25 0_command Ref

Nortel Application Switch Operating System

Command Reference

NN47220-105 (320506-E).

Document status: Draft Document version: 02.AD Document date: 29 September 2008 Copyright 2008, Nortel Networks All Rights Reserved. Sourced in Canada, India and the United States of America Part Number: NN47220-105 (320506-E) This document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Nortel Networks, Inc. Documentation is provided "as is" without warranty of any kind, either express or implied, including any kind of implied or express warranty of non-infringement or the implied warranties of merchantability or tness for a particular purpose. U.S. Government End Users: This document is provided with a "commercial item" as dened by FAR 2.101 (Oct 1995) and contains "commercial technical data" and "commercial software documentation" as those terms are used in FAR 12.211-12.212 (Oct 1995). Government End Users are authorized to use this documentation only in accordance with those rights and restrictions set forth herein, consistent with FAR 12.211- 12.212 (Oct 1995), DFARS 227.7202 (JUN 1995) and DFARS 252.227-7015 (Nov 1995). Nortel Networks, Inc. reserves the right to change any products described herein at any time, and without notice. Nortel Networks, Inc. assumes no responsibility or liability arising from the use of products described herein, except as expressly agreed to in writing by Nortel Networks, Inc. The use and purchase of this product does not convey a license under any patent rights, trademark rights, or any other intellectual property rights of Nortel Networks, Inc. Nortel Application Switch Operating System, Nortel Application Switch 2424, Nortel Application Switch 2424-SSL, Nortel Application Switch 2224, 2216, 2208, 3408, Nortel Application Switch 180, Nortel Application Switch 180e, Nortel Application Switch 184, Nortel Application Switch AD3, Nortel Application Switch AD4, and ACEswitch are trademarks of Nortel Networks, Inc. in the United States and certain other countries. Cisco and EtherChannel are registered trademarks of Cisco Systems, Inc. in the United States and certain other countries. Check Point and FireWall-1 are trademarks or registered trademarks of Check Point Software Technologies Ltd. Any other trademarks appearing in this manual are owned by their respective companies.

3

ContentsPrefaceWho should use this book 23 How this book is organized 23 Related documentation 24 Typographic conventions 25 How to get help 25

23

New in this releaseFeatures 27 Secondary backup 27 Backup preemption 27 Shared secret per real server group 28 GSLB client proximity metric 28 Multi real port server 28 Instantaneous reset of sessions in backup server Automate smirror 28 FlexiRules for SIP over UDP trafc 28 Persistent timeout 28 Other changes 29

27

28

The Command Line InterfaceConnecting to the Switch 31 Establishing a Console Connection 32 Establishing a Telnet Connection 32 Establishing an SSH Connection 33 Accessing the Switch 34 CLI Menu 36 Command Line History and Editing 36 Idle Timeout 37

31

Menu BasicsThe Main Menu 39 Menu Summary 40 Global Commands 40 Command Line History and Editing 43 Command Line Interface Shortcuts 44Nortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.

39

4 Contents Command Stacking 44 Command Abbreviation 44 Tab Completion 44 Conguration Ranges 44

The Information Menu/info Information Menu 47 /info/sys System Information Menu 49 /info/sys/snmpv3 SNMPv3 System Information Menu 51 General System Information 58 /info/sys/time Show System Time 59 /info/sys/log Show Last 64 Syslog Messages 59 /info/sys/slog Last 64 Saved Syslog Messages 60 /info/sys/mgmt Management Port Information 61 /info/sys/sonmp SONMP Information 62 /info/sys/capacity System Capacity Information 63 /info/sys/fan Show switch fan status 66 /info/sys/temp Show switch temperature sensor status 66 /info/sys/encrypt Show encryption licenses 66 /info/sys/user Show current user status 67 /info/sys/dump System Information Dump 67 /info/l2 Layer 2 Information Menu 72 /info/l2/fdb Layer 2 FDB Information 74 Clearing Entries from the Forwarding Database 76 /info/l2/lacp Link Aggregation Control Protocol Information Menu /info/l2/lacp/aggr LACP Aggregator Information 76 /info/l2/lacp/port LACP Port Information 77

47

76

Nortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.

Contents 5 /info/l2/lacp/dump LACP Dump Information 78 /info/l2/stg Layer 2 Spanning Tree Group Information 79 /info/l2/cist Show common internal spanning tree (CIST) information 81 /info/l2/trunk Trunk Group Information 82 /info/l2/vlan VLAN Information 82 /info/l2/vlan VLAN Information 83 /info/l2/team Status of port teams 83 /info/l2/dump Layer2 Dump Information 83 /info/l3 Layer3 Information Menu 84 /info/l3/route IP Routing Information 86 /info/l3/route6 IPv6 Routing Information Menu 88 /info/l3/arp ARP Information Menu 89 /info/l3/bgp BGP Information Menu 94 /info/l3/ospf OSPF Information Menu 96 /info/ospf/dump OSPF Dump Information 100 /info/l3/ip IP Information 101 /info/l3/vrrp VRRP Information 102 /info/l3/dump Layer3 Dump Information 103 /info/slb Layer 4 Information Menu 104 /info/slb/sess Session Table Information 106 Session dump information 109 /info/slb/gslb Global SLB Information Menu 112 /info/slb/dump Show All Layer 4 Information 113 /info/bwm Bandwidth Management Information 114Nortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.

6 Contents /info/bwm/ipuser BWM IP User Information Menu 115 /info/bwm/cont BWM Contract Information 116 /info/security Security Information 117 /info/link Link Status Information 118 /info/port Port Information 119 /info/swkey Software Enabled Keys 120 /info/dump Information Dump 120

The Statistics Menu/stats Statistics Menu 121 /stats/sys System statistics menu 123 /stats/port Port Statistics Menu 123 /stats/port/brg Bridging Statistics 124 /stats/port /ether Ethernet Statistics 125 /stats/port /if Interface Statistics 129 /stats/port /ip Interface Protocol Statistics 131 /stats/port /link Link Statistics 132 /stats/port /rmon RMON Statistics 133 /stats/pmirr Port mirroring statistics menu 138 /stats/l2 Layer 2 Statistics Menu 138 /stats/l2/fdb FDB Statistics 139 /stats/l3 Layer 3 Statistics Menu 142 /stats/l3/ospf OSPF Statistics Menu 144 /stats/l3/ip IP Statistics 148

121


Contents 7 /stats/l3/ip6 IP6 Statistics Menu 151 /stats/l3/route Route Statistics 156 /stats/l3/arp ARP statistics 157 /stats/l3/vrrp VRRP Statistics 158 /stats/l3/vrrp6 IPv6 VRRP statistics 159 /stats/l3/dns DNS Statistics 160 /stats/l3/icmp ICMP Statistics 160 /stats/l3/if Interface Statistics 162 /stats/l3/tcp TCP Statistics 164 /stats/l3/udp UDP Statistics 166 /stats/slb Server Load Balancing Statistics Menu 166 /stats/slb/sp Server Load Balancing SP statistics Menu 170 /stats/slb/gslb Global SLB Statistics Menu 175 /stats/slb/real Real Server SLB Statistics 180 /stats/slb/Group Real Server Group Statistics 181 /stats/slb/virt Virtual Server SLB Statistics 182 /stats/slb/filt Filter SLB Statistics 182 /stats/slb/layer7 SLB Layer7 Statistics Menu 183 /stats/slb/ssl SLB Secure Socket Layer Statistics 187 /stats/slb/ftp File Transfer Protocol SLB and Filter Statistics Menu 188 /stats/slb/rtsp RTSP SLB Statistics 190 /stats/slb/dns DNS SLB Statistics 191 /stats/slb/wap WAP SLB Statistics 192


8 Contents /stats/slb/maint SLB Maintenance Statistics 193 /stats/slb/sip SIP SLB Statistics 197 /stats/slb/siprule SIP Rule Statistics 198 /stats/slb/wlm Display Workload Manager SASP statistics 199 /stats/slb/wlm /clear Clear Workload Manager SASP Statistics 200 /stats/slb/mirror Display Workload Manager SASP statistics 200 /stats/bwm BWM Statistics Menu 200 /stats/bwm/port BWM Switch Processor Statistics 201 /stats/bwm/cont BWM Contract Statistics 203 /stats/bwm/rcont BWM Contract Rate Statistics 204 /stats/bwm/hist BWM History Statistics 205 /stats/bwm/maint BWM Maintenance Statistics 208 /stats/bwm/ipusers BWM IP Users Statistics 208 /stats/security Security Statistics 208 /stats/security/dos DOS Attack Statistics Menu 209 Types of DOS Attacks 210 /stats/security/ipacl IP Access Control List Statistics 212 /stats/security/udpblast UDP Blast Statistics 213 /stats/security/udpblast/dump UDP Blast Dump Statistics 213 /stats/security/pgroup UDP Pattern Match Statistics 213 /stats/security/ratelim Rate Limiting Statistics 214 /stats/security/dump Dump Statistics for Security 214 /stats/mp Management Processor Statistics 215 /stats/mp/pkt MP Packet Statistics 216Nortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.

Contents 9 /stats/mp/tcb TCP Statistics 217 /stats/mp/ucb UCB Statistics 218 /stats/mp/sfd MP-SpecicSFD Statistics 218 /stats/mp/cpu CPU Statistics 219 /stats/sp SP Specic Statistics 219 /stats/sp /maint SP-Specic Maintenance Statistics 219 /stats/sp/cpu CPU Statistics 220 /stats/pmirr Port Mirroring Statistics Menu 220 /stats/mgmt Management Port Statistics 221 /stats/dump Dump Statistics 222

The Conguration Menu/cfg Conguration Menu 223 Viewing, Applying, and Saving Changes 225 Viewing Pending Changes 225 Applying Pending Changes 225 Saving the Conguration 225 /cfg/sys System Conguration 226 /cfg/sys/syslog System Host Log Conguration 228 /cfg/sys/mmgmt Management Port Conguration Menu 230 /cfg/sys/mmgmt/port Management Port Link Menu 232 /cfg/sys/radius RADIUS Server Conguration 233 /cfg/sys/tacacs TACACS+ Server Conguration Menu 234 /cfg/sys/ntp NTP Server Conguration 236 /cfg/sys/sonmp SynOptics Network Management Protocol Conguration /cfg/sys/ssnmp System SNMP Conguration 238

223

237


10 Contents /cfg/sys/ssnmp/snmpv3 SNMPv3 Conguration Menu 240 /cfg/sys/health System Health Check Conguration Menu 250 /cfg/sys/access System Access Control Conguration 251 /cfg/sys/access/port Port Management Access Menu 253 /cfg/sys/access/sshd SSH Server Menu 258 /cfg/sys/access/xml XML Conguration Access Menu 259 /cfg/sys/timezone Congure the Timezone 261 /cfg/port Port Conguration 261 Nortel Application Switch Operating System 2000 Series 261 /cfg/port fast|gig Port Link Conguration 264 Nortel Application Switch 3000 Series 265 Port Conguration on Nortel Application Switch 3408 266 Temporarily Disabling a Port 274 /cfg/pmirr Port Mirroring Menu 275 /cfg/pmirr monport Port-Mirroring Menu 275 /cfg/bwm Bandwidth Management Conguration 276 /cfg/bwm/cont Bandwidth Management Contract Conguration 279 /cfg/bwm/policy Bandwidth Management Policy Conguration 282 /cfg/bwm/group Bandwidth Management Group Conguration Menu 283 /cfg/bwm/cur Bandwidth Management Current Conguration 283 /cfg/l2 Layer 2 Conguration Menu 284 /cfg/l2/mrst Multiple Spanning Tree Menu 286 /cfg/l2/mrst/cist Multiple Spanning Tree Menu 286 /cfg/l2/mrst/cist/brg CIST Bridge Menu 287 /cfg/l2/stg Spanning Tree Group Conguration 288


Contents 11 /cfg/l2/stg/brg Bridge Spanning Tree Conguration 290 /cfg/l2/trunk Trunk Conguration 292 /cfg/l2/lacp Link Aggregation Control Protocol Menu 293 /cfg/l2/lacp/port LACP Port Conguration Menu 295 /cfg/l2/vlan VLAN Conguration 296 /cfg/l2/team Port Team Conguration 298 /cfg/l3 Layer 3 Conguration Menu 299 /cfg/l3/if IP Interface Conguration 301 /cfg/l3/if/ip6nd IPv6 Neighbor Discovery Menu 302 /cfg/l3/gw Default IP Gateway Conguration 303 /cfg/l3/arp ARP Conguration Menu 306 /cfg/l3/frwd IP Forwarding Conguration Menu 307 Dening IP Address Ranges for the Local Route Cache 309 /cfg/l3/nwf Network Filter Conguration 310 /cfg/l3/rmap Route Map Conguration Menu 310 /cfg/l3/rip Routing Information Protocol Conguration 314 /cfg/l3/rip/if RIP Interface Menu 315 /cfg/l3/ospf Open Shortest Path First Conguration 318 /cfg/l3/bgp Border Gateway Protocol Conguration 327 /cfg/l3/port IP Forwarding Port Conguration Menu 333 /cfg/l3/dns Domain Name System Conguration Menu 333 /cfg/l3/bootp Bootstrap Protocol Relay Conguration Menu 334 /cfg/l3/vrrp VRRP Conguration Menu 335 /cfg/l3/vrrp/vr Virtual Router Conguration Menu 336Nortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.

12 Contents /cfg/l3/vrrp/group Virtual Router Group Conguration 344 /cfg/l3/vrrp/if VRRP Interface Conguration 348 /cfg/l3/vrrp/track VRRP Tracking Conguration 349 /cfg/l3/metrc Default Gateway Metrics 350 /cfg/security Security Conguration Menu 351 /cfg/security/port Port Security Menu 352 /cfg/security/ipacl IP Address Access Control List Conguration Menu 353 /cfg/security/udpblast UDP Blast Protection Conguration Menu 355 /cfg/security/dos Anomaly and Denial of Service Attack Prevention Menu 356 /cfg/security/pgroup Pattern Matching Menu 357 /cfg/sslproc SSL Processor Menu 358 /cfg/dump Dump 359 /cfg/ptcfg Saving the Active Switch Conguration 359 /cfg/gtcfg Restoring the Active Switch Conguration 360

The SLB Conguration Menu/cfg/slb SLB Conguration 361 Filtering and Layer 4 (Server Load Balancing) 364 /cfg/slb/real Real Server SLB Conguration 364 /cfg/slb/real/adv Real Server Advanced Menu 369 /cfg/slb/real/adv/buddyhc Buddy Server Health Check Menu 370 /cfg/slb/real /layer7 Real Server Layer 7 Conguration 370 /cfg/slb/real /ids Real server IDS Conguration Menu 371 /cfg/slb/group Real Server Group SLB Conguration 372 SLB Health Check Types 376 Server Load Balancing Metrics 380Nortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.

361

Contents 13 /cfg/slb/virt Virtual Server SLB Conguration 382 /cfg/slb/virt /service Virtual Server Service Conguration 385 /cfg/slb/virt/service/wts WTS Load Balancing Menu 392 /cfg/slb/virt/service/http HTTP Load Balancing Menu 393 /cfg/slb/virt/service/sip SIP Load Balancing Menu 393 /cfg/slb/virt/service/rtsp RTSP Load Balancing Menu 394 Cookie-Based Persistence 396 /cfg/slb/filt SLB Filter Conguration 397 Dening IP Address Ranges for Filters 402 /cfg/slb/filt /adv Advanced Filter Conguration 403 /cfg/slb/filt/adv/proxyadv Proxy Advanced Menu 412 /cfg/slb/port Port SLB Conguration 415 /cfg/slb/gslb Global SLB Conguration 417 /cfg/slb/gslb/site GSLB Remote Site Conguration 421 /cfg/slb/gslb/network GSLB Network Preference Conguration Menu 422 /cfg/slb/gslb/rule GSLB Rule Conguration Menu 423 /cfg/slb/layer7 Layer 7 SLB Resource Denition Menu 426 /cfg/slb/layer7/redir Web Cache Redirection Conguration 427 /cfg/slb/layer7/slb Server Load Balance Resource Conguration Menu 429 /cfg/slb/layer7/sdp SDP Mapping Menu 430 /cfg/slb/layer7/rule Rule Menu 431 /cfg/slb/wap WAP Conguration 432 /cfg/slb/sync Synchronize Peer Switch Conguration 432 /cfg/slb/sync/peer Peer Switch Conguration 434Nortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.

14 Contents /cfg/slb/adv Advanced Layer 4 Conguration 435 /cfg/slb/adv/synatk SYN Attack Detection Conguration Menu 438 /cfg/slb/linklb Inbound Link Load Balancing conguration Menu 439 /cfg/slb/linklb/drecord Inbound Link Load Balancing Domain Record Menu 440 /cfg/slb/advhc/script Scriptable Health Checks Conguration 443 /cfg/slb/advhc/snmphc SNMP Health Check Conguration 444 /cfg/slb/advhc/waphc WAP Health Check Conguration 445 /cfg/slb/pip Proxy IP Address Conguration Menu 448 /cfg/slb/wlm Workload Management Menu 450

The Operations Menu/oper Operations Menu 451 /oper/port Operations-Level Port Options 453 /oper/slb Operations-Level SLB Options 453 /oper/slb/group Real Server Group Operations 455 /oper/slb/gslb Global SLB Operations Menu 455 /oper/vrrp Operations-Level VRRP Options 456 /oper/bwm Operations-Level Bandwidth Management Options 457 /oper/security Security Menu 457 /oper/security/ipacl IP ACL Operations Menu 457 /oper/ip Operations-Level IP Options 459 /oper/ip/bgp Operations-Level BGP Options 460 /oper/swkey Activating Optional Software 460 /oper/rmkey Removing Optional Software 461

451


Contents 15

The Boot Options Menu/boot Boot Menu 463 Scheduled Reboot of the Switch 463 /boot/sched Scheduled Reboot Menu 463 Updating the Switch Software Image 464 Downloading New Software to Your Switch 464 Selecting a Software Image to Run 465 Uploading a Software Image from Your Switch 466 Selecting a Conguration Block 467 Resetting the Switch 468 Enabling Symantec Intelligent Network Protection 468

463

The Maintenance Menu/maint Maintenance Menu 471 /maint/sys System Maintenance Options 473 /maint/fdb Forwarding Database Options 473 /maint/arp ARP Cache Options 475 /maint/route IP Route Manipulation 476 /maint/ip6 IPv6 Manipulation Menu 477 /maint/debug Debugging Options 477 /maint/uudmp Uuencode Flash Dump 478 /maint/ptdmp System Dump Put 479 /maint/cldmp Clearing Dump Information 479 /maint/panic Panic Command 480 Unscheduled System Dumps 481

471

The SSL Processor Menu/ssl SSL Processor Menu 484 /ssl/info SSL Performance information menu /ssl/info/events SSL Performance Menu 490

483

485


16 Contents /ssl/stats SSL Performance Statistics menu 491 /ssl/stats/sslstats SSL Performance Menu 491 /ssl/stats/sslstats/local SSL Performance SSL Local Statistics Menu 493 /ssl/stats/sslstats/local/isdhost SSL Performance: Single ISD SSL Statistics Menu 494 /ssl/stats/ipsec IPSEC Statistics menu 494 /ssl/stats/ipsec/local SSL Performance: Local IPSEC Statistics Menu 496 /ssl/stats/ipsec/local/isdhost SSL Performance: Single IPSEC ISD Statistics Menu 497 /ssl/stats/aaa AAA Statistics Menu 498 /ssl/cfg SSL Performance Conguration Menu 498 /ssl/cfg/ssl SSL Conguration Server Menu 500 /ssl/cfg/ssl/server SSL Conguration Server-specic Menu 501 /ssl/cfg/ssl/server/trace SSL Conguration Server-specic Trace Menu 503 /ssl/cfg/ssl/server/ssl SSL Conguration Server-specic SSL Menu 503 /ssl/cfg/ssl/server/tcp SSL Conguration Server-specic TCP Menu 505 /ssl/cfg/ssl/server/adv SSL Conguration Server-specic Advanced Menu 506 /ssl/cfg/ssl/server/adv/string SSL Conguration Server Advanced String Menu 506 /ssl/cfg/ssl/server/adv/loadbalanc SSL Conguration Server Advanced Load Balancing Menu 508 /ssl/cfg/ssl/server/adv/loadbalanc/cookie SSL Conguration Server Advanced Load Balancing Cookie Menu 509 /ssl/cfg/ssl/server/adv/loadbalanc/cookie/localvips Local VIP Conguration Menu 510 /ssl/cfg/ssl/server/adv/loadbalanc/script SSL Conguration Server Advanced Load Balancing Health Script Menu 510 /ssl/cfg/ssl/server/adv/loadbalanc/remotessl SSL Conguration Server Advanced Load Balancing Remote SSL Menu 511 /ssl/cfg/ssl/server/adv/loadbalanc/remotessl/verify SSL Conguration Server Advanced Load Balancing Remote SSL Verication Menu 512Nortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.

Contents 17 /ssl/cfg/ssl/server/adv/loadbalanc/backend SSL Conguration Server Advanced Load Balancing Backend Server Menu 513 /ssl/cfg/cert SSL Conguration Certicate Menu 514 /ssl/cfg/cert/revoke SSL Conguration Revoke Certicate Menu 519 /ssl/cfg/cert/revoke/automatic SSL Conguration Revoke Certicate Automatic Menu 519 /ssl/cfg/vpn SSL VPN Conguration Menu 520 /ssl/cfg/vpn/aaa SSL VPN Conguration Menu 522 /ssl/cfg/vpn/aaa/tg SSL VPN Conguration TunnelGuard Menu 524 /ssl/cfg/vpn/aaa/auth SSL VPN Conguration Authentication Menu 525 /ssl/cfg/vpn/aaa/auth/radius SSL VPN Conguration Authentication Radius Menu 526 /ssl/cfg/vpn/aaa/auth/radius/servers SSL VPN Conguration Authentication Radius Servers Menu 527 /ssl/cfg/vpn/aaa/auth/radius/sessiontm SSL VPN Conguration Authentication Radius Session Timeout Menu 528 /ssl/cfg/vpn/aaa/auth/radius/macro SSL VPN Conguration Authentication Radius Macro Menu 528 /ssl/cfg/vpn/aaa/auth/adv SSL VPN Conguration Authentication Advanced Menu 529 /ssl/cfg/vpn/aaa/network SSL VPN Conguration Network Menu 529 /ssl/cfg/vpn/aaa/network/subnet SSL VPN Conguration Network Subnet Menu 530 /ssl/cfg/vpn/aaa/service SSL VPN Conguration Service Menu 531 /ssl/cfg/vpn/aaa/appspec SSL VPN Conguration Application specic Menu 532 /ssl/cfg/vpn/aaa/appspec/paths SSL VPN Conguration Application specic Paths Menu 533 /ssl/cfg/vpn/aaa/filter SSL VPN Conguration AAA Filter Menu 534 /ssl/cfg/vpn/aaa/group SSL VPN Conguration AAA Group Menu 536 /ssl/cfg/vpn/aaa/group/access SSL VPN Conguration AAA Group Access Menu 537 /ssl/cfg/vpn/aaa/group/linkset SSL VPN Conguration AAA Group Linkset Menu 538 /ssl/cfg/vpn/aaa/group/extend SSL VPN Conguration AAA Group Extend Proles Menu 539Nortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.

18 Contents /ssl/cfg/vpn/aaa/group/extend/access SSL VPN Conguration AAA Group Extend Proles Access Menu 540 /ssl/cfg/vpn/aaa/group/extend/linkset SSL VPN Conguration AAA Group Extend Proles Linkset Menu 540 /ssl/cfg/vpn/aaa/group/ipsec SSL VPN Conguration AAA Group IPsec Menu 541 /ssl/cfg/vpn/aaa/ssodomains SSL VPN Conguration AAA Single-sign on Enabled Domains Menu 541 /ssl/cfg/vpn/aaa/ssoheaders SSL VPN Conguration AAA Single-sign on Headers Menu 542 /ssl/cfg/vpn/aaa/radacct SSL VPN Conguration AAA Radius Accounting Menu 543 ssl/cfg/vpn/aaa/radacct/servers SSL VPN Conguration AAA Radius Accounting Servers Menu 543 ssl/cfg/vpn/aaa/radacct/vpnattribu SSL VPN Conguration AAA Radius Accounting VPN attributes Menu 544 /ssl/cfg/vpn/server SSL VPN Conguration Server Menu 544 /ssl/cfg/vpn/server/trace SSL VPN Conguration Server Trafc Trace Menu 545 /ssl/cfg/vpn/server/ssl SSL VPN Conguration Server SSL Settings Menu 546 /ssl/cfg/vpn/server/tcp SSL VPN Conguration Server TCP endpoint Settings Menu 548 /ssl/cfg/vpn/server/http SSL VPN Conguration Server HTTP Settings Menu 549 /ssl/cfg/vpn/server/http/rewrite SSL VPN Conguration Server SSL triggered rewrite Menu 550 /ssl/cfg/vpn/server/proxymap SSL VPN Conguration Server Intranet Proxy settings Menu 551 ssl/cfg/vpn/server/portal SSL VPN Conguration Server Portal settings Menu 552 ssl/cfg/vpn/server/adv SSL VPN Conguration Server Advanced Menu 552 ssl/cfg/vpn/server/adv/traflog SSL VPN Conguration Server UDP Syslog Trafc Log Menu 553 ssl/cfg/vpn/server/adv/sslconnect SSL VPN Conguration Server SSL Connect Menu 554 ssl/cfg/vpn/server/adv/sslconnect/verify SSL VPN Conguration Server SSL Connect verify Server Menu 555 /ssl/cfg/vpn/ipsec SSL VPN Conguration IPsec Server Menu 555 /ssl/cfg/vpn/ipsec/ikeprof SSL VPN Conguration IPsec Server IKE Prole Menu 556 /ssl/cfg/vpn/ipsec/ikeprof/enc SSL VPN Conguration IPsec Server IKE Prole Encryption Menu 557


Contents 19 /ssl/cfg/vpn/ipsec/ikeprof/dh SSL VPN Conguration IPsec Server IKE Prole Dife-Hellman Group Mask Menu 558 /ssl/cfg/vpn/ipsec/ikeprof/NAT SSL VPN Conguration IPsec Server IKE Prole NAT Menu 559 /ssl/cfg/vpn/ipsec/ikeprof/deadpeer SSL VPN Conguration IPsec Server IKE Prole Dead Peer Menu 559 /ssl/cfg/vpn/ippool SSL VPN Conguration IP Pool Menu 560 /ssl/cfg/vpn/portal SSL VPN Conguration Portal Menu 561 /ssl/cfg/vpn/portal/colors SSL VPN Conguration Portal Colors Menu 563 /ssl/cfg/vpn/portal/faccess SSL VPN Conguration Portal Full Access Menu 563 /ssl/cfg/vpn/portal/lang SSL VPN Conguration Portal Language Menu 564 /ssl/cfg/vpn/portal/whitelist SSL VPN Conguration Portal Whitelist settings Menu 565 /ssl/cfg/vpn/portal/whitelist/domains SSL VPN Conguration Portal Whitelist settings Domains Menu 565 /ssl/cfg/vpn/linkset SSL VPN Conguration Linkset Menu 566 /ssl/cfg/vpn/linkset/link SSL VPN Conguration Linkset Link Menu 567 /ssl/cfg/vpn/linkset/link/internal SSL VPN Conguration Linkset Link Internal Setting Menu 568 /ssl/cfg/vpn/sslclient SSL VPN Conguration SSL Client Menu 568 /ssl/cfg/vpn/adv SSL VPN Conguration Advanced Menu 569 /ssl/cfg/vpn/adv/dns SSL VPN Conguration Advanced DNS settings Menu 569 /ssl/cfg/sys SSL Conguration System Menu 570 /ssl/cfg/sys/host SSL Conguration System Host Menu 571 /ssl/cfg/sys/host/routes SSL Conguration System Host Routes Menu 572 /ssl/cfg/sys/host/interface SSL Conguration System Host Menu 573 /ssl/cfg/sys/host/interface/routes SSL Conguration System Host Interface Routes Menu 574 /ssl/cfg/sys/host/port SSL Conguration System Host Port Menu 574 /ssl/cfg/sys/routes SSL Conguration System Menu 575Nortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.

20 Contents /ssl/cfg/sys/time SSL Conguration System Time Menu 575 /ssl/cfg/sys/time/ntp SSL Conguration System Time NTP servers Menu 576 /ssl/cfg/sys/dns SSL Conguration System DNS settings Menu 576 sl/cfg/sys/dns/servers SSL Conguration System DNS Servers settings Menu 577 /ssl/cfg/sys/rsa SSL Conguration System RSA servers Menu 578 /ssl/cfg/sys/syslog SSL Conguration System SysLog Servers Menu 578 /ssl/cfg/sys/accesslist SSL Conguration System Access List Menu 579 /ssl/cfg/sys/adm SSL Conguration System Administrative applications Menu 579 /ssl/cfg/sys/adm/snmp SSL Conguration System Administrative applications SNMP Menu 581 /ssl/cfg/sys/adm/snmp/snmpv2-mib SSL Conguration System Administrative applications SNMPv2 MIB SNMP Menu 582 /ssl/cfg/sys/adm/snmp/community SSL Conguration System Administrative applications SNMP Community Menu 583 /ssl/cfg/sys/adm/snmp/users SSL Conguration System Administrative applications SNMP Users Menu 583 /ssl/cfg/sys/adm/snmp/target SSL Conguration System Administrative applications SNMP Target Menu 584 /ssl/cfg/sys/adm/audit SSL Conguration System Administrative applications Audit Menu 585 /ssl/cfg/sys/adm/audit/servers SSL Conguration System Administrative applications Audit Servers Menu 585 /ssl/cfg/sys/adm/http SSL Conguration System Administrative applications HTTP Menu 586 /ssl/cfg/sys/adm/https SSL Conguration System Administrative applications HTTPS Menu 587 /ssl/cfg/sys/adm/sshkeys SSL Conguration System Administrative applications SSH Host keys Menu 587 /ssl/cfg/sys/adm/sshkeys/knownhosts SSL Conguration System Administrative applications SSH Known Host keys Menu 587 /ssl/cfg/sys/user SSL Conguration System Menu 588


Contents 21 /ssl/cfg/sys/user/edit SSL Conguration System User Edit Menu 589 /ssl/cfg/sys/user/edit/groups SSL Conguration System User Edit Menu 589 /ssl/cfg/lang SSL Conguration Language Support Menu 590 /ssl/boot SSL Boot Menu 590 /ssl/boot/software SSL Performance Menu 592 /ssl/maint SSL Performance Maintenance Menu 592 /ssl/maint/hsm SSL Performance HSM Menu 593

Nortel Application Switch Operating System Syslog Messages Nortel Application Switch Operating System SNMP Agent Performing a Serial Download

595 605 611


22 Contents


23

PrefaceThe Nortel Application Switch Operating System Command Reference describes how to congure and use the Nortel Application Switch Operating System software with your Nortel Application Switch. For documentation on installing the switches physically, see the Hardware Installation Guide for your particular switch model.

Who should use this bookThis Command Reference is intended for network installers and system administrators engaged in conguring and maintaining a network. The administrator should be familiar with Ethernet concepts, IP addressing, the IEEE 802.1d Spanning Tree Protocol, and SNMP conguration parameters.

How this book is organized"The Command Line Interface" (page 31) describes how to connect to the switch and access the information and conguration menus. "Menu Basics" (page 39) provides an overview of the menu system, including a menu map, global commands, and menu shortcuts. "The Information Menu" (page 47) describes how to view switch conguration parameters. "The Statistics Menu" (page 121) describes how to view switch performance statistics. "The Conguration Menu" (page 223) describes how to congure switch system parameters, ports, VLANs, Spanning Tree Protocol, SNMP, Port Mirroring, IP Routing, Port Trunking, and more. "The SLB Conguration Menu" (page 361)describes how to congure Server Load Balancing, Filtering, Global Server Load Balancing, and more.


24 Preface

"The Operations Menu" (page 451) describes how to use commands which affect switch performance immediately, but do not alter permanent switch congurations (such as temporarily disabling ports). The menu describes how to activate or deactivate optional software features. "The Boot Options Menu" (page 463) describes the use of the primary and alternate switch images, how to load a new software image, and how to reset the software to factory defaults. "The Maintenance Menu" (page 471) describes how to generate and access a dump of critical switch state information, how to clear it, and how to clear part or all of the forwarding database. "Nortel Application Switch Operating System Syslog Messages" (page 595) presents a listing of syslog messages. "Nortel Application Switch Operating System SNMP Agent" (page 605) lists the Management Interface Bases (MIBs) supported in the switch software. "Performing a Serial Download" (page 611) shows how to directly load a binary software image into the switch for upgrade or maintenance. "Glossary" (page 615) denes the terminology used throughout the book. Index includes pointers to the description of the key words used throughout the book.

Related documentation Nortel Application Switch Operating System Application Guide (NN47220-104) Provides application explanations and conguration examples for the Switch. Nortel Application Switch Operating System Browser-Based Interface (BBI) Quick Guide (NN47220-103) Provides a description of the Switch BBI and how to congure and access it on the Switch. Nortel Application Switch Hardware Installation Guide (Part Number 315396-F) Provides a description of the Nortel Application Switch hardware, the physical features, how to install it, and how to troubleshoot it. Nortel Application Switch Operating System Release Notes (NN47220-401)


How to get help

25

This document provides a description of new features and caveats and limitations, if any, in the software.

Typographic conventionsThe following table describes the typographic styles used in this book.Typographic conventions Typeface or Symbol AaBbCc123 Meaning This type is used for names of commands, files, and directories used within the text. It also depicts on-screen computer output and prompts. AaBbCc123 This bold type appears in command examples. It shows text that must be typed in exactly as shown. This italicized type appears in command examples as a parameter placeholder. Replace the indicated text with the appropriate real name or value when using the command. Do not type the brackets. This also shows book titles, special terms, or words to be emphasized. [] Command items shown inside brackets are optional and can be used or excluded as the situation demands. Do not type the brackets. Example View the readme.txt file. Main# Main# sys

AaBbCc123

To establish a Telnet session, enter:host# telnet

Read your Users Guide thoroughly. host# ls [-a]

How to get helpIf you purchased a service contract for your Nortel product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased a Nortel service program, contact one of the following Nortel Technical Solutions Centers:Technical Solutions Center Europe, Middle East, and Africa Telephone 00800 8008 9009 or +44 (0) 870 907 9009 (800) 4NORTEL or (800) 466-7835

North America


26 Preface

Technical Solutions Center Asia Pacific China

Telephone (61) (2) 8870-8800 (800) 810-5000

Additional information about the Nortel Technical Solutions Centers is available at the following URL: http://www.nortelnetworks.com/help/contact/global An Express Routing Code (ERC) is available for many Nortel products and services. When you use an ERC, your call is routed to a technical support person who specializes in supporting that product or service. To locate an ERC for your product or service, refer the following URL: http://www.nortelnetworks.com/help/contact/erc/index.html


27

New in this releaseThe following section details whats new in Nortel Application Switch Operating System Command Reference (NN74220-105) for Release 25.0. "Features" (page 27) "Other changes" (page 29)

FeaturesSee the following sections for information about feature changes: "Secondary backup" (page 27) "Backup preemption" (page 27) "Shared secret per real server group" (page 28) "GSLB client proximity metric" (page 28) "Multi real port server" (page 28) "Instantaneous reset of sessions in backup server" (page 28) "Automate smirror" (page 28) "FlexiRules for SIP over UDP trafc" (page 28) "Persistent timeout " (page 28) "Spanning Tree Group information" (page 29)

Secondary backupSecondary backup group can be congured in addition to the existing backup group using secbkp. For more information, see "/cfg/slb/group Real Server Group SLB Conguration" (page 372).

Backup preemptionThe primary server becomes active when the existing backup server goes down. The preemption of backup can be activated using preempt. For more information, see "/cfg/slb/real Real Server SLB Conguration" (page 364).


28 New in this release

Shared secret per real server groupA separate shared secret for each real (Radius) server group can be dened using secret. For more information, see "/cfg/slb/group Real Server Group SLB Conguration" (page 372).

GSLB client proximity metricThe Global Server Load Balancing (GSLB) client proximity calculates the response between each data center and the client. For more information, see "/cfg/slb/gslb Global SLB Conguration" (page 417). To enable or disable client proximity for HTTP/HTTPS, see "/cfg/slb/virt/service/http HTTP Load Balancing Menu" (page 393).

Multi real port serverMulti-real server port enables to load balance similar services running more than one port within a real server. For more information, see "Real Server Group Conguration Menu Options (/cfg/slb/group)" (page 373).

Instantaneous reset of sessions in backup serverA congurable option clrbkp clears the sessions to the backup server when the master server resumes the service. For more information, see "/cfg/slb/advAdvanced Layer 4 Conguration" (page 435).

Automate smirrorThe autosmir synchronizes sessions from master to backup automatically at the congured time. For more information, see "/cfg/l3/vrrpVRRP Conguration Menu" (page 335).

FlexiRules for SIP over UDP trafcFlexiRules controls the Session Initiation Protocol (SIP) over User Datagram Protocol (UDP) trafc going through the Nortel Application Switch. The switch monitors the SIP UDP packets according to the rules (SIP header eld, content, BWM contract) and sends out the messages to the Management Processor (MP). When the lter matches, an alert message is displayed. Multiple rules can be congured and severities can be set. For more information, see "/cfg/slb/layer7 Layer 7 SLB Resource Denition Menu" (page 426).

Persistent timeoutThe ptmout is used to set time for persistent sessions. For more information, see "/cfg/slb/virt /service Virtual Server Service Conguration" (page 385)


Other changes

29

Spanning Tree Group informationThe Spanning Tree Group (STG) information is updated to show topology change time per STG and number of topology changes per STG. For more information, see "/info/l2/stgLayer 2 Spanning Tree Group Information" (page 79)

Other changesSee the following for information about changes that are not feature-related: Added descriptions for the following commands. For more information, see "/cfg/slb/advAdvanced Layer 4 Conguration" (page 435) srvckdata clsrst subdmac


30 New in this release


31

The Command Line InterfaceYour Nortel Application Switch is ready to perform basic switching functions right out of the box. Some of the more advanced features, however, require some administrative conguration before they can be used effectively. The extensive Nortel Application Switch Operating System switching software included in your switch provides a variety of options for accessing and conguring the switch: A built-in, text-based command line interface and menu system for access via local terminal or remote Telnet session A GUI-based Application Switch Element Manager (ASEM) for interactive network access SNMP support for access through network management software such as HP OpenView Nortel Application Switch Operating System Browser-Based Interface (BBI)

The command line interface is the most direct method for collecting switch information and performing switch conguration. Using a basic terminal, you are presented with a hierarchy of menus that enable you to view information and statistics about the switch, and to perform any necessary conguration. This chapter explains how to access the Command Line Interface (CLI) of the switch.

Connecting to the SwitchYou can access the command line interface in any one of the following ways: Using a console connection via the console port Using a Telnet connection over the network Using an SSH connection to securely log into another computer over a network


32 The Command Line Interface

Establishing a Console Connection RequirementsTo establish a console connection with the switch, you will need the following: An ASCII terminal or a computer running terminal emulation software set to the parameters shown in the table below:Console Conguration Parameters Parameter Baud Rate Data Bits Parity Stop Bits Flow Control Value 9600 8 None 1 None

A standard serial cable with a male DB9 connector (see your switch hardware installation guide for specics).

Procedure1. Connect the terminal to the Console port using the serial cable. 2. Power on the terminal. 3. To establish the connection, press Enter a few times on your terminal. Enter a password for access to the switch.

Establishing a Telnet ConnectionA Telnet connection offers the convenience of accessing the switch from any workstation connected to the network. Telnet access provides the same options for user access and administrator access as those available through the console port. To congure the switch for Telnet access, you need to have a device with Telnet software located on the same network as the switch. The switch must have an IP address. The switch can get its IP address in one of two ways: Dynamically, from a BOOTP server on your network. Manually, when you congure the switch IP address. Note: You need to enable Telnet and SSH, using serial connection, before you can use these methods of accessing the switch. Refer "Establishing a Console Connection" (page 32).


Connecting to the Switch

33

Using a BOOTP ServerBy default, the Nortel Application Switch Operating System software is set up to request its IP address from a BOOTP server. If you have a BOOTP server on your network, add the MAC address of the switch to the BOOTP conguration le located on the BOOTP server. The MAC address can be found on a small white label on the back panel of the switch. The MAC address can also be found in the System Information menu (see "/info/sysSystem Information Menu" (page 49)). Note: If connecting to the management port, BOOTP is not supported. The port must be manually congured with the proper IP address.

Running TelnetOnce the IP parameters on the Nortel Application Switch are congured, you can access the CLI using a Telnet connection. To establish a Telnet connection with the switch, run the Telnet program on your workstation and issue the Telnet command, followed by the switch IP address:telnet

Then, enter a password as explained in "Establishing an SSH Connection" (page 33).

Establishing an SSH ConnectionAlthough a remote network administrator can manage the conguration of an Nortel Application Switch through Telnet, this method does not provide a secure connection. The SSH (Secure Shell) protocol enables you to securely log into another computer over a network to execute commands remotely. As a secure alternative to using Telnet to manage switch conguration, SSH ensures that all data sent over the network is encrypted and secure. The switch can do only one session of key/cipher generation at a time. Thus, a SSH/SCP client is not able to login if the switch is doing key generation at that time or if another client has just logged in before this client. Similarly, the system fails to do the key generation if a SSH/SCP client is logging in at that time. The supported SSH encryption and authentication methods are listed below. Server Host Authentication: Client RSA-authenticates the switch in the beginning of every connection. Key Exchange: RSA Encryption: 3DES-CBC, DES User Authentication: Local password authentication, Radius



The following SSH clients have been tested: SSH 1.2.23 and SSH 1.2.27 for Linux (freeware) SecureCRT 3.0.2 and SecureCRT 3.0.3 (Van Dyke Technologies, Inc.) F-Secure SSH 1.1 for Windows (Data Fellows) Note: The Nortel Application Switch Operating System implementation of SSH is based on SSH version 1.5 and supports SSH-1.5-1.X.XX. SSH clients of other versions (especially Version 2) is not supported.

Running SSHOnce the IP parameters are congured and the SSH service is turned on the Nortel Application Switch, you can access the command line interface using an SSH connection. To establish an SSH connection with the switch, run the SSH program on your workstation by issuing the SSH command, followed by the switch IP address:>> # ssh

or, if SecurID authentication is required, use the following command:>> # ssh -1 ace

Then, prompted to enter your user name and password.

Accessing the SwitchTo enable better switch management and user accountability, seven levels or classes of user access have been implemented on the Nortel Application Switch. Levels of access to CLI, Web management functions, and screens increase as needed to perform various switch management tasks. Conceptually, access classes are dened as follows: User interaction with the switch is completely passivenothing can be changed on the Nortel Application Switch. Users may display information that has no security or privacy implications, such as switch statistics and current operational state information. Operators can only effect temporary changes on the Nortel Application Switch. These changes are lost when the switch is rebooted/reset. Operators have access to the switch management features used for daily switch operations. Because any changes an operator makes are undone by a reset of the switch, operators cannot severely impact switch operation.


Accessing the Switch

35

Administrators are the only ones that may make permanent changes to the switch congurationchanges that are persistent across a reboot/reset of the switch. Administrators can access switch functions to congure and troubleshoot problems on the Nortel Application Switch. Because administrators can also make temporary (operator-level) changes as well, they must be aware of the interactions between temporary and permanent changes.

Access to switch functions is controlled through the use of unique surnames and passwords. Once you are connected to the switch via local console, Telnet, or SSH, you are prompted to enter a password. The default user names/password for each access level are listed in the following table. Note: It is recommended that you change default switch passwords after initial conguration and as regularly as required under your network security policies.User Access Levels User Account User Description and Tasks Performed The User has no direct responsibility for switch management. He or she can view all switch status information and statistics, but cannot make any configuration changes to the switch. The SLB Operator manages Web servers and other Internet services and their loads. In addition to being able to view all switch information and statistics, the SLB Operator can enable/disable servers using the Server Load Balancing operation menu. The Layer 4 Operator manages traffic on the lines leading to the shared Internet services. This user currently has the same access level as the SLB operator. and the access level is reserved for future use, to provide access to operational commands for operators managing traffic on the line leading to the shared Internet services. The Operator manages all functions of the switch. In addition to SLB Operator functions, the Operator can reset ports or the entire switch. Password user

SLB Operator

slboper

Layer 4 Operator

l4oper

Operator

oper

SLB Administrator The SLB Administrator configures and manages Web servers and other Internet services and their loads. In addition to SLB Operator functions, the SLB Administrator can configure parameters on the Server Load Balancing menus, with the exception of not being able to configure filters or bandwidth management.

slbadmin



User Account Layer 4 Administrator

Description and Tasks Performed The Layer 4 Administrator configures and manages traffic on the lines leading to the shared Internet services. In addition to SLB Administrator functions, the Layer 4 Administrator can configure all parameters on the Server Load Balancing menus, including filters and bandwidth management. The superuser Administrator has complete access to all menus, information, and configuration commands on the Nortel Application Switch, including the ability to change both the user and administrator passwords.

Password l4admin

Administrator

admin

Note: With the exception of the "admin" user, access to each user level can be disabled by setting the password to an empty value. All user levels below "admin" will by default be initially disabled (empty password) until they are enabled by the "admin" user. This prevents inadvertently leaving the switch open to unauthorized users.

CLI MenuOnce the administrator password is veried, you are given complete access to the switch. The following table shows the Main Menu with administrator privileges.

Note: If you are accessing a user account or Layer 4 administrator account, some menu options are not be available.

Command Line History and EditingFor a description of global commands, shortcuts, and command line editing functions, see "Menu Basics" (page 39).


Idle Timeout

37

Idle TimeoutBy default, the switch will disconnect your console or Telnet session after ve minutes of inactivity. This function is controlled by the idle timeout parameter, which can be set from 1 to 10080 minutes. For information on changing this parameter, see "/cfg/sys System Conguration" (page 226).




39

Menu BasicsThe Nortel Application Switchs Command Line Interface (CLI) is used for viewing switch information and statistics. In addition, the administrator can use the CLI for performing all levels of switch conguration. To make the CLI easy to use, the various commands have been logically grouped into a series of menus and sub-menus. Each menu displays a list of commands and/or sub-menus that are available, along with a summary of what each command does. Below each menu is a prompt where you can enter any command appropriate to the current menu. This chapter describes the Main Menu commands, and provides a list of commands and shortcuts that are commonly available from all the menus within the CLI.

The Main MenuThe Main Menu appears after a successful connection and login. The following table shows the Main Menu for the administrator login. Some features are not available under the user login. Note: The ssl option is only visible on the Nortel Application Switch Operating System 2000-SSL Series.


40 Menu Basics

Menu Summary Information Menu Provides sub-menus for displaying information about the current status of the switch: from basic system settings to VLANs, Layer 4 settings, and more. Statistics Menu Provides sub-menus for displaying switch performance statistics. Included are port, IF, IP, ICMP, TCP, UDP, SNMP, routing, ARP, DNS, VRRP, and Layer 4 statistics. Conguration Menu This menu is available only from an administrator login. It includes sub-menus for conguring every aspect of the switch. Changes to conguration are not active until explicitly applied. Changes can be saved to non-volatile memory. Operations Command Menu Operations-level commands are used for making immediate and temporary changes to switch conguration. This menu is used for bringing ports temporarily in and out of service, performing port mirroring, and enabling or disabling Server Load Balancing functions. It is also used for activating or deactivating optional software packages. Boot Options Menu This menu is used for upgrading switch software, selecting conguration blocks, and for resetting the switch when necessary. Maintenance Menu This menu is used for debugging purposes, enabling you to generate a dump of the critical state information in the switch, and to clear entries in the forwarding database and the ARP and routing tables. SSL Accelerator Menu This menu is used to connect to the SSL Accelerator in 2424-SSL model switches. Once connected, SSL conguration and maintenance can take place.

Global CommandsSome basic commands are recognized throughout the menu hierarchy. These commands are useful for obtaining online help, navigating through menus, and for applying and saving conguration changes. For help on a specic command, type help. The following screen appears:


Global Commands 41

Description of Global Commands Command ? command or help . or print .. / lines or up Action Provides more information about a specific command on the current menu. When used without the command parameter, a summary of the global commands is displayed. Display the current menu. Go up one level in the menu structure. If placed at the beginning of a command, go to the Main Menu. Otherwise, this is used to separate multiple commands placed on the same line. Set the number of lines (n) that display on the screen at one time. The default is 24 lines. When used without a value, the current setting is displayed. Show any pending configuration changes. Apply pending configuration changes. Write configuration changes to non-volatile flash memory. Remove pending configuration changes between "apply" commands. Use this command to restore configuration parameters set since last "apply" command. Exit from the command line interface and log out. Use this command to verify station-to-station connectivity across the network. The format is as follows: ping | [tries [msec delay]] [-m|-mgmt|-d|-data] Where IP address is the hostname or IP address of the device, tries (optional) is the number of attempts (1-32), msec delay (optional) is the number of milliseconds between attempts. By default, the -d or -data option for network ports is in effect. If the management port is used, specify

diff apply save revert

exit or quit ping


42 Menu Basics

Command

Action the -m or -mgmt option. The DNS parameters must be configured if specifying hostnames (see "/cfg/l3/dnsDomain Name System Configuration Menu" (page 333)). Use this command to verify an IP address and interface connectivity across the network. The format is as follows: ping6 For example: ping6 3001::1234 - for ping6 global unicast address ping6 fe80::201:2ff:feb1:10e2 20 - for ping6 link-local address

ping6

traceroute

Use this command to identify the route used for station-to-station connectivity across the network. The format is as follows: traceroute | [ [msec delay]] [-m|-mgmt|-d|-data] Where IP address is the hostname or IP address of the target station, max-hops (optional) is the maximum distance to trace (1-16 devices), and delay (optional) is the number of milliseconds for wait for the response. By default, the -d or -data option for network ports is in effect. If the management port is used, specify the -m or -mgmt option. As with ping, the DNS parameters must be configured if specifying hostnames.

pwd verbose n

Display the command path used to reach the current menu. Sets the level of information displayed on the screen: 0 =Quiet: Nothing appears except errorsnot even prompts. 1 =Normal: Prompts and requested output are shown, but no menus. 2 =Verbose: Everything is shown. When used without a value, the current setting is displayed.


Command Line History and Editing

43

Command telnet

Action This command is used to telnet out of the switch. The format is as follows: | [port] [-m|-mgmt|-d|-data]. Where IP address is the hostname or IP address of the device. By default, the -d or -data option for network ports is in effect. If the management port is used, specify the -m or -mgmt option. This command brings up the history of the last 10 commands. This command stores the current location of the menu tree. Optionally, a new path to change to can be specified. The format is as follows: pushd [ ]

history pushd

popd who

This command takes the user one level back to the menu location stored by the last pushd command. This command displays the currently logged users session information.

Command Line History and EditingUsing the command line interface, you can retrieve and modify previously entered commands with just a few keystrokes. The following options are available globally at the command line:Command Line History and Editing Options Option history !! !n Ctrl-p Description Display a numbered list of the last 10 previously entered commands. Repeat the last entered command. Repeat the n th command shown on the history list. (Also the up arrow key.) Recall the previous command from the history list. This can be used multiple times to work backward through the last 10 commands. The recalled command can be entered as is, or edited using the options below. (Also the down arrow key.) Recall the next command from the history list. This can be used multiple times to work forward through the last 10 commands. The recalled command can be entered as is, or edited using the options below. Move the cursor to the beginning of command line. Move cursor to the end of the command line. (Also the left arrow key.) Move the cursor back one position to the left.Nortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.

Ctrl-n

Ctrl-a Ctrl-e Ctrl-b

44 Menu Basics

Option Ctrl-f Backspace Ctrl-d Ctrl-k Ctrl-l Ctrl-u Other keys

Description (Also the right arrow key.) Move the cursor forward one position to the right. (Also the Delete key.) Erase one character to the left of the cursor position. Delete one character at the cursor position. Kill (erase) all characters from the cursor position to the end of the command line. Redraw the screen. Clear the entire line. Insert new characters at the cursor position.

Command Line Interface ShortcutsCommand StackingAs a shortcut, you can type multiple commands on a single line, separated by forward slashes (/). You can connect as many commands as required to access the menu option that you want. For example, the keyboard shortcut to access the Spanning Tree Port Conguration Menu from the Main# prompt is as follows:Main# cfg/l2/stg/port

Command AbbreviationMost commands can be abbreviated by entering the rst characters which distinguish the command from the others in the same menu or sub-menu. For example, the command shown above could also be entered as follows:Main# c/l2/st/p

Tab CompletionBy entering the rst letter of a command at any menu prompt and hitting Tab, the CLI displays all commands or options in that menu that begin with that letter. Entering additional letters further renes the list of commands or options displayed. If only one command ts the input text when Tab is pressed, that command will be supplied on the command line, waiting to be entered. If the Tab key is pressed without any input on the command line, the currently active menu is displayed.

Conguration RangesMost commands now support the use of conguration ranges. Conguration ranges allow the user to set common parameters on a range of similar items on the switch like ports or VLANs. For example, the following command enables the real servers numbered from 1 to 10.Nortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.

Command Line Interface Shortcuts

45

Main# /cfg/slb/real 1-10/enable

The following command menu items support range and enable:Main# /cfg/bwm/cont Main# cfg/bwm/policy Main# /cfg/bwm/group Main# /cfg/l2/stg Main# /cfg/l2/trunk Main# /cfg/l2/vlan Main# cfg/l2/team Main# /cfg/l3/if Main# /cfg/l3/gw Main# /cfg/l3/nwf Main# /cfg/l3/rmap Main# /cfg/l3/vrrp/vr Main# /cfg/l3/vrrp/vrgroup Main# /cfg/sec/pgroup Main# /cfg/slb/real Main# /cfg/slb/group Main# /cfg/slb/virt Main# /cfg/slb/filt Main# /oper/slb/group Main# /stat/s


46 Menu Basics


47

The Information MenuYou can view conguration information for the switch in both the user and administrator command modes. This chapter discusses how to use the command line interface to display switch information.

/info Information Menu

The information provided by each menu option is briey described in "Information Menu Options (/info)" (page 47), with pointers to where detailed information can be found.Information Menu Options (/info) Command Syntax and Usage sys Displays system menu information. To view menu options, see "/info/sysSystem Information Menu" (page 49). l2 Displays the Layer 2 Information Menu. For details, see "/info/l2Layer 2 Information Menu" (page 72). l3 Displays the Layer 3 information menu. For details, see "/info/l3Layer3 Information Menu" (page 84).


48 The Information Menu

Command Syntax and Usage slb Displays the Layer 4 Information Menu. To view menu options, see "/info/slbLayer 4 Information Menu" (page 104). bwm Displays Bandwidth Management information. For details, see "/info/bwmBandwidth Management Information" (page 114). security Displays current UDP blast settings and the security status of the port. To view a sample, see "/info/securitySecurity Information" (page 117). link Displays configuration information about each port, including:

Port number Port speed (10, 100, 10/100, or 1000) Duplex mode (half, full, or auto) Flow control for transmit and receive (no, yes, or auto) Link status (up or down)

For details, see "/info/linkLink Status Information" (page 118). port Displays port status information, including:

Port number Whether the port uses VLAN Tagging or not Port VLAN ID ( PVID) Port name VLAN membership

For details, see "/info/portPort Information" (page 119).

swkey Displays a list of all the optional software packages which have been activated or installed on your switch. For details see "/info/swkeySoftware Enabled Keys" (page 120).


/info/sys System Information Menu 49 Command Syntax and Usage dump Dumps all switch information available from the Information Menu (10K or more, depending on your configuration). If you want to capture dump data to a file, set your communication software on your workstation to capture session data prior to issuing the dump commands. For details, see "/info/dumpInformation Dump" (page 120).

/info/sys System Information Menu

Information System Menu Options (/info/sys) Command Syntax and Usage snmpv3 Displays SNMPv3 Information Menu. To view the menu options, see "SNMPv3 information Menu Options (/info/sys/snmpv3)" (page 51). general Displays general system information including :

System information like time, day, and date. Switch model name and number How long the switch has been up Time of last boot MAC address of the switch management processor Internal SSL Processor MAC Address if the switch is 2424-SSL IP address of IP interface #1



Command Syntax and Usage Hardware order number and part numbers of the Mainboard Hardware, Management Processor Board Hardware, and Fast Ethernet Board Hardware Software image file and version number Configuration name Log-in banner, if one is configured

See "General System Information" (page 58) for a sample output. time Displays the current time. log Displays last 64 syslog messages. See "/info/sys/logShow Last 64 Syslog Messages" (page 59) for a sample output and detailed information. slog Displays the last 64 syslog messages that are saved in flash. See "/info/sys/slogLast 64 Saved Syslog Messages" (page 60) for a sample output. mgmt Displays Management port information. See "/info/sys/mgmtManagement Port Information" (page 61) for detailed information. sonmp Displays SONMP topology table information. See "/info/sys/sonmpSON MP Information" (page 62) for detailed information. capacity gen|bwm|l2|l3|slb|port Displays the switch capacity information. This output displays the maximum switch capacity for the various applications and services that the switch supports. The output contains capacity information about Layer 2, Layer 3, RIP, OSPF, BGP, Route Maps, Network Filters, VRRP, Layer 4-7, which includes Server Load Balancing, Filters, GSLB, Health Checks, Bandwidth Management, General switch information, and SNMPv3. See "/info/sys/capacitySystem Capacity Information" (page 63) for a sample output. fan Displays the fan status of the switch. temp


/info/sys System Information Menu 51 Command Syntax and Usage Displays the temperature status of the switch sensors. encrypt Displays the current encryption licenses. user Displays the current user names. dump Displays all system information. See "/info/sys/dumpSystem Information Dump" (page 67) for a sample output.

/info/sys/snmpv3 SNMPv3 System Information MenuSNMP version 3 (SNMPv3) is an extensible SNMP Framework that supplements the SNMPv2 Framework by supporting the following: a new SNMP message format security for messages access control remote conguration of SNMP parameters

For more details on the SNMPv3 architecture refer RFC2271 to RFC2276.

SNMPv3 information Menu Options (/info/sys/snmpv3) Command Syntax and Usage usm Displays User Security Model (USM) table information. To view the table, see "/info/sys/snmpv3/usmSNMPv3 USM User Table Information" (page 52). view Displays information about view, sub tress, mask and type of view. To view a sample, see "/info/sys/snmpv3/viewSNMPv3 View Table Information" (page 53).



Command Syntax and Usage access Displays View-based Access Control information. To view a sample, see "/info/sys/snmpv3/accessSNMPv3 Access Table Information" (page 53). group Displays information about the group that includes, the security model, user name, and group name. To view a sample, see "/info/sys/snmpv3/groupSNMPv3 Group Table Information" (page 54). comm Displays information about the community table information. To view a sample, see "/info/sys/snmpv3/commSNMPv3 Community Table Information" (page 55). taddr Displays the Target Address table information. To view a sample, see "/info/sys/snmpv3/taddrSNMPv3 Target Address Table Information" (page 55). tparam Displays the Target parameters table information. To view a sample, see "/info/sys/snmpv3/tparamSNMPv3 Target Parameters Table Information" (page 56). notify Displays the Notify table information. To view a sample, see "/info/sys/snmpv3/notifySNMPv3 Notify Table Information" (page 57). dump Displays all the SNMPv3 information. To view a sample, see "/info/sys/snmpv3/dumpSNMPv3 Dump Information" (page 57).

/info/sys/snmpv3/usm SNMPv3 USM User Table InformationThe User-based Security Model (USM) in SNMPv3 provides security services such as authentication and privacy of messages. This security model makes use of a dened set of user identities displayed in the USM user table. The USM user table contains information like: the user name a security name in the form of a string whose format is independent of the Security Model an authentication protocol, which is an indication that the messages sent on behalf of the user can be authenticated the privacy protocol.


/info/sys System Information Menu 53

USM User Table Information Parameters (/info/sys/usm) Field User Name Protocol Description This is a string that represents the name of the user that you can use to access the switch. This indicates whether messages sent on behalf of this user are protected from disclosure using a privacy protocol. The Nortel Application Switch Operating System supports DES algorithm for privacy. The software also supports two authentication algorithms: MD5 and HMAC-SHA.

/info/sys/snmpv3/view SNMPv3 View Table InformationThe user can control and restrict the access allowed to a group to only a subset of the management information in the management domain that the group can access within each context by specifying the groups rights in terms of a particular MIB view for security reasons.View Name -------------org v1v2only v1v2only v1v2only v1v2only Subtree -----------------1.3 1.3 1.3.6.1.6.3.15 1.3.6.1.6.3.16 1.3.6.1.6.3.18 Mask Type ---------- --------included included excluded excluded excluded

SNMPv3 View Table Information Parameters (/info/sys/snmpv3/view) Field View Name Subtree Description Displays the name of the view. Displays the MIB subtree as an OID string. A view subtree is the set of all MIB object instances which have a common Object Identifier prefix to their names. Displays the bit mask. Displays whether a family of view subtrees is included or excluded from the MIB view.

Mask Type

/info/sys/snmpv3/accessNortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.


SNMPv3 Access Table InformationThe access control sub system provides authorization services. The vacmAccessTable maps a group name, security information, a context, and a message type, which could be the read or write type of operation or notication into a MIB view. The View-based Access Control Model denes a set of services that an application can use for checking access rights of a group. This groups access rights are determined by a read-view, a write-view and a notify-view. The read-view represents the set of object instances authorized for the group while reading the objects. The write-view represents the set of object instances authorized for the group when writing objects. The notify-view represents the set of object instances authorized for the group when sending a notication.

SNMPv3 Access Table Information (/info/sys/snmpv3/access) Field Group Name Prefix Model Level Description Displays the name of group. Displays the prefix that is configured to match the values. Displays the security model used, for example, SNMPv1, or SNMPv2 or USM. Displays the minimum level of security required to gain rights of access. For example, noAuthNoPriv, authNoPriv, or authPriv. Displays the match for the contextName. The options are: exact and prefix. Displays the MIB view to which this entry authorizes the read access. Displays the MIB view to which this entry authorizes the write access. Displays the Notify view to which this entry authorizes the notify access.

Match ReadV WriteV NotifyV

/info/sys/snmpv3/group



SNMPv3 Group Table InformationA group is a combination of security model and security name that denes the access rights assigned to all the security names belonging to that group. The group is identied by a group name.

SNMPv3 Group Table Information Parameters (/info/sys/snmpv3/group) Field Sec Model User Name Group Name Description Displays the security model used, which is any one of: USM, SNMPv1, SNMPv2, and SNMPv3. Displays the name for the group. Displays the access name of the group.

/info/sys/snmpv3/comm SNMPv3 Community Table InformationThis command displays the community table information stored in the SNMP engine.Index Name User Name Tag ---------- ---------- -------------------- ---------trap1 public v1v2only v1v2trap SNMPv3 Community Table Parameters (/info/sys/snmpv3/comm) Field Index Name User Name Tag Description Displays the unique index value of a row in this table Displays the community string, which represents the configuration. Displays the User Security Model (USM) user name. Displays the community tag. This tag specifies a set of transport endpoints from which a command responder application accepts management requests and to which a command responder application sends an SNMP trap.

/info/sys/snmpv3/taddr SNMPv3 Target Address Table InformationThis command displays the SNMPv3 target address table information, which is stored in the SNMP engine.



Name Transport Addr Port Taglist Params ---------- --------------- ---- ---------- --------------trap1 47.81.25.66 162 v1v2trap v1v2param SNMPv3 Target Address Table Information Parameters (/info/sys/snmpv3/taddr) Field Name Transport Addr Port Taglist Description Displays the locally arbitrary, but unique identifier associated with this snmpTargetAddrEntry. Displays the transport addresses. Displays the SNMP UDP port number. This column contains a list of tag values which are used to select target addresses for a particular SNMP message. The value of this object identifies an entry in the snmpTargetParamsTable. The identified entry contains SNMP parameters to be used when generating messages to be sent to this transport address.

Params

/info/sys/snmpv3/tparam SNMPv3 Target Parameters Table InformationName MP Model ------------ -------v1v2param snmpv2c noAuthNoPriv User Name -----------v1v2only Sec Model --------snmpv1 Sec Level ---------

SNMPv3 Target Parameters Table Information (/info/sys/snmpv3/tparam) Field Name MP Model User Name Description Displays the locally arbitrary, but unique identifier associated with this snmpTargeParamsEntry. Displays the Message Processing Model used when generating SNMP messages using this entry. Displays the securityName, which identifies the entry on whose behalf SNMP messages are generated using this entry. Displays the security model used when generating SNMP messages using this entry. The system may choose to return an inconsistentValue error if an attempt is made to set this variable to a value for a security model which the system does not support. Displays the level of security used when generating SNMP messages using this entry.Nortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.

Sec Model

Sec Level


/info/sys/snmpv3/notify SNMPv3 Notify Table InformationName Tag -------------------- -------------------v1v2trap v1v2trap SNMPv3 Notify Table Information (/info/sys/snmpv3/notify) Field Name Tag Description The locally arbitrary, but unique identifier associated with this snmpNotifyEntry. This represents a single tag value which is used to select entries in the snmpTargetAddrTable. Any entry in the snmpTargetAddrTable that contains a tag value equal to the value of this entry, is selected. If this entry contains a value of zero length, no entries are selected.

/info/sys/snmpv3/dump SNMPv3 Dump Information



General System InformationOn a Nortel Application Switch 2424:System Information at 6:56:53 Thu Sep 15, 2005 (DST) Time zone: America/Canada/Atlantic-Nova-Scotia (GMT offset -4:00) Alteon Application Switch 2424 Switch is up 3 days, 11 hours, 28 minutes and 34 seconds. Last boot: 18:28:09 Sun Sep 11, 2005 (reset from Telnet) Last apply: unknown Last save: 5 MAC Address: 00:01:81:2e:bc:50 IP (If 1) Address: 0.0.0.0 Hardware Order No: EB1412006 Serial No: ABCDE600MJ Rev: Mainboard Hardware: Part No: P314090-A Rev: Management Processor Board Hardware: Part No: P314080-A Rev: Fast Ethernet Board Hardware: Part No: P314091-A Rev: Note - When the measured temperature inside the switch EXCEEDs the high threshold at 62 degree Celsius a syslog message will be generated. Software Version 23.0.1 (FLASH image2), active configuration.

09 00 00 00

On a Nortel Application Switch 2424-SSL:



Note: The display of temperature comes up only if the temperature of any of the sensors exceeds 60C. The software send a warning message if any of the sensors exceeds this temperature threshold. The switch will shut down if the power supply overheats and the temperature gets to 100C. Information about fan failures is also displayed if one or more fans are not functioning.

/info/sys/time Show System Time

/info/sys/log



Show Last 64 Syslog Messages

Each syslog message has a criticality level associated with it, included in text form as a prex to the log message. One of eight different prexes is used, depending on the condition that the administrator is being notied of, as shown below. EMERG: indicates the system is unusable ALERT: Indicates action should be taken immediately CRIT: Indicates critical conditions ERR: indicates error conditions or error operations WARNING: indicates warning conditions NOTICE: indicates a normal but signicant condition INFO: indicates an information message DEBUG: indicates a debut-level message

/info/sys/slog



Last 64 Saved Syslog Messages

/info/sys/mgmt Management Port Information

Use this command to display Management port information on an Nortel Application Switch including: Port speed (10/100) Duplex mode (half, full, any, or auto) Link (Up or down) MAC Address of the systemNortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.


IP address of the Interface IP address of the gateway.

/info/sys/sonmp SONMP InformationThis command displays the SynOptics Network Management Protocol (SONMP) topology table. SONMP protocol is enabled on Nortel Application Switches using the /cfg/sys/sonmp on command, and is necessary so that a Nortel Application Switch can be discovered by the Nortel Enterprise Switch Manager. When SONMP is enabled, devices on the network exchange multicast packets namely: flatnet hellos and segment hellos. The IP address of the device is written into the hello packets. As the network devices exchange information, a topology table is built like the one shown below.

SONMP Information Parameters Description Parameter Slot Port IP Address Seg ID Description Specifies the slot and port on which the topology message was received. This is the IP address of the sender of the topology message. The "segment identifier" of the segment from which the remote agent send the topology message. Different devices may use different methods for representing the segment identifier. The MAC address of the sender of the topology message. The chassis type of the device that sent the topology message.

Mac Address Chassis Type


/info/sys System Information Menu 63 Parameter Local Seg Description Indicates if the sender of the topology message is on the same Ethernet segment (i.e. not across a bridge) as the reporting agent. The current state of the sender of the topology message. the values are:

State

topChangedtopology information has recently changed heartbeattopology information unchanged. newsending agent is in new state.

/info/sys/capacity System Capacity InformationThe following sample output from an Nortel Application Switch 2424 displays the maximum and currently enabled switch capacity for various services and applications from Layer 2-7.







/info/sys/fan Show switch fan status

/info/sys/temp Show switch temperature sensor status

/info/sys/encrypt



Show encryption licenses

/info/sys/user Show current user status

/info/sys/dump



System Information Dump









/info/l2Nortel Application Switch Operating System Command Reference NN47220-105 (320506-E) 02.AD Draft 25.0 29 September 2008Copyright 2008, Nortel Networks.

/info/l2 Layer 2 Information Menu 73

Layer 2 Information Menu

Layer 2 Information Menu Options Command Syntax and Usage fdb Displays the Forwarding Database Information Menu. For details, see "/info/l2/fdbLayer 2 FDB Information" (page 74). lacp Displays Link Aggregation Control Protocol Information Menu. For details, see "/info/l2/lacpLink Aggregation Control Protocol Information Menu" (page 76). stg In addition to seeing if Spanning Tree Protocol is enabled or disabled, you can view the following STP bridge information:

Priority Hello interval Maximum age value Forwarding delay Aging time

You can also see the following port-specific STP information: Port number and priority Cost State

cist Display the CIST information. trunk



Command Syntax and Usage When trunk groups are configured, you can view the state of each port in the various trunk groups. For details, see "/info/l2/trunkTrunk Group Information" (page 82). vlan Displays VLAN configuration information, including:

VLAN Number VLAN Name Status Port membership of the VLAN

For details, see "/info/l2/vlanVLAN Information" (page 82). team Show port team information. dump Displays all Layer 2 information.

/info/l2/fdb Layer 2 FDB InformationThe forwarding database (FDB) contains information that maps the media access control (MAC) address of each known device to the switch port where the device address was learned. The FDB also shows which other ports have seen frames destined for a particular MAC address.

Note: The master forwarding database supports up to 16K MAC address entries on the MP per switch. Each SP supports up to 8K entries.


/info/l2 Layer 2 Information Menu 75 Layer 2 FDB Information Menu Options (/info/l2/fdb) Command Syntax and Usage find [ ] Displays a single database entry by its MAC address. You are prompted to enter the MAC address of the device. Enter the MAC address using the format, xx:xx:xx:xx:xx:xx. For example, 08:00:20:12:34:56. You can also enter the MAC address using the format, xxxxxxxxxxxx. For example, 080020123456. port Displays all FDB entries for a particular port. trunk Displays all FDB entries on a single trunk. vlan Displays all FDB entries on a single VLAN. refpt Displays the FDB entries referenced by a single port. dump Displays all entries in the Forwarding Database. For more information, see "/info/l2/fdb/dumpShow All FDB Information" (page 75).

/info/l2/fdb/dump Show All FDB Information



An address that is in the forwarding (FWD) state, means that it has been learned by the switch. When in the trunking (TRK) state, the port eld represents the trunk group number. If the state for the port is listed as unknown (UNK), the MAC address has not yet been le

25 0_command Ref

Documents

Transcript of 25 0_command Ref