[Top] [Table Of Contents] [Prev] [Next] [Index]
6 out of 25 total pages
Global Settings 3
- This chapter describes how to use the command line interface for global configuration. Detailed command definitions follow a command summary table. Detailed command definitions and summary tables are also provided for RADIUS, ChoiceNet, and SNMP configuration commands.
- Global settings allow you to set default and alternate hosts, set gateways and metrics, set the name service used by the PortMaster 4, and set the administrative password of the PortMaster 4.
Displaying Global Information
- To display information about your configuration, use the following global commands:
- For general information about using the command line interface, refer to Chapter 1, "Introduction."
Summary of Global Commands
- Table 3-1 contains the global configuration commands that affect the entire PortMaster 4, except for those commands marked with a leading bullet (.), which are global only for a specific module or board.
- The following sections also cover global commands affecting the entire PortMaster 4:
Global Commands
- These commands are used to configure global settings on the PortMaster or on a particular module or board.
add ippool
- This command adds a named IP pool to the IP pool table.
add ippool Name|default
Name
| Name of the IP pool--a string of up to 31 characters.
|
default
| Adds a default IP pool to the IP pool table.
|
- The PortMaster 4 supports named IP pools on ComOS 4.1 and later releases. Named IP pools provide a global range of multiple dynamically assigned IP addresses within the PortMaster 4.
- You can assign a gateway address to each range in a named IP pool, or assign a default gateway address for the entire named IP pool. Because you cannot create user profiles for IP pools in PortMaster user tables, you can only configure named IP pools using RADIUS.
- To activate changes to a named IP pool configuration, use the reset ippool command.
Note ¯
To use IP pools, you must also add a corresponding RADIUS attribute to the RADIUS dictionary file. See the PortMaster 4 Configuration Guide for more information.
- Command> add ippool shelbyville
IP pool shelbyville successfully added
- delete ippool - page 3-4
reset ippool - page 3-5
set ippool - page 3-10
set ippool default - page 3-12
show table ippool - page 3-25
delete ippool
- This command deletes an IP address from the specified named IP pool or the entire named IP pool.
delete ippool Name address-range Ipaddress |all
Name
| Name of the IP pool in the IP pool table--a string of up to 31 characters.
|
default
| Deletes the default IP pool from IP pool table.
|
Ipaddress
| IP address or range of IP addresses from the named IP pool.
|
all
| Deletes the entire named IP pool.
|
- The PortMaster 4 supports named IP pools on ComOS 4.1 and later releases.
- To activate changes to a named IP pool configuration, use the reset ippool command.
- Command> delete ippool address-range livermore 192.168.1.0
Range 192.168.1.0 in livermore successfully deleted
Command> del ippool livermore all
Pool livermore successfully deleted
- add ippool - page 3-3
reset ippool - page 3-5
set ippool - page 3-10
set ippool default - page 3-12
show table ippool - page 3-25
reset ippool
- This command activates changes to a named IP pool configuration and converts IP address ranges as routes for propagation through routing protocols.
reset ippool
- The PortMaster 4 supports named IP pools on ComOS 4.1 and later releases.
- After you enter the reset ippool command, the new routing protocols can take a short while to replace the old routes.
- Command> reset ippool
IP Pool reset
- add ippool - page 3-3
delete ippool - page 3-4
set ippool - page 3-10
set ippool default - page 3-12
show table ippool - page 3-25
set assigned_address
- This command sets the base IP address of the assigned address pool.
Note ¯
You must first use the set view command to select a board for configuration.
-
set assigned_address Ipaddress
Ipaddress
| Base IP address assigned. Set Ipaddress to 0.0.0.0 to deselect the assigned address.
|
- The PortMaster allocates a pool of addresses starting at the assigned base address and counting up. The total number of addresses is equal to the number of ports configured for network dial-in. If someone dials in and requests an unused address from the pool, that is assigned. If someone dials in and requests any address, the next address from the pool is assigned. If someone disconnects, their address is placed at the end of the pool for reuse.
Note ¯
You must use the command save all and reset the slot after setting or changing the base IP address.
Example
Command 1> set assigned 172.16.200.220
First Assigned address changed from 0.0.0.0 to 172.16.200.220
See Also
set pool - page 3-21
set user destination - page 10-5
set call-check
- This command provides the choice of supporting or disabling the RADIUS call-check feature on the PortMaster 4 products that support ISDN PRI or in-band signaling.
set call-check on|off
on
| Enables the call-check feature on the PortMaster connected to the PRI or in-band signaling interface.
|
off
| Disables the call-check feature. This is the default.
|
Caution ¯
To support the call-check feature, you must configure RADIUS 2.1 Call-Check profiles; otherwise, the PortMaster issues a busy signal to every call. See the RADIUS for UNIX Administrator's Guide for more information.
- The call-check feature enables user services without authenticating the user at the point of entry. Call-check is off by default. Use the show global command find out if call-check is enabled on your PortMaster.
Example
Command> set call-check on
Call Check changed from off to on
See Also
- set l2tp - page 17-4
set l2tp-lac - page 17-7
set Line0 signaling r2generic|mfr2 - page 15-16
set chap
- This command provides the choice of supporting or disabling the Challenge Handshake Authentication Protocol (CHAP) authentication for dial-in users.
set chap on|off
on
| If PPP is detected on a port, the PortMaster allows the user to negotiate CHAP as the authentication protocol. This is the default.
|
off
| CHAP authentication is disabled.
|
- If you do not want to support CHAP authentication, you must set CHAP to off . With both PAP and CHAP off, the only authentication method allowed is a username-password login.
Example
Command> set chap off
CHAP authentication changed from on to off
See Also
set location chap - page 11-6
set pap - page 3-19
show global - page 2-28
set chassis
- This command identifies the chassis to the PMVision application as either a PortMaster 4 or an AnyMediaTM MultiService Module (MSM).
set chassis pm4|msm-rac
pm4
|
Identifies the chassis as a PortMaster 4. This is the default.
|
msm-rac
|
Identifies the chassis as an MSM.
|
- The PortMaster 4 supports the set chassis command on ComOS 4.1 and later releases. To configure the PortMaster 4 in an MSM chassis using PMVision, you must first set the chassis to msm-rac .
- If set to msm-rac , the PortMaster 4 displays the chassis type when you use the command show global . No additional chassis information is provided if you set the chassis to pm4 .
Note ¯
Use the save all command to save changes to nonvolatile RAM.
-
set dhcp-server
- This command configures a PortMaster to forward a Dynamic Host Configuration Protocol (DHCP) request from a dial-in client to be forwarded to the specified DHCP server.
set dhcp-server Ipaddress
Ipaddress
| IP address or 39-character hostname--except for 255.255.255.255. You cannot forward a DHCP packet to the broadcast address.
|
- This command is used to support the Cable Modem Telephone Return Interface Specification (CMTRIS) developed by Multimedia Cable Network System (MCNS) Partners Limited. This specification requires that a cable modem using the telephone interface as an upstream channel be able to request and receive the cable interface address and configuration information using a DHCP request.
- ComOS modifies the received DHCP request by removing the broadcast address and replacing it with the DHCP server's address. This address enables the DHCP server to direct the response to the dial-in client of the cable modem. The DHCP server sends configuration information to the dial-in client of the cable modem to be used to configure the cable interface.
- ComOS does not add routes to its table when forwarding or returning DHCP requests. It transparently forwards and returns DHCP requests from dial-in clients to the specified server.
- For more information about using this command, refer to the PortMaster 4 Configuration Guide .
- To view DHCP relaying information, use the command set console , followed by the command set debug 0x81 .
- To disable DHCP reply information, set the IP address to 0.0.0.0.
Note ¯
This command does not support DHCP requests from the Ethernet or requests from a PortMaster 2Ei or Office Router OR-U.
-
-
set domain
- This command sets the domain name to use with hostname lookups.
set domain String|none
String
| Domain name. Maximum of 31 characters.
|
none
| Disables the domain feature.
|
- Enter the domain name of your network in this command after you have selected the Network Information Service (NIS) or Domain Name System (DNS) as your name service and have set a name server address.
Example
Command> set domain lucent.com
Domain changed from to lucent.com
See Also
set namesvc - page 3-18
set nameserver - page 3-17
set host
- This command sets the default IP address or hostname for login sessions on the PortMaster 4.
set host [1|2|3|4] Ipaddress
1 |2 |3 |4
| Specifies alternate hosts, with the primary host being 1. The default is 1.
|
Ipaddress
| IP address or hostname of a login host or device host.
|
- Use this command only if you want the PortMaster to provide login or host device service. Setting host to 0.0.0.0 removes the entry.
Example
Command> set host 172.16.200.1
Default host changed from to 172.16.200.1
See Also
set C0 host - page 5-15
set C0 service_device - page 5-30
set C0 service_login - page 5-31
set user host - page 10-8
set user service - page 10-17
set ippool
- This command adds a range of IP addresses to a named IP pool and assigns it an optional gateway address.
set ippool Name |default Ipaddress /NM|Ipaddress Netmask [Gateway ]
Name
| Name of the IP pool in the IP pool table--a string of up to 31 characters.
|
default
| Sets the PortMaster 4 to use the default IP pool in the IP pool table. The PortMaster 4 assigns a user an address from the IP range of the default IP pool only if both of the following are true:
· The Named-IP-Pool attribute is not configured in RADIUS.
· The Quad T1 or Tri E1 board's assigned IP range is set to 0.0.0.0.
See the PortMaster 4 Configuration Guide for more information.
|
Ipaddress/NM
| Specifies the range of named IP pool addresses.
|
| Ipaddress
| Base IP address in dotted decimal notation for the range. The PortMaster 4 increments this IP address by 1 when assigning IP addresses to users.
|
| / NM
| Integer between 1 and 30. Because the PortMaster does not use the first and last addresses specified in a range, you cannot use the masks 31 and 32 because they contain two hosts or fewer.
|
Ipaddress Netmask
| Alternate method of specifying a named IP pool range.
|
| Ipaddress
| Base IP address in dotted decimal notation for the range.
|
| Netmask
| Netmask in dotted decimal notation.
|
Gateway
| Optional gateway IP address for the specified range in the IP pool expressed in dotted decimal notation.
When the PortMaster receives a packet from a user with an assigned gateway address, the PortMaster forwards the packet to this gateway address instead of consulting its routing table.
If no gateway is specified for the range, the PortMaster uses the default address assigned to the IP pool. If no default address is set for the IP pool, the PortMaster consults its routing table.
|
-
- The PortMaster 4 supports named IP pools on ComOS 4.1 and later releases. Up to eight ranges can be assigned to any single named IP pool. The PortMaster 4 assigns address ranges--except the first and last addresses--to users, using the first ranges before the latter ranges. Each range has a base address associated with it and is incremented to assign addresses. The number of addresses in a range is determined by the netmask.
- To activate changes to a named IP pool configuration, you must use the reset ippool command.
Examples
1. The following example uses the format Ipaddress / NM to assign the of IP addresses of a range. Note that the 24-bit mask assigns 254 available IP addresses--the first and last addresses are not assigned to users.
Command> set ippool livermore address-range 192.168.1.0/24 10.34.56.78
Range 192.168.1.0/24 256 with gateway 10.34.56.78 add to livermore
2. The following example uses the format Ipaddress Netmask to assign a range of IP addresses to a named IP pool. No gateway address is specified for this range.
Command> set ippool livermore address-range 192.168.1.0 255.255.255.0
Range 192.168.1.0/24 256 with gateway 0.0.0.0 add to livermore
See Also
- add ippool - page 3-3
delete ippool - page 3-4
reset ippool - page 3-5
set crossbar-ip - page 7-5
set ippool default - page 3-12
show table ippool - page 3-25
set ippool default-gateway
- This command sets the default gateway address for an entire named IP pool.
set ippool Name default-gateway Gateway
Name
| Name of the IP pool in the IP pool table--a string of up to 31 characters.
|
Gateway
| Default gateway address for the named IP pool in dotted decimal notation.
|
- The PortMaster 4 supports IP named pools on ComOS 4.1 and later releases.
- You can assign a gateway address to each named IP pool, or assign a default gateway address for all named IP pools. The default gateway also functions as a crossbar IP address.
- When a packet comes in from a user assigned a gateway address, the PortMaster forwards the packet to the gateway address instead of consulting its routing table. If a gateway address is not assigned to a range, the range uses the default gateway address of the named IP pool. If the named IP pool is not assigned a default address, then no crossbar IP is used and the PortMaster consults its routing table.
- Command> set ippool shelbyville default 192.168.1.1
Pool default gateway set to 192.168.1.1
- add ippool - page 3-3
delete ippool - page 3-4
reset ippool - page 3-5
set crossbar-ip - page 7-5
set ippool - page 3-10
show table ippool - page 3-25
set ipx
- This command enables or disables PortMaster support for the Novell Internet Packet Exchange (IPX) protocol.
set ipx on|off
on
| Enables support for the IPX protocol.
|
off
| Disables support for the IPX protocol. This is the default.
|
-
- To enable support for IPX, you must use this command. After changing the IPX setting, you must use the save all command and reboot the PortMaster to make the change take effect.
set ipxgateway
- This command sets a static default route for all IPX packets not routed by a more specific route.
set ipxgateway Network |Node Metric
Network
| 32-bit hexadecimal address of the IPX network of the gateway router.
|
Node
| 48-bit hexadecimal node address of the gateway router. This is usually the MAC address of the gateway router.
|
Metric
| An integer with a value between 1 and 15 that determines the hop count.
|
-
- When troubleshooting IPX routing problems, you can reset the IPX gateway by resetting the network and node numbers to zeros. For more information on troubleshooting IPX routing problems, refer to the PortMaster Troubleshooting Guide .
Examples
Command> set ipxgateway tyche:010101010101 1
IPX Gateway set to tyche:010101010101, metric = 1
Command> set ipxgateway 00000000:000000000000
IPX gateway reset
-
set local-ip-address
- This command assigns up to four local IP addresses to the PortMaster 4 that are not limited by network interface.
set local-ip-address [1|2|3|4] Ipaddress
1 |2 |3 |4
| Sets the local IP address for the PortMaster 4. The default local IP address is 1.
|
Ipaddress
| IP address or hostname--up to 39 characters. Setting the IP address to 0.0.0.0 clears the local IP address.
|
- The PortMaster 4 uses the local IP address as follows:
- First, the PortMaster 4 can advertise its local IP addresses as host routes through configured routing protocols such as OSPF and RIP Version 2 (RIP-2), allowing PortMaster 4 services to be referenced to a particular IP address independent of any one network interface.
- Second, the PortMaster 4 uses the local IP address to determine how it identifies itself during PPP negotiations for the IP Control Protocol (IPCP), and in the source address of an IP packet. For additional information, see the PortMaster 4 Configuration Guide .
- If local addresses are set, the ifconfig command displays the logical interfaces as local10 , local11 , local12 , and local13 . To display logical interfaces, use the ifconfig command.
set loghost
- This command sets the IP address or name of the host to which the PortMaster sends syslog messages.
set loghost Ipaddress
Ipaddress
| Loghost IP address or 39-character hostname. Set Ipaddress to 0.0.0.0 to deselect the host.
|
- Informational syslog messages are sent to the host with the following defaults:
- Facility--auth
- Priority--info
- Setting the IP address to 0.0.0.0 disables syslog at the PortMaster.
Note ¯
You must use the command save all and reboot the manager module after making changes to the loghost address. You can also use the reset nHandle command to reset the UDP port 514 connection.
- RADIUS accounting provides a more complete method for logging usage information. Refer to the RADIUS for UNIX Administrator's Guide or the RADIUS for Windows NT Administrator's Guide for more information.
Note ¯
Do not use a loghost at a location configured for on-demand connections, because doing so will keep the connection up or bring up the connection each time a syslog message is queued for the syslog host.
- set syslog - page 3-23
set maximum pmconsole
- This command sets the maximum number of concurrent connections for management applications allowed into the PortMaster.
set maximum pmconsole Number
Number
| The maximum number of concurrent connections to allow. Default is 1; maximum is 10.
|
- The programs PMVision, ChoiceNet, pmreadconf , pmreadpass , pmcommand , pmreset , pminstall , and other applications connect to TCP port 1643 on the PortMaster. If you set the maximum number of connections to 2 or higher, more than one program can connect at the same time.
- If you use ChoiceNet to download filters dynamically, be sure to set the maximum number of connections set to 10.
Note ¯
If two or more GUIs are used to configure the PortMaster 4 at the same time, each might not see the change made by the others.
- All 1643 network connections must disconnect from the PortMaster for the new settings to take effect. Use the reset nHandle command to reset network handles. To view open network connections, use the show netconns command.
Example
Command> set maximum pmconsole 2
Maximum PMconsole sessions changed from 0 to 10
See Also
set serial-admin - page 3-22
set telnet - page 3-25
set nameserver
- This command sets the name server IP address.
set nameserver [1|2] Ipaddress
1
| Sets the primary name server. This is the default.
|
2
| Sets an alternate name server.
|
Ipaddress
| IP address in dotted decimal notation.
|
- This command sets the server used for DNS or NIS hostname lookups. Setting Ipaddress to 0.0.0.0 cancels the setting.
set namesvc
- This command sets the service (NIS or DNS) used for resolving hostnames.
set namesvc dns|nis
dns
| Uses the Domain Name System (DNS) for hostname lookups.
|
nis
| Uses the Network Information Service (NIS) for hostname lookups.
|
- A name service should be selected only if users are prompted for hosts that require a name service for resolution to an IP address, or to display hostnames instead of addresses in the administrative command line interface. If the service is set to DNS, the PortMaster sends DNS server information to PPP dial-in users as specified in RFC 1877.
Example
Command> set namesvc dns
Name Service changed from NIS to DNS
See Also
set domain - page 3-9
set nameserver - page 3-17
set netbios
- This command sets the NetBIOS parameter for use with IPX.
set netbios on|off
on
| The PortMaster broadcasts type 20 packets.
|
off
| Type 20 packets are not broadcast across the router. The default is off .
|
-
- Full NetBIOS protocol compliance requires that this command be set to on . The PortMaster then propagates and forwards type 20 broadcast packets across your IPX network. Be aware of this behavior before changing from the default of netbios off .
set pap
- This command provides the choice of accepting either Password Authentication Protocol (PAP) or CHAP authentication for dial-in users, or CHAP only.
set pap on|off
on
| If PPP is detected on a port, the PortMaster allows the user to negotiate PAP as the authentication protocol. If PAP is refused, the user is prompted to authenticate with CHAP. This is the default.
|
off
| The PortMaster does not request or accept PAP authentication.
|
- With PAP set to off , the default is to support CHAP. If you do not want to support CHAP authentication, you must disable CHAP (see page 3-7).
set password
- This command sets the PortMaster administrative password.
set password [Password]
Password
| String of up to 15 characters. Default is no password.
|
- When shipped, the PortMaster has no password. You must enter a password to protect the PortMaster administrative features. Using the command set password without a Password value erases the administrative password.
- The password string cannot start with a question mark (?).
set pool
- This command explicitly sets the size of the assigned pool of IP addresses.
Note ¯
You must first use the set view command to select a board for configuration.
-
set pool Number
Number
| Number of IP addresses to allocate to the pool. The valid range on a PortMaster 4 is from 0 to 96.
|
- After you set or change the pool size of IP addresses, you must reset the slot for the change to take effect.
Example
Command> set pool 12
Assigned address pool size changed from 0 to 12
See Also
set assigned-address - page 3-5
set reported_ip
- This command reports an IP address different from the Ether0 address used during PPP negotiation and Serial Line Internet Protocol (SLIP) startup.
set reported_ip Ipaddress
- The IP address of any PortMaster product can be used with this command. This feature is valuable for sites that require a number of PortMaster products to appear as a single IP address to other networks. With PPP, this information is placed in the startup message, and the PortMaster products report this address to other networks. With SLIP, this information is placed in the startup message.
- Setting Ipaddress to 0.0.0.0 cancels the setting.
Example
Command> set reported_ip 172.16.200.1
Reported IP address changed from 0.0.0.0 to 172.16.200.1
See Also
set Ether0 address - page 4-3
set user local-ip-address - page 10-11
set serial-admin
- This command enables or disables administrative logins on the serial ports of the PortMaster.
set serial-admin on|off
on
| Enables administrative logins on serial ports. This is the default.
|
off
| Disables administrative logins on serial ports.
|
- If administrative logins--!root --are disabled, you can still use port S0 (or C0) for !root login by setting the console DIP switch to the left (on) position.
set shutdown-temp
- This command manually sets the threshold temperature for all the boards and modules of the PortMaster 4.
set shutdown-temp Number
Number
| Shutdown temperature--integer between 30° C and 90° C (86° F and 194° F).
|
- The PortMaster 4 supports the set shutdown-temp command on ComOS 4.1 and later releases.
- Each board on the PortMaster 4 has a temperature sensor. The PortMaster 4 shuts down a board or module when the temperature of the board or module reaches the set threshold temperature.
- To view the shutdown-temp setting, use the show global command .
- For additional information about PortMaster 4 temperature management, see the PortMaster 4 Installation Guide . If the shutdown temperature is not set, the PortMaster 4 begins turning boards off when it reaches an internal temperature of 50° C (122° F) until the temperature goes below 45° C (113° F). Boards are turned off in order of slot number, with the highest-numbered slot being turned off first.
- To turn on a board that has been turned off, use the set slot on command.
- set slot - page 2-17
set syslog
- This command changes the syslog settings for logged events.
set syslog Logtype {[disabled] [Facility.Priority]}
Logtype
| Sets logging for the following five areas. Use the following keywords:
|
| admin-logins
| !root and administrative logins.
|
| user-logins
| Nonadministrative logins. You might want to disable this type of logging if you already use RADIUS accounting.
|
| packet-filters
| Packets that match filter rules with the log keyword.
|
| commands
| Every command entered at the command line interface.
|
| termination
| More detailed information on how user sessions terminate.
|
disabled
| Turns off logging for the Logtype specified.
|
Facility.Priority
| Sets the facility and priority to be assigned to syslog messages. See Table 3-2 on page 3-24 and Table 3-3 on page 3-24 for Facility and Priority keywords. Enter the Facility and Priority keywords separated by a period (.) with no spaces.
|
- The keywords to use for Facility and Priority are shown in Table 3-2 and Table 3-3. Lucent recommends that you use the auth facility or local0 through local7 facilities for receiving syslog messages from PortMaster products, but all the facilities listed in Table 3-3 are provided. See your operating system documentation for information on configuring syslog on your host.
Table 3-2 syslog Facility Keywords
Facility
|
Facility Number
|
Facility
|
Facility Number
|
kern
| 0
| cron
| 15
|
user
| 1
| local0
| 16
|
mail
| 2
| local1
| 17
|
daemon
| 3
| local2
| 18
|
auth
| 4
| local3
| 19
|
syslog
| 5
| local4
| 20
|
lpr
| 6
| local5
| 21
|
news
| 7
| local6
| 22
|
uucp
| 8
| local7
| 23
|
Table 3-3
Priority
|
Priority Number
|
Typical Use
|
emerg
| 0
| System is unusable.
|
alert
| 1
| Action must be taken immediately.
|
crit
| 2
| Critical messages.
|
err
| 3
| Error messages.
|
warning
| 4
| Warning messages.
|
notice
| 5
| Normal but significant message.
|
info
| 6
| Informational message.
|
debug
| 7
| Debug-level messages.
|
syslog Priority Keywords
Example
Command> set syslog commands local0.debug
Syslog setting for commands changed from disabled to local0.debug
See Also
set loghost - page 3-16
set telnet
- This command sets the Telnet administrative port.
set telnet Tport
Tport
| Telnet administrative port--a decimal 16-bit number from 0 to 65535. Default is 23.
|
- This command allows the administrator to use the Telnet protocol to maintain the PortMaster. The value is a number from 0 to 65535. If set to 0, the PortMaster disables the Telnet administration function. Ports numbered 10000 through 10100 are reserved for outbound users and must not be used for this function.
- The maximum number of concurrent Telnet sessions on the PortMaster 4 is 20.
Example
Command> set telnet 23
Setting Telnet Administration port to 23
See Also
set maximum pmconsole - page 3-17
set serial-admin - page 3-22
telnet - page 2-44
show table ippool
- This command displays the named IP pool configuration.
show table ippool
Example
Command> show table ippool
|
Name: livermore
| Default Gateway: 10.23.45.56
|
|
|
Address/netmask
| Gateway
|
------------------
| --------------------
|
192.168.1.0/29
| 0.0.0.0
|
192.168.2.253/30
| 0.0.0.0
|
192.168.3.50/25
| 0.0.0.0
|
10.4.5.0/24
| 192.168.222.3
|
Explanation
Name
| Name of IP pool.
|
Default Gateway
| Default gateway for the specified named IP pool.
|
Address/netmask
| Range of the named IP pool.
|
Gateway
| Specified gateway address for the named IP pool range.
|
See Also
- add ippool - page 3-3
delete ippool - page 3-4
reset ippool - page 3-5
set ippool - page 3-10
set ippool default - page 3-12
RADIUS Client Commands
- The RADIUS commands in Table 3-4 configure the PortMaster to use a RADIUS server. RADIUS is consulted if a port is set for security on and a user is not found in the PortMaster user table. ChoiceNet client commands begin on page 3-30, and SNMP commands begin on page 3-32.
Table 3-4 RADIUS Client Configuration
Command Syntax
|
|
---|
set accounting [1|2|3] Ipaddress [Uport]
| - see page 3-27
|
set accounting count Number |interval Seconds
| - see page 3-28
|
set authentication_server [1|2|3] Ipaddress [Uport]
| - see page 3-29
|
set secret String
| - see page 3-30
|
- The following commands configure the PortMaster as a RADIUS client. For RADIUS server configuration information, see the RADIUS for UNIX Administrator's Guide or the RADIUS for Windows NT Administrator's Guide.
set accounting
- This command designates a host as the primary, secondary, or tertiary RADIUS accounting server.
set accounting [1|2|3] Ipaddress [Uport]
1
| Designates the primary RADIUS server. This is the default.
|
2
| If present, designates a host as the alternate accounting server.
|
3
| If present, designates a host as the tertiary accounting server.
|
Ipaddress
| IP address or 39-character hostname running a RADIUS accounting server on UDP port 1646.
|
Uport
| Integer between 0 and 65535 that specifies the UDP port to be used for RADIUS accounting. Setting the port number to 0 or not specifying a port number sets the UDP port to 1646.
|
- You can designate a primary RADIUS accounting server and up to two alternates, but you must assign a different iP address to each server. The accounting server daemon must be present on the host for the RADIUS accounting server to function correctly. Set Ipaddress to 0.0.0.0 to deselect the accounting server.
- The PortMaster 4 uses one of the following criteria to determine whether to send accounting packets to a secondary accounting server instead of the primary accounting server:
- The primary RADIUS accounting server does not respond within 10 minutes. The PortMaster retries the accounting server once every 45 seconds.
- The primary RADIUS accounting server does not respond, and 50 accounting packets are waiting to be sent.
Examples
Command> set accounting 10.0.0.3
Accounting Server changed from 0.0.0.0 1646 to 10.0.0.3 1646
Command> set accounting 10.0.0.3 1813
Accounting Server changed from 10.0.0.3 1646 to 10.0.0.3 1813
Command> set accounting 2 10.0.0.4 1813
Alternate Accounting Server changed from 0.0.0.0 1646 to 10.0.0.4 1813
See Also
set authentication_server - page 3-29
set secret - page 3-30
set accounting count|interval
- This command sets the retry count and time interval for a PortMaster sending RADIUS accounting packets to the RADIUS server.
set accounting count Number |interval Seconds
count Number
| Number of times the PortMaster 4 attempts to send a RADIUS accounting packet without acknowledgement from the RADIUS server.
Number is an integer between 1 and 99.
|
interval Seconds
| Elapsed time--in seconds--between attempts by the PortMaster to send a RADIUS accounting packet to the RADIUS server.
Seconds is an integer between 1 and 255. The default is 30 seconds.
|
- The PortMaster 4 supports this command on ComOS 4.1.1 and later releases.
- The PortMaster 4 sends each RADIUS accounting packet to the RADIUS accounting server based on the number of seconds specified. The PortMaster continues to resend the accounting packet until it receives an acknowledgement from the RADIUS server or until the number of attempts reaches the count specified.
- To view the accounting count and accounting interval settings, use the show global command.
- Command> set accounting count 45
Accounting retry count changed from 23 to 45
- Command> set accounting interval 60
Accounting retry interval changed from 30 to 60 sec
set authentication_server
- This command sets the primary, secondary, or tertiary RADIUS authentication server.
set authentication_server [1|2|3] Ipaddress
1
| Designates the primary authentication server. This is the default.
|
2
| If present, designates a host as the secondary authentication server.
|
3
| If present, designates a host as the tertiary authentication server.
|
Ipaddress
| IP address or 39-character hostname for a host running a RADIUS authentication server on UDP port 1645.
|
Uport
| Integer between 0 and 65535 that specifies the UDP port to be used for RADIUS authentication. Setting the port number to 0 or not specifying a port number sets the UDP port to 1645.
|
[Uport ]
- Set Ipaddress to 0.0.0.0 to deselect the primary authentication server. For more information about setting up a RADIUS authentication server, refer to the RADIUS for UNIX Administrator's Guide or the RADIUS for Windows NT Administrator's Guide.
- You can also use the set alternate_auth_server command to set the secondary authentication server.
Examples
Command> set authentication 1 10.0.0.3
Authentication Server changed from 0.0.0.0 1645 to 10.0.0.3 1645
Command> set authentication 1 10.0.0.3 1812
Authentication Server changed from 10.0.0.3 1645 to 10.0.0.3 1812
See Also
set accounting - page 3-27
set C0 security - page 5-29
set secret - page 3-30
set secret
- This command sets the RADIUS shared secret.
set secret String
String
| Shared secret, which has a maximum of 15 printable, nonspace ASCII characters. The string cannot begin with a question mark (?).
|
- This value functions as the user's password in a RADIUS Access-Request, and must match the secret used by the RADIUS server.
Example
Command> set secret expli7%QZixZZy7
Authentication Secret successfully changed
See Also
set authentication_server - page 3-29
set C0 security - page 5-29
ChoiceNet Client Commands
- The ChoiceNet commands in Table 3-5 configure the PortMaster to use a ChoiceNet server for filter management.
Table 3-5 ChoiceNet Client Configuration
Command Syntax
|
|
---|
set choicenet [1|2] Ipaddress [Uport]
| - see page 3-31
|
set choicenet-secret String
| - see page 3-31
|
set debug choicenet on|off
| - see page 14-4
|
- The following commands configure the PortMaster as a ChoiceNet client. For ChoiceNet server configuration, see the ChoiceNet Administrator's Guide.
set choicenet
- This command designates a host as the primary or alternate ChoiceNet server.
set choicenet [1|2] Ipaddress [Uport]
1
| Designates the primary ChoiceNet server. This is the default.
|
2
| If present, designates a host as the alternate ChoiceNet server.
|
Ipaddress
| IP address or 39-character hostname of the host running a ChoiceNet server on UDP port 1647.
|
Uport
| Integer between 0 and 65535 that specifies the UDP port to be used for ChoiceNet. Setting the port number to 0 or not specifying a port number sets the UDP port to 1647.
|
- You can designate both primary and alternate ChoiceNet servers, but do not set them to the same IP address.
- Set Ipaddress to 0.0.0.0 to deselect the ChoiceNet server.
Examples
Command> set choicenet 10.0.0.5
ChoiceNet Server changed from 0.0.0.0 1647 to 10.0.0.5 1647
Command> set choicenet 10.0.0.5 6047
ChoiceNet Server changed from 10.0.0.5 1647 to 10.0.0.5 6047
set choicenet-secret
- This command sets the ChoiceNet secret.
set choicenet-secret String
String
| Shared secret. Maximum length is 15 printable, nonspace ASCII characters. The string cannot begin with a question mark (?).
|
- The shared secret is used to authenticate communications between the PortMaster and the ChoiceNet server.
Example
Command> set choicenet-secret vizkaRg76poj
ChoiceNet Secret successfully changed
See Also
set choicenet - page 3-31
SNMP Commands
- The commands in Table 3-6 allow you to configure the PortMaster as a Simple Network Management Protocol (SNMP) agent. Use SNMP writes only if you understand the risks involved.
Table 3-6 SNMP Commands
Command Syntax
|
|
---|
add snmphost reader|writer any|none|Ipaddress
| - see page 3-32
|
clear alarms |alarm {Alarm-id |all }
| - see page 3-33
|
delete snmphost reader|writer|Ipaddress
| - see page 3-34
|
save snmp
| - see page 3-35
|
set snmp on|off
| - see page 3-35
|
set snmp readcommunity|writecommunity String
| - see page 3-36
|
set sysname String
| - see page 2-18
|
show alarms [Alarm-id]
| - see page 3-37
|
show table snmp
| - see page 3-38
|
add snmphost
- This command allows you to control SNMP security by specifying the addresses of the read-and-trap hosts and/or write hosts that are permitted to access SNMP information.
add snmphost reader|writer any|none|Ipaddress
reader
| Adds a read-and-trap host.
|
writer
| Adds a write host.
|
any
| All hosts using the correct read or write community string are permitted to read or write SNMP information.
|
none
| No SNMP reads or writes are accepted by the PortMaster.
|
Ipaddress
| IP address or hostname--up to 39 characters--of the read or write host.
|
- The specification of read-and-trap host and write host allows another level of security beyond the community strings. If SNMP hosts are specified, each host wanting to access SNMP information must possess the correct community string and must also be on the read-and-trap host or write host list.
Example
Command> add snmphost reader 192.168.1.99
New SNMP reader 192.168.1.99 successfully added
Command> add snmphost writer none
See Also
delete snmp host - page 3-34
save snmp - page 3-35
set snmp - page 3-35
show table snmp - page 3-38
clear alarms
- This command deletes recorded instances of SNMP traps--notifications of certain events.
clear alarms|alarm {Alarm-id |all}
alarms
| Clears all alarms.
|
alarm Alarm-id
| Clears a specific instance of an alarm. Use the show alarms command to display alarm ID numbers.
|
alarm all
| Clears all alarms.
|
- A recorded instance of an alarm remains unless you use the command clear alarms.
Command> show alarms
|
Alarm Id
|
Age
|
Severity
|
Alarm Message
|
--------
|
------
|
---------
|
------------------------------------
|
4001608
|
3days:11
|
0
|
slot 1 T1 line(0) down
|
|
|
|
|
Command> clear alarm all
|
Command> show alarms
|
|
Alarm Id
|
Age
|
Severity
|
Alarm Message
|
Example
See Also
show alarms - page 3-37
delete snmphost
- This command deletes read-and-trap or write hosts that are allowed to access SNMP information.
delete snmphost reader|writer Ipaddress
reader
| Use to delete a read-and-trap host.
|
writer
| Use to delete a write host.
|
Ipaddress
| IP address or hostname of the read-and-trap or write host.
|
save snmp
- This command saves the settings of the SNMP parameters in the SNMP table.
save snmp
- This command writes the SNMP table settings to the nonvolatile RAM of the PortMaster. You can also use save all .
set snmp
- This command allows you to enable or disable PortMaster support for SNMP monitoring.
set snmp on|off
on
| Enables support for SNMP.
|
off
| Disables support for SNMP. This is the default.
|
- To enable support for SNMP, you must use set snmp on .
Note ¯
After enabling or disabling SNMP, you must use the save snmp or save all command and reboot the PortMaster before the change takes effect.
set snmp readcommunity|writecommunity
- This command sets the read and write community strings used for SNMP security.
set snmp readcommunity|writecommunity String
readcommunity
| Sets the read community.
|
writecommunity
| Sets the write community.
|
String
| String up to 16 characters long. Default for read is public ; default for write is private .
|
Note ¯
Use of the default write community string (private ) is strongly discouraged. Because it is the default, it is known to all users and therefore provides no security. If possible, use some other value for the write community string.
- Community strings allow you to control access to the Management Information Base (MIB) information on selected SNMP devices (such as the PortMaster).
- A host must know the read community string to read the MIB information, and must know the write community string to set information on the SNMP agent.
Example
Command> set snmp read public
SNMP read community changed to: public
See Also
add snmphost - page 3-32
save snmp - page 3-35
set snmp - page 3-35
show table snmp - page 3-38
show alarms
- This command displays instances of SNMP traps--notifications of certain events--that have occurred on the entire PortMaster 4.
show alarms|[Alarm-id]
Alarm-id
| Number that identifies a specific instance of an alarm.
|
- An alarm is an instance of a trap. The command show alarms generates a list of all traps that have occurred--except for recurring traps, which are summarized and identified by an asterisk (*). If SNMP is enabled and a reader is specified, the reader receives traps for the following:
- Nonfunctioning T1, E1, or T3 lines
- Modem failure
- Removal of AC power supplies
- Availability of DC power
- Fan failure
- Overheated line board slots
- Lack of power to line board slots
- Blown fuse
- You can enter this command from any view.
Examples
Command> show alarms
|
Alarm Id
|
Age
|
Severity
|
Alarm Message
|
--------
|
------
|
---------
|
--------------------------------------
|
4763864
|
3 days
|
0
|
T1 line(0) down
|
Command> show alarm 4001608
|
------------------------ Alarm Details --------------------------
|
Alarm Id: 4001608
|
Alarm Message: slot 1 T1 line(0) down
|
Age in minutes: 3days
|
Alarm repeated: 1 times
|
Severity: 0
|
Reported: SNMP
|
See Also
clear alarms - page 3-33
show table snmp
- This command shows the settings in the SNMP table.
show table snmp
- The SNMP table contains the settings for the SNMP read and write communities. View the table to ensure that these communities are set to prevent unauthorized users from changing configuration information.
[Top] [Table Of Contents] [Prev] [Next] [Index]
6 out of 25 total pages
spider@livingston.com
Copyright © 1999, Lucent Technologies. All rights
reserved.