1-65535>
| dead-interval
<1-
65535>
| hello-interval
<1-65535>
|
[message-digest-key
<1-255>
md5
<LINE>
] | mtu-ignore | [network broadcast | non-broadcast | point-topoint | point-to-multipoint] | priority
<0-255>
| retransmit-interval
<1-
65535>
| transmit-delay
<1-65535>
| policy route-policy
<WORD>
| rip authentication key-chain | mode
<WORD>
] |
[
mtu
<64-1500>
] |
Set IPv6 sub commands.
Sets Maximum transmission unit size.
IOLAN SCR Command Line Reference Guide
158
Global Configuration Mode
[
ntp broadcast client | destination
<A.B.C.D>
| key
<1-65534>
| minpoll
<4-17>
| version
<1-4>
| disable | multicast
<A.B.C.D>
|
<X:X:X:X::X>
| client
<A.B.C.D>
|
<X:X:X:X::X>
| key
<1-65534> |
minpoll
<4-17>
| version
<1-4>
] |
[
ppp access-concentrator
<LINE>
| chap hostname
<WORD>
| password 0
<LINE>
| 7
<WORD>
|
<LINE>
| timeout idle
<1-4294967>
] |
[
role lan | trusted | wan
] |
[
shutdown
] |
[
zone-member security
<WORD>
]}
Configure NTP (Network Time
Protocol).
Configure Point to Point protocol.
Select the role for this interface.
Shutdown this interface.
Command Modes
This interface is a member of zone security.
PerleSCR(config-if)#
Usage Guidelines
Sets parameters for dialer interface.
Examples
This example will set the role for the dialer interface.
PerleSCR(config-if)role wan<cr>
Related Commands
(config-if)# bvi(config-if)# dialer
(config-if) ethernet
{[
alarm profile
<WORD>
] |
[
arp disable-arp-filter | enable-arp-accept | enable-arp-announce | enable-arpignore | timeout
<1-2147483>
] |
[
authentication [host-mode] | [multi-auth] | [multi-host] | single-host] | [periodic]
| [port-control [auto] | [forced-authorized] | force-unauthorized] | [timer reauthenticate
<1-65535>
| restart
<1-65535>
] | [
bridge-group
<1-9999>
] |
[
description
<LINE>
] |
IOLAN SCR Command Line Reference Guide
159
Global Configuration Mode
[
dot1x credential
<WORD>
| max-auth-req
<1-10>
| max-req
<1-10>
|
[
[pae authenticator | suppliant] | eap profile
<WORD>
[pae profile
<WORD>
] |
[timeout quiet-period
<1-65535>
| supp-period
<1-65535>
| tx-period
<1-65535>
]
|
[
duplex auto | half | full
] |
[
ip address
<A.B.C.D> <A.B.C.D>
| [dhcp client [class-id
<LINE>
| auto] |
[client-id ethernet
<1-18>
| ascii
<WORD>
| auto | hex
<hex-string>
] | hostname
<WORD>
| ddns service dyndns | update
<WORD>
| use-web skip | url
<WORD>
]
| dns dhcp | [firewall in | local | out
<WORD>
] | [health-profile
<WORD>
nexthop
<A.B.C.D>
| dhcp] | [helper-address
<A.B.C.D>
] | [ospf authentication messagedigest | null] | authentication-key
<LINE>
| cost
<1-65535>
| dead-interval
<1-
65535>
| hello-interval
<1-65535>
| [message-digest-key
<1-255>
md5
<LINE>
] | mtu-ignore | [network broadcast | non-broadcast | point-to-point | point-tomultipoint] | priority
<0-255>
| retransmit-interval
<1-65535>
| transmit-delay
<1-65535>
| policy route-policy
<WORD>
| rip authentication key-chain | mode
<WORD>
] |
[
ipsec restrict
] | [
ipv6 address
<X:X:X:X::X/<0-128>
| autoconfig | dhcp] enable
| firewall in | out | local
<WORD>
| [nd dad attempt
<0-500>
| managed configflag | other-config-flag | prefix
<X:X:X:X::X/<0-128> <0-4294967294> |
infinite |
[ra dns server
<X:X:X:X::X>
| [hop-limit <1-255> | unspecified] | [interval
<4-
1800> <3-1350>
| lifetime
0 | <4-9000>
| suppress] | reachable time
<0-3600000>
| retransmission-time
<0-3600000>
| router-preference high | low |medium]
] |
[
mab eap
] | [
mtu
<64-9000>
] |
[
ntp broadcast client | destination
<A.B.C.D>
| key
<1-65534>
| minpoll
<4-17>
| version
<1-4>
|
disable
|
multicast
< A.B.C.D> <X:X:X:X::X:X>
| client
< A.B.C.D> < X:X:X:X::X:X>
| key
<1-65534>
| minpoll | version
<1-4>
] |
[
power efficient-ethernet auto
] |
[
role lan | trusted | wan
] |
[
shutdown
] |
[
speed 10 |100 |1000 |auto
] |
[
zone-member security
<WORD>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-if) ethernet
{[
alarm profile
<WORD>
] |
Use this alarm profile for this interface.
[
arp disable-arp-filter | enable-arp-accept | enable-arp-announce | enable-arp-ignore | timeout
<1-2147483>
] |
Customize arp messages for this interface.
IOLAN SCR Command Line Reference Guide
160
[
[
authentication [host-mode] | [multi-auth] |
[multi-host] | single-host] | [periodic] | [portcontrol [auto] | [forced-authorized] | forceunauthorized] | [timer reauthenticate
<1-
65535>
| restart
<1-65535>
] |
[
bridge-group
<1-9999>
] |
[
description
<LINE>
] |
[
dot1x credential
<WORD>
| max-auth-req
<1-10>
| max-req
<1-10>
|
[
[pae authenticator | suppliant] | eap profile
<WORD>
[pae profile
<WORD>
] | [timeout quiet-period
<1-65535>
| supp-period
<1-
65535>
| tx-period
<1-65535>
] |
duplex auto | half | full
] |
Global Configuration Mode
Select authentication mode to use on this interface when using Dot1x devices.
Add this interface to the specified bridge-group.
Description for this interface.
Sets the Port Access Entity
(PAE) type.
Supplicant
—The interface acts only as a supplicant and does not respond to messages that are meant for an authenticator.
Authenticator
—The interface acts only as an authenticator and does not respond to any messages meant for a supplicant.
Both
—The interface behaves both as a supplicant and as an authenticator and thus does respond to all dot1x messages.
Select duplex for this interface. In most cases this parameter should be left at auto.
IOLAN SCR Command Line Reference Guide
161
Global Configuration Mode
[
ip address
<A.B.C.D> <A.B.C.D>
| [dhcp client [class-id
<LINE>
| auto] | [client-id ethernet
<1-18>
| ascii
<WORD>
| auto | hex
<hex-string>
] | ddns service dyndns | update
<WORD>
| use-web skip | url
<WORD>
] | dns dhcp | [firewall in | local | out
<WORD>
]
| [health-profile
<WORD>
nexthop
<A.B.C.D>
| dhcp] | [helper-address
<A.B.C.D>
] | [ospf authentication messagedigest | null] | authentication-key
<LINE>
| cost
<1-65535>
| dead-interval
<1-65535>
| hello-interval
<1-65535>
| [message-digestkey
<1-255>
md5
<LINE>
] | mtu-ignore |
[network broadcast | non-broadcast | pointto-point | point-to-multipoint] | priority
<0-
255>
| retransmit-interval
<1-65535>
| transmit-delay
<1-65535>
| policy routepolicy
<WORD>
| rip authentication keychain | mode
<WORD>
] |
[
ipsec restrict
] |
Setup parameters for IP communications on this interface.
[
ipv6 address
X:X:X:X::X:X/<0-128>
| autoconfig | dhcp | enable | firewall in | out | local
<WORD>
| [ospf authentication message-digest | null] | authentication-key
<LINE>
| cost
<1-65535>
| dead-interval
<1-
65535>
| hello-interval
<1-65535>
| [messagedigest-key
<1-255>
md5
<LINE>
] | mtuignore | [network broadcast | non-broadcast | point-to-point | point-to-multipoint] | priority
<0-255>
| retransmit-interval
<1-
65535>
| transmit-delay
<1-65535>
| policy route-policy
<WORD>
| rip authentication key-chain | mode
<WORD>
] |
[
mab eap
] |
No ipsec allow on this interface.
If using IPv6, then setup
IPv6 communication parameters.
[
mtu
<64-9000>
] |
[
ntp broadcast client | destination
<A.B.C.D>
| key
<1-65534>
| minpoll
<4-17>
| version
<1-4>
|
disable
|
multicast
< A.B.C.D>
<X:X:X:X::X:X>
| client
< A.B.C.D> <
X:X:X:X::X:X>
| key
<1-65534>
| minpoll | version
<1-4>
] |
IOLAN SCR Command Line Reference Guide
Sets MAC authentication bypass interface commands.
Sets maximum transmission unit.
Configure NTP (Network
Time Protocol).
162
Global Configuration Mode
[
[
power efficient-ethernet auto role lan |trusted | wan
] |
] |
Configure interface power settings.
Set the role for this interface.
Shutdown this interface.
[
[
[
shutdown
] |
speed 10 |100 |1000 |auto zone-member security
]}
<WORD>
]}
Command Modes
Usage Guidelines
Set up Ethernet parameters for this interface.
Examples
This example will set the speed for this interface to 100.
PerleSCR(config-if)# speed 100<cr>
Set the speed for this interface.
This interface is a member of zone security.
PerleSCR(config-if)#
Related Commands
(config-if)# openvpn-tunnel
{[
bridge-group
<1-9999>
] | [
description
<LINE>
] |
[
ip ddns service dyndns | update
<WORD>
| use-web skip | url
<WORD>
] |
[[firewall in | local | out
<WORD>
] | [health-profile
<WORD>
nexthop
<A.B.C.D>
| dhcp] | [ospf authentication message-digest | null] | authenticationkey
<LINE>
| cost
<1-65535>
| dead-interval
<1-65535>
| hello-interval
<1-
65535>
| [message-digest-key
<1-255>
md5
<LINE>
] | mtu-ignore | [network broadcast | non-broadcast | point-to-point] | point-to-multipoint] | priority
<0-
255>
| retransmit-interval
<1-65535>
| transmit-delay
<1-65535>
] |
[
ipv6 | enable | firewall in | local |out | nd prefix
<X:X:X:X::X:X/0-128>
| ifmtu
<1-65535>
| instance-id
<0-255>
| mtu-ignore | passive | priority
<0-255>
retransmit -interval
<1-65535>
| transmit-delay
<1-65535>
| [ospf | cost
<1-
65535>
| dead-interval
<1-65535>
| hello-interval
<1-65535>
| instance-id
<0-
255>
| mtu-ignore | passive | priority
<0-255>
| retransmit-interval
<1-65535>
| transmit-delay
<1-65535>
] | [policy route-policy
<WORD>
] | [rip authentication key-chain | mode
<WORD>
| split-horizon disabled | poisoned-reverse
] |
IOLAN SCR Command Line Reference Guide
163
Global Configuration Mode
[
ntp broadcast client | destination
<A.B.C.D>
| key
<1-65534>
| minpoll
<4-17>
| version
<1-4>
| disable | multicast
<A.B.C.D>
|
<X:X:X:X::X>
| client
<A.B.C.D>
|
<X:X:X:X::X>
| key
<1-65534> |
minpoll
<4-17>
| version
<1-4>
] |
[
role lan | trusted | wan
] |
[
zone-member security
<WORD>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description (config-if)# openvpn-tunnel
{[
bridge-group
<1-9999>
] |
Sets transparent bridging interface parameters.
[
description
<LINE>
] |
[
ip ddns service dyndns | update
<WORD>
| use-web skip | url
<WORD>
] | [[firewall in | local | out
<WORD>
] | [health-profile
<WORD>
nexthop
<A.B.C.D>
| dhcp] | [ospf authentication message-digest | null] | authentication-key
<LINE>
| cost
<1-
65535>
| dead-interval
<1-65535>
| hello-interval
<1-65535>
| [messagedigest-key
<1-255>
md5
<LINE>
] | mtu-ignore | [network broadcast | nonbroadcast | point-to-point] | point-tomultipoint] | priority
<0-255>
| retransmit-interval
<1-65535>
| transmit-delay
<1-65535>
] |
[
ipsec restrict
] |
Description for this interface.
Specify IP parameters.
Do not allow ipsec to run on this interface.
[
ipv6 | enable | firewall in | local |out | nd prefix
<X:X:X:X::X:X/0-128>
| ifmtu
<1-65535>
| instance-id
<0-255>
| mtuignore | passive | priority
<0-255>
retransmit -interval
<1-65535>
| transmit-delay
<1-65535>
| [ospf | cost
<1-65535>
| dead-interval
<1-65535>
| hello-interval
<1-65535>
| instance-id
<0-255>
| mtu-ignore | passive | priority
<0-255>
| retransmit-interval
<1-65535>
| transmit-delay
<1-65535>
] |
[policy route-policy
<WORD>
] | [rip authentication key-chain | mode
<WORD>
| split-horizon disabled | poisoned-reverse
] |
Set IPv6 configuration parameters.
IOLAN SCR Command Line Reference Guide
164
Global Configuration Mode
[
ntp broadcast client | destination
<A.B.C.D>
| key
<1-65534>
| minpoll
<4-
17>
| version
<1-4>
| disable | multicast
<A.B.C.D>
|
<X:X:X:X::X>
| client
<A.B.C.D>
|
<X:X:X:X::X>
| key
<1-
65534> |
minpoll
<4-17>
| version
<1-
4>
] |
[
role lan | trusted | wan
] |
[
zone-member security
<WORD>
]}
Configure NTP (Network Time
Protocol).
Set the role for this interface.
Command Modes
This interface is a member of zone security.
PerleSCR(config-if)#
Usage Guidelines
Set configuration parameters for OPEN-VPN tunnel.
Examples
This example will set no authentication when using ospf.
PerleSCR(config-if)# ip ospf authentication null<cr>
Related Commands
(config-if)#tunnel
{[
arp disable-arp-filter | enable-arp-accept-enable-arp-announce | enable-arpignore
] |
[
description
<LINE>
] |
[
ip address
<A.B.C.D> <A.B.C.D>
] |
[
ipsec restrict
] |
[
ipv6 address<x:x:x:x::x | [firewall in | out | local] | [nd dad attempts
<0-600>
|
[managed-config-flag | other-config | [prefix
<X:X:X:X::X>
] | [ra dns server
<X:X:X:X::X>] | [hop-limit
<1-255>
| unspecified] | [interval
<4-1800> <3-135>
]
| [lifetime
<0 | <4-9000>
] | suppress] | reachable-time
<0-3600000>
| retransmission-time
<0-3600000>
| [router-preference high | low | medium] |
[ospf cost
<1-65535>
| dead-interval
<1-65535>
| hello-interval
<1-65535>
| ifmtu
<1-65535>
| instance-id
<0-255>
| mtu-ignore | passive | priority
<0-255>
| retransmit-interval
<1-65535>
| transmit-delay
<1-65535>
| [policy route-policy
<WORD>
] | [rip enable | split-horizon disable | poisoned-reverse]
] |
[
mtu
<64-1500>
] |
IOLAN SCR Command Line Reference Guide
165
Global Configuration Mode
[
ntp broadcast client | destination
<A.B.C.D>
| key
<1-65534>
| minpoll
<4-17>
| version
<4-17>
| disable | multicast
<A.B.C.D> <X:X:X:X::X>
| client <a.b.c.d>
<x:x:x:x::x| key
<1-65534>
| minpoll
<4-17>
| version
<4-17>
] |
[
role lan | trusted | wan
] |
[
shutdown
] |
[
tunnel destination
<A.B.C.D>
| multicast | source
<A.B.C.D>
| ethernet
<1-18>
| tos
<0-99>
| ttl
<1-255>
] |
[
zone-member security
<WORD>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description (config-if)# tunnel
[arp disable-arp-filter | enable-arp-acceptenable-arp-announce | enable-arp-ignore] |
Set arp options for this interface.
[
description
<LINE>
] |
[
ip address
<A.B.C.D> <A.B.C.D>
] |
Interface description.
[
ipsec restrict
] |
Set an ip address for this interface.
Restrict or permit ipsec on this interface.
[
ipv6 address <x:x:x:x::x | [firewall in | out
| local] | [nd dad attempts
<0-600>
|
[managed-config-flag | other-config |
[prefix
<X:X:X:X::X>
] | [ra dns server
<X:X:X:X::X>] | [hop-limit
<1-255>
| unspecified] | [interval
<4-1800> <3-135>
] |
[lifetime
<0 | <4-9000>
] | suppress] | reachable-time
<0-3600000>
| retransmission-time
<0-3600000>
| [routerpreference high | low | medium] | [ospf cost
<1-65535>
| dead-interval
<1-65535>
| hello-interval
<1-65535>
| ifmtu
<1-65535>
| instance-id
<0-255>
| mtu-ignore | passive | priority
<0-255>
| retransmit-interval
<1-
65535>
| transmit-delay
<1-65535>
]
| [
policy route-policy
<WORD>
] | [
rip enable | split-horizon disable | poisonedreverse
] |
[
mtu
<64-1500>
] |
Set IPv6 parameters.
Set mtu sze.
IOLAN SCR Command Line Reference Guide
166
Global Configuration Mode
[
ntp broadcast client | destination
<A.B.C.D>
| key
<1-65534>
| minpoll
<4-
17>
| version
<4-17>
| disable | multicast
<A.B.C.D> <X:X:X:X::X>
| client <a.b.c.d>
<x:x:x:x::x| key
<1-65534>
| minpoll
<4-
17>
| version
<4-17>
] |
[
role lan | trusted | wan
] |
[
shutdown
] |
[
tunnel destination
<A.B.C.D>
| multicast | source
<A.B.C.D>
| ethernet
<1-18>
| tos
<0-99>
| ttl
<1-255>
] |
[
zone-member security
<WORD>
]}
Command Modes
Set NTP parameters.
Set the role.
Shutdown this interface.
Specify tunnel parameters.
Specify zone member.
PerleSCR(config-if)#
Usage Guidelines
Sets parameters for tunnel interface.
Examples
This example will enable arp accepts on this interface.
PerleSCR(config-if)# arp enable-arp-accept<cr>
Related Commands
(config-if)#range
{[
range ethernet
, -
|
<1-18> , - <1-18>
] |
[
alarm profile
<WORD>
] | [
arp disable-arp-filter | enable-arp-accept | enablearp-announce | enable-arp-ignore | timeout
<1-2147483>
] |
[
authentication [host-mode] | [multi-auth] | [multi-host] | single-host] | [periodic]
| [port-control [auto] | [forced-authorized] | force-unauthorized] | [timer reauthenticate
<1-65535>
| restart
<1-65535>
] | [
bridge-group
<1-9999>
] |
[
description
<LINE>
] | [
dot1x credential
<WORD>
| max-auth-req
<1-10>
| max-req
<1-10>
|
IOLAN SCR Command Line Reference Guide
167
Global Configuration Mode
[
[pae authenticator | suppliant] | eap profile
<WORD>
[pae profile
<WORD>
] |
[timeout quiet-period
<1-65535>
| supp-period
<1-65535>
| tx-period
<1-65535>
]
| [
duplex auto | half | full
] |
[
ip address
<A.B.C.D> <A.B.C.D>
| [dhcp client [class-id
<LINE>
| auto] |
[client-id ethernet
<1-18>
| ascii
<WORD>
| auto | hex
<hex-string>
] | ddns service dyndns | update
<WORD>
| use-web skip | url
<WORD>
] | dns dhcp] |
[ipsec restrict] | [firewall in | local | out
<WORD>
] | [health-profile
<WORD>
nexthop
<A.B.C.D>
| dhcp] | [helper-address
<A.B.C.D>
] | [ospf authentication message-digest | null] | authentication-key
<LINE>
| cost
<1-65535>
| deadinterval
<1-65535>
| hello-interval
<1-65535>
| [message-digest-key
<1-255>
md5
<LINE>
] | mtu-ignore | [network broadcast | non-broadcast | point-to-point
| point-to-multipoint] | priority
<0-255>
| retransmit-interval
<1-65535>
| transmit-delay
<1-65535>
| policy route-policy
<WORD>
| rip authentication key-chain | mode
<WORD>
] |
[
ipsec restrict
] | [
ipv6 address
<X:X:X:X::X/<0-128>
| autoconfig | dhcp] | enable | firewall in | out | local
<WORD>
| [nd dad attempt
<0-500>
| managed config-flag | other-config-flag | prefix
<X:X:X:X::X/<0-128> <0-4294967294> |
infinite | [ra dns server
<X:X:X:X::X>
| [hop-limit <1-255> | unspecified] |
[interval
<4-1800> <3-1350>
| lifetime
0 | <4-9000>
| suppress] | reachable time
<0-3600000>
| retransmission-time
<0-3600000>
| router-preference high | low
|medium]
] |
[
mab eap
] |
[
mtu
<64-9000>
] | [
ntp broadcast client | destination
<A.B.C.D>
| key
<1-65534>
| minpoll
<4-17>
| version
<1-4>
| disable | multicast
< A.B.C.D>
<X:X:X:X::X:X>
| client
< A.B.C.D> < X:X:X:X::X:X>
| key
<1-65534>
| minpoll
| version
<1-4>
] | [
power efficient-ethernet auto
] |
[
role lan | trusted | wan
] |
[
shutdown
] | [
speed 10 |100 |1000 |auto
] |
[
zone-member security
<WORD>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-if)#range
{[
range ethernet
, -
|
<1-18> , - <1-
18>
] |
{[
alarm profile
<WORD>
] |
Specify the from to range.
Use this alarm profile for this interface.
[
arp disable-arp-filter | enable-arpaccept | enable-arp-announce | enablearp-ignore | timeout
<1-2147483>
] |
Customize arp messages for this interface.
IOLAN SCR Command Line Reference Guide
168
[
[
authentication [host-mode] | [multiauth] | [multi-host] | single-host] |
[periodic] | [port-control [auto] |
[forced-authorized] | forceunauthorized] | [timer reauthenticate
<1-65535>
| restart
<1-65535>
] |
[
bridge-group
<1-9999>
] |
[
description
<LINE>
] |
[
dot1x credential
<WORD>
| maxauth-req
<1-10>
| max-req
<1-10>
|
[
[pae authenticator | suppliant] | eap profile
<WORD>
[pae profile
<WORD>
] | [timeout quiet-period
<1-
65535>
| supp-period
<1-65535>
| txperiod
<1-65535>
] |
duplex auto | half | full
] |
Global Configuration Mode
Select authentication mode to use on this interface when using Dot1x devices.
Add this interface to the specified bridge-group.
Description for this interface.
Sets the Port Access Entity (PAE) type.
Supplicant
—The interface acts only as a supplicant and does not respond to messages that are meant for an authenticator.
Authenticator
—The interface acts only as an authenticator and does not respond to any messages meant for a supplicant.
Both
—The interface behaves both as a supplicant and as an authenticator and thus does respond to all dot1x messages.
Select duplex for this interface. In most cases this parameter should be left at auto.
IOLAN SCR Command Line Reference Guide
169
[
ip address
<A.B.C.D> <A.B.C.D>
|
[dhcp client [class-id
<LINE>
| auto] |
[client-id ethernet
<1-18>
| ascii
<WORD>
| auto | hex
<hex-string>
] | ddns service dyndns | update
<WORD>
| use-web skip | url
<WORD>
] | dns dhcp | [firewall in | local | out
<WORD>
] | [health-profile
<WORD>
nexthop
<A.B.C.D>
| dhcp] | [helperaddress
<A.B.C.D>
] | [ospf authentication message-digest | null] | authentication-key
<LINE>
| cost
<1-
65535>
| dead-interval
<1-65535>
| hello-interval
<1-65535>
| [messagedigest-key
<1-255>
md5
<LINE>
] | mtu-ignore | [network broadcast | nonbroadcast | point-to-point | point-tomultipoint] | priority
<0-255>
| retransmit-interval
<1-65535>
| transmit-delay
<1-65535>
| policy route-policy
<WORD>
| rip authentication key-chain | mode
<WORD>
] |
[
ipsec restrict
] |
[
ipv6 address
X:X:X:X::X:X/<0-128>
| autoconfig | dhcp | enable | firewall in | out | local
<WORD>
| [ospf authentication message-digest | null] | authentication-key
<LINE>
| cost
<1-
65535>
| dead-interval
<1-65535>
| hello-interval
<1-65535>
| [messagedigest-key
<1-255>
md5
<LINE>
] | mtu-ignore | [network broadcast | nonbroadcast | point-to-point | point-tomultipoint] | priority
<0-255>
| retransmit-interval
<1-65535>
| transmit-delay
<1-65535>
| policy route-policy
<WORD>
| rip authentication key-chain | mode
<WORD>
] |
[
mab eap
] |
[
mtu
<64-9000>
] |
Global Configuration Mode
Setup parameters for IP communications on this interface.
No ipsec allow on this interface.
If using IPv6, then setup IPv6 communication parameters.
Sets MAC authentication bypass interface commands.
Sets maximum transmission unit.
IOLAN SCR Command Line Reference Guide
170
ip
Global Configuration Mode
[
ntp broadcast client | destination
<A.B.C.D>
| key
<1-65534>
| minpoll
<4-17>
| version
<1-4>
|
disable
|
multicast
< A.B.C.D>
<X:X:X:X::X:X>
| client
< A.B.C.D> <
X:X:X:X::X:X>
| key
<1-65534>
| minpoll | version
<1-4>
] |
[
power efficient-ethernet auto
] |
[
role lan |trusted | wan
] |
[
shutdown
] |
[
speed 10 |100 |1000 |auto
]}
[
zone-member security
<WORD>
]}
Configure NTP (Network Time
Protocol).
Configure interface power settings.
Set the role for this interface.
Shutdown this interface.
Set the speed for this interface.
Command Modes
This interface is a member of zone security.
PerleSCR(config-if)#
Usage Guidelines
Set up a range to configure Ethernet parameters for this interface.
Examples
This example disables ipv6 on this range of ethernet interfaces.
PerleSCR(config)#interface range ethernet 10 , 15<cr>
PerleSCR(config-if-range)# ipsec restrict<cr>
Related Commands
ip
{[
access-list extended
<100-199> <2000-2699>
| [resequence extended
<100-
199> <2000-2699> <1-2147483647> <1-2147483647>
| standard
<1-99> <1300-
1999> <1-2147483647> <1-2147483647>
] | standard
<1-99> <1300-1999>
expanded | standard
<100-500> <1-65535
] |
[
alg modules ftp | gre | h323 | nfs | pptp | sip | sqlnet | tftp disable
] |
[
as-path access-list
<WORD>
<1-65535> deny | permit
<LINE>
] |
] | [
aspath access-list
<WORD> <1-65535>
deny | permit
<LINE>
] | [
community-list
IOLAN SCR Command Line Reference Guide
171
Global Configuration Mode
[
community-list expanded
<100-500> <1-65535>
deny
<TEST>
| permit
<LINE>
| standard
<1-99> <1-65535>
deny
<1-4294967295>
| internet | local-as
|no-advertise | no-export | permit
<1-4294967295>
| internet | local-as | noadvertise | no-export | permit
<LINE>
] |
[
default-gateway
<A.B.C.D>
] |
[
dhcp excluded-address
<A.B.C.D>
| pool
<name>
| relay information hop-count
<1-255>
| packet-size
<64-1400>
| policy
drop | encapsulate | keep | replace
| port
<1-655535>
] |
[
dns cache-size
<1-1000>
| domain
<NAME>
server
<A.B.C.D> <X:X:X:X::X>
| ignore-hosts-file | listen-address
<A.B.C.D> <X:X:X:X::X>
| negative-ttl
<0-
7200>
] |
[
domain lookup
] |
[
domain-name
<WORD>
] |
[
extcommunity-list expanded
<100-500> <1-65535>
deny
<TEST>
| permit
<LINE>
| standard
<1-99> <1-65535>
deny rt | soo
<asn:nn>
] |
[
firewall
<NAME>
| all-ping enable | broadcast-ping enable | config-trap enable | ip-src-route enable | ipv6-receive-redirects enable | ipv6-src-route | log-martians enable | receive-redirects enable | send-redirects enable | [source-validation disable | loose | strict] | [state-policy established accept | drop | reject] | [invalid accept | drop | reject] |
[
related action accept | drop | reject] | syn-cookies enable | twa-hazards-protection enable
] |
[
ftp passive | password 0
<LINE>
| 7
<WORD>
|
<LINE>
| username
<WORD>
]
|
[
health profile
<WORD>
] |
[
host
<WORD> <A.B.C.D>
] |
[
host-group
<WORD>
] |
[
http [accounting exec
<WORD>
| default] | authentication aaa loginauthentication
<WORD>
| default] | [client password 0
<LINE>
| 7
<WORD>
|
<LINE>
proxy-server
<WORD>
proxy-port
<1-65535>
secure-trust-point
<WORD>
| username
<WORD>
| verify-server] | [secure-port
<1024-65535>
] |
[server] | [session-idle-timeout
<1-1440>
] |
[
name-server
<A.B.C.D>
] |
[
nat inside source [any interface bvi
<1-9999>
| ethernet
<1-18>
over load
| pool
<WORD> <A.B.C.D> <A.B.C.D> <A.B.C.D>
| list
<1-2699>
| static tcp
< A.B.C.D> <0-65535>
| inbound-interface bvi
<1-
9999>
| | ethernet
<1-18>
|
< 0-65535>
| udp
< A.B.C.D> <0-65535>
inbound- interface bvi
<1-9999>
| | ethernet
<1-4>
|
<0-65535>
] |
[
passthrough enable
|
interface ethernet address
<A.B.C.D>
| hardware-address
<H.H.H>
] |
[
prefix-list
<WORD>
deny
<A.B.C.D> </n | A.B.C.D>
ge | le
<1-32>
| description
<LINE>
| permit
<A.B.C.D> </n | A.B.C.D>
ge | le
<1-32>
| seq <1-65535> deny
IOLAN SCR Command Line Reference Guide
172
Global Configuration Mode
<A.B.C.D> </n | A.B.C.D>
ge | le
<1-32>
| permit
<A.B.C.D> </n | A.B.C.D>
ge | le
<1-32>
] |
[
radius source-interface bvi
<0-9999>
| | dialer
<0-15>
| | ethernet
<1-4 . <1-
4000
> | openvpn-tunnel
<1-999>
| tunnel
<1-999>
] |
[
route
< A.B.C.D> <A.B.C.D> < A.B.C.D> <1-255>
| bvi
<1-9999>
| | ethernet
<1-4> <1-255>
dhcp | null
<1-255>
| table
<1-200> <A.B.C.D> <A.B.C.D> <
A.B.C.D>
| bvi
<1-9999>
| | dialer
<0-15>
| | ethernet
<1-18>
null | openvpn
<0-
999>
| tunnel
<0-999>
|
<1-255>
| dhcp
] |
[
route-policy
<WORD
] |
[
scp password 0
<LINE>
| 7
<WORD>
|
<LINE>
| username
<WORD>
] |
[
sftp username <word> | password <0 | 7 | LINE>
] |
[
ssh authentication-retries
<0-5>
| client algorithms mac hmac hmac-sha1 | [email protected] | hmac-sha2-256 | [email protected] | hmac-sha2-512 | hmac-sha2-512 [email protected] | umac-
[email protected] | [email protected] | [email protected] | [email protected]
]}
] |
[
tacacs source-interface bvi
<0-9999>
| | dialer
<0-15>
| | ethernet
<1-18> . <1-
4000
> | openvpn-tunnel
<1-999>
| tunnel
<1-999>
] |
[
telnet server
Use the no form of this command to negate a command or set its defaults.
Syntax Description ip
{[
access-list extended
<100-199> <2000-
2699>
| [resequence extended
<100-199>
<2000-2699> <1-2147483647> <1-
2147483647>
| standard
<1-99> <1300-
1999> <1-2147483647> <1-2147483647>
]
| standard
<1-99> <1300-1999>
] |
ACL standard type: allows you to filter based on source IP address of a packet.
ACL extended type: allows you to filtering on source addresses, but also on destination addresses, protocols, and even applications, based on their port number.
[
alg modules ftp | gre | h323 | nfs | pptp | sip | sqlnet | tftp disable
] |
By default all alg modules are enabled. Use the disable command to disable modules.
[
as-path access-list
<WORD>
<1-65535> deny | permit
<LINE>
] |
Use this command to configure an access-list filter for Border
Gateway Protocol (BGP) autonomous system (AS) numbers.
IOLAN SCR Command Line Reference Guide
173
[
extcommunity-list expanded
<100-500>
<1-65535>
deny
<TEST>
| permit
<LINE>
| standard
<1-99> <1-65535>
deny
<1-4294967295>
| internet |local-as
|no-advertise | no-export | permit
<1-
4294967295>
| internet |local-as |noadvertise | no-export | permit
<LINE>
] |
[
default-gateway
<A.B.C.D>
] |
[
dhcp excluded-address
<A.B.C.D>
| pool
<name>
| relay information hop-count
<1-255>
| packet-size
<64-1400>
| policy
drop | encapsulate | keep | replace
| port
<1-655535>
] |
[
dns cache-size
<1-1000>
| domain
<NAME>
server
<A.B.C.D>
<X:X:X:X::X>
| ignore-hosts-file | listenaddress
<A.B.C.D> <X:X:X:X::X>
| negative-ttl
<0-7200>
] |
[
domain lookup
] |
[
domain-name
<WORD>
] |
[
extcommunity-list expanded
<100-500>
<1-65535>
deny
<TEST>
| permit
<LINE>
| standard
<1-99> <1-65535>
deny rt | soo
<asn:nn>
] |
[
firewall
<name>
| all-ping enable | broadcast-ping enable | config-trap enable | ip-src-route enable | ipv6receive-redirects enable | ipv6-src-route | log-martians enable | receive-redirects enable | send-redirects enable | [sourcevalidation disable | loose | strict] | [statepolicy established accept | drop | reject] |
[invalid accept | drop | reject] |
[
related action accept | drop | reject] | syn-cookies enable | twa-hazards-protection enable
] |
Global Configuration Mode
Add an extended community list entry.
Specify a default gateway.
Exclude an address range or configure dhcp pools.
Set values for DNS server.
Enables IP Domain Name System hostname translation.
Default domain name.
Set extcommnity parameters.
rt – Route Target extended community soo – Site of Origin extended community
Configure parameters associated with the firewall.
IOLAN SCR Command Line Reference Guide
174
Global Configuration Mode
[
ftp passive | password 0
<LINE>
<WORD>
|
<LINE>
| username
<WORD>
] |
| 7
[
health profile
<WORD>
] |
[
host
<WORD> <A.B.C.D>
] |
[
host-group
<WORD>
] |
|
[
http [accounting exec
<WORD>
| default] | authentication aaa loginauthentication
<WORD>
| default] |
[client password 0
<LINE>
| 7
<WORD>
|
<LINE>
proxy-server
<WORD>
proxyport
<1-65535>
secure-trust-point
<WORD>
| username
<WORD>
| verifyserver] | [secure-port
<1024- 65535>
] |
[server] | [session-idle-timeout
<1-1440>
]
[
name-server
<A.B.C.D>
] |
[
nat inside source [any interface bvi
<1-
9999>
| | | ethernet
<1-18>
over load
| pool
<WORD> <A.B.C.D> <A.B.C.D>
<A.B.C.D>
| list
<1-2699>
| static tcp
< A.B.C.D> <0-
65535>
| inbound interface bvi
<1-9999>
|
| dot11radio | ethernet
<1-18>
|
< 0-
65535>
| udp
< A.B.C.D> <0-65535>
inbound- interface bvi
<1-9999>
| | | ethernet
<1-
18>
|
<0-65535>
] |
[
prefix-list
<WORD>
deny
<A.B.C.D>
</n | A.B.C.D>
ge | le
<1-32>
| description
<LINE>
| permit
<A.B.C.D> </n |
A.B.C.D>
ge | le
<1-32>
| seq <1-65535> deny
<A.B.C.D> </n | A.B.C.D>
ge | le
<1-
32>
| permit
<A.B.C.D> </n | A.B.C.D>
ge
| le
<1-32>
] |
Configure ftp parameters.
Passive - indicates to the server that the client will be opening the file transfer session. This option would be used if the client was behind a firewall.
Configure IP health profile.
Add a host to the host table.
Name of host list.
Provide the parameters for HTTP client connections.
Specify the address of the name server to use.
Network Address Translation.
Network address translation is a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.
Use NAT when your IOLAN is on a private network and your internal PCs want to browse the internet.
Add pre-list filter.
IOLAN SCR Command Line Reference Guide
175
[
route
< A.B.C.D> <A.B.C.D> < A.B.C.D>
<1-255>
| bvi
<1-9999>
| | | ethernet
<1-
5> <1-255>
dhcp | null
<1-255>
] |
[
radius source-interface bvi
<0-9999>
| cellular
<0-0>
| dialer
<0-15>
| | ethernet
<1-4 . <1-4000
> | openvpn-tunnel
<1-999>
| tunnel
<1-999>
] |
[
route
< A.B.C.D> <A.B.C.D> < A.B.C.D>
<1-255>
| bvi
<1-9999>
| | ethernet
<1-
18> <1-255>
dhcp | null
<1-255>
| table
<1-200> <A.B.C.D> <A.B.C.D> <
A.B.C.D>
| bvi
<1-9999>
| | dialer
<0-15>
| | ethernet
<1-4>
null | openvpn
<0-999>
| tunnel
<0-999>
|
<1-255>
| dhcp
] |
[
route-policy
<WORD
]}
[
scp password 0
<LINE>
| 7
<WORD>
|
<LINE>
| username
<WORD>
] |
[
sftp username <word> | password <0 | 7
| LINE>
] |
[
ssh authentication-retries
<0-5>
| client algorithms mac hmac hmac-sha1 | [email protected] | hmac-sha2-256
| [email protected] | hmac-sha2-512 | hmac-sha2-512 [email protected] | [email protected] | umac-
[email protected] | [email protected] | umac-
] |
[
tacacs source-interface bvi
<0-9999>
| | dialer
<0-15>
| | ethernet
<1-18> . <1-
4000
> | openvpn-tunnel
<1-999>
| tunnel
<1-999>
] |
[
telnet server
]}
Command Modes
Usage Guidelines
Enable and configure IP parameters.
Global Configuration Mode
Establish static routes.
Configure the source interface for
RADIUS requests.
Establish static routes.
The routing table is used with policy-routing. In policy-routing rules you can define the routing table is to used. Then policyrouting can be applied to any interface.
Route policy.
SCP configuration commands.
SFTP configuration commands.
Configure SSH options.
Configure the source interface for
TACACS requests.
Configure telnet server options.
PerleSCR(config)#ip
IOLAN SCR Command Line Reference Guide
176
Global Configuration Mode
Examples
This example sets ftp servers to use ftp passive mode when connecting to our
IOLAN.
PerleSCR(config)#ip ftp passive<cr>
Related Commands
(config-std-nacl)#
{[
<1-65535>
deny | permit
<A.B.C.D>/hostname> <A.B.C.D>/hostname>
| any | host
<A.B.C.D>/hostname>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-std-nacl)#
{[
<1-2147483647>
deny | permit
<A.B.C.D>/hostname>
<A.B.C.D>/hostname>
| any | host
<A.B.C.D>/hostname>
]}
Configure access lists.
Command Modes
PerleRouter(config-std-nacl)#
Usage Guidelines
When specifying IP address use notation as eg; 172.16.113.66
Examples
This example will specify a default domain name of TestUnit.
PerleSCR(config-std-nacl)#ip domain-name TestUnit<cr>
(config-dhcp)#
{[
address
<A.B.C.D>
hardware-address
<H.H.H>
] |
[
authoritative enable
] |
[
bootfile
<WORD>
] |
[
default-router
<A.B.C.D>/hostname
] |
[
description
<LINE>
] |
[
dns-server
<A.B.C.D>/hostname
] |
[
domain-name
<WORD>
] |
[
enable
] |
[
lease
<0-365> <0-23> <0-59>
| infinite
] |
[
network
</nn | A.B.C.D>
start
<A.B.C.D>
stop
<A.B.C.D>
] |
[
option
<1-254>
ascii
<LINE>
| hex
<hex-string>
| ip
<A.B.C.D>/hostname
] |
[
static-route
<A.B.C.D> <A.B.C.D> <A.B.C.D>
]}
IOLAN SCR Command Line Reference Guide
177
Global Configuration Mode
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-dhcp)#
{[
address
<A.B.C.D>
hardwareaddress
<H.H.H>
] |
Specify the IP address that you want to reserve for the client. This IP address will only be assigned to the client with this hardware address.
[
authoritative enable
] |
Set authoritative to enabled if this is the only DHCP server on your network. This will allow roaming clients to get a new DHCP address even if their lease has been assigned from another network and is still valid
(lease has not expired) This will prevent a client lock out situation.
[
bootfile
<filename>
] |
For the DHCP server to support client auto-configuration, you must specify the IP address or name of a TFTP server and the bootfile name.
[
default-router
<A.B.C.D>
] |
Specify the default router to use after a
DHCP client has booted. The IP address of the default router should be on the same subnet as the client.
[
description
<pool-name>
] |
Provide a description for the DHCP pool.
[
dns-server
<A.B.C.D>
] |
Specify a DNS server to use for clients using this DHCP pool. A DNS server needs to be specified if you want to browse the internet.
[
domain-name
<A.B.C.D>
] |
[
enable
] |
[
lease
<0-365> <0-23> <0-59>
| infinite
] |
If needed. specify a domain name.
Enable this dhcp pool.
Specify a lease time for client connecting using this DHCP pool.
Typically 24 lease times are suitable, however if your situation is a public hotspot then shorter time be warranted.
[
network
</nn | A.B.C.D>
start
<A.B.C.D>
stop
<A.B.C.D>
] |
[
option ascii
<string>
| hex
<hexstring>
| ip
<A.B.C.D>
] |
Specify the network, start and stop IP addresses for DHCP lease ranges.
If needed, specify DHCP options to be sent to the client. NVT ascii strig
IOLAN SCR Command Line Reference Guide
178
Global Configuration Mode
[
static-route
<A.B.C.D> <A.B.C.D>
<A.B.C.D>
]}
Command Modes
If needed, specify a static route.
PerleSCR(config)#
Usage Guidelines
When specifying IP address use notation as eg; 172.16.113.66
Examples
This example will set authoritative mode to enable.
PerleSCR(config-dhcp)#ip authoritative enable<cr>
Related Commands
(config-pbr)#
{[
description
<LINE>
| enable-default-log | rule
<1-9998>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-pbr)#
{[
description
<LINE>
| enable-defaultlog | rule
<1-9998>
]}
Configure a policy rule.
Command Modes
PerleRouter(config-pbr)#
Usage Guidelines
Use this command to create a policy rule.
Examples
This example will specify rule number 10, then enter sub menu mode.
PerleSCR(config-pbr)#rule 10<cr>
PerleSCR(config-pbr-rules)#
(config-pbr-rules)#
{[
description
<LINE>
] | [
log-enable
] | [
match [destination address
<A.B.C.D>
<A.B.C.D>
| not
<A.B.C.D> <A.B.C.D>
| start
<A.B.C.D>
stop
<A.B.C.D>
] |
[port
<1-65535>
| not
<1-65535>
| start
<1-65535>
stop
<1-65535>
] | [fragment | fragment | non-fragment] | [icmp type
<0-255>
code
<0-255>
] | [ipsec ipsec |nonipsec] | [protocol <0-255> ah | dccp | dsr | egp | eigrp | encap | esp | esp | etherip | ggp | gre | hmp | icmp | idpr | igmp | igp | ip | ipip | ipv6 | ipv6-frag | ipc6-icmp | ipv6-nonxt | ipv6-opts | ipv6-route | isis | l2tp | manet | mpls-in-ip | narp | not | osfp | pim | rdp | rohc | rsvp | sctp | sdrp | shim6 | skip | tcp | udp | udplite | vrrp | xns-idp] | [recent count
<1-255>
| time
<1-4294967295>
] | [source address
<A.B.C.D> <A.B.C.D>
| not
<A.B.C.D>
| start
<A.B.C.D>
stop
<A.B.C.D>
| mac-
IOLAN SCR Command Line Reference Guide
179
Global Configuration Mode
address
<H.H.H>
| not
<A.B.C.D>
| [state established disable | enable] | [invalid disable | enable] | [new disable | enable] | related tcp-flags ack | all | fin | psh | rst
| syn | urg | not
] | [
set action drop | dscp
<0-63>
| mark
<1-2147483647>
[routing-table
<1-200>
| main] | tcp-mss
<500-1460>
| pmtu
] | [
|
[time monthdays
<1-31>
| not
<1-31>
] | startdate month
<WORD> <1-31> <2001-2037>
|
[starttime
<hh:mm:ss>
] | stopdate month
<WORD> <1-31> <2001-2037>
| stoptime
<hh:mm:ss>
| utc | weekedays
<DAY>
| not
<DAY>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-pbr-rules)#
{[
description
<LINE>
] |
Provide a description for this policy rule.
[
log-enable
] |
[
match [destination address
<A.B.C.D>
<A.B.C.D>
| not
<A.B.C.D> <A.B.C.D>
| start
<A.B.C.D>
stop
<A.B.C.D>
] |
[port
<1-65535>
| not
<1-65535>
| start
<1-65535>
stop
<1-65535>
] | [fragment | fragment | non-fragment] | [icmp type
<0-255>
code
<0-255>
] | [ipsec ipsec
|non-ipsec] | [protocol <0-255> ah | dccp
| dsr | egp | eigrp | encap | esp | esp | etherip | ggp | gre | hmp | icmp | idpr | igmp | igp | ip | ipip | ipv6 | ipv6-frag | ipc6-icmp | ipv6-nonxt | ipv6-opts | ipv6-route | isis | l2tp | manet | mpls-inip | narp | not | osfp | pim | rdp | rohc | rsvp | sctp | sdrp | shim6 | skip | tcp | udp | udplite | vrrp | xns-idp] | [recent count
<1-255>
| time
<1-4294967295>
] |
[source address
<A.B.C.D> <A.B.C.D>
| not
<A.B.C.D>
| start
<A.B.C.D>
stop
<A.B.C.D>
| mac-address
<H.H.H>
| not
<A.B.C.D>
| [state established disable | enable] | [invalid disable | enable] | [new disable | enable] | related tcp-flags ack | all | fin | psh | rst | syn | urg | not
] |
[
set action drop | dscp
<0-63>
| mark
<1-2147483647>
| [routing-table
<1-
200>
| main] | tcp-mss
<500-1460>
| pmtu
]}
Log packet matching the rule.
Match values as define to the routing table.
Set action for policy rules.
IOLAN SCR Command Line Reference Guide
180
Global Configuration Mode
[
[time monthdays
<1-31>
| not
<1-31>
] | startdate month
<WORD> <1-31>
<2001-2037>
| [starttime
<hh:mm:ss>
] | stopdate month
<WORD> <1-31>
<2001-2037>
| stoptime
<hh:mm:ss>
| utc | weekedays
<DAY>
| not
<DAY>
]}
Command Modes
Set the time to match the rules.
PerleSCR(config-pbr-rules)#
Usage Guidelines
Use these commands to set policy rules.
Examples
This example sets the action for the packets that match this defined rule.
PerleSCR(config-prb-rules)# set action drop<cr>
This example uses policy-based routing to route all HTTP traffic protocol tcp, destination port 80 through a policy route called http-firewall.
PerleSCR(config)# ip route 0.0.0.0 0.0.0.0 10.10.200.9
PerleSCR(config)#i p route table 2 0.0.0.0 0.0.0.0 172.16.0.8
PerleSCR(config-prb)# ip route-policy http-firewall<cr>
PerleSCR(config-prb))# rule 2<cr>
PerleSCR(config-prb-rules)# set routing-table 2 <cr>
PerleSCR(config-prb-rules)# match protocol tcp <cr>
PerleSCR(config-prb-rules)# match destination port 80<cr>
PerleSCR(config)# interface ethernet 2 <cr>
PerleSCR(config)# ip address 192.168.2.1 255.255.255.0<cr>
PerleSCR(config)# ip policy route-policy http-firewall<cr>
ipv6
IPv6
{
[
access-list
<WORD>
] |
[
dhcp pool
<WORD>
] |
[
dns domain
<WORD>
server
<X:X:X:X::X>
| listen-address
<X:X:X:X::X>
] |
[
firewall
<WORD>
| ipv6-receive-redirects enable | ipv6-src-route enable | statepolicy [established action accept | drop | reject] | [invalid action accept | drop | reject] | [related accept | drop | reject]
] |
[
host
<WORD>
|
<X:X:X:X::X>
] |
[
name-server
<X:X:X:X::X>
] |
[
prefix-list
<WORD>
] |
[
radius source-interface bvi
<1-9999>
| | dialer
<0-15>
| ethernet
<1-18>
.
<1-
4000>
openvpn-tunnel
<0-999>
tunnel
<0-999>
]
|
[
route
<A.B.C.D> <A.B.C.D>
| bvi
<1-9999>
| | dialer
<0-15>
| | ethernet
<1-
18>
.
<1-4000>
| open-vpn-tunnel
<0-999>
| tunnel
<0-999> <X:X:x:X::X <1-
255>
] |
IOLAN SCR Command Line Reference Guide
181
Global Configuration Mode
[
route-policy
<WORD>
] |
[
router osfp | rip
] |
[
tacacs source-interface bvi
<1-9999>
| | dialer
<0-15>
| ethernet
<1-18>
.
<1-
4000>
openvpn-tunnel
<0-999>
tunnel
<0-999>
] |
[
unicast-routing
]}
Syntax Description ipv6
{[
access-list
<WORD>
]
|
Set the access list to use.
[
dhcp pool
<WORD>
]
|
[
dns domain
<WORD>
server
<X:X:X:X::X>
| listen-address
<X:X:X:X::X>
] |
Set the dhcp pool to use.
Set DNS domain parameters.
[
firewall
<WORD>
| ipv6-receive-redirects enable | ipv6-src-route enable | statepolicy [established action accept | drop | reject] | [invalid action accept | drop | reject] | [related accept | drop | reject]
]
|
[
host
<WORD>
|
<X:X:X:X::X>
]
|
[
name-server
<X:X:X:X::X>
]
|
Firewall options.
Configure static host names
Specify the address of the name server to use.
[
prefix-list
<WORD>
] |
[
radius source-interface bvi
<1-9999>
| | dialer
<0-15>
| ethernet
<1-18>
.
<1-
4000>
openvpn-tunnel
<0-999>
tunnel
<0-
999>
]
|
[
route
<A.B.C.D> <A.B.C.D>
| bvi
<1-
9999>
| | dialer
<0-15>
| | ethernet
<1-
18>
.
<1-4000>
| open-vpn-tunnel
<0-999>
| tunnel
<0-999> <X:X:x:X::X <1-255>
] |
[
route
<A.B.C.D> <A.B.C.D>
| bvi
<1-
9999>
| | dialer
<0-15>
| | ethernet
<1-
18>
.
<1-4000>
| open-vpn-tunnel
<0-999>
| tunnel
<0-999> <X:X:x:X::X <1-255>
] |
[
route-policy
<WORD>
] |
[
router osfp | rip
] |
IP prefix-list filter.
RADIUS configuration parameters.
Establish static routes.
IPV6 route policy.
Enable a IPV6 routing process.
IOLAN SCR Command Line Reference Guide
182
Global Configuration Mode
[
tacacs source-interface bvi
<1-9999>
| | dialer
<0-15>
| ethernet
<1-18>
.
<1-
4000>
openvpn-tunnel
<0-999>
tunnel
<0-
999>
] |
[
unicast-routing
]}
Usage Guidelines
Set IPv6 parameters.
Examples
This example sets the DHCP to pool name.
PerleSCR(config)# ipv6 dhcp pool ipv6pool1<cr>
TACACS configuration parameters.
Enable unicast routing.
Related Commands
(config--ipv6-acl)#
<1-65535>
] |
[
deny
| <X:X:X:X::X/0-128 |any>
] |
[
permit
<X:X:X:X::X/0-128 | any>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config--ipv6-acl)#
<1-65535>
] |
[
deny
<X:X:X:X::X/0-128 | any>
exactmatch
] |
[
permit
<X:X:X:X::X/0-128 | any>
exactmatch
] |
Command Modes
Specify the sequence number.
Deny specified packets.
Deny specified packets.
PerleRouter(config-ipv6-acl)#
Usage Guidelines
Configure network packets to deny or permit using Access Control List.
Examples
This example will deny packets from this network.
PerleSCR(config-ipv6-acl# deny 172.16.0.0/16 exact-match<cr>
Related Commands
IOLAN SCR Command Line Reference Guide
183
Global Configuration Mode
(dhcpv6-config)#
{[
address prefix
<X:X:X:X::X/0-128>
] |
[
dns-server
<X:X:X:X::X>
|
[
domain-name
<WORD>
] |
[
host
<WORD>
] |
[
lifetime default
<0-4294967294>
maximum
<0-4294967294>
minimum
<0-
4294967294>
] |
[
nis address
<X:X:X:X::X>
| domain-name
<WORD>
] |
[
nisp address
<X:X:X:X::X>
| domain-name
<WORD>
] |
[
sip address
<X:X:X:X::X>
| domain-name
<WORD>
] |
[
sntp address
<X:X:X:X::X>
] |
[
subnet
<X:X:X:X::X/<1-128>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(dhcpv6-config)#
{[
address prefix
<X:X:X:X::X/0-128
] |
Specify the IPv6 address prefix.
[
dns-server
<X:X:X:X::X>
|
Specify a DNS server to use for clients using this DHCP pool. A
DNS server needs to be specified if you want to browse the internet.
If needed. specify a domain name.
[
domain-name
<WORD>
] |
[
host
<WORD>
] |
[
lifetime default
<0-4294967294>
maximum
<0-4294967294>
minimum
<0-
4294967294>
]
[
nis address
<X:X:X:X::X>
| domain-name
<WORD>
] |
Configure lifetime prefixes.
Configure the address and domain name of your nis server.
[
nisp address
<X:X:X:X::X>
| domainname
<WORD>
] |
[
sip address
<X:X:X:X::X>
| domain-name
<WORD>
] |
[
sntp address
<X:X:X:X::X>
] |
Configure the address and domain name of your nisp server.
Configure the address and domain name of your sip server.
Configure the address of your
SNTP server.
IOLAN SCR Command Line Reference Guide
184
Global Configuration Mode
[
subnet
<X:X:X:X::X/<1-128>
]}
Command Modes
PerleSCR(config)#
Usage Guidelines
Configure IPv6 DHCP paramters.
Examples
This example will set the dns-server address to 1:2:3:4:5::6.
PerleSCR(dhcpv6-config)#dns-server 1:2:3:4:5::6<cr>
Related Commands
(config-fw6)#
{[
default-action accept | drop | reject
] |
[
description
<LINE>
] |
[
enable-default-logfile
] |
[
rule
<1-9999>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-fw6)#
{[
default-action accept | drop | reject
] |
[
description
<LINE>
] |
[
enable-default-logfile
] |
Default action for firewall rules.
Description for the firewall rules.
Log packets matching default action.
[
rule
<1-9999>
]}
Create rules, go into submenu.
Command Modes
PerleSCR(config-fw6)#
Usage Guidelines
Configure IPv6 firewall options.
Examples
This example will set default action for firewall rules.
PerleSCR(config-fw6)# default-action drop<cr>
Related Commands
IOLAN SCR Command Line Reference Guide
185
Global Configuration Mode
(config-fw6-rules)#
{[
description
<WORD>
] |
[
disable
] |
[
log-enable
] |
[
match destination [address
<X:X:X::X/0-128>
| not
<X:X:X::X/0-128>
| start
<X:X:X::X>
stop
<X:X:X::X>
] | port <1-65535> not
<X:X:X::X/0-128>
| start
<X:X:X::X>
stop
<X:X:X::X>
] | [fragment fragment | non-fragment] | icmp type
<0-255>
code
<0-255>
| typenane address-unreachable | bad-header | communication-prohibited | destination-unreachable | echo-reply | echo-request
| neighbour-advertisement | neighbour-solicitation | no-route | packet-too-big | parameter-problem | port-unreachable | route-advertisement | routersolicitation | time-exceeded | ttl-zero-during-reassembly | ttl-zero-during-transit | unknown-header-type | unknown-option] | ipsec ipsec | non-ipsec | [protocol <0-
255> | ah |dccp |dsr | egp | eigrp | encap | esp | etherip | ggp | gre | hmp | icmp |
[
idpr | igmp | igp | p | ipip | ipv6 | ipv6-frag | ipv6-icmp | ipv6-nonxt | ipv6-opts | ipv6-route | isis | l2tp | manet | mpls-in-ip | narp | not | ospf pim | rdp | roho |rvsp
| sctp | sdrp | shim6 | skip | tcp | udp | udplite |vrrp | xnc-idp] | [recent count
<1-
255>
| time
<1-4294967295>
] |
source
address
<X:X:X::X/0-128>
| not
<X:X:X::X/0-128>
| start
<X:X:X::X>
stop
<X:X:X::X>
] | [mac-address
<H.H.H>
not
<H.H.H>
] | [port
<1-65535>
| not
<1-65535>
| start
<1-65535>
|
stop <1-
65535>
] | state [established disable | enable] | [invalid disable | enable] | [new enable | disable] | [related disable | enable] | tcp-flags ack | all | fin | psh | rst | syn
|urg | not ack | all | fin | psh | rst | syn | urg]
[ set action drop | dscp
<0-63>
| mark
] |
<1-2147483647>
| routing table
<1-200>
| main | tcp-mss
<500-1460>
| pmtu
] |
[
time monthdays
<1-31>
| not
<1-31>
] | startdate
<MONTH> <1-31> <2001-
2037>
| stopdate
<MONTH> <1-31> <2001-2037>
| starttime stoptime
<hh:mm:ss>
| utc | weekdays
<DAY>
| not
<DAY>
]
<hh:mm:ss>
]}
Use the no form of this command to negate a command or set its defaults.
|
Syntax Description
(config-fw6-rules)#
{[
description
<WORD>
] |
Configure a description for the policy rule.
[
disable
] |
[
log-enable
] |
Disable the policy rule.
Log packet matching the rule.
IOLAN SCR Command Line Reference Guide
186
Global Configuration Mode
[
match destination [address
<X:X:X::X/0-
128>
| not
<X:X:X::X/0-128>
| start
<X:X:X::X>
stop
<X:X:X::X>
] | port <1-
65535> not
<X:X:X::X/0-128>
| start
<X:X:X::X>
stop
<X:X:X::X>
] | [fragment fragment | non-fragment] | icmp type
<0-
255>
code
<0-255>
| typenane addressunreachable | bad-header | communicationprohibited | destination-unreachable | echoreply | echo-request | neighbouradvertisement | neighbour-solicitation | noroute | packet-too-big | parameter-problem
| port-unreachable | route-advertisement | router-solicitation | time-exceeded | ttl-zeroduring-reassembly | ttl-zero-during-transit
| unknown-header-type | unknown-option] | ipsec ipsec | non-ipsec | [protocol <0-255> | ah |dccp |dsr | egp | eigrp | encap | esp | etherip | ggp | gre | hmp | icmp | idpr | igmp | igp | p | ipip | ipv6 | ipv6-frag | ipv6icmp | ipv6-nonxt | ipv6-opts | ipv6-route | isis | l2tp | manet | mpls-in-ip | narp | not | ospf pim | rdp | roho |rvsp | sctp | sdrp |
| shim6 | skip | tcp | udp | udplite | | xnc-idp]
[recent count
<1-255>
| time
<1-
4294967295>
] |
source
address
<X:X:X::X/0-128>
| not
<X:X:X::X/0-128>
| start
<X:X:X::X>
stop
<X:X:X::X>
] | [macaddress
<H.H.H>
not
<H.H.H>
] | [port
<1-
65535>
| not
<1-65535>
| start
<1-65535>
|
stop <1-65535>
] | state [established disable | enable] | [invalid disable | enable] | [new enable | disable] | [related disable | enable] | tcp-flags ack | all | fin | psh | rst | syn |urg | not ack | all | fin | psh | rst | syn | urg]
] |
[
[ set action drop | dscp
<0-63>
| mark
<1-
2147483647>
| routing table
<1-200>
| main
| tcp-mss
<500-1460>
| pmtu
] |
[
time monthdays
<1-31>
| not
<1-31>
] | startdate
<MONTH> <1-31> <2001-2037>
| stopdate
<MONTH> <1-31> <2001-2037>
| starttime
<hh:mm:ss>
| stoptime
<hh:mm:ss>
| utc | weekdays
<DAY>
| not
<DAY>
]
]}
Match the values from the routing table.
Packet modifications.
Time parameters.
IOLAN SCR Command Line Reference Guide
187
Global Configuration Mode
Command Modes
Usage Guidelines
Set up firewall rules for IPv6.
Examples
This example will set the action for matched packets.
PerleSCR(config-fw6-rules)# set action accept<cr>
PerleSCR(config-fw6-rules)#
Related Commands
key
{[
chain
< WORD
]}
Syntax Description
{[
chain
< WORD
]}
Command Default
Command Modes key
Key-chain management.
PerleSCR#(config)# key
Usage Guidelines
A key chain is a series of keys that can be created to help ensure secure communication between routers in a network. Authentication occurs whenever neighboring routers exchange information. Plain text authentication sends a plain text key with each message, and plain text is vulnerable to snooping.
Examples
This example create key chain 1, then go into sub menu key.
PerleSCR(config)#key chain key1<cr>
Related Commands
(config-key)#
{[
key
<1-2147483647
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-key)#
{[
key
<1-2147483647
]}
Specify a number for this key.
Command Modes
PerleSCR#(config-key)# key
IOLAN SCR Command Line Reference Guide
188
Global Configuration Mode
Usage Guidelines
This command is used in conjunction with (config-keychain-key) to set a key string.
Examples
Specify a key number.
PerleSCR(config-key)# key 250<cr>
Related Commands
(config-keychain-key)#
{[
string
<0 | 7 | WORD>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-keychain-key)#
{[
string
<0 | 7 | WORD>
]}
Sets key string
0 – specifies an unencrypted password
7 – specifies a hidden password with follow
WORD - the unencrypted
(cleartext) user password.
Command Modes
PerleSCR(config-keychain-key)
#string
Usage Guidelines
Specify a password for keychain.
Examples
Specify a password for key chain.
PerleSCR(config-keychain-key)# string password123<cr>
Related Commands
l ine line
{[
console
<0-0 >
|
tty
< 1-2>
|
vty
<0-15>
]}
Syntax Description line
Command Modes
PerleSCR#(config)#line
IOLAN SCR Command Line Reference Guide
189
Global Configuration Mode
Usage Guidelines
Use this command to change to line mode.
Examples
Configure line parameters.
Related Commands
logging logging
{[
<hostname> | <A.B.C.D>
] |
[
[
alarm
<2-3>
buffered
| major | minor
<0-7>
|
] |
<4096-32768>
| alert | critical] | debugging | emergencies | errors | informational | notifications | warnings
|
[
console
<0-7>
|
<4096-32768>
| alert | critical] | debugging | emergencies | errors
| informational | notifications | warnings
] |
[
delimiter tcp
] |
[
facility auth | cron | daemon | kern | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | sys10 | sys11 | sys12 | sys13 | sys14 | sys9
| syslog | user | ucp
] |
[
file flash:
<filename> <0-7>
|
<4096-32768>
| alert | critical | debugging | emergencies | errors | informational | notifications | warnings
] |
[
host
<A.B.C.D>
transport tcp port
<1-65535>
| udp port
<1-65535>
] |
[
monitor
<0-7> | <4096-32768>
| alert | critical] | debugging | emergencies |
] |
errors | informational | notifications | warnings
[
on
] |
[
origin-id hostname | ip | ipv6 | string
] |
[
rate-limit
<1-10000>
except
<0-7> | <4096-32768>
| alert | critical] | debugging | emergencies | errors | informational | notifications | warnings
] |
[
source interface bvi
<1-9999>
| | ethernet
<1-18>
| openvpn-tunnel
<0-999>
| tunnel
<0-999>
] |
[
trap
<0-7> | <4096-32768>
| alert | critical] | debugging | emergencies | errors | informational | notifications | warnings
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description logging
{[
<hostname> | <A.B.C.D>
] |
Specify the address of the logging host.
IOLAN SCR Command Line Reference Guide
190
Global Configuration Mode
[
alarm
<2-3>
| major | minor
] |
[
buffered
<0-7>
|
<4096-32768>
| alert | critical] | debugging | emergencies | errors | informational | notifications | warnings
] |
[
console
<0-7> | <4096-32768>
| alert | critical] | debugging | emergencies | errors | informational | notifications | warnings
] |
[
delimiter tcp
] |
[
facility auth | cron | daemon | kern | local0 | local1 | local2 | local3 | local4 | local5 | local6
| local7 | lpr | mail | news | sys10 | sys11 | sys12 | sys13 | sys14 | sys9 | syslog | user | ucp
] |
[
file flash:
<filename> <0-7>
|
<4096-32768>
| alert | critical | debugging | emergencies | errors | informational | notifications | warnings
] |
[
host
<A.B.C.D>
transport tcp port
<
1-
65535>
| udp port
<
1-65535>
] |
[
monitor
<0-7> | <4096-32768>
| alert | critical] | debugging | emergencies | errors | informational | notifications | warnings
] |
[
on
] |
[
origin-id hostname | ip | ipv6 | string
] |
[
rate-limit
<1-10000>
except
<0-7>
|
<4096-
32768>
| alert | critical] | debugging | emergencies | errors | informational | notifications | warnings
] |
[
source interface bvi
<1-9999>
| | ethernet
<1-18>
| openvpn-tunnel
<0-999>
| tunnel
<0-999>
] |
Set severity alarm level.
major – immediate action needed (severity 2) minor – minor warning conditions (severity 3)
Set buffered logging parameters.
Set console logging parameters.
Append delimiter to syslog messages.
Set facility parameter for syslog messages.
Set file logging parameters.
Set the syslog server IP address and parameters.
Set terminal line (monitor) logging parameters.
Enable logging to all enabled destinations.
Add origin ID to syslog messages.
Set message per second limit.
Set the interface for source address in logging transactions.
IOLAN SCR Command Line Reference Guide
191
Global Configuration Mode
[
trap
<0-7>
|
<4096-32768>
| alert | critical]
| debugging | emergencies | errors | informational | notifications | warnings
]}
Command Default
Set syslog server logging level.
Command Modes
Usage Guidelines
Enable logging setting.
Examples
This example will enable logging to the host 172.16.55.88.
PerleSCR(config)#logging 172.16.55.88<cr> logging buffered 4096 debugging logging console debugging logging monitor debugging
PerleSCRconfig)#logging
Related Commands
login login
[
on-failure every
<1-65535>
| log every
<1-65535>
| trap every
<1-65535>
]
|
on-success every
<1-65535>
| log every
<1-65535>
| trap every
<1-65535>
]}
Syntax Description login
[
on-failure every
<1-65535>
| log every
<1-
65535>
| trap every
<1-65535>
] |
Set options for failed login attempt.
[
on-success every
<1-65535>
| log every
<1-65535>
| trap every
<1-65535>
]}
Set options for successful login attempt.
Command Modes
PerleRouter(config)#login
Usage Guidelines
Set parameters for users login in attempts.
Examples
This example will log failed login attempts.
PerleSCR(config)#login on-failure<cr>
Related Commands
IOLAN SCR Command Line Reference Guide
192
Global Configuration Mode
management-access management-access
{[
enable
] | [
from-lan
] | [
from-wan
]}
Syntax Description management-access
{[
enable
] |
Enable management access.
[
from-lan
] |
Allow management access from
LAN devices.
[
from-wan
]}
Allow management access from
WAN devices.
Command Default
Command Modes
All management access methods are enabled for LAN by default.
All management access methods are disabled for WAN by default.
PerleSCR(config)#managementaccess<cr>
Usage Guidelines
This command allows you to set per interface the management access methods for that interface.
Management Methods are:
Enable – all management Access methods for this interface
HTTP – Enable HTTP (Web) management Access for this interface
HTTPS – Enable HTTPS (Web) management access for this interface
Telnet – Enable Telnet management access for this interface
SSH – Enable SSH management access for this interface
SNMP – Enable SNMP management access for this interface
Examples
This example sets management access HTTPS off for interface Ethernet 1.
PerleSCR>enable<cr>
PerleSCR#config<cr>
PerleSCR#management-access from-LAN<cr>
Related Commands
(management-access-LAN)#
{[
http enable
] | [
https enable
] | [
snmp enable
] | [
ssh enable
] | [
telnet enable
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(management-access-LAN)#
IOLAN SCR Command Line Reference Guide
193
Global Configuration Mode
[
[
[
[
http enable https enable snmp enable ssh enable
] |
|
]
] |
|
Enable devices connected from the
LAN side with Role set to LAN to use HTTP to connect to the router.
Enable devices connected from the
LAN side with Role set to LAN to use HTTPS to connect to the router.
Enable devices connected from the
LAN side with Role set to LAN to use HTTPS to connect to the router.
Enable devices connected from the
LAN side with Role set to LAN to use ssh to connect to the router.
[
telnet enable
]}
Command Default
Enable devices connected from the
LAN side with Role set to LAN to use telnet to connect to the router.
All methods are enabled on the
LAN side. All methods are disabled on the WAN side.
Command Modes
PerleSCR#management-accesslan<cr>
Usage Guidelines
Set protocols to allow entry from the LAN side to manage the IOLAN.
Examples
This example sets management access telnet for LAN devices.
PerleSCR(config)#management-access--lan<cr>
PerleSCR(management-access-lan)#telnet enable<cr>
Related Commands
(management-access-WAN)#
{[
http enable
] | [
https enable
] | [
snmp enable
] | [
ssh enable
] | [
telnet enable
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(management-access-WAN)#
{[
http enable
|
Enable devices connected from the
WAN side with Role set to WAN to use HTTP to connect to the router.
IOLAN SCR Command Line Reference Guide
194
Global Configuration Mode
[
[
[
[
https enable snmp enable ssh enable
]
telnet enable
|
]
]
]}
|
|
Enable devices connected from the
WAN side with Role set to WAN to use HTTPS to connect to the router.
Enable devices connected from the
WAN side with Role set to WAN to use SNMP to connect to the router.
Enable devices connected from the
WAN side with Role set to WAN to use ssh to connect to the router.
Enable devices connected from the
WAN side with Role set to WAN to use telnet to connect to the router.
All protocols are disabled.
Command Default
Command Modes
PerleSCR>enable <cr>
PerleRouter#config <cr>
PerleRouter(config)#managementaccessfrom-lan<cr>
Usage Guide
Set protocols to allow entry from the LAN side to manage the IOLAN.
Examples
Specify management access for wan devices using ssh.
PerleSCR(config)# management-access from-wan<cr>
PerleSCR(config-management-access-WAN)# ssh enable<cr>
Related Commands
nat66 nat66
{[
prefix outside
]}
<X:X:X:X::X:X>
/
<0-128>
inside
<X:X:X:X::X:X>
999>
| tunnel
<0-999>
Use the no form of this command to negate a command or set its defaults.
/
<0-
128>
outside-interface bvi
<0-9999>
| | ethernet
<1-18>
| openvpn-tunnel
<0-
Syntax Description nat66
IOLAN SCR Command Line Reference Guide
195
Global Configuration Mode
{[
prefix outside
<X:X:X:X::X:X>
/
<0-128>
inside
<X:X:X:X::X:X>
/
<0-128>
outsideinterface bvi
<0-9999>
| | ethernet
<1-18>
| openvpn-tunnel
<0-999>
| tunnel
<0-
999>
]}
Set parameters for NAT66.
Command Modes
PerleSCR(config)# nat66
Usage Guidelines
NAR66 is used to map one IPv6 address prefix to another IPv6 address prefix as each
IPv6 packets transits the entry from the
IOLAN.
Use NAT when your
IOLAN is on a private network and your internal PCs want to browse the Internet
.
Related Commands
ntp ntp
{[
authentication
] |
[
authentication-key
<1-65534>
md5
<WORD> <0 | 7>
] |
[
broadcastdelay
<1-999999>
] |
[
logging
] |
[
master
<1-15>
] | [
peer
<A.B.C.D> <WORD> <X:X:X:X::X>
ip
<
hostname-ofpeer>
ipv6
<
hostname-of-peer>
| key
<1-65534>
| maxpoll
<4-17>
| minpoll
<4-
17>
| prefer | version
<1-4>
] |
[
server
<A.B.C.D> <WORD> <X:X:X:X::X>
ip
<
hostname-of-peer>
ipv6
<
hostname-of-peer>
| key
<1-65534>
| maxpoll
<4-17>
| minpoll
<4-17>
| prefer | version
<1-4>
] |
[
trusted-key
1-65534
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description ntp
[
authentication
] |
The time sources must authenticate with each other before synchronizing clock time.
[
authentication-key
<1-65534>
md5
<WORD> <0 | 7>
] |
When authentication is enabled, the configured authentication key must be exchanged between time sources before clock synchronizing can begin.
0 – unencrypted key
7 – encrypted key
IOLAN SCR Command Line Reference Guide
196
[
[
[
broadcastdelay logging master
] |
<1-15>
] |
<1-999999>
] |
[
peer
<A.B.C.D> <WORD> <X:X:X:X::X>
ip
<WORD>
ipv6
<WORD>>
| key
<1-
65534>
| maxpoll
<4-17>
| minpoll
<4-17>
| prefer | version
<1-4>
] |
Global Configuration Mode
By default, the router will set broadcast delay to Autonegotiate. Select the autonegotiate broadcast delay off if you wish to set your own broadcast delay time in microseconds. Broadcast delay time is the estimated round-trip delay between the broadcast
NTP server and the router.
Log NTP messages to the router’s internal log.
Select this router as the master source clock. The stratum defines how far away the clock is away from the Authoritative
Time Source.
The highest stratum is 1. It is reserved for atomic clocks, GPS clocks or radio clock which generates a very accurate time.
This type of time source is defined as the “Authoritative time source”. The stratum defines how many hops a node is from the “authoritative time source”. Stratum x nodes are synchronized to stratum x‐1 nodes.
Stratum numbers range from 1 to
15.
Configure the IPv4/IPv6 address or hostname of the NTP peer that you will be getting the clock from. Select prefer to use this
NTP source over another. A preferred peer's responses are discarded only if they vary greatly from the other time sources. Otherwise, the preferred peer is used for synchronization without consideration of the other time sources.
IOLAN SCR Command Line Reference Guide
197
Global Configuration Mode
[
[
server
<A.B.C.D> <WORD>
<X:X:X:X::X>
ip
<WORD>
ipv6
<WORD>>
| key
<1-65534>
| maxpoll
<4-
17>
| minpoll
<4-17>
| prefer | version
<1-
4>
] |
trusted-key
1-65534
Command Modes
]}
Configure the IPv4/IPv6 address or hostname of the NTP peer that you will be getting the clock from. Select prefer to use this
NTP source over another. A preferred server’s responses are discarded only if they vary greatly from the other time sources. Otherwise, the preferred server is used for synchronization without consideration of the other time sources.
Changes to the polling interval is not recommended and is discouraged. NTP dynamically selects the optimal poll interval between the values of minpoll and maxpoll, which defaults to
64 and 1024 seconds respectively and are correct for most environments.
Shorter values are used to correct large errors and larger values are to refine accuracy.
Default is Minimum poll 64.
Versions 1-4 are supported
Configure a trusted key to be used for trusted time sources.
PerleSCR>enable <cr>
PerleSCR#config t<cr> erleSCR(config)#ntp
Usage Guidelines
Network Time Protocol (NTP) is used as a method of distributing and maintaining synchronization of time information between nodes in a network. NTP server uses
UTC (Universal Coordinated Time). When initially launched, it can take NTP as much as 5 minutes to obtain an accurate time.This is due to the algorithm used to determine what NTP master(s) the IOLAN should synchronize with. NTP will not synchronize with nodes whose time is significantly off even if its stratum is lower.
During this “settling” period, the router may not have the correct time. NTP can usually achieve time synchronization between two systems in the order of a few milliseconds. This can be achieved with a time transmission rate of as little as one packet per minute.
IOLAN SCR Command Line Reference Guide
198
Global Configuration Mode
Examples
PerleSCR(config)# ntp server 172.16.4.181<cr>
23:40:31: %NTPD-5: ntpd [email protected] Wed May 18 14:33:49 UTC 2016
(10): Starting
23:40:31: %NTPD-6: Command line: ntpd -n -g
23:40:31: %RSYSLOGD-6:LOGGINGHOST_STARTSTOP: Logging to UDP host
172.16.55.88 port 514 started
23:40:31: %NTPD-6: proto: precision = 3.840 usec (-18)
23:40:31: %NTPD-6: Listen and drop on 0 v6wildcard [::]:123
23:40:31: %NTPD-6: Listen and drop on 1 v4wildcard 0.0.0.0:123
23:40:31: %NTPD-6: Listen normally on 2 lo 127.0.0.1:123
23:40:31: %NTPD-6: Listen normally on 3 Vl1 172.16.113.77:123
23:40:31: %NTPD-6: Listen normally on 4 lo [::1]:123
23:40:31: %NTPD-6: Listen normally on 5 Gi2 [fe80::6ac9:bff:fec1:58da%4]:123
23:40:31: %NTPD-6: Listen normally on 6 Gi1 [fe80::6ac9:bff:fec1:58d9%3]:123
23:40:31: %NTPD-6: Listen normally on 7 eth0 [fe80::6ac9:bff:fec1:58d8%2]:123
23:40:31: %NTPD-6: Listening on routing socket on fd #38 for interface updates
23:40:31: %NTPD-3: Unable to listen for broadcasts, no broadcast interfaces available
23:40:31: %NTPD-6: 0.0.0.0 c01d 0d kern kernel time sync enabled
23:40:31: %NTPD-6: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
23:40:31: %NTPD-6: 0.0.0.0 c011 01 freq_not_set
23:40:31: %NTPD-6: 0.0.0.0 c016 06 restart
Examples
PerleSCR(config)# ntp status <cr>
Clock is synchronized, stratum 12, reference is 172.16.4.180
Precision is 2**-18 s
Reference time is dae84dc5.33013328 (Thu, May 19 2016 10:35:49.199)
Clock offset is 7.595002 msec, root delay is 0.439 msec
Root dispersion is 7956.293 msec
Related Commands
Feature Details / Application Notes
power-supply
{[
dual
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description power-supply
{[
dual
]} |
Enable monitoring of dual power supplies
Command Modes
PerleSCR(config)#power-supply
IOLAN SCR Command Line Reference Guide
199
Global Configuration Mode
Examples
To enable monitoring of both power supplies.
PerleSCR(config)# power-supply dual<cr>
radius radius
{[
server
<radius-server-name>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description radius server
{[
server
<radius-server-name>
]}
Specify the name of the Radius server
Command Modes
PerleSCR(config)#radius
Examples
This example shows you set the radius server name.
PerleSCR(config)# radius server testrad<cr>
Related Commands
(config-radius-server)#
{[
address ipv4
<A.B.C.D>
acct-port
<0-65536> |
auth-port
<0-65536>
] | [
key 0 |
7 |
<word>
] | [
retransmit
<1-100>
] | [
timeout
<1-1000>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-radius-server)#
{[
address ipv4
<A.B.C.D>
acct-port
<0-
65536> |
auth-port
<0-65536>
] |
[
key 0 | 7 |
<word>
] |
Specify the Radius server address.
Specify an encryption key to be shared with the Radius servers.
retransmit
<1-100>
]
Specify the number of retries to the active server
[
timeout
<1-1000>
]}
Specify the time to wait for
Radius server to reply.
Command Modes
PerleSCR(config)#
IOLAN SCR Command Line Reference Guide
200
IOLAN SCR Command Line Reference Guide
Global Configuration Mode
Examples
This example sets the timeout to 5 minutes for a predefined Radius server.
PerleSCR(config-radius-server)# timeout 5<cr>
Related Commands
radius-server radius-server
100>
] |
timeout
{[
deadtime <1-1440>
<1-1000>
]}
] | [
key 0 | 7 |
<word>
] | [
retransmit
Use the no form of this command to negate a command or set its defaults.
<1-
Syntax Description radius-server
{[
deadtime <1-1440>
] |
Specify a time to stop using a server that doesn’t respond.
[
key 0 | 7 |
<word>
] |
Specify the encryption key to be shared with the Radius servers.
[
retransmit
<1-100>
] |
Number of times to try to connect the radius server.
Default is 3.
timeout
<1-1000>
]}
Wait time for the radius server to respond. Default is 5 seconds.
Command Modes
PerleSCR(config)#
Usage Guidelines
These are the global parameters for Radius. You can set some of these parameter for each Radius server separately.
Examples
This example shows you how to set deadtime of 5 minutes.
PerleSCR(config)#radius-server deadtime 5<cr>
Related Commands
router-map router-map
{[<
WORD> <1-65535>
deny
<1-65535>
| permit
<1-65535>
]}
201
Global Configuration Mode
Use the no form of this command to negate a command or set its defaults.
Syntax Description router-map
{[
WORD> <1-65535>
deny | permit
]}
Insert, delete, deny or permit from existing route map table.
Command Modes
PerleRouter(config)#router-map
Usage Guidelines
Create route maps or enter route map command mode.
Examples
This example creates a route map called test-route.
PerleSCR(config)#route-map test-route<cr>
Related Commands
(config-route-map)#
{
[
call
<WORD>
] |
[
continue
<1-65535>
[
description
<LINE>
] |
] |
[
match | as-path
<WORD>
| community
<1-500>
| extcommunity
<1-500>
| interface bvi
<1-9999>
| dialer
<0-15>
| ethernet
<1-18> . <1-4000>
| openvpntunnel
<0-999>
| tunnel
<0-999>
| [ip address
<1-199>
|
<1300-2699>
| prefix-list]
| [ipv6
<WORD>
| prefix-list] | metric
<1-4294967295>
| [origin egp | igp | unknown] | peer
<A.B.C.D>
| tag
<1-65535>
] |
[
on-match goto <1-65535> | next
] |
[
set aggregator as
<1-4294967295> <A.B.C.D>
| as-path exclude
<1-4294967295>
| prepend
<1-4294967295>
| atomic -aggregate | comm-list
<1-500>
delete |
[community
<1-4294967295> | <AA:NN>
| internet | local-as | no-advertise | no export] | extended-community rt
<AA:NN>
| soo
<AA:NN>
| ip nexthop
<A.B.C.D>
| [ipv6 nexthop global
<X:X:X:X::X>
| local
<X:X:X:X::X>
] | localpreference
<0-4294967295>
| metric
<1-4294967295>
| [metric-type
type-1 | type-
2
] | [origin epg | igp | unknown] | originator-id
<A.B.C.D>
| src
<A.B.C.D>
| tag
<1-65535>
| weight
<0-4294967295>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-route-map)#
{
[
call
<WORD>
] |
Jump to another route-map after match-set
IOLAN SCR Command Line Reference Guide
202
Global Configuration Mode
[
continue
<1-65535>
] |
[
match | as-path
<WORD>
| community
<1-500>
| extcommunity
<1-500>
| interface bvi
<1-9999>
| | dialer
<0-15>
| | ethernet
<1-18> . <1-4000>
| openvpntunnel
<0-999>
| tunnel
<0-999>
| [ip address
<1-199>
|
<1300-2699>
| prefixlist] | [ipv6
<WORD>
| prefix-list] | metric
<1-4294967295>
| [origin egp | igp | unknown] | peer
<A.B.C.D>
| tag
<1-
65535>
] |
[
on-match goto <1-65535> | next
] |
[
set aggregator as
<1-4294967295>
<A.B.C.D>
| as-path exclude
<1-
4294967295>
| prepend
<1-4294967295>
| atomic -aggregate | comm-list
<1-500>
delete | [community
<1-4294967295> |
<AA:NN>
| internet | local-as | noadvertise | no export] | extendedcommunity rt
<AA:NN>
| soo
<AA:NN>
| ip nexthop
<A.B.C.D>
| [ipv6 nexthop global
<X:X:X:X::X>
| local
<X:X:X:X::X>
] | local-preference
<0-
4294967295>
| metric
<1-4294967295>
|
[metric-type
type-1 | type-2
] | [origin epg | igp | unknown] | originator-id
<A.B.C.D>
| src
<A.B.C.D>
| tag
<1-65535>
| weight
<0-
4294967295>
]}
Command Modes
Continue on a different entry within the route-map.
Match values from routing table.
Exit policy on matches.
Set values in destination routing protocol.
PerleSCR(config-route-map)#
Usage Guidelines
Set up route map configuration parameters.
Examples
This rule defines a match rule for community list BGP 50.
PerleSCR(config-route-map)#match community 50 <cr>
Related Commands
router router
{[
bgp
<1-4294967295>
|
ospf
|
rip
]}
IOLAN SCR Command Line Reference Guide
203
Global Configuration Mode
Use the no form of this command to negate a command or set its defaults.
Syntax Description router
{[
bgp
<1-4294967295>
|
Broader Gateway Protocol (BGP) is an independent routing protocol that is used exclusively for the internet. If using your router to connect to the internet, bgp should be enabled.
[
ospf
|
Open Shortest Path First (ospf) is a protocol used to find the best paths for packets as they pass through a set of connected networks. OSFP was designed to replace the RIP protocol as it optimizes the updating up of the routing table. OSPF should be enabled on your IOLAN.
rip
]}
Routing Information Protocol
(rip). Older protocol for finding the shortest path for routing information using a routing metric/hop count algorithm. RIP should be enabled on your
IOLAN if there are older routers on your network that need to use
RIP.
Command Modes
PerleSCR(config)#
Usage Guidelines
Select the routing protocol for your IOLAN.
Examples
This example sets the routing protocol to BGP.
PerleSCR(config)# router bgp 10<cr>
Related Commands
(config-router)#
{
[
bgp [address-family ipv4 | ipv6 unicast]
] |
[
aggregate address
<A.B.C.D>
<A.B.C.D>
as-set | summary-only]
] |
[
bgp always-compare-med
|
[bestpath as-
IOLAN SCR Command Line Reference Guide
204
Global Configuration Mode
path | confed | ignore] | compare-router-id | med confed | missing-as-worst]
|
[client-to-client reflection] | cluster-id
<1-4294967295>
| confederation identifier
<1-4294967295>
|
peers
<1-4294967295> <1-4294967295>
| dampening
<1-45>
|
<1-20000>
|
<1-20000>
|
<1-255>
| deterministic-med | enforce-first-as | fastexternal-failover | graceful-restart stalepath-time
<1-3600>
| log-neighborchanges | network import-check | router-id
<A.B.C.D>
| scan-time
<5-60>
] |
[
distance
<1-255>
bgp distance
<1-255> <1-255> <1-255>
] |
[
maximum-paths <1-255> ibgp
] |
[
neighbour
<A.B.C.D> <X:X:X:X::X>
advertisement-interval
<0-600>
| allowasin
<1-10>
| asoverride | [attribute-unchanged as-path | med | next-hop] |
[capability dynamic | orf prefix-list both | receive | send] | default originate route-map
<NAME>
| description
<LINE>
| [disable-connected-check | distributed-list
<1-99>
in | out
<1300-2699>
in | out] | dont’t-capabilitynegotiate | ebgp-multihop
<1-255>
| filter-list
<WORD>
| local-as
<1-
4294967295>
no-prepend | maximum-prefix
<1-4294967295>
| next-hop-self | override-capability | passive | password
<LINE>
| port
<1-65535>
| prefix-list
<WORD>
| remote-as
<1-4294967295>
| remove-private-as | [route-map
<WORD>
in | out] | route-reflector -client | route-server-client | [sendcommunity both | extended | standard] | shutdown | soft-reconfiguration | strictcapability-match | timers connect | ttl-security | unsuppress-map | update-source
| weight
]
|
[
passive-interface bvi
<1-9999>
| | dialer
<0-15>
| | ethernet
<1-18> . <1-4000>
| openvpn-tunnel
<0-999>
| tunnel
<0-999>
]}
] |
[
network
<A.B.C.D> <A.B.C.D>
| backdoor | route-map
<WORD>
] |
[
redistribute connected | kernel | ospf | rip | static | metric
<1-4294967295>
| route-map
<WORD>
] |
[
timers bgp
<0-65535> <0-65335>
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-router)#
{
[
bgp [address-family ipv4 | ipv6 unicast]
] |
Enter address family mode.
aggregate address
<A.B.C.D> <A.B.C.D>
asset | summary-only]
] |
Configure BGP aggregate entries.
IOLAN SCR Command Line Reference Guide
205
Global Configuration Mode
[
bgp always-compare-med
|
[bestpath aspath | confed | ignore] | compare-router-id | med confed | missing-as-worst]
|
[client-toclient reflection] | cluster-id
<1-4294967295>
| confederation identifier
<1-4294967295>
|
peers
<1-4294967295> <1-4294967295>
| dampening
<1-45>
|
<1-20000>
|
<1-20000>
|
<1-255>
| deterministic-med | enforce-first-as
| fast-external-failover | graceful-restart stalepath-time
<1-3600>
| log-neighborchanges | network import-check | router-id
<A.B.C.D>
| scan-time
<5-60>
] |
[
distance
<1-255>
bgp distance
<1-255> <1-
255> <1-255>
] |
[
maximum-paths <1-255> ibgp
] |
[
neighbour
<A.B.C.D> <X:X:X:X::X>
advertisement-interval
<0-600>
| allowas-in
<1-10>
| asoverride | [attribute-unchanged as-path | med | next-hop] | [capability dynamic | orf prefix-list both | receive | send] | default originate route-map
<NAME>
| description
<LINE>
| [disable-connectedcheck | distributed-list
<1-99>
in | out
<1300-
2699>
in | out] | dont’t-capability-negotiate | ebgp-multihop
<1-255>
| filter-list
<WORD>
| local-as
<1-4294967295>
no-prepend | maximum-prefix
<1-4294967295>
| next-hopself | override-capability | passive | password
<LINE>
| port
<1-65535>
| prefix-list
<WORD>
| remote-as
<1-4294967295>
| remove-private-as | [route-map
<WORD>
in | out] | route-reflector -client | route-serverclient | [send-community both | extended | standard] | shutdown | soft-reconfiguration | strict-capability-match | timers connect | ttlsecurity | unsuppress-map | update-source | weight
]
|
[
network
<A.B.C.D> <A.B.C.D>
| backdoor | route-map
<WORD>
] |
[
passive-interface bvi
<1-9999>
| | dialer
<0-
15>
| | ethernet
<1-18> . <1-4000>
| openvpntunnel
<0-999>
| tunnel
<0-999>
] |
Set parameters for BGP.
Define administrative distances.
Forward packets over multiple paths.
Set neighbor configuration parameters.
Specify a network to announce via BGP.
Suppress routing updates on an interface.
IOLAN SCR Command Line Reference Guide
206
Global Configuration Mode
[
redistribute connected | kernel | ospf | rip | static | metric
<1-4294967295>
| route-map
<WORD>
] |
[
timers bgp
<0-65535> <0-65335>
]}
Command Modes
Redistribute information from another routing protocol.
Adjust routing timers.
PerleSCR(config-router)#
Usage Guidelines
Set up parameters for BGP protocol.
Examples
This example sets BGP timers keepalive to 10 and hold time to 20 seconds.
PerleSCR(config)#<cr>timers bgp 10 20 <cr>
Related Commands
(config-router)#
{
[
ospf area
<0-4294967295>
|
<A.B.C.D>
authentication message-digest | default-cost
<1-6777215>
| nssa no-summary | translate |-always | translatecandidate | translate-never | range
<A.B.C.D> <A.B.C.D>
advertise | notadvertise cost
<0-16777215>
| substitute
<A.B.C.D> <A.B.C.D>
cost
<0-
16777215>
| [shortcut enable | disable | default] | stub no-summary | [virtual-link
<A.B.C.D>
authentication-key
<WORD>
| message-digest message-digest-key
<1-255>
md5
<LINE>
| null] | dead-interval
<1-65535>
| hello-interval
<1-65535>
| retransmit-interval
<1-65535>
| transmit-delay
<1-65535>
] |
[
auto-cost reference-bandwidth
<1-4294967>
] |
[
capability opaque
] |
[
compatibility rfc1583
] |
[
default-information originate always | metric
<0-16777214>
| metric-type
<1-2>
| route-map
<WORD>
] |
[
default-metric
<0-16777214>
] |
[
max-metric router-lsa administrative | on-shutdown
<5-86400>
| on-startup
<5-
86400>
] |
[
neighbor poll-interval
<1-65535>
| priority
<0-255>
[
network
<A.B.C.D> <A.B.C.D>
area
<0-4294967295>
[
passive-interface bvi
<1-9999>
| | dialer
<0-15>
| | ethernet
<1-18> . <1-4000>
| openvpn-tunnel
<0-999>
| tunnel
<0-999>
route-map
<WORD>
] |
[
refresh timer
<5-1800>
] |
] |
] |
] |
[
redistribute connected | kernel | ospf | rip | static | metric
<1-4294967295>
|
IOLAN SCR Command Line Reference Guide
207
Global Configuration Mode
[
router-id
<A.B.C.D>
] |
[
timers throttle spf
<1-600000> <1-600000><1-600000>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-router)#
{
[
ospf area
<1-4294967295>
|
<A.B.C.D>
authentication message-digest | defaultcost
<1-6777215>
| nssa no-summary | translate |-always | translate-candidate | translate-never | range
<A.B.C.D>
<A.B.C.D>
advertise | not-advertise cost
<0-16777215>
| substitute
<A.B.C.D>
<A.B.C.D>
cost
<0-16777215>
| [shortcut enable | disable | default] | stub nosummary | [virtual-link
<A.B.C.D>
authentication-key
<WORD>
| messagedigest message-digest-key
<1-255>
md5
<LINE>
| null] | dead-interval
<1-65535>
| hello-interval
<1-65535>
| retransmitinterval
<1-65535>
| transmit-delay
<1-
65535>
] |
[
auto-cost reference-bandwidth
<1-
4294967>
] |
[
capability opaque
] |
[
compatibility rfc1583
] |
Specify OSPF area parameters.
Calculate OSPF interface cost according to bandwidth.
Enable opaque feature.
OSPF compatibly list.
[
default-information originate always | metric
<0-16777214>
| metric-type
<1-2>
| route-map
<WORD>
] |
[
default-metric
<0-16777214>
] |
Control distribution of default information.
Set metric of redistributed routes.
Define administrative distance.
[
max-metric router-lsa administrative | onshutdown
<5-86400>
| on-startup
<5-
86400>
] |
[
neighbor poll-interval
<1-65535>
| priority
<0-255>
] |
[
network
<A.B.C.D> <A.B.C.D>
area
<0-
4294967295>
]
Specify a neighbor router.
Specify a network to enable IP routing.
[
passive-interface bvi <1-9999> | | dialer
<0-15>
| | ethernet
< <1-18> . <1-4000>
| tunnel
<0-999>
] |
Suppress routing updates on an interface.
IOLAN SCR Command Line Reference Guide
208
[
redistribute connected | kernel | ospf | rip | static | metric
<1-4294967295>
| route-map
<WORD>
] |
[
refresh timer
<5-1800>
] |
[
router-id
<A.B.C.D>
] |
[
timers throttle spf
<1-600000> <1-
600000><1-600000>
]}
Command Modes
Usage Guidelines
Set up parameters for OSPF protocol.
Examples
This example sets opaque feature for OSPF.
PerleSCR(config)#capability opaque<cr>
Related Commands
Global Configuration Mode
Redistribute information from other routing protocol.
Adjust refresh timers.
Router ID for this OSPF process.
Adjust routing timers.
PerleSCR(config-router)#
(config-router)#
{
[
rip default-information originate
] |
[
default-metric
<1-16>
[
distance
<1-255>
] |
] |
[
distribution-list
<1-99>
in | out bvi <1-9999> | | dialer
<0-15>
| | ethernet
<1-
18> . <1-4000>
| openvpn-tunnel
<0-999>
| tunnel
<0-999>
|
<1300-2699>
in | out bvi <1-9999> | | dialer
<0-15>
| | ethernet
<1-18> . <1-4000>
| openvpn-tunnel
<0-999>
| tunnel
<0-999>
prefix
<WORD>
in | out bvi <1-9999> | | dialer
<0-15>
| | ethernet
<1-18> . <1-4000>
| openvpn-tunnel
<0-999>
| tunnel
<0-999>
[
neighbor
<A.B.C.D>
] |
] |
[
network
<A.B.C.D> <A.B.C.D>
] |
[
passive-interface bvi
<1-9999>
| | dialer
<0-15>
| | ethernet
<1-18> . <1-4000>
| openvpn-tunnel
<0-999>
| tunnel
<0-999>
] |
[
redistribute connected | kernel | ospf | rip | static | metric
<1-4294967295>
| route-map
<WORD>
] |
[
timers basic
<5-2147483>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-router)#
IOLAN SCR Command Line Reference Guide
209
Global Configuration Mode
[
rip default-information originate
[
default-metric
<1-16>
] |
] |
Control distribution of default information.
Set the metric for redistributed routes.
Set the administrative distance.
[
distance
<1-255>
] |
[
distribution-list
<1-99>
in | out bvi <1-
9999> | | dialer
<0-15>
| | ethernet
<1-18>
. <1-4000>
| openvpn-tunnel
<0-999>
| tunnel
<0-999>
|
<1300-2699>
in | out bvi
<1-9999>
| | dialer
<0-15>
| | ethernet
<1-
18> . <1-4000>
| openvpn-tunnel
<0-999>
| tunnel
<0-999>
| prefix
<WORD>
in | out bvi <1-9999> | | dialer
<0-15>
| | ethernet
<1-18> . <1-4000>
| openvpn-tunnel
<0-
999>
| tunnel
<0-999>
] |
[
neighbor
<A.B.C.D>
] |
[
network
<A.B.C.D> <A.B.C.D>
] |
Filter networks in routing updates.
Specify a neighbor router.
|
[
passive-interface bvi
<1-9999>
| | dialer
<0-15>
| | ethernet
<1-18> . <1-4000>
| openvpn-tunnel
<0-999>
| tunnel
<0-999>
]
[
redistribute connected | kernel | ospf | rip | static | metric
<1-4294967295>
| route-map
<WORD>
] |
[
timers basic
<5-2147483>
]}
Enable routing on a IP network.
Suppress routing updates on an interface.
Redistribute information from other routing protocol.
Command Modes
Interval between updates for
RIP.
PerleSCR(config-router)#
Usage Guidelines
Set parameters for RIP protocol.
Examples
This example sets timer for RIP updates to every 5 minutes.
PerleSCR(config)#timers basic 5 <cr>
Related Commands
IOLAN SCR Command Line Reference Guide
210
Global Configuration Mode
router-map router-map
{[<
WORD> <1-65535>
deny
<1-65535>
| permit
<1-65535>
Use the no form of this command to negate a command or set its defaults.
]}
Syntax Description router-map
{[
WORD> <1-65535>
deny | permit
]}
Insert, delete, deny or permit from existing route map table.
Command Modes
PerleRouter(config)#router-map
Usage Guidelines
Create route maps or enter route map command mode.
Examples
This example creates a route map called test-route.
PerleSCR(config)#route-map test-route<cr>
Related Commands
(config-route-map)#
{
[
call
<WORD>
] |
[
continue
<1-65535>
[
description
<LINE>
] |
] |
[
match | as-path
<WORD>
| community
<1-500>
| extcommunity
<1-500>
| interface bvi
<1-9999>
| | dialer
<0-15>
| | ethernet
<1-18> . <1-4000>
| openvpn-tunnel
<0-999>
| tunnel
<0-999>
| [ip address
<1-199>
|
<1300-2699>
| prefix-list] | [ipv6
<WORD>
| prefix-list] | metric
<1-4294967295>
| [origin egp | igp | unknown] | peer
<A.B.C.D>
| tag
<1-65535>
] |
[
on-match goto <1-65535> | next
] |
[
set aggregator as
<1-4294967295> <A.B.C.D>
| as-path exclude
<1-4294967295>
| prepend
<1-4294967295>
| atomic -aggregate | comm-list
<1-500>
delete |
[community
<1-4294967295> | <AA:NN>
| internet | local-as | no-advertise | no export] | extended-community rt
<AA:NN>
| soo
<AA:NN>
| ip nexthop
<A.B.C.D>
| [ipv6 nexthop global
<X:X:X:X::X>
| local
<X:X:X:X::X>
] | localpreference
<0-4294967295>
| metric
<1-4294967295>
| [metric-type
type-1 | type-
2
] | [origin epg | igp | unknown] | originator-id
<A.B.C.D>
| src
<A.B.C.D>
| tag
<1-65535>
| weight
<0-4294967295>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-route-map)#
IOLAN SCR Command Line Reference Guide
211
Global Configuration Mode
{
[
call
<WORD>
] |
[
continue
<1-65535>
] |
[
match | as-path
<WORD>
| community
<1-500>
| extcommunity
<1-500>
| interface bvi
<1-9999>
| | dialer
<0-15>
| | ethernet
<1-18> . <1-4000>
| openvpntunnel
<0-999>
| tunnel
<0-999>
| [ip address
<1-199>
|
<1300-2699>
| prefixlist] | [ipv6
<WORD>
| prefix-list] | metric
<1-4294967295>
| [origin egp | igp | unknown] | peer
<A.B.C.D>
| tag
<1-
65535>
] |
[
on-match goto <1-65535> | next
] |
[
set aggregator as
<1-4294967295>
<A.B.C.D>
| as-path exclude
<1-
4294967295>
| prepend
<1-4294967295>
| atomic -aggregate | comm-list
<1-500>
delete | [community
<1-4294967295> |
<AA:NN>
| internet | local-as | noadvertise | no export] | extendedcommunity rt
<AA:NN>
| soo
<AA:NN>
| ip nexthop
<A.B.C.D>
| [ipv6 nexthop global
<X:X:X:X::X>
| local
<X:X:X:X::X>
] | local-preference
<0-
4294967295>
| metric
<1-4294967295>
|
[metric-type
<type-1> | <type-2>
] | [origin epg | igp | unknown] | originator-id
<A.B.C.D>
| src
<A.B.C.D>
| tag
<1-
65535>
| weight
<0-4294967295>
]}
Command Modes
Jump to another route-map after match-set
Continue on a different entry within the route-map.
Match values from routing table.
Exit policy on matches.
Set values in destination routing protocol.
PerleRouter(config-route-map)#
Usage Guidelines
Set up route map configuration parameters.
Examples
This rule defines a match rule for community list BGP 50.
PerleSCR(config-route-map)#match community 50 <cr>
Related Commands
IOLAN SCR Command Line Reference Guide
212
Global Configuration Mode
sdm sdm
{[
prefer default | dual-ipv4-and-ipv6 default
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description sdm
{[
prefer default | dual-ipv4-and-ipv6 default
]}
The sdm command is used to set IP protocols on your router.
Command Default
Command Modes
sdm perfer dual-ipv4-and-ipv6
(both IPV4 and IPV6 enabled)
PerleRouter(config)#sdm
Usage Guidelines
By default the IOLAN is set to enable both IPv4 and IPV6.
Examples
This example shows you how to set your IOLAN to IPV4 only.
PerleRouter(config)# sdm prefer default<cr>
Related Commands
serial serial
{[
accounting
<WORD>
| default
] |
[
advanced [break off | on] | data_logging_buffer_size
<1-2000>
| [flush-on-close off | on] | [line-menu-string
<WORD>
] |[monitor-connection-every
<1-32767>
] | monitor-connection-number
<1-32767>
] | monitor-connection-timeout
<1-
32767>
| single-telnet off | on]
] |
[
authentication aaa login-authentication
<WORD>
| default
] |
[
authorization exec
<WORD>
| default
] |
[
modbus gateway addr-mod embedded | re-mapped] | [broadcast on | off] | chartimeout
<10-10000>
| [exceptions off | on] | [idle-timer
<0-300>
] | [ip-aliasing off
| on] | mess-timeout
<10-10000>
| next-req-delay
<0-1000>
| port
<1-65535>
| remapped-id
<1-247>
| [req- off | on]
|
[ssl on | off]
|
[
port buffering key-stroke-buffering on | off] | mode both | local | off | remote | nsf-directory
<WORD>
| nfs-encryption off | on | [nfs-host
<A.B.C.D> <WORD>
<X:X:X:X::X>
] | syslog [level alert | critical | emergency | error | info | notice | warning] | off | on] | [time-stamp off | on] | view-port-buffer-string
<WORD>
] |
IOLAN SCR Command Line Reference Guide
213
Global Configuration Mode
[
trueport [remap 110 | 1200 | 134 | 150 | 1800 | 19200 | 200 | 2400 | 300 | 38400 |
4800 | 50 | 600 | 75 | 9600]
|
[|115200 | 1200 | 1800 | 19200 | 23400 | 2400 | 38400 |
4800 | 57600 | 600 | 9600 | custom
] |
[
vmodem-phone entry
<1-8>
phone-number
<phone -number>
| host
<A.B.C.D>
<WORD> <X:X:X:X::X> <tcp-port>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description serial
{[
accounting
<WORD>
| default
] |
Accounting parameters.
[
advanced [break off | on] | data_logging_buffer_size
<1-2000>
| [flushon-close off | on] | [line-menu-string
<WORD>
] | [monitor-connection-every
<1-
32767>
] | monitor-connection-number
<1-
32767>
] | monitor-connection-timeout
<1-
32767>
| single-telnet off | on]
] |
[
authentication aaa login-authentication
<WORD>
| default
] |
[
authorization exec
<WORD>
| default
] |
Sets advanced features for serial devices.
Default for line-menu-string is
~menu
Authentication parameters.
Authorization parameters.
[
modbus gateway addr-mod embedded | remapped] | [broadcast on | off] | char-timeout
<10-10000>
| [exceptions off | on] | [idle-timer
<0-300>
] | [ip-aliasing off | on] | mess-timeout
<10-10000>
| next-req-delay
<0-1000>
| port
<1-65535>
| remapped-id
<1-247>
| [req- off | on]
|
[ssl on | off]
] |
[
port buffering key-stroke-buffering on | off] | mode both | local | off | remote | nsf-directory
<WORD>
| nfs-encryption off | on | [nfs-host
<A.B.C.D> <WORD> <X:X:X:X::X>
] | syslog
[level alert | critical | emergency | error | info | notice | warning] | off | on] | [time-stamp off | on] | view-port-buffer-string
<WORD>
] |
[
trueport [remap 110 | 1200 | 134 | 150 | 1800 |
19200 | 200 | 2400 | 300 | 38400 | 4800 | 50 | 600
| 75 | 9600] | 115200 | 1200 | 1800 | 19200 |
23400 | 2400 | 38400 | 4800 | 57600 | 600 | 9600
| custom
] |
Sets modbus gateway parameters.
Set port buffering parameters.
Sets remap baud rates for
Trueport devices.
IOLAN SCR Command Line Reference Guide
214
Global Configuration Mode
[
vmodem-phone entry
<1-8>
phone-number
<phone -number>
| host
<A.B.C.D> <WORD>
<X:X:X:X::X> <tcp-port>
]}
Command Modes
Sets parameters for virtual modem.
PerleRouter(config)#serial
Usage Guidelines
Serial advanced feature settings
Examples
This example will set the vmodem phone number to 416-666-9900 for host
172.16.77.88.
PerleSCR(config)#serial vmodem entry 1 phone-number 416-666-9900 host
172.16.77.88.
Related Commands
service service
{[
dhcp relay-agent | server
] | [
sequence-numbers datetime | localtime | msec | showtime-zone | year
] |
uptime
] |
]}
[
timestamps log
Use the no form of this command to negate a command or set its defaults.
Syntax Description service
{[
dhcp relay-agent | server
] |
Enable dhcp server or relay agent.
[
sequence-numbers
] |
[
timestamps log datetime | localtime | msec | showtime-zone | year
]
| uptime
]}
Command Modes
Stamp the logger messages with a sequence number.
Timestamp with date and time.
Timestamp with system uptime.
PerleRouter(config)#service
Usage Guidelines
Set parameters for DHCP relay-agent or server.
Examples
This example shows you how to add date, time and year to log messages.
PerleSCR(config)# service timestamp log datetime localtime year<cr>
IOLAN SCR Command Line Reference Guide
215
Global Configuration Mode
Related Commands
snmp-server
[
smnp-server ro
|
rw
]
contact
{[
community
<WORD>
[
ip-access
<A.B.C.D> | <X:X:X:X::X:X> |
| [network [
<LINE>
<A.B.C.D> | <A.B.C.D>
]
|
[
<X:X:X:X::X:X>
]
]
|
[
enable traps | [alarms
<2 | 3>
| major | minor] | authentication | bgp | entity | envon | ipsec | openvpn | ospf | snmp
]
|
[
engine-id local
<TEXT>
]
|
[
group
<WORD>
]
|
[
[host
<A.B.C.D> <X:X:X:X::X:X> <WORD>
| udp-port
<0-65535>
] | [version 2c udp-port
<0-65535>
] | [3 auth | informs | noauth | prv | traps]
]
|
[
location
<WORD>
]
|
[
listen-address
<A.B.C.D> <X:X:X:X::X:X>
udp-port
<0-65535>
]
|
[
user
<WORD> <WORD>
v3 [auth md5 | sha
<WORD>
priv aes | des
<WORD>
]
[encrypted auth md5
<WORD>
priv aes
<WORD>
| sha
<WORD>
]
|
[
view
<WORD>
excluded
<WORD>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description snmp-server
{[
community
<WORD>
[
ip-access
<A.B.C.D> | <X:X:X:X::X:X> |
ro
|
rw
[network [
<A.B.C.D> | <A.B.C.D>
]
|
[
<X:X:X:X::X:X>
]
]
|
]
|
Set community strings and access privileges.
Maximum value is 64 bytes
[
contact
<LINE>
]
|
Type in the contact name. (mib object sysContact).
[
enable traps | [alarms
<2 | 3>
| major | minor] | authentication | bgp | cellular-gnss
| cellular-lte | dot11 | entity | envon | ipsec | openvpn | ospf | snmp
]
|
[
engine-id
<text>
]
|
Enables trap messages to go to your snmp server.
Engine ID of the local or remote SNMPv3 agent.
[
group
<WORD>
] |
Define a SNMPv3 user security model.
[
[host
<A.B.C.D> <X:X:X:X::X:X>
<WORD>
udp-port
<0-65535>
] | [version
2c
<WORD>
udp-port
<0-65535>
] | [3 auth
| informs | noauth | prv | traps]
] |
Specify hosts to receive SNMP notifications
IOLAN SCR Command Line Reference Guide
216
Global Configuration Mode
[
location
<LINE>
] |
[
listen-address
<A.B.C.D> <X:X:X:X::X:X>
udp-port
<0-65535>
] |
[
user
<WORD> <WORD>
v3 [auth md5 | sha
<WORD>
priv aes | des
<WORD>
]
[encrypted auth md5
<WORD>
priv aes
<WORD>
| sha
<WORD>
]
|
[
view
<WORD>
excluded
<WORD>
]}
Type text for MIB object sysLocation
Address to listen on for incoming requests.
Configure options for SNMP
V3 user.
Define an SNMPv3 MIB family view,
Exclude this family MIB from the view.
PerleSCR(config)#snmp-server
Command Modes
Examples
This example will set community name to public and contact person to admin, then enable trap messages for authentication.
PerleSCR(config)#community public<cr>
PerleSCR(config)#snamp-server contact admin<cr>
PerleSCR( config)#snmp-server enable traps authentication<cr>
Related Commands
tacacs tacacs
{[
server
<WORD>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description tacacs
{[
server
<WORD>
]}
Specify the name of the TACACS server.
Command Modes
PerleSCR(config)#tacacs
Examples
This example specifies the name of the TACACS server as TACTEST.
PerleSCR(config)#tacacs server TACTEST<cr>
Related Commands
IOLAN SCR Command Line Reference Guide
217
tty
Global Configuration Mode
(config-tacacs-server)#
{[
address ipv4 <
hostname
|
<A.B.C.D>
| ipv6
<hostname
|
X:X:X:X::X> < key 0 |
7 | WORD>
| [
timeout
<1-1000>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-tacacs-server)#
{[
address ipv4 <
hostname
|
<A.B.C.D>
| ipv6
<hostname
|
X:X:X:X::X> < key 0 | 7 |
WORD>
|
[
key 0 | 7 |
<WORD>
] |
Set the IPv4 or IPv6 address for your TACACS server.
Set the encryption key to be shared with the TACACS server.
[
timeout
<1-1000>
]}
Set the timeout if the TACACS server doesn’t respond,
Command Modes
PerleRouter(config-tacacsserver)#
Usage Guidelines
Set up parameters for your TACACS server.
Examples
This example shows you how to set the IPv4 address for your TACACS server.
PerleRouter(config-tacacs-server)# address ipv4 172.17.88.99<cr>
Related Commands
tty
{[
<1-16> ,<1-16>
mode disable | line
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description tty
{[
<1-16> ,<1-16>
mode disable | line
]}
Select the mode for the serial port.
Command Default
Console
PerleSCR(config)#tty
Command Modes
Usage Guidelines
Changed the mode of the tty port.
IOLAN SCR Command Line Reference Guide
218
Global Configuration Mode
Examples
This example set tty port 1 to line mode.
PerleSCR(config)#tty 1 mode line<cr>
username username factor
]}
{[
<WORD>
nopassword | privilege
1
|
15
| secret | serial | two-
Use the no form of this command to negate a command or set its defaults.
Syntax Description username
{[
<WORD>
nopassword | privilege
1
|
15
| secret | serial | two-factor
]}
Add local user names and passwords
Command Modes
PerleSCR(config)#username
Usage Guidelines
Command Options
Privilege level
1 specifies user privilege level (user exec)
15 specifies privilege exec level (privilege exec)
Secret
0 - Specifies that an UNENCRYPTED password will follow.
7 Specifies an ENCRYPTED password will follow
LINE - the UNENCRYPTED (cleartxt) password.
Examples
This example creates a user with user exec privileges and a clear text password.
PerleSCR(config)#username lyn privilege 1 secret password123<cr>
Related Commands
(config-user-serial)#
{[
callback off | on
] | [
framed-compression off | on
] |
[
framed-interface-id
<ipv6 interfac id>
] |
[
framed-ip
<A.B.C.D>
] |
[
framed-mtu
<64-1500>
] |
[
host-ip
<Hostname>
|
<A.B.C.D>
|
<X:X:X:X::X>
] |
[
hotkey-prefix
<1-ff>
] |
[
idle-timer
<0-4294967>
] |
[
line-access readin
<1-8> <17-24>
| readout
<1-8> <17-24>
| readwrite
<1-8>
<17-24>
] |
IOLAN SCR Command Line Reference Guide
219
Global Configuration Mode
[
netmask
<A.B.C.D>
] |
[
phone-number
<phone-number> <A.B.C.D>
] |
[
port ssh
<1-65535>
| ssl_raw
<1-65535>
| tcp-clear
<1-65535>
| telnet
<1-
65535>
] |
[
routing listen | none | send | send-and-listen
] |
[
service dsprompt | ppp | rlogin | slip | ssh | ssl-raw | tcp-clear | telnet
] | [
sesstimer
<0-4294967>
] |
[
session
<1-4>
[auto off | on] | [rlogin-options host
<hostname> | <A.B.C.D> |
<X:X:X:X::X>
| termtype
<WORD>
] | ssh-options | telnet-options echo
<0-0x7f>
| eof
<0-0x7f>
| erase
<0-0x7f>
| escape
<0-0x7f>
| host
<hostname> | <A.B.C.D> |
<X:X:X:X::X>
| intr
<0-0x7f>
| [line-mode off | on] | [local-echo off | on] | [mapcr-crlf on | off] | port
<1-65535>
| quit
<0-0x7f>
| termtype
<WORD>
] |
type [off | rlogin | ssh | telnet]
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-user-serial)#
{[
callback off | on
] |
Set the port for callback mode.
[
framed-compression off | on
] |
When enabled, Van
Jacobson Compression is used on this port.
[
framed-interface-id
<ipv6 interface id>
] |
IPv6 interface identifier.
The second part of an IPv6 unicast or anycast address is typically a 64-bit interface identifier used to identify a host's network interface.
For example, if the MAC address of a nework card is
00:BB:CC:DD:11:22 the interface ID would be
02BBCCFFFEDD1122
[
framed-ip
<A.B.C.D>
] |
[
framed-mtu
<64-1500>
] |
IPv4 address
Specify Maximum
Transmission Unit size.
Default is 1500
Values are 64 -1500
[
host-ip
<Hostname> | <A.B.C.D> |
<X:X:X:X::X>
] |
Specify a hostname, IPv4 or IPv6 address.
IOLAN SCR Command Line Reference Guide
220
[
hotkey-prefix
<1-ff>
] |
Global Configuration Mode
The prefix that a user types to control the current session.
Data Options:
IOLAN SCR Command Line Reference Guide
221
Global Configuration Mode
^a number – To switch from one session to another, press ^a (Ctrla) and then the required session number. For example, ^2 would switch you to session 2.
Pressing ^a 0 will return you to the router Menu.
^a n –Display the next session. The current session will remain active. The lowest numbered active session will be displayed.
^a p – Display the previous session. The current session will remain active. The highest numbered active session will be displayed.
^a m – To exit a session and return to the router.
You will be returned to the menu. The session will be left running.
^a l – (Lowercase L)
Locks the serial port until the user unlocks it.
The user is prompted for a password (any password, excluding spaces) and the serial port is locked. The user must retype the password to unlock the serial port.
^r – When you switch from a session back to the Menu, the screen may not be redrawn correctly. If this happens, use this command to redraw it properly. This is always
Ctrl R, regardless of the
Hotkey Prefix.
IOLAN SCR Command Line Reference Guide
222
[
idle-timer
<0-4294967>
] |
[
line-access readin
<1-8> <17-24>
| readout
<1-8> <17-24>
| readwrite
<1-8>
<17-24>
] |
[
netmask
<A.B.C.D>
] |
[
phone-number
<phone-number>
<A.B.C.D>
] |
[
port ssh
<1-65535>
| ssl_raw
<1-65535>
| tcp-clear
<1-65535>
| telnet
<1-65535>
] |
Global Configuration Mode
The User Hotkey Prefix value overrides the Serial
Port Hotkey Prefix value.
You can use the Hotkey
Prefix keys to lock a serial port only when the serial port’s Allow Port locking parameter is enabled.
Default is Hex 01 (Ctrl -a or ^a)
Specify a session inactivity timer in seconds.
Default is 0 seconds so the port will never timeout.
Values are 0-4294967 seconds
Specify the access for the serial lines.
IPv4 netmask
Enter the call back phone number.
Specify the service to be used for outbound sessions on this port.
ssh
ssl-raw tcp-clear telnet
IOLAN SCR Command Line Reference Guide
223
Global Configuration Mode
[
[
[
routing listen | none | send | send-andlisten
]
service
|
dsprompt | ppp | rlogin | slip | ssh
| ssl-raw | tcp-clear | telnet sess-timer
<0-4294967>
]
]
|
|
[
session
<1-4>
[auto off | on] | [rloginoptions host
<hostname> | <A.B.C.D> |
<X:X:X:X::X>
| termtype
<WORD>
] | sshoptions | telnet-options echo
<0-0x7f>
| eof
<0-0x7f>
| erase
<0-0x7f>
| escape
<0-
0x7f>
| host
<hostname> | <A.B.C.D> |
<X:X:X:X::X>
| intr
<0-0x7f>
| [line-mode off | on] | [local-echo off | on] | [map-cr-crlf on | off] | port
<1-65535>
| quit
<0-0x7f>
| termtype
<WORD>
| type [off | rlogin | ssh
| telnet]
]
}
IOLAN SCR Command Line Reference Guide
Set the routing mode (RIP,
Routing Information
Protocol) used on the
PPP/SLIP interface.
listen – enable
PPP/SLIP receiving of
RIP none – disable
PPP/SLIP sending and receiving of RIP send – enable PPP/SLIP sending and receivng of
RIP send-and-listen – enable
PP/SLIP sending and receiving of RIP
Set service for outbound sessions.
dsprompt ppp
rlogin slip ssh ssl-raw tc-clear telnet
Enter maximum session time in seconds.
Default is 0 seconds so the port will never timeout.
Values are 0-4294967 seconds
Configure parameters for user sessions.
224
Global Configuration Mode
Command Modes
PerleRouter(config-userserial)#
Usage Guidelines
Sets serial parameters for the user.
Examples
This example shows you how to set outbound telnet session for user fred.
PerleRouter(config)#username lyn serial
PerleRouter(config-user-serial)# service telnet<cr>
(config-user-2factor)#
{[
<WORD>
] | [
method email
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-user-2factor)#
{[
<WORD>
] |
Specific an email address to receive the 2factor authentication request.
[
method email
]}
Select to send 2factor authentication by email.
Command
PerleRouter(config-user-
2factor)#
Usage Guidelines
Set up 2factor authentication for a user.
Examples
This example shows you how to set email authentication for 2factor authentication for user fred
PerleRouter(config)#username fred serial two-factor<cr>
PerleRouter(config-user-2factor)# email [email protected]<cr>
Related Commands
wan wan
{[
failover | [high-availability disable | failover | load-sharing] | loadsharing flush-connections | local traffic | rule | source-nat | sticky-inbound
Use the no form of this command to negate a command or set its defaults.
]}
Syntax Description wan
IOLAN SCR Command Line Reference Guide
225
{[
failover | [high-availability disable | failover | load-sharing] | load-sharing flush-connections | local traffic | rule | source-nat | sticky-inbound
]}
Global Configuration Mode
Failover is defined as a mode where 2 or more
WANinterfaces are configured, but only 1 interface is active at a time.
Once IP HEALTH has detected that a WAN interface no longer has internet connectivity, it will
"failover" to the next active
(via IP HEALTH status)
WAN interface.
Note:
IP HEALTH profile(s) (ie. Ping or traceroute tests) and IP-
HEALTH on EACH of the
WAN interfaces, must be configured when using
WAN HIGH-
AVAILABILITY. The IP
HEALTH feature is used to determine whether an WAN interface has internet connectivity (one or more of the ping or traceroute tests MUST pass)
Load Sharing is defined as a mode where you define how routed traffic can be sent over one or more defined active WAN interfaces. Unlike failover mode where ALL routed traffic is cut over to the next highest priority active WAN interface, this mode defines how specific or all traffic is to be shared or divided over multiple active WAN interfaces.
IOLAN SCR Command Line Reference Guide
226
Global Configuration Mode
This is accomplished by defining one or more loadsharing rules.
Flush-connections – enable flushing to flush data on WAN interface outage.
Local traffic – enable all local traffic in the rule.
Rule – configures a load– sharing rule.
Rule – Configures a loadsharing rule.
Source-nat enables/disables source address translation on this rule.
sticky-inbound – enables/disables inbound connection tracking.
PerleSCR(config)#wan
Command Modes
Usage Guidelines
Use Wan commands to configure high availability, failover and load-sharing features.
Related Commands
zone
{[
security
<WORD>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description zone
{[
security
<WORD>
]}
Add firewall with zoning.
Command Modes
PerleSCR(config)#zone
Usage Guidelines
Use this command to set zoning options.
Examples
This example creates a zone with the name zonetest.
PerleSCR(config)#zone security zonetest<cr>
IOLAN SCR Command Line Reference Guide
227
Global Configuration Mode
Related Commands
(config-sec-zone)#
{[
[default-action drop | reject] | description
<WORD>
| local-zone
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description
(config-sec-zone)#
{[
[default-action drop | reject]
|description
<WORD>
| localzone
]}
Specify the default action for traffic coming into this zone.
Drop will silently drop the packets
Reject will drop and notify the source
Enter a zone description.
Zone to be local-zoned.
Command Modes
PerleSCR(config-sec-zone)#
Usage Guidelines
Use this command to setup firewall zoning.
Examples
This example will show you how to reject all incoming packets to this zone.
PerleSCR(config)# default-action reject<cr>
Related Commands
zone-pair zone-pair
{[
from
<WORD>
to
<WORD>
firewall
<WORD>
]}
Use the no form of this command to negate a command or set its defaults.
Syntax Description zone-pair
{[
from
<WORD>
to
<WORD>
firewall
<WORD>
]}
Specify options for zone pairing.
Command Modes
PerleSCR(config)#zone-pair
Usage Guidelines
Filter traffic from this zone.
IOLAN SCR Command Line Reference Guide
228
Related Commands
zone
Global Configuration Mode
IOLAN SCR Command Line Reference Guide
229
Advertisement
Key features
- Comprehensive set of commands for configuring and managing Perle devices
- Easy-to-use interface
- Supports a wide range of Perle devices
- Secure and reliable
- Free to download and use