Nortel Application Switch Operating System 23.0.

2

Command Reference

part number: 320506-A, January 2006

4655 Great America Parkway Santa Clara, CA 95054 Phone 1-800-4Nortel http://www.nortel.com

Nortel Application Switch Operating System 23.0.2 Command Reference

Copyright 2006 Nortel Networks, Inc., 4655 Great America Parkway, Santa Clara, California 95054, USA. All rights reserved. Part Number: 320506-A. This document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Nortel Networks, Inc. Documentation is provided “as is” without warranty of any kind, either express or implied, including any kind of implied or express warranty of noninfringement or the implied warranties of merchantability or fitness for a particular purpose. U.S. Government End Users: This document is provided with a “commercial item” as defined by FAR 2.101 (Oct 1995) and contains “commercial technical data” and “commercial software documentation” as those terms are used in FAR 12.211-12.212 (Oct 1995). Government End Users are authorized to use this documentation only in accordance with those rights and restrictions set forth herein, consistent with FAR 12.211- 12.212 (Oct 1995), DFARS 227.7202 (JUN 1995) and DFARS 252.227-7015 (Nov 1995). Nortel Networks, Inc. reserves the right to change any products described herein at any time, and without notice. Nortel Networks, Inc. assumes no responsibility or liability arising from the use of products described herein, except as expressly agreed to in writing by Nortel Networks, Inc. The use and purchase of this product does not convey a license under any patent rights, trademark rights, or any other intellectual property rights of Nortel Networks, Inc.

Nortel Application Switch Operating System, Nortel Application Switch 2424, Nortel Application
Switch 2424-SSL, Nortel Application Switch 2224, 2216, 2208, 3408, Nortel Application Switch 180, Nortel Application Switch 180e, Nortel Application Switch 184, Nortel Application Switch AD3, Nortel Application Switch AD4, and ACEswitch are trademarks of Nortel Networks, Inc. in the United States and certain other countries. Cisco® and EtherChannel® are registered trademarks of Cisco Systems, Inc. in the United States and certain other countries. Check Point® and FireWall-1® are trademarks or registered trademarks of Check Point Software Technologies Ltd. Any other trademarks appearing in this manual are owned by their respective companies. Originated in the U.S.A.

2
320506-A, January 2006

Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Who Should Use This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 How This Book Is Organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22 Typographic Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 How to Get Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24 The Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Connecting to the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 Establishing a Console Connection. . . . . . . . . . . . . . . . . . . . . . . . . .26 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 Establishing a Telnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . .27 Using a BOOTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27 Running Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27 Establishing an SSH Connection . . . . . . . . . . . . . . . . . . . . . . . . . . .28 Running SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 Accessing the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 CLI Versus Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31 Command Line History and Editing . . . . . . . . . . . . . . . . . . . . . . . . . . . .31 Idle Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31 First-Time Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Using the Setup Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33 Information Needed For Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33 Starting Setup When You Log In . . . . . . . . . . . . . . . . . . . . . . . . . . .34 Stopping and Restarting Setup Manually . . . . . . . . . . . . . . . . . . . . .36 Stopping Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36 Restarting Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36 Setup Part 1: Basic System Configuration . . . . . . . . . . . . . . . . . . . .36
3
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

Setup Part 2: Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Setup Part 3: VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Setup Part 4: IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 IP Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Default Gateways. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Setup Part 5: Final Steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Optional Setup for SNMP Support. . . . . . . . . . . . . . . . . . . . . . . . . . 46 Optional Setup for Telnet Support . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Setting Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Changing the Default Administrator Password . . . . . . . . . . . . . . . . 47 Changing the Default User Password. . . . . . . . . . . . . . . . . . . . . . . . 49 Changing the Default Layer 4 Administrator Password. . . . . . . . . . 51 Menu Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53 The Main Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Menu Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Global Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Command Line History and Editing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Command Line Interface Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Command Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Command Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Tab Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Configuration Ranges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 The Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61

Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 System Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 SNMPv3 System Information Menu . . . . . . . . . . . . . . . . . . . 65 SNMPv3 USM User Table Information . . . . . . . . . . . . . . 66 SNMPv3 View Table Information . . . . . . . . . . . . . . . . . . 67 SNMPv3 Access Table Information . . . . . . . . . . . . . . . . . 68 SNMPv3 Group Table Information . . . . . . . . . . . . . . . . . 69 SNMPv3 Community Table Information . . . . . . . . . . . . . 69 SNMPv3 Target Address Table Information . . . . . . . . . . 70 SNMPv3 Target Parameters Table Information . . . . . . . . 71 SNMPv3 Notify Table Information . . . . . . . . . . . . . . . . . 72 SNMPv3 Dump Information . . . . . . . . . . . . . . . . . . . . . . 73
4 Contents
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

General System Information . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Show System Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Show Last 64 Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . 76 Last 64 Saved Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . 77 Management Port Information . . . . . . . . . . . . . . . . . . . . . . . . 78 SONMP Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 System Capacity Information . . . . . . . . . . . . . . . . . . . . . . . . . 80 Show switch fan status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Show switch temperature sensor status . . . . . . . . . . . . . . . . . 83 Show encryption licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Show current user status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 System Information Dump . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Layer 2 Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Layer 2 FDB Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Show All FDB Information . . . . . . . . . . . . . . . . . . . . . . . 92
Clearing Entries from the Forwarding Database. . . . . . . . . . . . . . . .92

Link Aggregation Control Protocol Information Menu . . . . . . . . 93 LACP Aggregator Information . . . . . . . . . . . . . . . . . . . . . . . . 94 LACP Port Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 LACP Dump Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Layer 2 Spanning Tree Group Information . . . . . . . . . . . . . . 98 Show common internal spanning tree (CIST) information . 101 Trunk Group Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Status of port teams. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Layer2 Dump Information . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Layer3 Information Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 IP Routing Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Show All IP Route Information . . . . . . . . . . . . . . . . . . . 108
Type Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109 Tag Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109

IPv6 Routing Information Menu. . . . . . . . . . . . . . . . . . . . . . 110 ARP Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Show ARP Entries on Referenced SP. . . . . . . . . . . . . . . 113 Show All ARP Entry Information . . . . . . . . . . . . . . . . . 114 ARP Address List Information . . . . . . . . . . . . . . . . . . . . 115 IPv6 Neighbor Cache Information . . . . . . . . . . . . . . . . . 115
Contents
320506-A, January 2006

5

Nortel Application Switch Operating System 23.0.2 Command Reference

BGP Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 BGP Peer information. . . . . . . . . . . . . . . . . . . . . . . . . . . 118 BGP Summary information . . . . . . . . . . . . . . . . . . . . . . 119 Dump BGP Information . . . . . . . . . . . . . . . . . . . . . . . . . 119 OSPF Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 OSPF General Information . . . . . . . . . . . . . . . . . . . . . . . 121 OSPF Interface Information . . . . . . . . . . . . . . . . . . . . . . 122 OSPF Database Information . . . . . . . . . . . . . . . . . . . . . . 122 OSPF Information Route Codes . . . . . . . . . . . . . . . . . . . 124 OSPF Dump Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 IP Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 VRRP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Layer3 Dump Information . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Layer 4 Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Session Table Information . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Samples of Session Dumps for Different Applications . . . . . . 135 Session dump information in Nortel Application Switch Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Global SLB Information Menu. . . . . . . . . . . . . . . . . . . . . . . 139 Show All Layer 4 Information . . . . . . . . . . . . . . . . . . . . . . . 140 Bandwidth Management Information . . . . . . . . . . . . . . . . . . . . . 141 BWM IP User Information Menu . . . . . . . . . . . . . . . . . . . . . 142 BWM Contract Information . . . . . . . . . . . . . . . . . . . . . . . . . 144 Security Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Link Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Port Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Software Enabled Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Information Dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
The Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151

Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 System statistics menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Port Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Bridging Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Ethernet Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 Interface Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Interface Protocol Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 162 Link Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
6 Contents
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

RMON Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Port Dump Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Port mirroring statistics menu. . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Layer 2 Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 FDB Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 LACP Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Spanning Tree Group Statistics . . . . . . . . . . . . . . . . . . . 173 Layer 3 Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 OSPF Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 OSPF Global Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . 177 IP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 IP6 Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Route Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 ARP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 VRRP Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 DNS Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 ICMP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 Interface Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 TCP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 UDP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Server Load Balancing Statistics Menu . . . . . . . . . . . . . . . . . . . 199 Server Load Balancing SP statistics Menu . . . . . . . . . . . . . . 202 SP Real Server Statistics. . . . . . . . . . . . . . . . . . . . . . . . . 202 SP Filter Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 SP Maintenance Statistics . . . . . . . . . . . . . . . . . . . . . . . . 204 Global SLB Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . 206 Real Server Global SLB Statistics . . . . . . . . . . . . . . . . . 207 Virtual Server Global SLB Statistics . . . . . . . . . . . . . . . 207 Global SLB Site Statistics. . . . . . . . . . . . . . . . . . . . . . . . 208 Global SLB Maintenance Statistics . . . . . . . . . . . . . . . . 209 Real Server SLB Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Per Service Octet Counters. . . . . . . . . . . . . . . . . . . . . . . . . . . .211

Real Server Group Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 212 Virtual Server SLB Statistics . . . . . . . . . . . . . . . . . . . . . . . . 213 Filter SLB Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 SLB Layer7 Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . 214 Layer7 Redirection Statistics . . . . . . . . . . . . . . . . . . . . . 214 Layer 7 SLB String Statistics . . . . . . . . . . . . . . . . . . . . . 215
Contents
320506-A, January 2006

7

Nortel Application Switch Operating System 23.0.2 Command Reference

Layer 7 SLB Maintenance Statistics. . . . . . . . . . . . . . . . 216 Layer7 Pooling Statistics . . . . . . . . . . . . . . . . . . . . . . . . 218 SLB Secure Socket Layer Statistics . . . . . . . . . . . . . . . . . . . 219 File Transfer Protocol SLB and Filter Statistics Menu. . . . . 220 Active FTP SLB Parsing and Filter Statistics. . . . . . . . . 221 Passive FTP SLB Parsing Statistics . . . . . . . . . . . . . . . . 221 FTP SLB Maintenance Statistics . . . . . . . . . . . . . . . . . . 222 FTP SLB Statistics Dump. . . . . . . . . . . . . . . . . . . . . . . . 222 RTSP SLB Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 DNS SLB Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 WAP SLB Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 SLB Maintenance Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 227 SIP SLB Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Display Workload Manager SASP statistics . . . . . . . . . . . . 230 Clear Workload Manager SASP Statistics . . . . . . . . . . . . . . 230 Display Workload Manager SASP statistics . . . . . . . . . . . . 231 BWM Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 BWM Switch Processor Statistics . . . . . . . . . . . . . . . . . . . . 233 BWM Switch Processor Contract Statistics Menu . . . . . 233 BWM Switch Processor Rate Contract Statistics . . . . . . 233 BWM Contract Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 BWM Contract Rate Statistics . . . . . . . . . . . . . . . . . . . . . . . 235 BWM History Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 BWM Maintenance Statistics . . . . . . . . . . . . . . . . . . . . . . . . 238 BWM IP Users Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 Security Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239 DOS Attack Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . 240
Types of DOS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

IP Access Control List Statistics. . . . . . . . . . . . . . . . . . . . . . 244 UDP Blast Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 UDP Blast Dump Statistics. . . . . . . . . . . . . . . . . . . . . . . 245 UDP Pattern Match Statistics . . . . . . . . . . . . . . . . . . . . . . . . 246 Rate Limiting Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 Dump Statistics for Security . . . . . . . . . . . . . . . . . . . . . . . . . 247 Management Processor Statistics . . . . . . . . . . . . . . . . . . . . . . . . 248 MP Packet Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 TCP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 UCB Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
8 Contents
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

MP-Specific SFD Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 252 CPU Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252 SP Specific Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 SP-Specific Maintenance Statistics . . . . . . . . . . . . . . . . . . . 254 CPU Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 Port Mirroring Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . 255 Management Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 Dump Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
The Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Viewing, Applying, and Saving Changes . . . . . . . . . . . . . . . . . . . . . . .259 Viewing Pending Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259 Applying Pending Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259 Saving the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259

System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 System Host Log Configuration . . . . . . . . . . . . . . . . . . . . . . 263
Seven Levels of Severity . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264

Management Port Configuration Menu . . . . . . . . . . . . . . . . 264 Management Port Link Menu . . . . . . . . . . . . . . . . . . . . . . . . 268 RADIUS Server Configuration. . . . . . . . . . . . . . . . . . . . . . . 268 TACACS+ Server Configuration Menu . . . . . . . . . . . . . . . . 270 NTP Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 271 SynOptics Network Management Protocol Configuration . . 273 System SNMP Configuration . . . . . . . . . . . . . . . . . . . . . . . . 273 SNMPv3 Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . 276 User Security Model Configuration Menu . . . . . . . . . . . 278 SNMPv3 View Configuration Menu . . . . . . . . . . . . . . . 279 View-based Access Control Model Configuration Menu280 SNMPv3 Group Configuration Menu. . . . . . . . . . . . . . . 282 SNMPv3 Community Table Configuration Menu . . . . . 283 SNMPv3 Target Address Table Configuration Menu . . 284 SNMPv3 Target Parameters Table Configuration Menu 285 SNMPv3 Notify Table Configuration Menu . . . . . . . . . 286 System Health Check Configuration Menu . . . . . . . . . . . . . 287 System Access Control Configuration . . . . . . . . . . . . . . . . . 288 Management Networks Menu. . . . . . . . . . . . . . . . . . . . . 289 Port Management Access Menu . . . . . . . . . . . . . . . . . . . . . . 291
Contents
320506-A, January 2006

9

Nortel Application Switch Operating System 23.0.2 Command Reference

User Access Control Menu . . . . . . . . . . . . . . . . . . . . . . . 291 System User ID Configuration Menu . . . . . . . . . . . . . . . 294 HTTPS Access Configuration Menu . . . . . . . . . . . . . . . 295 SSH Server Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 XML Configuration Access Menu . . . . . . . . . . . . . . . . . . . . 298 Example of enabling or disabling XML access . . . . . . . 299 Configure the Timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Nortel Application Switch Operating System 2000 Series . . . . . . 302 Fast Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302 SFP GBIC Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

Port Link Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Nortel Application Switch 3000 Series . . . . . . . . . . . . . . . . . . . . . 306 Port Configuration on Nortel Application Switch 3408. . . . . . . . . 306 Single-Mode ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

Single-Mode Copper Port Gigabit Ethernet Link Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 Single-Mode SFP Gigabit Ethernet Port Link Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Dual-Mode Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

Dual-Mode Copper Port Link Configuration . . . . . . . . . 313 Dual-Mode SFP Gigabit Link Configuration Menu . . . . 314
Temporarily Disabling a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

Port Mirroring Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 Port-Mirroring Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 Bandwidth Management Configuration . . . . . . . . . . . . . . . . . . . 316 Bandwidth Management Contract Configuration . . . . . . . . 319 BWM Contract Time Policy Configuration Menu . . . . . 320 Bandwidth Management Policy Configuration . . . . . . . . . . 322 Bandwidth Management Group Configuration Menu . . . . . 323 Bandwidth Management Current Configuration . . . . . . . . . 324 Layer 2 Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 Multiple Spanning Tree Menu . . . . . . . . . . . . . . . . . . . . . . . 326 Multiple Spanning Tree Menu . . . . . . . . . . . . . . . . . . . . . . . 327 CIST Bridge Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 Current configuration for CIST Bridge . . . . . . . . . . . . . 328 Spanning Tree Group Configuration . . . . . . . . . . . . . . . . . . . . . 329 Bridge Spanning Tree Configuration . . . . . . . . . . . . . . . . . . 331
10 Contents
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

Spanning Tree Port Configuration . . . . . . . . . . . . . . . . . 332 Trunk Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 Link Aggregation Control Protocol Menu . . . . . . . . . . . . . . . . . 335 LACP Port Configuration Menu . . . . . . . . . . . . . . . . . . . . . 338 VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 Port Team Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 Layer 3 Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . 342 IP Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 344 IPv6 Neighbor Discovery Menu . . . . . . . . . . . . . . . . . . . . . . 345 Default IP Gateway Configuration . . . . . . . . . . . . . . . . . . . . 346
Default Gateway Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347

IP Static Route Configuration. . . . . . . . . . . . . . . . . . . . . . . . 348 ARP Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . 348 ARP Static Configuration Menu. . . . . . . . . . . . . . . . . . . 349 IP Forwarding Configuration Menu . . . . . . . . . . . . . . . . . . . 350 Local Network Route Caching Definition . . . . . . . . . . . 350
Defining IP Address Ranges for the Local Route Cache . . . . . . . .351

Network Filter Configuration . . . . . . . . . . . . . . . . . . . . . . . . 352 Route Map Configuration Menu. . . . . . . . . . . . . . . . . . . . . . 353 IP Access List Configuration Menu . . . . . . . . . . . . . . . . 355 Autonomous System Filter Path . . . . . . . . . . . . . . . . . . . 356 Routing Information Protocol Configuration . . . . . . . . . . . . 357 RIP Interface Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 Open Shortest Path First Configuration . . . . . . . . . . . . . . . . 361 Area Index Configuration Menu. . . . . . . . . . . . . . . . . . . 363 OSPF Summary Range Configuration Menu . . . . . . . . 364 OSPF Interface Configuration Menu . . . . . . . . . . . . . . . 365 OSPF Virtual Link Configuration Menu . . . . . . . . . . . . 367 OSPF MD5 Key Configuration Menu . . . . . . . . . . . . . . 368 OSPF Host Entry Configuration Menu . . . . . . . . . . . . . 369 OSPF Route Redistribution Configuration Menu. . . . . . 370 Border Gateway Protocol Configuration . . . . . . . . . . . . . . . 371 BGP Peer Configuration Menu. . . . . . . . . . . . . . . . . . . . 373 BGP Redistribution Configuration Menu . . . . . . . . . . . . 375 BGP Aggregate Routing Configuration Menu . . . . . . . . 377 IP Forwarding Port Configuration Menu . . . . . . . . . . . . . . . 378 Domain Name System Configuration Menu . . . . . . . . . . . . 379 Bootstrap Protocol Relay Configuration Menu . . . . . . . . . . 380
Contents
320506-A, January 2006

11

Nortel Application Switch Operating System 23.0.2 Command Reference

VRRP Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . 381 Virtual Router Configuration Menu . . . . . . . . . . . . . . . . . . . 383 Virtual Router Priority Tracking Configuration . . . . . . . 385 Virtual Router Group Menu . . . . . . . . . . . . . . . . . . . . . . 387 Virtual Router Group Priority Tracking Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388 Virtual Router Group Configuration. . . . . . . . . . . . . . . . . . . 390 Virtual Router Group Priority Tracking Configuration . 392 VRRP Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . 394 VRRP Tracking Configuration . . . . . . . . . . . . . . . . . . . . . . . 395 Default Gateway Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . 396 Security Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . 397 Port Security Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 IP Address Access Control List Configuration Menu . . . . . 400 UDP Blast Protection Configuration Menu . . . . . . . . . . . . . 402 Anomaly and Denial of Service Attack Prevention Menu . . 403 Pattern Matching Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404 SSL Processor Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 Dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407 Saving the Active Switch Configuration . . . . . . . . . . . . . . . . . . 408 Restoring the Active Switch Configuration . . . . . . . . . . . . . . . . 408
The SLB Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . .411

SLB Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Filtering and Layer 4 (Server Load Balancing) . . . . . . . . . . . . 414

Real Server SLB Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 414 Real Server Advanced Menu . . . . . . . . . . . . . . . . . . . . . . . . 419 Buddy Server Health Check Menu . . . . . . . . . . . . . . . . . . . . 420 Real Server Layer 7 Configuration . . . . . . . . . . . . . . . . . . . . 421 Real server IDS Configuration Menu . . . . . . . . . . . . . . . . . . 422 Real Server Group SLB Configuration. . . . . . . . . . . . . . . . . . . . 423
SLB Health Check Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426 Server Load Balancing Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . 429

Virtual Server SLB Configuration . . . . . . . . . . . . . . . . . . . . . . . 431 Virtual Server Service Configuration . . . . . . . . . . . . . . . . . . 434 WTS Load Balancing Menu . . . . . . . . . . . . . . . . . . . . . . . . . 440 HTTP Load Balancing Menu . . . . . . . . . . . . . . . . . . . . . . . . 441
12 Contents
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

SIP Load Balancing Menu . . . . . . . . . . . . . . . . . . . . . . . . . . 442 RTSP Load Balancing Menu . . . . . . . . . . . . . . . . . . . . . . . . 443
Cookie-Based Persistence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .444

SLB Filter Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Defining IP Address Ranges for Filters . . . . . . . . . . . . . . . . . . . . .449

Advanced Filter Configuration . . . . . . . . . . . . . . . . . . . . . . 450 802.1p Advanced Menu . . . . . . . . . . . . . . . . . . . . . . . . . 453 Advanced Filter TCP Configuration. . . . . . . . . . . . . . . . 453 IP Advanced Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
ICMP Message Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455

Layer 7 Advanced Filter Configuration Menu . . . . . . . . 457 Layer 7 SIP Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459 Proxy Advanced Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460 SLB Filter Advanced Security Menu . . . . . . . . . . . . . . . 460 Advanced Security Rate Limiting Configuration Menu. 462 Port SLB Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 Global SLB Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465 GSLB Remote Site Configuration . . . . . . . . . . . . . . . . . . . . 467 GSLB Network Preference Configuration Menu . . . . . . . . . 469 GSLB Rule Configuration Menu . . . . . . . . . . . . . . . . . . . . . 470 Global SLB Rule Metric Menu. . . . . . . . . . . . . . . . . . . . 472 Layer 7 SLB Resource Definition Menu . . . . . . . . . . . . . . . 472 Web Cache Redirection Configuration. . . . . . . . . . . . . . . . . 473 Server Load Balance Resource Configuration Menu . . . . . . 475 SDP Mapping Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 WAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 Synchronize Peer Switch Configuration. . . . . . . . . . . . . . . . . . . 478 Peer Switch Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 479 Advanced Layer 4 Configuration . . . . . . . . . . . . . . . . . . . . . . . . 480 SYN Attack Detection Configuration Menu . . . . . . . . . . . . 483 Advanced SMT Real Server Port Configuration Menu . 483 Inbound Link Load Balancing configuration Menu . . . . . . . 484 Inbound Link Load Balancing Domain Record Menu . . . . . 485 Inbound Link Load Balancing Mapping Menu . . . . . . . 486 Advanced Health Check Configuration Menu . . . . . . . . 486 Scriptable Health Checks Configuration . . . . . . . . . . . . . . . 488 SNMP Health Check Configuration . . . . . . . . . . . . . . . . . . . 490 WAP Health Check Configuration . . . . . . . . . . . . . . . . . . . . 492
Contents
320506-A, January 2006

13

. . . . . . . 509 Removing Optional Software . . . . . . . . . . . . . . . 504 Operations-Level VRRP Options. . . . . . . 514 Uploading a Software Image from Your Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506 Operations-Level IP Options . . . . . . . . . . . . . . . . . . . . . . . . . 496 SLB Peer Proxy IP Address Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519 System Maintenance Options . . . . . . . . . 510 The Boot Options Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522 ARP Cache Options . . . . . . . . . . . . . . . . . . 514 Selecting a Configuration Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522 Forwarding Database Options . . 508 Operations-Level BGP Options . . . . 517 The Maintenance Menu . . . . . . . . . 501 Operations-Level SLB Options . 494 WTP and WSP Content Health Check Menu . . . . . . . . . . . . . .499 Operations Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498 The Operations Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511 Scheduled Reboot of the Switch . . . . 503 Global SLB Operations Menu . . . . . . . . . . . . . . . . . . . . . . . . . . 513 Selecting a Software Image to Run . . . . 497 WorkLoad Management Menu . . . . . . .511 Boot Menu . . . 502 Real Server Group Operations . . . . . . . . . . .Nortel Application Switch Operating System 23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506 IP ACL Operations Menu . . . . 505 Security Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499 Operations-Level Port Options . . . . . . . . . . . . . 512 Downloading New Software to Your Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505 Operations-Level Bandwidth Management Options . . . 508 Activating Optional Software . . . . . . . . . . . January 2006 . . . . . .519 Maintenance Menu . . . . . . . . . . . . 524 14 Contents 320506-A. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523 ARP Entries on a Single Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 Scheduled Reboot Menu . . . . . . . . . . . . . . . . .0. . 495 Proxy IP Address Configuration Menu . . . . . . . . . . . . . . . . . . .2 Command Reference WSP Content Health Check . . . . . . . . . . . . . . . 512 Updating the Switch Software Image . . . . . . . . . . . . . . 515 Resetting the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547 AAA Statistics Menu . . . . . . . . . . . . . . . . .531 The SSL Processor Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528 System Dump Put . . . 551 SSL Configuration Server-specific Menu. . . . . 540 SSL Performance Statistics menu . . . . . . . . . . . . . . . . . . . . . . . . . . 558 SSL Configuration Server Advanced Load Balancing Menu559 SSL Configuration Server Advanced Load Balancing Cookie Menu. . . . . . . . . . . . . . . . . . 548 SSL Performance Configuration Menu . . . . . . . . . . . . . . . . . . . . January 2006 15 . . . . 541 SSL Performance Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552 SSL Configuration Server-specific Trace Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548 SSL Configuration Server Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543 SSL Performance: Single ISD SSL Statistics Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529 Clearing Dump Information . . . 546 SSL Performance: Single IPSEC ISD Statistics Menu . . . . . . . . . . . . 533 SSL Processor Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535 SSL Performance information menu . . . . . . . . . . . . . . . . 556 SSL Configuration Server-specific Advanced Menu . . . . 560 Local VIP Configuration Menu . 526 Debugging Options . . . 545 SSL Performance: Local IPSEC Statistics Menu . . 533 Login to the SSL processor. . . . . . . . . . . . . . .Nortel Application Switch Operating System 23. . . . . . . . . . . . . . . . . . . . . . . . 563 Contents 320506-A. . . . . . . . . . . . . . . . . . 555 SSL Configuration Server-specific TCP Menu . . . . . . . 562 SSL Configuration Server Advanced Load Balancing Health Script Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544 IPSEC Statistics menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562 SSL Configuration Server Advanced Load Balancing Remote SSL Menu . . 542 SSL Performance SSL Local Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . 529 Panic Command . . . . . . . . . . . . . . . . . . . . . . 554 SSL Configuration Server-specific SSL Menu. . . 525 IPv6 Manipulation Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527 Uuencode Flash Dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536 SSL Performance Menu. . . . . . . . . . . . . . . . . . . . . . . 557 SSL Configuration Server Advanced String Menu . .2 Command Reference IP Route Manipulation . . . . . . . . . . . 530 Unscheduled System Dumps . .

. . . . . . . . . . .2 Command Reference SSL Configuration Server Advanced Load Balancing Remote SSL Verification Menu . . 584 SSL VPN Configuration Application specific Menu . . . . . . . . . . . . . . . . . . . . . . . . . . .Nortel Application Switch Operating System 23. . . . . . . . 566 SSL Configuration Revoke Certificate Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595 SSL VPN Configuration AAA Group IPsec Menu . . . . . . . 578 SSL VPN Configuration Authentication Radius Menu . . 597 16 Contents 320506-A. . . . . . . . 592 SSL VPN Configuration AAA Group Extend Profiles Menu . . . . . .0. . . . . . . . . . . . . . . . . . 579 SSL VPN Configuration Authentication Radius Servers Menu . . . . . . . . . . . . . . . . . . . . 572 SSL VPN Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565 SSL Configuration Certificate Menu . 587 SSL VPN Configuration AAA Filter Menu . . . . . . . . . . . . 580 SSL VPN Configuration Authentication Radius Session Timeout Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . 564 SSL Configuration Server Advanced Load Balancing Backend Server Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576 SSL VPN Configuration Authentication Menu . . . . . . January 2006 . . 583 SSL VPN Configuration Service Menu . . . . . . 591 SSL VPN Configuration AAA Group Linkset Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . 588 SSL VPN Configuration AAA Group Menu . . . . . . . . . . . . . . . . . . . . . . . 581 SSL VPN Configuration Authentication Advanced Menu. . . . . . . 571 SSL Configuration Revoke Certificate Automatic Menu. . . . . . . . 582 SSL VPN Configuration Network Subnet Menu . . . . . . . . . . . . . 585 SSL VPN Configuration Application specific Paths Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574 SSL VPN Configuration TunnelGuard Menu . . . . . . 573 SSL VPN Configuration Menu . . . 580 SSL VPN Configuration Authentication Radius Macro Menu . . 594 SSL VPN Configuration AAA Group Extend Profiles Linkset Menu . 595 SSL VPN Configuration AAA Single-sign on Enabled Domains Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582 SSL VPN Configuration Network Menu . . . . . . . . . . . . . 593 SSL VPN Configuration AAA Group Extend Profiles Access Menu. . . . 589 SSL VPN Configuration AAA Group Access Menu . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617 SSL VPN Configuration IP Pool Menu . . . . . . . . . 615 SSL VPN Configuration IPsec Server IKE Profile Diffie-Hellman Group Mask Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609 SSL VPN Configuration Server Advanced Menu . . . . . . . . . . . .Nortel Application Switch Operating System 23. . . . . . . . . . . . . . . . . . . . . . . . . . . . 621 Contents 320506-A. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . January 2006 17 . . . . . . . . . . . . . . . . . . . . . . 616 SSL VPN Configuration IPsec Server IKE Profile NAT Menu . . 601 SSL VPN Configuration Server Traffic Trace Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619 SSL VPN Configuration Portal Colors Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 SSL VPN Configuration Server SSL triggered rewrite Menu. . . . . . 607 SSL VPN Configuration Server Intranet Proxy settings Menu . . . . . . . . . 599 SSL VPN Configuration AAA Radius Accounting Servers Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612 SSL VPN Configuration IPsec Server Menu . . . . . . . . . . . . 612 SSL VPN Configuration IPsec Server IKE Profile Menu . . . . . . . . . . . . . . . . . . . . . . . . . . 611 SSL VPN Configuration Server SSL Connect verify Server Menu . . . . 618 SSL VPN Configuration Portal Menu . . . . 605 SSL VPN Configuration Server HTTP Settings Menu . . . . . . . . . . 601 SSL VPN Configuration Server Menu . . . . . . . . .0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617 SSL VPN Configuration IPsec Server IKE Profile Dead Peer Menu . . . . . . . . . . . . . . . . . . 597 SSL VPN Configuration AAA Radius Accounting Menu . . . . . .2 Command Reference SSL VPN Configuration AAA Single-sign on Headers Menu . . . . . . . . . . . . . . . . . . 603 SSL VPN Configuration Server TCP endpoint Settings Menu . . . . . . . . . . . 614 SSL VPN Configuration IPsec Server IKE Profile Encryption Menu . . . . . . 609 SSL VPN Configuration Server UDP Syslog Traffic Log Menu . . . . . . 599 SSL VPN Configuration AAA Radius Accounting VPN attributes Menu . . . . . . . . . . . . . . . . . . . . . 610 SSL VPN Configuration Server SSL Connect Menu . . 608 SSL VPN Configuration Server Portal settings Menu . . . . . . . . . . . . . . . . . . . . . . . . . . 602 SSL VPN Configuration Server SSL Settings Menu . . . . . .

. . . . . 633 SSL Configuration System Time NTP servers Menu. . . 623 SSL VPN Configuration Linkset Menu . 625 SSL VPN Configuration Linkset Link Internal Setting Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623 SSL VPN Configuration Portal Whitelist settings Domains Menu . . . . . . . . 642 18 Contents 320506-A. . . . . 624 SSL VPN Configuration Linkset Link Menu . . . . . . . . . . . . . . 632 SSL Configuration System Host Port Menu. . . . . . . 637 SSL Configuration System Administrative applications Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621 SSL VPN Configuration Portal Language Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 626 SSL VPN Configuration SSL Client Menu . . 636 SSL Configuration System Access List Menu . . . . . . . . . . . . 636 SSL Configuration System SysLog Servers Menu. . . . . . . . . . . . . 630 SSL Configuration System Host Menu . . . . . . . . . . . . . . . . . . 640 SSL Configuration System Administrative applications SNMP Users Menu . . 633 SSL Configuration System Time Menu . . . . . . . 634 SSL Configuration System DNS Servers settings Menu . . 635 SSL Configuration System RSA servers Menu . . 626 SSL VPN Configuration Advanced Menu . . . . . . . . . . . . . . . . . . . .0.Nortel Application Switch Operating System 23. 638 SSL Configuration System Administrative applications SNMP Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 628 SSL Configuration System Host Menu . . 627 SSL VPN Configuration Advanced DNS settings Menu . . . . . . . . . . 629 SSL Configuration System Host Routes Menu . . . . . . . . . . . . . . . . . . 634 SSL Configuration System DNS settings Menu. . . . . . . . . . 627 SSL Configuration System Menu . . . . . . . . 631 SSL Configuration System Host Interface Routes Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640 SSL Configuration System Administrative applications SNMP Community Menu . 622 SSL VPN Configuration Portal Whitelist settings Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . January 2006 . . . . . . . . . . . 641 SSL Configuration System Administrative applications SNMP Target Menu . . . .2 Command Reference SSL VPN Configuration Portal Full Access Menu . . . . . . . . . . . 632 SSL Configuration System Menu . . . . . . . 639 SSL Configuration System Administrative applications SNMPv2 MIB SNMP Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .0. . . . . . . . . . . . . . . 646 SSL Configuration System Menu . . . 651 SSL Performance Maintenance Menu . . . . 644 SSL Configuration System Administrative applications HTTP Menu . . . . 649 SSL Performance Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 652 SSL Performance HSM Menu . . 673 Index . . . . . . . . . . . . . . . . .Nortel Application Switch Operating System 23. . . . . . . 643 SSL Configuration System Administrative applications Audit Servers Menu . . . 653 Nortel Application Switch Operating System Syslog Messages . . . . . . . . 667 Performing a Serial Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . January 2006 19 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .655 LOG_ALERT . . . . . . 677 Contents 320506-A. . . . . .2 Command Reference SSL Configuration System Administrative applications Audit Menu . . . . . 645 SSL Configuration System Administrative applications SSH Host keys Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648 SSL Configuration System User Edit Menu. .665 Nortel Application Switch Operating System SNMP Agent . . . . . . . . . . . . . . 646 SSL Configuration System Administrative applications SSH Known Host keys Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657 LOG_NOTICE . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647 SSL Configuration System User Edit Menu. . . . . . . . . . . . . . . . 648 SSL Configuration Language Support Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .656 LOG_CRIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644 SSL Configuration System Administrative applications HTTPS Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 655 LOG_WARNING . . . . . . . . . . . . . 649 SSL Boot Menu . . . . . . .663 LOG_INFO . . 671 Glossary . . . . . . .657 LOG_ERR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Nortel Application Switch Operating System 23. January 2006 .2 Command Reference 20 Contents 320506-A.0.

2 Command Reference describes how to configure and use the Nortel Application Switch Operating System software with your Nortel Application Switch. see the Hardware Installation Guide for your particular switch model. IP Routing. “Menu Basics” provides an overview of the menu system. January 2006 . including a menu map. and menu shortcuts. global commands. IP addressing. ports.1d Spanning Tree Protocol. the IEEE 802. VLANs. “The Information Menu” describes how to view switch configuration parameters. and more. For documentation on installing the switches physically. “The Configuration Menu” describes how to configure switch system parameters.Preface The Nortel Application Switch Operating System 23. Port Trunking. Spanning Tree Protocol. Port Mirroring.0. 21 320506-A. and SNMP configuration parameters. The administrator should be familiar with Ethernet concepts. “First-Time Configuration” describes how to use the Setup utility for initial switch configuration and how to change the system passwords. SNMP. Who Should Use This Book This Command Reference is intended for network installers and system administrators engaged in configuring and maintaining a network. How This Book Is Organized “The Command Line Interface” describes how to connect to the switch and access the information and configuration menus. “The Statistics Menu” describes how to view switch performance statistics.

22 Preface 320506-A. the physical features. how to install it.2 Browser-Based Interface (BBI) Quick Guide (Part Number 320508-A) Provides a description of the Switch BBI and how to configure and access it on the Switch.0.Nortel Application Switch Operating System 23. but do not alter permanent switch configurations (such as temporarily disabling ports). Nortel Application Switch Operating System 23. and how to troubleshoot it. and how to clear part or all of the forwarding database. “Glossary” defines the terminology used throughout the book. The menu describes how to activate or deactivate optional software features. “Nortel Application Switch Operating System SNMP Agent” lists the Management Interface Bases (MIBs) supported in the switch software. and more. “Performing a Serial Download” shows how to directly load a binary software image into the switch for upgrade or maintenance. how to load a new software image. and how to reset the software to factory defaults. Nortel Application Switch Hardware Installation Guide (Part Number 315396-E) Provides a description of the Nortel Application Switch hardware. Global Server Load Balancing. “The Boot Options Menu” describes the use of the primary and alternate switch images. “The Operations Menu” describes how to use commands which affect switch performance immediately.2 Command Reference “The SLB Configuration Menu” describes how to configure Server Load Balancing. “The Maintenance Menu” describes how to generate and access a dump of critical switch state information. “Nortel Application Switch Operating System Syslog Messages” presents a listing of syslog messages. Appendix B. how to clear it.0. Related Documentation Nortel Application Switch Operating System 23. January 2006 . Filtering. Appendix C.0. Appendix A.2 Application Guide (Part Number 320507-A) Provides application explanations and configuration examples for the Switch. “Index” includes pointers to the description of the key words used throughout the book.

2 Command Reference Nortel Application Switch Operating System 23. files. or words to be emphasized. AaBbCc123 This bold type appears in command examples. It shows text that must be typed in exactly as shown. special terms. Main# sys <AaBbCc123> This italicized type appears in command To establish a Telnet session. host# ls [-a] Preface 320506-A.Nortel Application Switch Operating System 23.0. January 2006 23 .txt file. Table 1 Typographic Conventions Typeface or Symbol AaBbCc123 Meaning This type is used for names of commands. Example View the readme. [ ] Command items shown inside brackets are optional and can be used or excluded as the situation demands. This document provides a description of new features and caveats and limitations. This also shows book titles. Read your User’s Guide thoroughly. It also depicts on-screen computer output and Main# prompts.0. enter: examples as a parameter placeholder. in the software. Do not type the brackets. Replace host# telnet <IP address> the indicated text with the appropriate real name or value when using the command. and directories used within the text. Do not type the brackets. if any.2 Release Notes (Part Number 320509A). Typographic Conventions The following table describes the typographic styles used in this book.

and Africa Telephone 00800 8008 9009 or +44 (0) 870 907 9009 (800) 4NORTEL or (800) 466-7835 (61) (2) 8870-8800 (800) 810-5000 North America Asia Pacific China Additional information about the Nortel Technical Solutions Centers is available at the following URL: http://www. contact one of the following Nortel Technical Solutions Centers: Technical Solutions Center Europe.nortelnetworks. To locate an ERC for your product or service. your call is routed to a technical support person who specializes in supporting that product or service.com/help/contact/erc/index.Nortel Application Switch Operating System 23.0. contact the technical support staff for that distributor or reseller for assistance.html 24 Preface 320506-A.nortelnetworks.com/help/contact/global An Express Routing Code (ERC) is available for many Nortel products and services. If you purchased a Nortel service program. Middle East. When you use an ERC. January 2006 . refer to the following URL: http://www.2 Command Reference How to Get Help If you purchased a service contract for your Nortel product from a distributor or authorized reseller.

and to perform any necessary configuration. you are presented with a hierarchy of menus that enable you to view information and statistics about the switch. require some administrative configuration before they can be used effectively. Some of the more advanced features. January 2006 . This chapter explains how to access the Command Line Interface (CLI) of the switch. however. Using a basic terminal. text-based command line interface and menu system for access via local terminal or remote Telnet session A GUI-based Application Switch Element Manager (ASEM) for interactive network access SNMP support for access through network management software such as HP OpenView Nortel Application Switch Operating System Browser-Based Interface (BBI) The command line interface is the most direct method for collecting switch information and performing switch configuration. The extensive Nortel Application Switch Operating System switching software included in your switch provides a variety of options for accessing and configuring the switch: A built-in.CHAPTER 1 The Command Line Interface Your Nortel Application Switch is ready to perform basic switching functions right out of the box. 25 320506-A.

January 2006 . 2. (For more information. you will need the following: An ASCII terminal or a computer running terminal emulation software set to the parameters shown in the table below: Table 1-1 Console Configuration Parameters Parameter Baud Rate Data Bits Parity Stop Bits Flow Control Value 9600 8 None 1 None A standard serial cable with a male DB9 connector (see your switch hardware installation guide for specifics). You will next be required to enter a password for access to the switch.0. Procedure 1. To establish the connection. see “Setting Passwords” on page 47). Power on the terminal. 26 Chapter 1: The Command Line Interface 320506-A.2 Command Reference Connecting to the Switch You can access the command line interface in any one of the following ways: Using a console connection via the console port Using a Telnet connection over the network Using an SSH connection to securely log into another computer over a network Establishing a Console Connection Requirements To establish a console connection with the switch. press <Enter> a few times on your terminal.Nortel Application Switch Operating System 23. 3. Connect the terminal to the Console port using the serial cable.

you can access the CLI using a Telnet connection. you need to have a device with Telnet software located on the same network as the switch. The MAC address can be found on a small white label on the back panel of the switch. To establish a Telnet connection with the switch. the Nortel Application Switch Operating System software is set up to request its IP address from a BOOTP server.0. The switch can get its IP address in one of two ways: Dynamically. Refer to “Establishing a Telnet Connection” on page 27. Running Telnet Once the IP parameters on the Nortel Application Switch are configured. To configure the switch for Telnet access.2 Command Reference Establishing a Telnet Connection A Telnet connection offers the convenience of accessing the switch from any workstation connected to the network. NOTE – You need to enable Telnet and SSH. before you can use these methods of accessing the switch. January 2006 27 .Nortel Application Switch Operating System 23. The port must be manually configured with the proper IP address. from a BOOTP server on your network Manually. run the Telnet program on your workstation and issue the Telnet command. Telnet access provides the same options for user access and administrator access as those available through the console port. add the MAC address of the switch to the BOOTP configuration file located on the BOOTP server. NOTE – If connecting to the management port. BOOTP is not supported. followed by the switch IP address: telnet <IP address> You will then be prompted to enter a password as explained on page 28. Using a BOOTP Server By default. The MAC address can also be found in the System Information menu (see “System Information” on page 63). Chapter 1: The Command Line Interface 320506-A. The switch must have an IP address. If you have a BOOTP server on your network. when you configure the switch IP address (see “Setup Part 1: Basic System Configuration” on page 36). using serial connection.

2. Similarly.1 for Windows (Data Fellows) NOTE – The Nortel Application Switch Operating System implementation of SSH is based on SSH version 1. The supported SSH encryption and authentication methods are listed below. As a secure alternative to using Telnet to manage switch configuration.0. Thus.XX. a SSH/SCP client will not be able to login if the switch is doing key generation at that time or if another client has just logged in before this client. run the SSH program on your workstation by issuing the SSH command. The switch can do only one session of key/cipher generation at a time.2. this method does not provide a secure connection.5 and supports SSH-1.Nortel Application Switch Operating System 23. followed by the switch IP address: >> # ssh <switch IP address> 28 Chapter 1: The Command Line Interface 320506-A. DES User Authentication: Local password authentication.2 and SecureCRT 3. Running SSH Once the IP parameters are configured and the SSH service is turned on the Nortel Application Switch.X.0. SSH clients of other versions (especially Version 2) will not be supported. Inc.0.2 Command Reference Establishing an SSH Connection Although a remote network administrator can manage the configuration of an Nortel Application Switch via Telnet. Radius The following SSH clients have been tested: SSH 1.) F-Secure SSH 1. The SSH (Secure Shell) protocol enables you to securely log into another computer over a network to execute commands remotely. SSH ensures that all data sent over the network is encrypted and secure.27 for Linux (freeware) SecureCRT 3. January 2006 . the system will fail to do the key generation if a SSH/SCP client is logging in at that time. Server Host Authentication: Client RSA-authenticates the switch in the beginning of every connection.3 (Van Dyke Technologies. To establish an SSH connection with the switch. you can access the command line interface using an SSH connection.23 and SSH 1. Key Exchange: RSA Encryption: 3DES-CBC.5-1.

Administrators are the only ones that may make permanent changes to the switch configuration—changes that are persistent across a reboot/reset of the switch. Administrators can access switch functions to configure and troubleshoot problems on the Nortel Application Switch.0. NOTE – It is recommended that you change default switch passwords after initial configuration and as regularly as required under your network security policies. Operators can only effect temporary changes on the Nortel Application Switch. Telnet. January 2006 29 . Users may display information that has no security or privacy implications. The default user names/password for each access level are listed in the following table. or SSH. seven levels or classes of user access have been implemented on the Nortel Application Switch. use the following command: >> # ssh -1 ace <switch IP address> You will then be prompted to enter your user name and password. Because administrators can also make temporary (operator-level) changes as well. access classes are defined as follows: User interaction with the switch is completely passive—nothing can be changed on the Nortel Application Switch. Because any changes an operator makes are undone by a reset of the switch. and screens increase as needed to perform various switch management tasks.2 Command Reference or. These changes will be lost when the switch is rebooted/reset. Operators have access to the switch management features used for daily switch operations. Accessing the Switch To enable better switch management and user accountability. if SecurID authentication is required. Conceptually. Web management functions. Access to switch functions is controlled through the use of unique surnames and passwords.Nortel Application Switch Operating System 23. operators cannot severely impact switch operation. see “Setting Passwords” on page 47. such as switch statistics and current operational state information. Levels of access to CLI. For more information. you are prompted to enter a password. Chapter 1: The Command Line Interface 320506-A. Once you are connected to the switch via local console. they must be aware of the interactions between temporary and permanent changes.

the Operator can reset ports or the entire switch. including filters and bandwidth management. In addition to oper SLB Operator functions. All user levels below “admin” will by default be initially disabled (empty password) until they are enabled by the “admin” user. In addition to SLB Operator functions. to provide access to operational commands for operators managing traffic on the line leading to the shared Internet services. In addition to SLB Administrator functions. The superuser Administrator has complete access to all menus.0. information. 30 Chapter 1: The Command Line Interface 320506-A. including the ability to change both the user and administrator passwords. Password user SLB Operator The SLB Operator manages Web servers and other Internet ser. and the access level is reserved for future use.Nortel Application Switch Operating System 23. slbadmin Layer 4 Operator Operator SLB Administrator Layer 4 Administrator l4admin Administrator admin NOTE – With the exception of the “admin” user. and configuration commands on the Nortel Application Switch. The Layer 4 Operator manages traffic on the lines leading to the l4oper shared Internet services. January 2006 . He or she can view all switch status information and statistics. The Operator manages all functions of the switch. The SLB Administrator configures and manages Web servers and other Internet services and their loads. This user currently has the same access level as the SLB operator. but cannot make any configuration changes to the switch. the SLB Operator can enable/disable servers using the Server Load Balancing operation menu. with the exception of not being able to configure filters or bandwidth management. This prevents inadvertently leaving the switch open to unauthorized users. access to each user level can be disabled by setting the password to an empty value. In addition to being able to view all switch information and statistics.slboper vices and their loads. The Layer 4 Administrator configures and manages traffic on the lines leading to the shared Internet services. the Layer 4 Administrator can configure all parameters on the Server Load Balancing menus. the SLB Administrator can configure parameters on the Server Load Balancing menus.2 Command Reference Table 1-2 User Access Levels User Account User Description and Tasks Performed The User has no direct responsibility for switch management.

If the switch is still set to its factory default configuration. If the switch has already been configured. [Main Menu] info stats cfg oper boot maint diff apply save revert exit - Information Menu Statistics Menu Configuration Menu Operations Command Menu Boot Options Menu Maintenance Menu Show pending config changes [global command] Apply pending config changes [global command] Save updated config to FLASH [global command] Revert pending or applied changes [global command] Exit [global command.2 Command Reference CLI Versus Setup Once the administrator password is verified. “First-Time Configuration”). always available] NOTE – If you are accessing a user account or Layer 4 administrator account. some menu options will not be available. Chapter 1: The Command Line Interface 320506-A. see “System Configuration” on page 261. see “Menu Basics” on page 53. shortcuts. the switch will disconnect your console or Telnet session after five minutes of inactivity.” Idle Timeout By default. For information on changing this parameter.Nortel Application Switch Operating System 23. The following table shows the Main Menu with administrator privileges. This function is controlled by the idle timeout parameter. the system will ask whether you wish to run Setup (see Chapter 2. and command line editing functions. January 2006 31 . the Main Menu of the CLI is displayed instead. a utility designed to help you through the first-time configuration process. which can be set from 1 to 10080 minutes. you are given complete access to the switch. Command Line History and Editing For a description of global commands.0.

2 Command Reference 32 Chapter 1: The Command Line Interface 320506-A.0.Nortel Application Switch Operating System 23. January 2006 .

Then return to this guide for configuration and management information on your Switch. January 2006 . duplex. Setup can also be activated manually from the command line interface any time after login. Using the Setup Utility Whenever you log in as the system administrator under the factory default configuration. you can use the Switch Setup Utility in the Nortel Application Switch Operating System 2000-SSL Series Quick Setup Guide (part number 215102-A) instead for setting up the Switch and the SSL Processor. and negotiation mode (as appropriate) Whether to use VLAN tagging or not (as appropriate) 33 320506-A. you are asked whether you wish to run the Setup utility. the Nortel Application Switch Operating System software includes a Setup utility. This chapter describes how to use the Setup utility and how to change system passwords. NOTE – If you are configuring a 2000-SSL Series Switch.CHAPTER 2 First-Time Configuration To help with the initial process of configuring your switch. flow control. Information Needed For Setup Setup requests the following information: Basic system information Date & time Whether to use BOOTP or not Whether to use Spanning Tree Protocol or not Management port configuration Optional configuration for each port Speed. The Setup utility prompts you step-by-step to enter all the necessary information for basic configuration of the switch.

Connect to the switch console. If the factory default configuration is detected. and gateway IP address for each IP static route Whether IP forwarding is enabled or not Whether the RIP supply is enabled or not Starting Setup When You Log In The Setup prompt appears automatically whenever you login as the system administrator under the factory default settings.0. 1. 2004 The switch is booted with factory default configuration. January 2006 .2 Command Reference Optional configuration for each VLAN Name of VLAN Which ports are included in the VLAN Optional configuration of IP parameters IP address. subnet mask. a "Set Up" facility which will prompt you with those configuration items that are essential to the operation of the switch is provided. Enter Password: 2. the system prompts: Connected to Nortel Application Switch 2424 18:44:05 Mon April 12. and broadcast address. Would you like to run "Set Up" to configure the switch? [y/n]: NOTE – If the default admin login is unsuccessful. subnet mask. the system configuration has probably been changed from the factory default settings.Nortel Application Switch Operating System 23. If you are certain that you need to return the switch to its factory default settings. After connecting. Enter admin as the default administrator password. 34 Chapter 2: First-Time Configuration 320506-A. To ease the configuration of the switch. the login prompt will appear as shown below. see “Selecting a Configuration Block” on page 515. and VLAN for each IP interface IP addresses for up to four default gateways Destination. or if the administrator Main Menu appears instead.

or n to bypass the Setup facility.Nortel Application Switch Operating System 23.0. January 2006 35 . Enter y to begin the initial configuration of the switch. Chapter 2: First-Time Configuration 320506-A.2 Command Reference 3.

0. the system will prompt: Would you like to run from top again? [y/n] Enter n to abort Setup. or y to restart the Setup program at the beginning. Restarting Setup You can restart the Setup utility manually at any time by entering the following command at the administrator prompt: # /cfg/setup Setup Part 1: Basic System Configuration When Setup is started. Otherwise enter n. 2. you can configure them later using the configuration menus. BOOTP. “00” is considered 2000. VLANs. January 2006 . the Setup utility prompts you to input basic system information.Nortel Application Switch Operating System 23. Port Speed/Mode. press <Enter>. Management port. press <Ctrl-C> during any Setup question. Spanning Tree.0. and IP interfaces.2 Command Reference Stopping and Restarting Setup Manually Stopping Setup To abort the Setup utility. see the Nortel Application Switch Operating System23. If you decide not to configure VLANs during this session. [type Ctrl-C to abort "Set Up"] -----------------------------------------------------------Will you be configuring VLANs? [y/n] 1. Enter the year of the current date at the prompt: System Date: Enter year [2004]: Enter the last two digits of the year as a number from 00 to 99. 36 Chapter 2: First-Time Configuration 320506-A. When you abort Setup. To keep the current year. For more information on configuring VLANs. or by restarting the Setup facility. Next. Enter y if you will be configuring VLANs.2 Application Guide. the system prompts: "Set Up" will walk you through the configuration of System Date and Time.

2004. To keep the current hour. press <Enter>. Enter the month of the current system date at the prompt: System Date: Enter month [4]: Enter the month as a number from 1 to 12.2 Command Reference 3. press <Enter>. To keep the current minute.0. 6. 5. To keep the current day. Enable or disable the use of BOOTP at the prompt: BootP Option: Current BOOTP usage: Enter new BOOTP usage [d/e]: disabled Chapter 2: First-Time Configuration 320506-A. Enter the hour of the current system time at the prompt: System Time: Enter hour in 24-hour format [18]: Enter the hour as a number from 00 to 23. January 2006 37 . To keep the current second. 8. press <Enter>. Enter the seconds of the current time at the prompt: Enter seconds [37]: Enter the seconds as a number from 00 to 59.Nortel Application Switch Operating System 23. To keep the current month. 7. press <Enter>. press <Enter>. Enter the minute of the current time at the prompt: Enter minutes [55]: Enter the minute as a number from 00 to 59. 4. Enter the day of the current date at the prompt: Enter day [12]: Enter the date as a number from 1 to 31. The system displays the date and time settings: System clock set to 18:55:36 Mon April 12.

and other management port options. enter the number of the port you wish to configure. subnet mask.Nortel Application Switch Operating System 23. you will be prompted for IP address. or enter n to leave Spanning Tree on. 2.0. January 2006 . Turn Spanning Tree Protocol on or off at the prompt: Spanning Tree: Current Spanning Tree setting: ON Turn Spanning Tree OFF? [y/n] Enter y to turn off Spanning Tree. BOOTP must be disabled however. Enter d to disable the use of BOOTP. default gateway. Setup Part 2: Port Configuration NOTE – The port configuration options shown in these steps are for the Nortel Application Switch Operating System 2424. Select the port to configure. broadcast address. press <Enter> without specifying any port and go to “Setup Part 3: VLANs” on page 41. To skip port configuration. or enter e to enable the use of BOOTP. or skip port configuration at the prompt: Port Config: Enter port number: (1-28) If you wish to change settings for individual ports. set up the management port: Management Port Config: Configure management port? [y/n] y If you answer y to configure the management port. To keep the current setting. 1. If desired. press <Enter>. 38 Chapter 2: First-Time Configuration 320506-A.2 Command Reference If available on your network. a BOOTP server can supply the switch with IP parameters so that you do not have to enter them manually. some of the prompts and options may be different. before the system will prompt for IP parameters. When configuring port options for other switches. 9.

configure Ethernet/Fast Ethernet port flow control. press <Enter>.2 Command Reference 3. To keep the current setting. the system prompts: Fast Link Configuration: Port Speed: Current Port 1 speed setting: 10/100 Enter new speed ["10"/"100"/"any"]: Enter the port speed from the options available. press <Enter>. If appropriate. To keep the current setting. 4. If appropriate. configure Ethernet/Fast Ethernet port speed. press <Enter>. If appropriate. Chapter 2: First-Time Configuration 320506-A. If appropriate. If you selected a port that has an Ethernet/Fast Ethernet connector. the system prompts: Port Mode: Current port 1 mode setting: any Enter new speed ["full"/"half"/"any"] Enter full for full-duplex. If you selected a port that has an Ethernet/Fast Ethernet connector. both to enable both. the system prompts: Port Flow Control: Current Port 1 flow control setting: both Enter new value ["rx"/"tx"/"both"/"none"]: Enter rx to enable receive flow control.Nortel Application Switch Operating System 23. configure Ethernet/Fast Ethernet port duplex mode. the system prompts: Port Auto Negotiation: Current Port 1 autonegotiation: Enter new value ["on"/"off"]: on Enter on to enable autonegotiation. tx for transmit flow control. or none to turn flow control off for the port. configure Ethernet/Fast Ethernet port autonegotiation mode. or enter any to have the switch auto-sense the port speed.0. off to disable it. If you selected a port that has an Ethernet/Fast Ethernet connector. or any to have the switch auto-negotiate. 5. or press <Enter> to keep the current setting. half for half-duplex. To keep the current setting. January 2006 39 . If you selected a port that has an Ethernet/Fast Ethernet connector. 6.

the system prompts: Port VLAN tagging config (tagged port can be a member of multiple VLANs) Current TAG flag: disabled Enter new TAG status [d/e]: Enter d to disable VLAN tagging for the port or enter e to enable VLAN tagging for the port. or none to turn flow control off for the port. Otherwise. or press <Enter> to keep the current setting. 40 Chapter 2: First-Time Configuration 320506-A. enable or disable VLAN tagging for the port. 8. configure Gigabit Ethernet port flow parameters. The system prompts you to configure the next port: Enter port number: When you are through configuring ports. 10. 9. press <Enter>. both to enable both. If appropriate. the system prompts: Gig Link Configuration: Port Flow Control: Current Port 1 flow control setting: both Enter new value ["rx"/"tx"/"both"/"none"]: Enter rx to enable receive flow control. To keep the current setting.0. If you selected a port that has a Gigabit Ethernet connector. configure Gigabit Ethernet port autonegotiation mode. tx for transmit flow control. If you selected a port that has a Gigabit Ethernet connector. press <Enter>. repeat the steps in this section. If appropriate. off to disable it. January 2006 . the system prompts: Port Auto Negotiation: Current Port 1 autonegotiation: Enter new value ["on"/"off"]: on Enter on to enable port autonegotiation. If configuring VLANs.2 Command Reference 7. If you have selected to configure VLANs back in Part 1.Nortel Application Switch Operating System 23. press <Enter> without specifying any port. To keep the current setting.

or skip VLAN configuration at the prompt: VLAN Config: Enter VLAN number from 2 to 4090. 1. without quotes: Entering a new VLAN name is optional. When you are finished adding ports to this VLAN. 3. NULL at end: Type the first port number to add to the current VLAN and press <Enter>. The right angle prompt appears: > For each additional port in the VLAN. 4. Repeat this until all ports for the VLAN being configured are entered. To use the pending new VLAN name. To skip VLAN configuration. Enter the new VLAN name at the prompt: VLAN is newly created. enter the number of the VLAN you wish to configure.0. type the port number and press <Enter> to move to the next line. press <Enter> without typing a VLAN number and go to “Setup Part 4: IP Configuration” on page 42. Pending new VLAN name: "VLAN 2" Enter new VLAN name. The system prompts you to configure the next VLAN: VLAN Config: Enter VLAN number from 2 to 4090. NULL at end: Chapter 2: First-Time Configuration 320506-A. Enter the VLAN port numbers. press <Enter> without specifying any port.Nortel Application Switch Operating System 23. press <Enter>.2 Command Reference Setup Part 3: VLANs If you chose to skip VLANs configuration back in Part 1. The system prompts you to define the first port in the VLAN: Define ports in VLAN: Current VLAN 2: empty Enter port numbers one per line. Select the VLAN to configure. January 2006 41 . NULL at end: If you wish to change settings for individual VLANs. 2. skip to “Setup Part 4: IP Configuration” on page 42.

press <Enter> without specifying any VLAN. Up to 256 IP interfaces can be configured on the Nortel Application Switch. if you disabled BOOTP.0 42 Chapter 2: First-Time Configuration 320506-A.0. skip to Setup Part 5: Final Steps. January 2006 . enter the IP subnet mask in dotted decimal notation: Current subnet mask: Enter new subnet mask: 0. The interfaces can be used for connecting to the switch for remote configuration. The IP address assigned to each IP interface provides the switch with an IP presence on your network. and for routing between subnets and VLANs (if used).0.0 To keep the current setting.0. or skip interface configuration at the prompt: IP Config: IP interfaces: Enter interface number: (1-256) NOTE – The total number of interfaces on an Nortel Application Switch 2424-SSL is 1-255. Otherwise. enter the number of the IP interface you wish to configure. enter the IP address in dotted decimal notation: Current IP address: Enter new IP address: 0. No two IP interfaces can be on the same IP subnet. Select the IP interface to configure. To skip IP interface configuration.0. press <Enter>.Nortel Application Switch Operating System 23. When all VLANs have been configured. 2. If you wish to configure individual IP interfaces. press <Enter> without typing an interface number and go to “Default Gateways” on page 43.2 Command Reference Repeat the steps in this section until all VLANs have been configured. 1. At the prompt.0. the system prompts for IP parameters. 3. For the specified IP interface. Setup Part 4: IP Configuration If BOOTP was enabled back in Part 1. IP Interfaces IP interfaces are used for defining subnets to which the switch belongs.

or n to leave it disabled: Enable IP interface? [y/n] 7. To skip default gateway configuration. At the prompt. 6. or press <Enter> without specifying a VLAN number to accept the current setting. January 2006 43 . Chapter 2: First-Time Configuration 320506-A. press <Enter> without typing a gateway number and go to “IP Routing” on page 44. If configuring VLANs. specify a VLAN for the interface.Nortel Application Switch Operating System 23. At the prompt.0 To keep the current setting. The system prompts you to configure another interface: Enter interface number: (1-256) Repeat the steps in this section until all IP interfaces have been configured. enter the broadcast IP address in dotted decimal notation: Current broadcast address: Enter new broadcast address: 0. or skip default gateway configuration: IP default gateways: Enter default gateway number: (1-259) Enter the number for the default gateway to be configured.2 Command Reference To keep the current setting.0. press <Enter> without specifying any interface number. Default Gateways 1. When all interfaces have been configured.0. press <Enter>. select a default gateway for configuration. 4. This prompt appears if you selected to configure VLANs back in Part 1: Current VLAN: Enter new VLAN: 1 Enter the number for the VLAN to which the interface belongs.0. At the prompt. enter y to enable the IP interface. press <Enter>. 5.

0. enable or disable the RIP supply: Enable RIP supply? [y/n] 44 Chapter 2: First-Time Configuration 320506-A. At the prompt.0 Enter the IP address in dotted decimal notation. 3.0. 2. The system prompts you to configure another default gateway: Enter default gateway number: (1-259) Repeat the steps in this section until all default gateways have been configured. This part of the Setup program prompts you to configure the various routing parameters. January 2006 . This eliminates the need to bounce inter-subnet communication off an external router device. enter n and proceed to Step 2.0. or press <Enter> without specifying an address to accept the current setting. IP Routing When IP interfaces are configured for the various subnets attached to your switch. At the prompt.Nortel Application Switch Operating System 23. When all default gateways have been configured. can be accomplished through configuring static routes or by letting the switch learn routes dynamically. where subnets may not have a direct presence on the Nortel Application Switch. Routing on more complex networks. enter the IP address for the selected default gateway: Current IP address: Enter new IP address: 0. or n to leave it disabled: Enable default gateway? [y/n] 4. enable or disable forwarding for IP Routing: Enable IP forwarding? [y/n] Enter y to enable IP forwarding.To keep the current setting. press <Enter> without specifying any number. IP routing between them can be performed entirely within the switch. 1. To disable IP forwarding. press <Enter>. At the prompt. At the prompt.2 Command Reference 2. enter y to enable the default gateway.

or n to continue. If you do not apply or save the changes. January 2006 45 . When prompted. Changes are normally saved at this point. 2. decide whether to apply the changes at the prompt: Apply the changes? [y/n] Enter y to apply the changes. the system prompts whether to abort them: Abort all changes? [y/n] Enter y to discard the changes. At the prompt. NOTE – After initial configuration is complete. Chapter 2: First-Time Configuration 320506-A. decide whether to make the changes permanent: Save changes to flash? [y/n] Enter y to save the changes to flash. When prompted. Changes are normally applied.2 Command Reference Setup Part 5: Final Steps 1. Enter n to return to the Apply the changes? prompt. it is recommended that you change the default passwords as shown in “Setting Passwords” on page 47. decide whether to restart Setup or continue: Would you like to run from top again? [y/n] Enter y to restart the Setup utility from the beginning. Enter n to continue without reviewing the changes. Next. Enter n to continue without saving the changes.0. 3. 4.Nortel Application Switch Operating System 23. 5. decide whether you wish to review the configuration changes: Review the changes made? [y/n] Enter y to review the changes made during this session of the Setup utility. We recommend that you review the changes. or n to continue without applying.

such as Nortel ASEM. By default. Enable SNMP and select one of the options. refer to “SNMPv3 Configuration Menu” on page 276 of this manual. NOTE – If you need to configure SNMPv3. >> # /cfg/sys/access/tnet ena 2. Otherwise apply and save after “Optional Setup for Telnet Support” on page 46.0. 1. Set SNMP read or write community string. >> System# apply >> System# save 46 Chapter 2: First-Time Configuration 320506-A. >> # /cfg/sys/ssnmp/rcomm|wcomm 3. Enable telnet. 1. January 2006 . >> # /cfg/sys/access/snmp (disabled/read-only/read-write) [d/r/w]: 2. they are public and private respectively. Perform this procedure only if you are planning on connecting to the switch through any telnet application. Perform this procedure only if you are planning on using SNMPbased tools. Apply and save configuration if you are not configuring the switch with Telnet support. Apply and save SNMP and /or telnet configuration(s).Nortel Application Switch Operating System 23.2 Command Reference Optional Setup for SNMP Support NOTE – This step is optional. >> System# apply >> System# save Optional Setup for Telnet Support NOTE – This step is optional.

use the following command to access the Configuration Menu: Main# /cfg Chapter 2: First-Time Configuration 320506-A. January 2006 47 . NOTE – If you forget your administrator password.Nortel Application Switch Operating System 23.2 Command Reference If your network uses Routing Interface Protocol (RIP). 2. follow this procedure: 1. Otherwise. To change the default password. When RIP is enabled. enter n to disable it. Connect to the switch and log in using the admin password. you must login using the administrator password. To change both the user password and the administrator password. including the ability to change both the user and administrator passwords. From the Main Menu. Changing the Default Administrator Password The administrator has complete access to all menus. and configuration commands. enter y to enable the RIP supply. Setting Passwords It is recommended that you change the user and administrator passwords after initial configuration and as regularly as required under your network security policies. The default password for the administrator account is admin.0. Passwords cannot be modified from the user command mode. information. call your technical support representative for help using the password fix-up mode. RIP listen is set by default.

[System Menu] syslog mmgmt sshd radius tacacs ntp sonmp ssnmp health access date time idle notice bannr smtp hprompt bootp cur - Syslog Menu Management Port Menu SSH Server Menu RADIUS Authentication Menu TACACS+ Authentication Menu NTP Server Menu SONMP Menu System SNMP Menu System Health Check Menu System Access Menu Set system date Set system time Set timeout for idle CLI sessions Set login notice Set login banner Set SMTP host Enable/disable display hostname (sysName) in CLI prompt Enable/disable use of BOOTP Display current system-wide parameters 48 Chapter 2: First-Time Configuration 320506-A.Dump current configuration to script file ptcfg . January 2006 .Port Mirroring Menu bwm . use the following command to select the System Menu: >> Configuration# sys The System Menu is displayed.System-wide Parameter Menu port .Server Load Balancing (Layer 4-7) Menu security . [Configuration Menu] sys .0.Step by step configuration set up dump .Backup current configuration to tftp server gtcfg .Layer 2 Menu l3 .Security Menu setup .2 Command Reference The Configuration Menu is displayed.Layer 3 Menu slb .Nortel Application Switch Operating System 23.Port Menu pmirr .Bandwidth Management Menu l2 . From the Configuration Menu.Restore current configuration from tftp server 3.

. Only the administrator has the ability to change passwords.. use the following path to select the User menu: System# access/user 5. Enter the new administrator password. as shown in the following procedure. From the System menu. Enter current administrator password: NOTE – If you forget your administrator password. This password cannot be changed from the user account. 7. Through a user account. System# user/admpw 6. validation required. call your technical support representative for help using the password fix-up mode. Chapter 2: First-Time Configuration 320506-A. Apply and save your change by entering the following commands: System# apply System# save Changing the Default User Password The user login has limited control of the switch. at the prompt: Re-enter new administrator password: 9. again. but you can’t make configuration changes. Enter the new administrator password at the prompt: Enter new administrator password: 8.2 Command Reference 4. Enter the current administrator password at the prompt: Changing ADMINISTRATOR password. you can view switch information and statistics. Select the administrator password.0. January 2006 49 . The default password for the user account is user.Nortel Application Switch Operating System 23.

use the following command to select the System Menu: >> Configuration# sys 4. Entering the administrator password confirms your authority. January 2006 . 2. Enter the new user password at the prompt: Enter new user password: 7. Enter the new user password. Connect to the switch and log in using the admin password.Nortel Application Switch Operating System 23. again. From the Configuration Menu. From the Main Menu. validation required. Select the user password. Only the administrator can change the user password.0. at the prompt: Re-enter new user password: 8. Enter current administrator password: 6. System# access/user/usrpw 5. use the following command to access the Configuration Menu: Main# cfg 3. Changing USER password...2 Command Reference 1. Enter the current administrator password at the prompt. Apply and save your changes: System# apply System# save 50 Chapter 2: First-Time Configuration 320506-A.

Enter the new administrator password. Enter the new Layer 4 administrator password at the prompt: Enter new L4 administrator password: 6.Nortel Application Switch Operating System 23. Select the Layer 4 administrator password: System# l4apw 4. Passwords cannot be modified from the Layer 4 administrator account or the user account. you can view all switch information and statistics. Enter the current administrator password (not the Layer 4 administrator password) at the prompt: Changing L4 ADMINISTRATOR password. you must login using the administrator password. To change the default password. at the prompt: Re-enter new L4 administrator password: Chapter 2: First-Time Configuration 320506-A. The default password for the Layer 4 administrator account is l4admin. again. From the Main Menu. validation required. 5. but can configure changes only on the Server Load Balancing menus.0. follow this procedure: 1.. use the following path to access the user command: Main# /cfg/sys/access/user 3. call your technical support representative for help using the password fix-up mode.2 Command Reference Changing the Default Layer 4 Administrator Password The Layer 4 administrator has limited control of the switch. 2. Through a Layer 4 administrator account.. To change any switch password. Enter current administrator password: NOTE – If you forget your administrator password. January 2006 51 . Connect to the switch and log in using the administrator account.

Apply and save your change by entering the following commands: System# apply System# save 52 Chapter 2: First-Time Configuration 320506-A.0.2 Command Reference 7. January 2006 .Nortel Application Switch Operating System 23.

January 2006 . Some features are not available under the user login. and provides a list of commands and shortcuts that are commonly available from all the menus within the CLI. The Main Menu The Main Menu appears after a successful connection and login. Below each menu is a prompt where you can enter any command appropriate to the current menu. In addition. To make the CLI easy to use. the various commands have been logically grouped into a series of menus and sub-menus. The following table shows the Main Menu for the administrator login. along with a summary of what each command will do. This chapter describes the Main Menu commands. 53 320506-A. Each menu displays a list of commands and/or sub-menus that are available. the administrator can use the CLI for performing all levels of switch configuration.CHAPTER 3 Menu Basics The Nortel Application Switch’s Command Line Interface (CLI) is used for viewing switch information and statistics.

Layer 4 settings. Changes to configuration are not active until explicitly applied. It includes sub-menus for configuring every aspect of the switch. Operations Command Menu Operations-level commands are used for making immediate and temporary changes to switch configuration. [Main Menu] info stats cfg oper boot maint ssl diff apply save revert exit - Information Menu Statistics Menu Configuration Menu Operations Command Menu Boot Options Menu Maintenance Menu SSl Accelerator Menu Show pending config changes [global command] Apply pending config changes [global command] Save updated config to FLASH [global command] Revert pending or applied changes [global command] Exit [global command. IP. TCP. and Layer 4 statistics.2 Command Reference NOTE – The ssl option is only visible on the Nortel Application Switch Operating System 2000-SSL Series. Configuration Menu This menu is available only from an administrator login. IF. and for resetting the switch when necessary. and more. ICMP. Statistics Menu Provides sub-menus for displaying switch performance statistics. routing. 54 Chapter 3: Menu Basics 320506-A. UDP. ARP. January 2006 . and enabling or disabling Server Load Balancing functions. always available] Menu Summary Information Menu Provides sub-menus for displaying information about the current status of the switch: from basic system settings to VLANs. selecting configuration blocks. Changes can be saved to non-volatile memory. This menu is used for bringing ports temporarily in and out of service. DNS.Nortel Application Switch Operating System 23. VRRP. It is also used for activating or deactivating optional software packages.0. Included are port. SNMP. performing port mirroring. Boot Options Menu This menu is used for upgrading switch software.

0.2 Command Reference Maintenance Menu This menu is used for debugging purposes. SSL Accelerator Menu This menu is used for Chapter 3: Menu Basics 320506-A.Nortel Application Switch Operating System 23. enabling you to generate a dump of the critical state information in the switch. January 2006 55 . and to clear entries in the forwarding database and the ARP and routing tables.

Use this command to restore configuration parameters set since last “apply” command. Write configuration changes to non-volatile flash memory. January 2006 .Nortel Application Switch Operating System 23. If placed at the beginning of a command. go to the Main Menu. Remove pending configuration changes between “apply” commands. exit or quit 56 Chapter 3: Menu Basics 320506-A. When used without the command parameter. the current setting is displayed. Display the current menu. You will see the following screen: Global Commands: [can be issued from any menu] help up print lines verbose exit diff apply save ping ping6 traceroute history pushd popd pwd quit revert telnet who The following are used to navigate the menu structure: . Show any pending configuration changes.. this is used to separate multiple commands placed on the same line. or up / lines diff apply save revert Action Provides more information about a specific command on the current menu.0. Go up one level in the menu structure. Apply pending configuration changes. For help on a specific command. When used without a value. Set the number of lines (n) that display on the screen at one time.. or print . Otherwise.2 Command Reference Global Commands Some basic commands are recognized throughout the menu hierarchy. type help. Print current menu . a summary of the global commands is displayed. navigating through menus. The default is 24 lines. Move up one menu level / Top menu if first. These commands are useful for obtaining online help. or command separator ! Execute command from history Table 3-1 Description of Global Commands Command ? command or help . and for applying and saving configuration changes. Exit from the command line interface and log out.

Nortel Application Switch Operating System 23. specify the -m or -mgmt option. 2 =Verbose: Everything is shown. specify the -m or -mgmt option.2 Command Reference Table 3-1 Description of Global Commands Command ping Action Use this command to verify station-to-station connectivity across the network. tries (optional) is the number of attempts (1-32). The format is as follows: traceroute <host name>| <IP address> [<max-hops (1-32)> [msec delay]] [-m|-mgmt|-d|-data] Where IP address is the hostname or IP address of the target station. but no menus. the -d or -data option for network ports is in effect. When used without a value. By default. This command is used to telnet out of the switch. The DNS parameters must be configured if specifying hostnames (see “Domain Name System Configuration Menu” on page 379). 1 =Normal: Prompts and requested output are shown. Where IP address is the hostname or IP address of the device. If the management port is used.0. Display the command path used to reach the current menu. If the management port is used. The format is as follows: <hostname>|<IP address> [port] [-m|-mgmt|-d|-data]. msec delay (optional) is the number of milliseconds between attempts. The format is as follows: ping6 <IP6 address> <Interface number> For example: ping6 3001::1234 . maxhops (optional) is the maximum distance to trace (1-16 devices). ping6 traceroute pwd verbose n telnet history Chapter 3: Menu Basics 320506-A. and delay (optional) is the number of milliseconds for wait for the response. The format is as follows: ping <host name>|<IP address> [tries <(1-32)> [msec delay]] [-m| -mgmt|-d|-data] Where IP address is the hostname or IP address of the device. January 2006 57 . Sets the level of information displayed on the screen: 0 =Quiet: Nothing appears except errors—not even prompts. By default.for ping6 link-local address Use this command to identify the route used for station-to-station connectivity across the network. specify the -m or -mgmt option. the -d or -data option for network ports is in effect. the current setting is displayed. As with ping.for ping6 global unicast address ping6 fe80::201:2ff:feb1:10e2 20 . the DNS parameters must be configured if specifying hostnames. This command brings up the history of the last 10 commands. the -d or -data option for network ports is in effect. Use this command to verify an IP address and interface connectivity across the network. By default. If the management port is used.

a new path to change to can be specified.0. Optionally. This command displays the currently logged user’s session information. popd who 58 Chapter 3: Menu Basics 320506-A. The format is as follows: pushd [<new_path>] This command takes the user one level back to the menu location stored by the last pushd command. January 2006 .Nortel Application Switch Operating System 23.2 Command Reference Table 3-1 Description of Global Commands Command pushd Action This command stores the current location of the menu tree.

Kill (erase) all characters from the cursor position to the end of the command line.) Move the cursor forward one position to the right. or edited using the options below. The recalled command can be entered as is.Nortel Application Switch Operating System 23. (Also the left arrow key. you can retrieve and modify previously entered commands with just a few keystrokes.) Recall the next command from the history list. Delete one character at the cursor position. (Also the up arrow key. Move cursor to the end of the command line. Redraw the screen. Repeat the last entered command. (Also the Delete key. (Also the right arrow key. This can be used multiple times to work backward through the last 10 commands. (Also the down arrow key. January 2006 59 . Move the cursor to the beginning of command line. or edited using the options below. The recalled command can be entered as is. Insert new characters at the cursor position. <Ctrl-n> <Ctrl-a> <Ctrl-e> <Ctrl-b> <Ctrl-f> <Backspace> <Ctrl-d> <Ctrl-k> <Ctrl-l> <Ctrl-u> Other keys Chapter 3: Menu Basics 320506-A.) Move the cursor back one position to the left.2 Command Reference Command Line History and Editing Using the command line interface. This can be used multiple times to work forward through the last 10 commands.) Recall the previous command from the history list.0. Clear the entire line. The following options are available globally at the command line: Table 3-2 Command Line History and Editing Options Option history !! !n <Ctrl-p> Description Display a numbered list of the last 10 previously entered commands.) Erase one character to the left of the cursor position. Repeat the nth command shown on the history list.

2 Command Reference Command Line Interface Shortcuts Command Stacking As a shortcut. the command shown below would set the PVID of ports 1 through 10 to 5. Entering additional letters will further refine the list of commands or options displayed. Configuration ranges allow the user to set common parameters on a range of similar items on the switch like ports or VLANs. the command shown above could also be entered as follows: Main# c/l2/st/p Tab Completion By entering the first letter of a command at any menu prompt and hitting <Tab>. waiting to be entered. For example. you can type multiple commands on a single line. January 2006 .0. separated by forward slashes (/).Nortel Application Switch Operating System 23. the CLI will display all commands or options in that menu that begin with that letter. You can connect as many commands as required to access the menu option that you want. Configuration Ranges Most commands now support the use of configuration ranges. that command will be supplied on the command line. For example. the currently active menu will be displayed. If only one command fits the input text when <Tab> is pressed. For example. Main# /cfg/port 1-10/pvid 5 60 Chapter 3: Menu Basics 320506-A. If the <Tab> key is pressed without any input on the command line. the keyboard shortcut to access the Spanning Tree Port Configuration Menu from the Main# prompt is as follows: Main# cfg/l2/stg/port Command Abbreviation Most commands can be abbreviated by entering the first characters which distinguish the command from the others in the same menu or sub-menu.

l2 Displays the Layer 2 Information Menu.Show enabled software features dump .System Information Menu l2 . see page 106.Show link status port . This chapter discusses how to use the command line interface to display switch infor- mation.Bandwidth Management Information Menu security . For details. To view menu options. For details.Show Security status link . see page 63.CHAPTER 4 The Information Menu You can view configuration information for the switch in both the user and administrator command modes. l3 Displays the Layer 3 information menu. Table 4-1 Information Menu Options (/info) Command Syntax and Usage sys Displays system menu information.Dump all information The information provided by each menu option is briefly described in Table 4-1 on page 61. /info Information Menu [Information Menu] sys .Show port information swkey . see page 89.Layer 3 Information Menu slb . with pointers to where detailed information can be found.Layer 2 Information Menu l3 . January 2006 .Layer 4-7 Information Menu bwm . 61 320506-A.

Nortel Application Switch Operating System 23. or auto) Link status (up or down) For details. swkey Displays a list of all the optional software packages which have been activated or installed on your switch. If you want to capture dump data to a file. bwm Displays Bandwidth Management information. full. or auto) Flow control for transmit and receive (no. To view menu options. see page 150. see page 141. set your communication software on your workstation to capture session data prior to issuing the dump commands. 10/100. January 2006 . or 1000) Duplex mode (half.0. see page 146. For details. including: Port number Port speed (10. yes. see page 132. 62 Chapter 4: The Information Menu 320506-A.2 Command Reference Table 4-1 Information Menu Options (/info) Command Syntax and Usage slb Displays the Layer 4 Information Menu. depending on your configuration). security Displays current UDP blast settings and the security status of the port. including: Port number Whether the port uses VLAN Tagging or not Port VLAN ID (PVID) Port name VLAN membership For details. port Displays port status information. dump Dumps all switch information available from the Information Menu (10K or more. For details see page 150. 100. To view a sample. For details. see page 149. link Displays configuration information about each port. see page 147.

Nortel Application Switch Operating System 23. and date. see page 65. Switch model name and number How long the switch has been up Time of last boot MAC address of the switch management processor Internal SSL Processor MAC Address if the switch is 2424-SSL IP address of IP interface #1 Hardware order number and part numbers of the Mainboard Hardware. Management Processor Board Hardware. general Displays general system information including: System information like time. and Fast Ethernet Board Hardware Software image file and version number Configuration name Log-in banner. January 2006 63 . day. time Displays the current time. if one is configured See page 74 for a sample output. Chapter 4: The Information Menu 320506-A. To view the menu options. See page 76 for a sample output and detailed information.0. log Displays last 64 syslog messages.2 Command Reference /info/sys System Information Menu [System Menu] snmpv3 general time log slog mgmt sonmp capacity fan temp encrypt user dump SNMPv3 Information Menu Show general system information Show date and time Show last 64 syslog messages Show last 64 syslog messages saved in FLASH Show management port information Show SONMP topology table information Show switch capacity information Show switch fan status Show switch temperature sensor status Show switch encryption licenses Show current user status Dump all system information Table 4-2 Information System Menu Options (/info/sys) Command Syntax and Usage snmpv3 Displays SNMPv3 Information Menu.

Nortel Application Switch Operating System 23. January 2006 . The output contains capacity information about Layer 2. Network Filters. Filters. OSPF. fan Displays the fan status of the switch. General switch information. sonmp Displays SONMP topology table information. RIP. See page 77 for a sample output. Layer 4-7.0. See page 80 for a sample output. See page 79 for detailed information. Health Checks. capacity gen|bwm|l2|l3|slb|port Displays the switch capacity information. 64 Chapter 4: The Information Menu 320506-A. GSLB. Route Maps. mgmt Displays Management port information. temp Displays the temperature status of the switch sensors. Layer 3. dump Displays all system information. encrypt Displays the current encryption licenses. and SNMPv3. See page 78 for detailed information.2 Command Reference Table 4-2 Information System Menu Options (/info/sys) Command Syntax and Usage slog Displays the last 64 syslog messages that are saved in flash. which includes Server Load Balancing. VRRP. This output displays the maximum switch capacity for the various applications and services that the switch supports. user Displays the current user names. Bandwidth Management. BGP. See page 84 for a sample output.

Show vacmViewTreeFamily table information access .Show targetParams table information notify . see page 66. To view a sample.Show usmUser table information view . To view a sample. [SNMPv3 Information Menu] usm .Show notify table information dump .0. mask and type of view. To view a sample. To view a sample.2 Command Reference /info/sys/snmpv3 SNMPv3 System Information Menu SNMP version 3 (SNMPv3) is an extensible SNMP Framework that supplements the SNMPv2 Framework by supporting the following: a new SNMP message format security for messages access control remote configuration of SNMP parameters For more details on the SNMPv3 architecture please refer to RFC2271 to RFC2276.Show community table information taddr . see page 68. view Displays information about view. see page 69. sub tress.Show targetAddr table information tparam . the security model. see page 69. and group name.Show all SNMPv3 information Table 4-3 SNMPv3 information Menu Options (/info/sys/snmpv3) Command Syntax and Usage usm Displays User Security Model (USM) table information. group Displays information about the group that includes. January 2006 65 . see page 67.Show vacmSecurityToGroup table information comm . To view the table. see page 70.Nortel Application Switch Operating System 23. To view a sample. user name. access Displays View-based Access Control information. comm Displays information about the community table information. taddr Displays the Target Address table information. Chapter 4: The Information Menu 320506-A.Show vacmAccess table information group .

The USM user table contains information like: the user name a security name in the form of a string whose format is independent of the Security Model an authentication protocol. NO PRIVACY 66 Chapter 4: The Information Menu 320506-A.0. To view a sample. To view a sample. usmUser Table: User Name -------------------------------admin adminmd5 adminsha v1v2only Protocol -------------------------------NO AUTH. This security model makes use of a defined set of user identities displayed in the USM user table. notify Displays the Notify table information. see page 72. DES PRIVACY NO AUTH.Nortel Application Switch Operating System 23. January 2006 .2 Command Reference Table 4-3 SNMPv3 information Menu Options (/info/sys/snmpv3) Command Syntax and Usage tparam Displays the Target parameters table information. see page 73. see page 71. NO PRIVACY HMAC_MD5. dump Displays all the SNMPv3 information. which is an indication that the messages sent on behalf of the user can be authenticated the privacy protocol. To view a sample. DES PRIVACY HMAC_SHA. /info/sys/snmpv3/usm SNMPv3 USM User Table Information The User-based Security Model (USM) in SNMPv3 provides security services such as authentication and privacy of messages.

16 1.3 1.1.2 supports DES algorithm for privacy.2 Command Reference Table 4-4 USM User Table Information Parameters (/info/sys/usm) Field User Name Protocol Description This is a string that represents the name of the user that you can use to access the switch.1. Nortel Application Switch Operating System23.18 Mask -------------Type -------included included excluded excluded excluded Table 4-5 SNMPv3 View Table Information Parameters (/info/sys/snmpv3/view) Field View Name Subtree Description Displays the name of the view.0. Displays whether a family of view subtrees is included or excluded from the MIB view.6.3.6.0.3.6. Mask Type Chapter 4: The Information Menu 320506-A. January 2006 67 . Displays the bit mask.1. Displays the MIB subtree as an OID string.3. This indicates whether messages sent on behalf of this user are protected from disclosure using a privacy protocol.6. The software also supports two authentication algorithms: MD5 and HMAC-SHA.15 1.3.3.6. View Name ----------------org v1v2only v1v2only v1v2only v1v2only Subtree -----------------1.Nortel Application Switch Operating System 23.3. /info/sys/snmpv3/view SNMPv3 View Table Information The user can control and restrict the access allowed to a group to only a subset of the management information in the management domain that the group can access within each context by specifying the group’s rights in terms of a particular MIB view for security reasons. A view subtree is the set of all MIB object instances which have a common Object Identifier prefix to their names.3 1.6.

or authPriv. January 2006 . a write-view and a notify-view.------.----------. The options are: exact and prefix.Nortel Application Switch Operating System 23. Displays the MIB view to which this entry authorizes the write access. The notify-view represents the set of object instances authorized for the group when sending a notification. The View-based Access Control Model defines a set of services that an application can use for checking access rights of a group. Displays the minimum level of security required to gain rights of access.0. Displays the Notify view to which this entry authorizes the notify access. Displays the prefix that is configured to match the values. SNMPv1. or SNMPv2 or USM. Displays the match for the contextName. authNoPriv. security information. Match ReadV WriteV NotifyV 68 Chapter 4: The Information Menu 320506-A. The write-view represents the set of object instances authorized for the group when writing objects. Group Name Prefix Model Level Match ReadV WriteV NotifyV ---------. Displays the MIB view to which this entry authorizes the read access.---------admin usm noAuthNoPriv exact org org org v1v2grp snmpv1 noAuthNoPriv exact org org v1v2only admingrp usm authPriv exact org org org Table 4-6 SNMPv3 Access Table Information (/info/sys/snmpv3/access) Field Group Name Prefix Model Level Description Displays the name of group.-----.-----.2 Command Reference /info/sys/snmpv3/access SNMPv3 Access Table Information The access control sub system provides authorization services. noAuthNoPriv. Displays the security model used. The vacmAccessTable maps a group name. and a message type. for example. This group's access rights are determined by a read-view. a context. For example. The read-view represents the set of object instances authorized for the group while reading the objects. which could be the read or write type of operation or notification into a MIB view.

Sec Model ---------snmpv1 usm usm usm User Name ------------------------------v1v2only admin adminmd5 adminsha Group Name -------------------v1v2grp admin admingrp admingrp Table 4-7 SNMPv3 Group Table Information Parameters (/info/sys/snmpv3/group) Field Sec Model User Name Group Name Description Displays the security model used.2 Command Reference /info/sys/snmpv3/group SNMPv3 Group Table Information A group is a combination of security model and security name that defines the access rights assigned to all the security names belonging to that group. /info/sys/snmpv3/comm SNMPv3 Community Table Information This command displays the community table information stored in the SNMP engine. Index Name User Name Tag ---------. January 2006 69 .-------------------. Displays the name for the group.0. SNMPv2. and SNMPv3. Displays the access name of the group. The group is identified by a group name.---------.Nortel Application Switch Operating System 23.---------trap1 public v1v2only v1v2trap Chapter 4: The Information Menu 320506-A. SNMPv1. which is any one of: USM.

25. Name Transport Addr Port Taglist Params ---------. /info/sys/snmpv3/taddr SNMPv3 Target Address Table Information This command displays the SNMPv3 target address table information.81. This tag specifies a set of transport endpoints from which a command responder application accepts management requests and to which a command responder application sends an SNMP trap. The value of this object identifies an entry in the snmpTargetParamsTable.Nortel Application Switch Operating System 23. which represents the configuration.--------------. which is stored in the SNMP engine. Displays the transport addresses. Displays the community tag. 70 Chapter 4: The Information Menu 320506-A. Displays the User Security Model (USM) user name.66 162 v1v2trap v1v2param Table 4-9 SNMPv3 Target Address Table Information Parameters (/info/sys/ snmpv3/taddr) Field Name Transport Addr Port Taglist Params Description Displays the locally arbitrary. The identified entry contains SNMP parameters to be used when generating messages to be sent to this transport address.---.---------.--------------trap1 47. but unique identifier associated with this snmpTargetAddrEntry. This column contains a list of tag values which are used to select target addresses for a particular SNMP message. Displays the SNMP UDP port number. January 2006 .0.2 Command Reference Table 4-8 SNMPv3 Community Table Parameters (/info/sys/snmpv3/comm) Field Index Name User Name Tag Description Displays the unique index value of a row in this table Displays the community string.

2 Command Reference /info/sys/snmpv3/tparam SNMPv3 Target Parameters Table Information Name MP Model --------------. Displays the level of security used when generating SNMP messages using this entry. but unique identifier associated with this snmpTargeParamsEntry.0. Displays the security model used when generating SNMP messages using this entry. Displays the securityName. which identifies the entry on whose behalf SNMP messages will be generated using this entry.Nortel Application Switch Operating System 23. January 2006 71 . The system may choose to return an inconsistentValue error if an attempt is made to set this variable to a value for a security model which the system does not support. Sec Level Chapter 4: The Information Menu 320506-A. Displays the Message Processing Model used when generating SNMP messages using this entry.-------v1v2param snmpv2c User Name -------------v1v2only Sec Model --------snmpv1 Sec Level --------noAuthNoPriv Table 4-10 SNMPv3 Target Parameters Table Information (/info/sys/snmpv3/ tparam) Field Name MP Model User Name Sec Model Description Displays the locally arbitrary.

-------------------v1v2trap v1v2trap Table 4-11 SNMPv3 Notify Table Information (/info/sys/snmpv3/notify) Field Name Tag Description The locally arbitrary. January 2006 . Any entry in the snmpTargetAddrTable that contains a tag value equal to the value of this entry.0. but unique identifier associated with this snmpNotifyEntry. This represents a single tag value which is used to select entries in the snmpTargetAddrTable. no entries are selected. is selected.Nortel Application Switch Operating System 23.2 Command Reference /info/sys/snmpv3/notify SNMPv3 Notify Table Information Name Tag -------------------. 72 Chapter 4: The Information Menu 320506-A. If this entry contains a value of zero length.

6.1. January 2006 73 .-------.6.-------------------.------- Chapter 4: The Information Menu 320506-A.------.--------------.6.18 Mask ------------ Type -------------included included excluded excluded excluded vacmSecurityToGroup Table: Sec Model User Name ---------.-----.-----.3.3. DES PRIVACY NO AUTH.--------------snmpTargetParams Table: Name MP Model User Name Sec Model Sec Level -------------------.3 v1v2only 1.------.6. DES PRIVACY HMAC_SHA.2 Command Reference /info/sys/snmpv3/dump SNMPv3 Dump Information usmUser Table: User Name -------------------------------admin adminmd5 adminsha v1v2only Protocol -------------------------------NO AUTH.---------.---.3. NO PRIVACY HMAC_MD5.3 v1v2only 1.6.-------.---------.3.-------------------snmpTargetAddr Table: Name Transport Addr Port Taglist Params ---------.--------------org 1.-----admin usm noAuthNoPriv exact org org org v1v2grp snmpv1 noAuthNoPriv exact org org v1v2only admingrp usm authPriv exact org org org vacmViewTreeFamily Table: View Name Subtree -------------------.Nortel Application Switch Operating System 23.3.15 v1v2only 1.------------------------------snmpv1 v1v2only usm admin usm adminsha Group Name ----------------------v1v2grp admin admingrp snmpCommunity Table: Index Name User Name Tag ---------.3. NO PRIVACY vacmAccess Table: Group Name Prefix Model Level Match ReadV WriteV NotifyV ---------.--------.1.6.---------.16 v1v2only 1.0.-----------------.---------snmpNotify Table: Name Tag -------------------.1.

Software Version 23.0. 2005 (DST) Time zone: America/Canada/Atlantic-Nova-Scotia (GMT offset -4:00) Alteon Application Switch 2424 Switch is up 3 days.When the measured temperature inside the switch EXCEEDs the high threshold at 62 degree Celsius a syslog message will be generated.2 Command Reference /info/sys/general General System Information On a Nortel Application Switch 2424: System Information at 6:56:53 Thu Sep 15. January 2006 .1 (FLASH image2). 2005 (reset from Telnet) Last apply: unknown Last save: 5 MAC Address: 00:01:81:2e:bc:50 IP (If 1) Address: 0.0. 11 hours.0.Nortel Application Switch Operating System 23.0 Hardware Order No: EB1412006 Serial No: ABCDE600MJ Rev: Mainboard Hardware: Part No: P314090-A Rev: Management Processor Board Hardware: Part No: P314080-A Rev: Fast Ethernet Board Hardware: Part No: P314091-A Rev: 09 00 00 00 Note . active configuration. 28 minutes and 34 seconds.0. Last boot: 18:28:09 Sun Sep 11. 74 Chapter 4: The Information Menu 320506-A.

11 hours.1 (FLASH image2). January 2006 75 .0 Internal SSL Processor MAC Address: 00:01:81:2e:bc:6f Hardware Order No: EB1412006 Serial No:ABCDE600MJ Rev: Mainboard Hardware: Part No: P314090-A Rev: Management Processor Board Hardware: Part No: P314080-A Rev: Fast Ethernet Board Hardware: Part No: P314091-A Rev: 09 00 00 00 Note .0. Last boot: 18:28:09 Sun Sep 11.0. There will be a warning from the software if any of the sensors exceeds this temperature threshold.Nortel Application Switch Operating System 23. The switch will shut down if the power supply overheats and the temperature gets to 100oC. 2005 (reset from Telnet) Last apply: unknown Last save: 5 MAC Address: 00:01:81:2e:bc:50 IP (If 1) Address: 0. Information about fan failures will also be displayed if one or more fans are not functioning. NOTE – The display of temperature will come up only if the temperature of any of the sensors exceeds 60oC. Software Version 23.When the measured temperature inside the switch EXCEEDs the high threshold at 62 degree Celsius a syslog message will be generated. 2005 (DST) Time zone: America/Canada/Atlantic-Nova-Scotia (GMT offset -4:00) Alteon Application Switch 2424-SSL Switch is up 3 days.0. Chapter 4: The Information Menu 320506-A. 28 minutes and 34 seconds. active configuration.2 Command Reference On a Nortel Application Switch 2424-SSL: System Information at 6:56:53 Thu Sep 15.0.

22.4 Nov 19 16:39:43 NOTICE mgmt: admin idle timeout from Telnet/SSH Nov 19 16:39:59 NOTICE mgmt: admin login from host 47.22.1 Nov 19 13:52:23 NOTICE ip: default gateway 47. depending on the condition that the administrator is being notified of. One of eight different prefixes is used.81.81. 2005 (DST) Time zone: America/Canada/Atlantic-Nova-Scotia DST on first Sunday of April at 02:00 DST off last Sunday of October at 02:00 /info/sys/log Show Last 64 Syslog Messages Date Time Criticality level Message Nov 19 12:16:51 ALERT stp: STG 1. January 2006 . EMERG: indicates the system is unusable ALERT: Indicates action should be taken immediately 76 Chapter 4: The Information Menu 320506-A.27.80.1 enabled Nov 19 14:21:27 ALERT ip: cannot contact default gateway 47.22.1 operational Nov 19 13:52:23 NOTICE ip: default gateway 47.80.27.80.80. as shown below. included in text form as a prefix to the log message.1 Nov 19 14:21:47 NOTICE ip: default gateway 47.81.22.22.80.27.4 Nov 19 14:44:02 NOTICE mgmt: admin idle timeout from Telnet/SSH Nov 19 16:15:06 INFO mgmt: new configuration applied Nov 19 16:15:20 INFO mgmt: new configuration saved Nov 19 16:18:44 INFO mgmt: new configuration applied Nov 19 16:19:37 ERROR mgmt: Error: Apply not done Nov 19 16:19:57 INFO mgmt: new configuration applied Nov 19 16:34:35 NOTICE mgmt: admin login from host 47.1 operational Nov 19 14:21:47 NOTICE ip: default gateway 47.81.1 enabled Nov 19 14:38:55 NOTICE mgmt: admin login from host 47.80.4 Nov 19 16:54:13 NOTICE mgmt: admin idle timeout from Telnet/SSH Nov 19 17:20:37 NOTICE mgmt: admin login from host 47.2 Command Reference /info/sys/time Show System Time >> Main# /info/sys/time 12:52:49 Fri Jul 8. new root bridge Nov 19 13:52:03 ALERT ip: cannot contact default gateway 47.Nortel Application Switch Operating System 23.0.81.49 Nov 19 17:31:53 NOTICE mgmt: admin idle timeout from Telnet/SSH Each syslog message has a criticality level associated with it.22.25.27.4 Nov 19 17:26:21 NOTICE mgmt: admin login from host 47.

12 switch reset from CLI Chapter 4: The Information Menu 320506-A.80.Nortel Application Switch Operating System 23.1 Aug 20 13:58:33 NOTICE 47.80.25.22.12 admin idle timeout from Telnet/SSH admin login from host 47.81.25.80.1 operational Aug 20 13:58:23 ALERT gateway 47.2 Command Reference CRIT: Indicates critical conditions ERR: indicates error conditions or error operations WARNING: indicates warning conditions NOTICE: indicates a normal but significant condition INFO: indicates an information message DEBUG: indicates a debut-level message /info/sys/slog Last 64 Saved Syslog Messages Aug 20 13:54:21 NOTICE 47.12 admin idle timeout from Telnet/SSH admin login from host 47.22.81.1 operational Aug 20 13:57:53 ALERT gateway 47.22.80. January 2006 77 .1 operational Aug 24 14:43:43 NOTICE Aug 24 14:49:50 NOTICE Aug 24 14:51:38 NOTICE Aug 24 14:57:30 NOTICE Aug 24 15:05:54 NOTICE Aug 24 15:11:40 NOTICE Aug 24 16:00:40 NOTICE Aug 24 16:00:52 NOTICE ip: management port default gateway ip: cannot contact management port default ip: management port default gateway ip: cannot contact management port default ip: management port default gateway mgmt: mgmt: mgmt: mgmt: mgmt: mgmt: mgmt: mgmt: admin login from host 47.22.22.80.81.25.25.1 Aug 20 13:57:57 NOTICE 47.81.0.12 admin idle timeout from Telnet/SSH admin login from host 47.

22.254. January 2006 .0 Gateway information: 47.251 255.80.Nortel Application Switch Operating System 23. 78 Chapter 4: The Information Menu 320506-A.255.2 Command Reference /info/sys/mgmt Management Port Information Speed ----100 Duplex -----full Link ---up MAC address: 00:01:81:2e:a4:8d Interface information: 47.255 Use this command to display Management port information on an Nortel Application Switch including: Port speed (10/100) Duplex mode (half. or auto) Link (Up or down) MAC Address of the system IP address of the Interface IP address of the gateway.23.80. any.1 47.0.23. full.80.

This is the IP address of the sender of the topology message. The current state of the sender of the topology message.25 260 47.e. SONMP protocol is enabled on Nortel Application Switches using the /cfg/sys/ sonmp on command.80.0.2 Command Reference /info/sys/sonmp SONMP Information This command displays the SynOptics Network Management Protocol (SONMP) topology table. Mac Address Chassis Type Local Seg State Chapter 4: The Information Menu 320506-A. Slot Port ----0 /0 1 /11 1 /11 1 /11 1 /11 1 /11 Seg Id --------------.10.1 770 47. The “segment identifier” of the segment from which the remote agent send the topology message.Nortel Application Switch Operating System 23.When SONMP is enabled. the values are: topChanged—topology information has recently changed heartbeat—topology information unchanged.80.----Alteon2224 true topChanged Passport1200 true heartbeat Passport8610 true heartbeat Passport8610 true heartbeat AlteonAD4 true topChanged Alteon184 true topChanged Chassis Type Table 4-12 SONMP Information Parameters Description Parameter Slot Port IP Address Seg ID Description Specifies the slot and port on which the topology message was received.23.241 257 50.80. The MAC address of the sender of the topology message.1 263 IP address MAC address ----------------00:01:81:2e:a3:60 00:e0:16:7c:28:24 00:60:cf:81:54:28 00:60:cf:81:54:38 00:60:cf:43:a2:10 00:60:cf:46:d5:60 Local State Seg -----------------.22. The IP address of the device is written into the hello packets.23.23. As the network devices exchange information.--47.247 0 47.23. The chassis type of the device that sent the topology message. Different devices may use different methods for representing the segment identifier. devices on the network exchange multicast packets namely: flatnet hellos and segment hellos. new—sending agent is in new state.10. January 2006 79 . and is necessary so that a Nortel Application Switch can be discovered by the Nortel Enterprise Switch Manager.80. not across a bridge) as the reporting agent.----.25 259 47. Indicates if the sender of the topology message is on the same Ethernet segment (i. a topology table is built like the one shown below.80.

0. 80 Chapter 4: The Information Menu 320506-A. Maximum LAYER 2 FDB FDB per SP VLANs Static Trunk Groups LACP Trunk Groups Trunks per Trunk Group Spanning Tree Groups Port Teams Monitor Ports LAYER 3 IP Interfaces IP Gateways IP Routes Static Routes ARP Entries Static ARP Entries Local Nets DNS Servers BOOTP Servers RIP Interfaces OSPF OSPF OSPF OSPF OSPF LSDB Interfaces Areas Summary Ranges Virtual Links Hosts Limit 16384 8192 1024 12 28 8 16 8 1 Current(Enabled) 54 1(1) 0(0) 16(1) 8(0) 256 4+255 4096 128 8192 128 5 2 2 256 256 3 16 3 128 12288 1(1) 1+0(1+0) 7 0 5 0 0 0 0 0 0(0) 0(0) 0(0) 0(0) 0(0) Continued..Nortel Application Switch Operating System 23.. January 2006 .2 Command Reference /info/sys/capacity System Capacity Information The following sample output from an Nortel Application Switch 2424 displays the maximum and currently enabled switch capacity for various services and applications from Layer 2-7.

0. Chapter 4: The Information Menu 320506-A..PORTS Port # Client Server 2048 1024 64 5 1024 1048550 64 64 8 0(0) 0 0 0 1 0 0(0) Filter RTS Continued.2 Command Reference BGP Peers BGP Route Aggregators Route Maps Network Filters AS Filters VRRP Routers VRRP Router Groups VRRP Interfaces SLB (LAYER 4-7) Real Servers Server Groups Virtual Servers Virtual Services Real Services Real IDS Servers IDS Server Groups Global Global Global Global Global Global Global Global Global Global Global SLB SLB SLB SLB SLB SLB SLB SLB SLB SLB SLB Domains Services Local Servers Remote Servers Remote Sites Failovers per Remote Site Networks Geographical Regions Rules Metrics Per Rule DNS Persistence Cache Entries 16 16 32 256 8 1024 16 256 0(0) 0(0) 0(0) 0(0) 0(0) 0(0) 0 1024 1024 1024 1024 8192 62 63 1024 8192 1024 1024 64 2 128 7 128 8 100000 0(0) 0 0(0) 0(0) 0(0) 0(0) 0(0) 0(0) 2(2) 0(0) 7(7) 0(1) 8(8) 100000(100000) Filters PIPs Scriptable Health Checks SNMP Health Checks Rules for URL Parsing SLB Sessions Number of Rports to Vport Domain Records Mapping Per Domain Record LAYER 4 ..Nortel Application Switch Operating System 23. January 2006 81 .

January 2006 .2 Command Reference BWM Policies Contracts Groups Contracts per Group Time Policies per Contract Security Configuration source IP ACLs Bogon source IP ACLs Operations source IP ACLs Total source IP ACLs Configuration destination IP ACLs Operations destination IP ACLs Total destination IP ACLs IP DoS attacks prevention TCP DoS attacks prevention UDP DoS attacks prevention ICMP DoS attacks prevention IGMP DoS attacks prevention ARP DoS attacks prevention IPv6 DoS attacks prevention Total DoS attacks prevention UDP ports for UDP blast protection GENERAL Syslog hosts RADIUS servers NTP servers SMTP hosts Mnet/Mmask End Users Panic Dumps MP memory SP memory SNMPv3 SNMPv3 SNMPv3 SNMPv3 SNMPv3 Users Views Access Groups Target Address Entries Target Params Entries 512 1024 32 8 2 0 1(1) 0 5120 8192 1024 14340 1024 1024 2052 17 18 6 5 3 5 2 56 5000 0 0 0 0 0 0 0 2 2 1 1 5 10 2 128M 128M 16 128 32 16 16 0 0 0 1 0 3 5 2 0 0 82 Chapter 4: The Information Menu 320506-A.0.Nortel Application Switch Operating System 23.

/info/sys/temp Show switch temperature sensor status >> System# temp Temperature OK.0. use "diff" to see them.2 Command Reference /info/sys/fan Show switch fan status >> System# fan Fans OK. /info/sys/encrypt Show encryption licenses AOS contains the following encryption licenses: BLOWFISH DES & 3DES MD5 RC4 SHA-1 /info/sys/user Show current user status Usernames: user slboper l4oper oper slbadmin l4admin admin enabled disabled disabled disabled disabled disabled Always Enabled Note: there are pending config changes. Current User ID table: Chapter 4: The Information Menu 320506-A.Nortel Application Switch Operating System 23. January 2006 83 .

1 (FLASH image2).When the measured temperature inside the switch EXCEEDs the high threshold at 62 degree Celsius a syslog message will be generated.0.168.3 admin connection closed from Telnet/SSH admin idle timeout from Telnet/SSH admin login from host 192.2 Command Reference /info/sys/dump System Information Dump System Information at 7:02:06 Thu Sep 15.0.0. cannot contact reporting admin login from host 192. 2005 (DST) Time zone: America/Canada/Atlantic-Nova-Scotia (GMT offset -4:00) Alteon Application Switch 2424-SSL Switch is up 3 days.Nortel Application Switch Operating System 23. 11 hours.0.3 admin connection closed from Telnet/SSH admin login from host 192. 2005 (reset from Telnet) Last apply: unknown Last save: 5 MAC Address: 00:01:81:2e:bc:50 IP (If 1) Address: 0.3 admin connection closed from Telnet/SSH admin login from host 192. .0.3 admin login from host 192. Last 64 syslog messages: Sep 12 10:42:19 NOTICE mgmt: Sep 12 11:03:13 NOTICE mgmt: Sep 12 11:27:48 NOTICE mgmt: Sep 12 11:54:07 NOTICE mgmt: Sep 12 12:19:01 ERROR mgmt: Sep 12 13:57:54 NOTICE mgmt: Sep 12 14:02:58 NOTICE mgmt: Sep 12 14:07:27 NOTICE mgmt: Sep 12 14:10:03 NOTICE mgmt: Sep 12 14:19:44 NOTICE mgmt: Sep 12 14:59:20 NOTICE mgmt: Sep 12 15:08:06 NOTICE mgmt: Sep 12 15:09:43 NOTICE mgmt: Sep 12 15:15:08 NOTICE mgmt: Sep 12 15:15:32 NOTICE mgmt: Sep 12 15:58:30 NOTICE mgmt: Sep 12 16:00:02 NOTICE mgmt: Sep 12 17:56:01 ERROR mgmt: Sep 12 23:33:01 ERROR mgmt: Sep 13 5:10:01 ERROR mgmt: Sep 13 10:47:01 ERROR mgmt: Continued .3 admin connection closed from Telnet/SSH tcp open error. cannot contact reporting tcp open error.3 admin connection closed from Telnet/SSH admin login from host 192. active configuration.168. cannot contact reporting tcp open error. January 2006 .0. cannot contact reporting tcp open error.0.0.0. 33 minutes and 48 seconds. admin login from host 192.3 admin connection closed from Telnet/SSH admin login from host 192.0.168.3 admin connection closed from Telnet/SSH tcp open error.0 Internal SSL Processor MAC Address: 00:01:81:2e:bc:6f Hardware Order No: EB1412006 Serial No: ABCDE600MJ Rev: Mainboard Hardware: Part No: P314090-A Rev: Management Processor Board Hardware: Part No: P314080-A Rev: Fast Ethernet Board Hardware: Part No: P314091-A Rev: 09 00 00 00 Note .0.168. Software Version 23. .168.168.168.168.0. Last boot: 18:28:09 Sun Sep 11. cannot contact reporting server server server server server 84 Chapter 4: The Information Menu 320506-A.

168.168.0. cannot contact reporting server ERROR mgmt: tcp open error. cannot contact reporting server NOTICE mgmt: admin login from host 192.168.168.168.168.0.168.0.3 NOTICE mgmt: admin connection closed from Telnet/SSH NOTICE mgmt: admin login from host 192.3 ERROR mgmt: tcp open error.0. .0. cannot contact reporting server NOTICE mgmt: admin login from host 192.3 Continued .0.168.3 NOTICE mgmt: admin connection closed from Telnet/SSH NOTICE mgmt: admin login from host 192.3 NOTICE mgmt: admin connection closed from Telnet/SSH NOTICE mgmt: admin login from host 192.0.0.3 NOTICE mgmt: admin connection closed from Telnet/SSH NOTICE mgmt: admin login from host 192. cannot contact reporting server ERROR mgmt: tcp open error.0.168. cannot contact reporting server ERROR mgmt: tcp open error.3 NOTICE mgmt: admin idle timeout from Telnet/SSH ERROR mgmt: tcp open error.0.168.168.3 NOTICE mgmt: admin connection closed from Telnet/SSH NOTICE mgmt: admin login from host 192.3 NOTICE mgmt: admin connection closed from Telnet/SSH NOTICE mgmt: admin login from host 192.0. cannot contact reporting server NOTICE mgmt: admin login from host 192.0.3 NOTICE mgmt: admin connection closed from Telnet/SSH NOTICE mgmt: admin login from host 192.3 NOTICE mgmt: admin connection closed from Telnet/SSH NOTICE mgmt: admin login from host 192.168.0.168. January 2006 85 .3 NOTICE mgmt: admin connection closed from Telnet/SSH NOTICE mgmt: admin login from host 192.0. Chapter 4: The Information Menu 320506-A.0.0. cannot contact reporting server NOTICE mgmt: admin connection closed from Telnet/SSH NOTICE mgmt: admin login from host 192. .3 NOTICE mgmt: admin connection closed from Telnet/SSH ERROR mgmt: tcp open error.3 NOTICE mgmt: admin connection closed from Telnet/SSH NOTICE mgmt: admin login from host 192.168.3 ERROR cli: Error: VLAN 5 doesn't exist.168.2 Command Reference Sep Sep Sep Sep Sep Sep (5) Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep Sep 13 16:24:00 13 22:01:00 14 3:38:00 14 9:15:00 14 10:23:04 14 10:23:05 needs to be 14 10:23:05 14 10:23:05 14 10:24:45 14 11:30:36 14 11:35:25 14 11:35:40 14 11:39:37 14 11:49:12 14 11:58:20 14 13:41:54 14 13:46:18 14 14:37:07 14 14:52:00 14 14:58:57 14 16:09:44 14 16:20:44 14 16:24:58 14 16:30:51 14 16:48:16 14 16:50:34 14 16:57:47 14 16:57:55 14 17:00:02 14 17:04:59 14 17:05:49 14 17:06:05 14 19:54:04 14 20:00:22 14 20:01:47 14 20:22:49 14 20:23:10 14 20:23:55 14 20:29:00 14 20:40:41 14 21:43:51 15 2:06:00 15 6:56:45 ERROR mgmt: tcp open error.0.0.3 NOTICE mgmt: admin connection closed from Telnet/SSH NOTICE mgmt: admin login from host 192.Nortel Application Switch Operating System 23. the PVID for port 1 changed ERROR cli: Error: PVID 5 for port 1 is not created ERROR mgmt: Error: Apply not done NOTICE mgmt: admin connection closed from Telnet/SSH NOTICE mgmt: admin login from host 192.3 NOTICE mgmt: admin connection closed from Telnet/SSH NOTICE mgmt: admin login from host 192.168.168.

img'.168.10.3 Sep 8 11:58:21 NOTICE mgmt: admin connection closed from Telnet/SSH Sep 8 13:11:00 ERROR mgmt: tcp open error.0.3 Sep 9 16:00:13 NOTICE mgmt: admin connection closed from Telnet/SSH Sep 9 17:16:03 ERROR mgmt: tcp open error.3 Sep 9 9:23:27 NOTICE mgmt: admin connection closed from Telnet/SSH Sep 9 10:32:10 NOTICE mgmt: admin login from host 192.168. Sep 11 19:26:52 NOTICE mgmt: switch reset from CLI Continued . Sep 9 16:00:10 NOTICE mgmt: admin login from host 192. cannot contact reporting server Sep 8 15:31:08 NOTICE mgmt: admin login from host 192.0.3 Sep 9 13:37:53 NOTICE mgmt: admin connection closed from Telnet/SSH Sep 9 13:38:07 NOTICE mgmt: Failed login attempt via BBI.0. January 2006 .0. cannot contact reporting server Sep 10 10:07:03 ERROR mgmt: tcp open error.0. login since 10:56:59 Sep 8 10:58:33 INFO mgmt: new configuration saved Sep 8 10:58:44 NOTICE mgmt: admin connection closed from Telnet/SSH Sep 8 11:09:21 NOTICE mgmt: admin login from host 192.3.3 Sep 8 15:31:21 NOTICE mgmt: admin connection closed from Telnet/SSH Sep 8 18:48:00 ERROR mgmt: tcp open error.168.237 Sep 11 19:21:48 NOTICE mgmt: admin login from host 192.0. .0.168. Sep 9 13:38:22 NOTICE mgmt: Failed login attempt via BBI.168. cannot contact reporting server Sep 9 13:37:24 NOTICE mgmt: admin login from host 192.1.249. cannot contact reporting server Sep 11 14:12:03 ERROR mgmt: tcp open error. 86 Chapter 4: The Information Menu 320506-A.168.3 Sep 8 10:57:42 ERROR cli: Error: IP interface 2 has no IP address configured Sep 8 10:57:42 ERROR mgmt: Error: Apply not done Sep 8 10:58:19 INFO mgmt: new configuration applied Sep 8 10:58:20 INFO mgmt: Operational change made by Admin from Telnet:192.168. cannot contact reporting server Sep 10 21:21:03 ERROR mgmt: tcp open error.3 Sep 8 10:48:43 NOTICE mgmt: admin connection closed from Telnet/SSH Sep 8 10:49:32 NOTICE mgmt: admin login from host 192. cannot contact reporting server Sep 9 6:02:04 ERROR mgmt: tcp open error.0.0.0.168. cannot contact reporting server Sep 9 0:25:00 ERROR mgmt: tcp open error. software version 23. cannot contact reporting server Sep 9 9:15:45 NOTICE mgmt: admin login from host 192. cannot contact reporting server Sep 11 8:35:03 ERROR mgmt: tcp open error.0-2000-AlteonOS.3 Sep 9 10:33:40 NOTICE mgmt: admin connection closed from Telnet/SSH Sep 9 11:39:03 ERROR mgmt: tcp open error.168.Nortel Application Switch Operating System 23.0. cannot contact reporting server Sep 11 2:58:03 ERROR mgmt: tcp open error.0. cannot contact reporting server Sep 11 19:21:27 NOTICE mgmt: Failed login attempt via TELNET from host 192. cannot contact reporting server Sep 10 15:44:03 ERROR mgmt: tcp open error.0.3 Sep 8 10:50:18 NOTICE mgmt: admin connection closed from Telnet/SSH Sep 8 10:57:59 NOTICE mgmt: admin login from host 192.1 Sep 11 19:26:39 NOTICE mgmt: Next boot will use new image2. cannot contact reporting server Sep 10 4:30:03 ERROR mgmt: tcp open error.3 Sep 11 19:25:08 INFO mgmt: image2 downloaded from host 192. file 'AAS-23. .2 Command Reference Last 64 syslog messages saved in FLASH: Sep 8 10:44:06 NOTICE mgmt: admin login from host 192.0.0.168.168.168.168. cannot contact reporting server Sep 9 22:53:03 ERROR mgmt: tcp open error.

168.6.3.-----------------------------iso 1 v1v2only 1 v1v2only 1.3.0 Gateway information: 192.1.6.6.16 v1v2only 1.0.255.------------------------------snmpv1 v1v2only usm adminmd5 usm adminsha Continued . NO PRIVACY Level -----------noAuthNoPriv authPriv Match -----exact exact ReadV ---------iso iso WriteV ---------iso iso NotifyV -------v1v2only iso vacmViewTreeFamily Table: View Name Subtree -------------------.6.3.1 192.0. DES PRIVACY HMAC_SHA.168.------v1v2grp snmpv1 admingrp usm Protocol -------------------------------HMAC_MD5.3.18 vacmSecurityToGroup Table: Sec Model User Name ---------.6. . January 2006 87 .255.255 Engine ID = 80:00:07:50:03:00:01:81:2E:BC:50 usmUser Table: User Name -------------------------------adminmd5 adminsha v1v2only vacmAccess Table: Group Name Prefix Model ---------.-----.15 v1v2only 1.168.1.3.0. Mask -------------- Type -----included included excluded excluded excluded Group Name ------------------------------v1v2grp admingrp admingrp Chapter 4: The Information Menu 320506-A.0.13 255.2 Command Reference Management port information: Speed ----100 Duplex -----half Link ---up MAC address: 00:03:24:6e:bd:3d Interface information: 192.Nortel Application Switch Operating System 23.1.6. . DES PRIVACY NO AUTH.3.

------- 88 Chapter 4: The Information Menu 320506-A.--------------. January 2006 .-------.-------------------.----.Nortel Application Switch Operating System 23.2 Command Reference snmpCommunity Table: Index Name User Name Tag ---------.---------.---------snmpNotify Table: Name Tag -------------------.--------------snmpTargetParams Table: Name MP Model User Name Sec Model Sec Level -------------------.--------.---.----------------.---------.-------------------snmpTargetAddr Table: Name Transport Addr Port Taglist Params ---------.----------------.--------------.-------------------.0.--------Slot IP address Seg MAC address Chassis Type Local State Port Id Seg ----.---.

stg <STG index to display or carriage return for all STGs> In addition to seeing if Spanning Tree Protocol is enabled or disabled.0. trunk When trunk groups are configured. see page 96. you can view the state of each port in the various trunk groups. cist Display the CIST information. lacp Displays Link Aggregation Control Protocol Information Menu.Nortel Application Switch Operating System 23. see page 90. see page 93. For details. January 2006 89 .2 Command Reference /info/l2 Layer 2 Information Menu [Layer 2 Menu] fdb lacp stg cist trunk vlan team dump Forwarding Database Information Menu Link Aggregation Control Protocol Menu Show STG information Show CIST information Show Trunk Group information Show VLAN information Show port team information Dump all layer 2 information Table 4-13 Layer 2 Information Menu Options Command Syntax and Usage fdb Displays the Forwarding Database Information Menu. Chapter 4: The Information Menu 320506-A. For details. For details. you can view the following STP bridge information: Priority Hello interval Maximum age value Forwarding delay Aging time You can also see the following port-specific STP information: Port number and priority Cost State For details. see page 102.

0.2 Command Reference Table 4-13 Layer 2 Information Menu Options Command Syntax and Usage vlan <VLAN number to display or carriage return to display all VLANs> Displays VLAN configuration information.Show a single FDB entry by MAC address port . January 2006 . dump Displays all Layer 2 information.Show FDB entries referenced by a single SP dump . /info/l2/fdb Layer 2 FDB Information The forwarding database (FDB) contains information that maps the media access control (MAC) address of each known device to the switch port where the device address was learned. [Forwarding Database Menu] find . The FDB also shows which other ports have seen frames destined for a particular MAC address.Show all FDB entries 90 Chapter 4: The Information Menu 320506-A.Show FDB entries on a single VLAN refpt .Show FDB entries on a single port trunk . including: VLAN Number VLAN Name Status Port membership of the VLAN For details. team Show port team information.Show FDB entries on a single trunk vlan . see page 103.Nortel Application Switch Operating System 23.

port <port number.2 Command Reference NOTE – The master forwarding database supports up to 16K MAC address entries on the MP per switch. Chapter 4: The Information Menu 320506-A. vlan <VLAN number (1-4090)> Displays all FDB entries on a single VLAN.0. dump Displays all entries in the Forwarding Database. refpt <SP number (1-4)> Displays the FDB entries referenced by a single port. Table 4-14 Layer 2 FDB Information Menu Options (/info/l2/fdb) Command Syntax and Usage find <MAC address> [<VLAN>] Displays a single database entry by its MAC address. 080020123456. For example.Nortel Application Switch Operating System 23. You are prompted to enter the MAC address of the device. Each SP supports up to 8K entries. For example. Enter the MAC address using the format. 08:00:20:12:34:56. see page 92. For more information. xx:xx:xx:xx:xx:xx. trunk <trunk group number> Displays all FDB entries on a single trunk. 0 for "unknown"> Displays all FDB entries for a particular port. January 2006 91 . xxxxxxxxxxxx. You can also enter the MAC address using the format.

the port field represents the trunk group number. no outbound port is indicated. but has only been seen as a destination address. means that it has been learned by the switch.---.0. If the state is listed as a virtual server (VIP). Clearing Entries from the Forwarding Database To delete a MAC address from the forwarding database (FDB) or to clear the entire FDB. refer to “Forwarding Database Options” on page 522.-------------. January 2006 .------------00:02:01:00:00:00 300 23 FWD 1 2 1 23 00:02:01:00:00:01 300 23 FWD 1 2 1 23 00:02:01:00:00:02 300 23 FWD 1 2 1 23 00:02:01:00:00:03 300 23 FWD 1 2 1 23 00:02:01:00:00:04 300 23 FWD 1 2 1 23 00:02:01:00:00:05 300 23 FWD 1 2 1 23 00:02:01:00:00:06 300 23 FWD 1 2 1 23 00:02:01:00:00:07 300 23 FWD 1 2 1 23 00:02:01:00:00:08 300 23 FWD 1 2 1 23 00:02:01:00:00:09 300 23 FWD 1 2 1 23 00:02:01:00:00:0a 300 23 FWD 1 2 1 23 00:02:01:00:00:0b 300 23 FWD 1 2 1 23 00:02:01:00:00:0c 300 23 FWD 1 2 1 23 An address that is in the forwarding (FWD) state. If the state for the port is listed as unknown (UNK). the MAC address is for a virtual server router—a virtual router with the same IP address as a virtual server. When in the trunking (TRK) state. although ports which reference the address as a destination will be listed under “Reference ports.---.” If the state for the port is listed as an interface (IF).----. When an address is in the unknown state. 92 Chapter 4: The Information Menu 320506-A.Nortel Application Switch Operating System 23. the MAC address is for a standard VRRP virtual router.2 Command Reference /info/l2/fdb/dump Show All FDB Information MAC address VLAN Port State Referenced SPs Referenced ports ----------------. the MAC address has not yet been learned by the switch.

Show LACP port information . Use this command to verify the state of ports in an LACP trunk group. [LACP Menu] aggr port dump .Show LACP aggregator information for the port .0. To view a sample output. dump Displays LACP information of all the ports. see page 96.Show all LACP ports information Table 4-15 Link Aggregation Control Protocol Information Menu Options (/info/ lacp) Command Syntax and Usage aggr <aggregator index 1 to max num ports> Displays information an LACP aggregator. Chapter 4: The Information Menu 320506-A.Nortel Application Switch Operating System 23. port <port index 1 to max num ports> Displays information of an LACP port. January 2006 93 .2 Command Reference /info/l2/lacp Link Aggregation Control Protocol Information Menu The following menu options display the Link Aggregation Control Protocol (LACP) information on the Nortel Application Switch Operating System.

00:0d:29:e3:4a:00 Partner Oper Key .1 ready .Nortel Application Switch Operating System 23.TRUE Number of Ports in aggr .2 Command Reference /info/lacp/aggr LACP Aggregator Information Aggregator Id 1 ---------------------------------------------MAC address .FALSE Actor Admin Key .10 index 0 port 1 index 1 port 2 index 2 port 3 index 3 port 4 index 4 port 5 index 5 port 6 index 6 port 7 index 7 port 8 index 8 port 9 index 9 port 10 94 Chapter 4: The Information Menu 320506-A.0. January 2006 .00:01:81:2e:a1:d1 Actor System Priority .00:01:81:2e:a1:b0 Individual .32768 Actor System ID .300 Actor Oper Key .300 Partner System Priority .32768 Partner System ID .

January 2006 95 .2 Command Reference /info/lacp/port LACP Port Information port 1 ---------------------------------------------lacp_enabled .0.TRUE lacp_admin_enabled .0x0 Long FALSE FALSE Aggregation: Distributing: TRUE FALSE Long Aggregation: TRUE Distributing: FALSE TRUE TRUE Continued Chapter 4: The Information Menu 320506-A.TRUE Actor Actor Actor Actor Actor Actor System ID System Priority Admin Key Oper Key Port Number Port Priority Admin System Priority Oper System Priority Admin System ID Oper System ID Admin Key Oper Key Admin Port Number Admin Port Priority Oper Port Number Oper Port Priority 00:01:81:2e:a1:b0 32768 300 300 1 32768 0 32768 00:00:00:00:00:00 00:0d:29:e3:4a:00 0 1 0 0 4 32768 Partner Partner Partner Partner Partner Partner Partner Partner Partner Partner Actor Admin Port state Activity: Active Timeout: Synchronization:FALSE Collecting: Defaulted: FALSE Expired: Actor Oper Port state Activity: Active Timeout: Synchronization:TRUE Collecting: Defaulted: FALSE Expired: Partner Admin Port state Partner Oper Port state .Nortel Application Switch Operating System 23.

LACP_PERIODIC_NO_STATE 96 Chapter 4: The Information Menu 320506-A.LACP_RX_INIT_STATE .2 Command Reference Individual .0.Unselcted port_moved .FALSE Collection and Distribution state turned ON! Rx machine state Mux machine state Periodic machine state . January 2006 .Nortel Application Switch Operating System 23.TRUE Selected Aggregator ID .FALSE selected .0 Attached Aggregator ID .0 ready_n .FALSE ntt .LACP_MUX_DETACHED_STATE .

January 2006 97 .Nortel Application Switch Operating System 23.2 Command Reference /info/lacp/dump LACP Dump Information port attached trunk aggr ------------------------------------------------------------------1 active 300 300 y 32768 1 13 2 active 300 300 y 32768 1 13 3 active 300 300 y 32768 1 13 4 active 300 300 y 32768 1 13 5 active 300 300 y 32768 1 13 6 active 300 300 y 32768 1 13 7 active 300 300 y 32768 1 13 8 active 300 300 y 32768 1 13 9 active 300 300 n 32768 --10 active 300 300 n 32768 --11 active 300 300 n 32768 --12 active 300 300 n 32768 --13 active 300 300 n 32768 --14 off 14 14 n 32768 --15 off 15 15 n 32768 --16 off 16 16 n 32768 --17 off 17 17 n 32768 --18 off 18 18 n 32768 --19 off 19 19 n 32768 --20 off 20 20 n 32768 --21 off 21 21 n 32768 --22 off 22 22 n 32768 --23 off 23 23 n 32768 --24 off 24 24 n 32768 --25 off 25 25 n 32768 --26 off 26 26 n 32768 --27 off 27 27 n 32768 --28 off 28 28 n 32768 --lacp adminkey operkey selected prio Chapter 4: The Information Menu 320506-A.0.

------- 8000-00:01:81:2e:a1:80 32773 The switch software uses the IEEE 802. Spanning Tree Protocol (STP) configures the network so that a switch uses only the most efficient path. In addition to seeing if STP is enabled or disabled.2 Command Reference /info/l2/stg Layer 2 Spanning Tree Group Information When multiple paths exist on a network. you can view the following STP bridge information: Priority Hello interval Maximum age value Forwarding delay Aging time 98 Chapter 4: The Information Menu 320506-A. January 2006 .0. Spanning Tree Group 1: On Current Root: 8000 00:01:81:2e:a1:80 Parameters: Priority 32768 Cost ---0 0 0 0 5 0 0 0 0 0 0 Path-Cost 0 Port Hello MaxAge FwdDel Aging 0 2 20 15 300 FwdDel 15 Aging 300 Hello 2 MaxAge 20 Port ----1 2 3 4 5 6 7 8 9 10 11 Priority -------128 128 128 128 128 128 128 128 128 128 128 State ---------DISABLED DISABLED DISABLED DISABLED FORWARDING DISABLED DISABLED DISABLED DISABLED DISABLED DISABLED Designated Bridge Des Port ---------------------.1d Spanning Tree Protocol (STP).2 supports up to 16 multiple Spanning Tress or Spanning Tree Groups.0. NOTE – Nortel Application Switch Operating System 23.Nortel Application Switch Operating System 23.

The state field shows the current state of the port. the maximum time the bridge waits without receiving a configuration bridge protocol data unit before it reconfigure the STP network. The aging time parameter specifies. FORWARDING. A setting of 0 indicates that the cost will be set to the appropriate default after the link speed has been auto negotiated. Any bridge that is not the root bridge uses the root bridge hello value. LISTENING. the lower the path cost. The state field can be either BLOCKING. in seconds. in seconds. LEARNING. The port path cost parameter is used to help determine the designated port for a segment.2 Command Reference You can also see the following port-specific STP information: Port number and priority Cost State Designated Bridge Designated Port The following table describes the STP parameters. In a network topology that has multiple bridge ports connected to a single segment. in seconds. the amount of time that a bridge port has to wait before it changes from learning state to forwarding state.Nortel Application Switch Operating System 23. January 2006 99 . the amount of time the bridge waits without receiving a packet from a station before removing the station from the Forwarding Database. how often the root bridge transmits a configuration bridge protocol data unit (BPDU). or DISABLED. Table 4-16 Spanning Tree Parameter Descriptions Parameter Priority (bridge) Hello Description The bridge priority parameter controls which bridge on the network will become the STP root bridge. the faster the port. The forward delay parameter specifies.0. the port with the lowest port priority becomes the designated port for the segment. The hello time parameter specifies. The maximum age parameter specifies. MaxAge FwdDel Aging priority (port) Cost State Chapter 4: The Information Menu 320506-A. The port priority parameter helps determine which bridge port becomes the designated port. in seconds. Generally speaking.

For example. Designated port 100 Chapter 4: The Information Menu 320506-A.0. The designated port identifies a physical port. January 2006 .2 Command Reference Table 4-16 Spanning Tree Parameter Descriptions (Continued) Parameter Designated Bridge Description The designated bridge resides closest to the root bridge and is responsible for forwarding packets from LAN towards the root bridge. This is a number that is the numerical sum of bridge priority and the actual physical port number.Nortel Application Switch Operating System 23. This bridge is displayed as character string starting with the bridge priority (1-65535) followed by a hyphen and six byte MAC address of that switch. a physical port number four with bridge priority 32768 will be displayed as 32678+4=32772.

----. . January 2006 101 . -----------------------------------------------------------------Common Internal Spanning Tree: VLANs: 1 4-4094 Path-Cost 0 Path-Cost 0 Port MaxAge FwdDel 0 20 15 Current Root: 8000 00:01:81:2e:bc:50 Cist Regional Root: 8000 00:01:81:2e:bc:50 Parameters: Priority MaxAge FwdDel Hops 32768 20 15 20 Port Prio Cost State Role Designated Bridge Des Port Hello Type ----.----. 18 128 20000 DSB 19 128 20000 DSB 20 128 20000 DSB 21 128 20000 DSB 22 128 20000 DSB 23 128 20000 DSB 24 128 20000 DSB 25 128 20000 DSB 26 128 20000 DSB 27 128 20000 DSB 28 128 20000 DSB sslpro 128 20000 DISC DESG 8000-00:01:81:2e:bc:50 801d 2 Shared Chapter 4: The Information Menu 320506-A.---.0. .-------.--------.2 supports up to 16 multiple Spanning Tress or Spanning Tree Groups.---------------------.---1 128 20000 DSB 2 128 20000 DSB 3 128 20000 DSB 4 128 20000 DSB 5 128 20000 DSB 6 128 20000 DSB 7 128 20000 DSB .Nortel Application Switch Operating System 23.2 Command Reference /info/l2/cist Show common internal spanning tree (CIST) information NOTE – Nortel Application Switch Operating System 23.---.0.

port state: 1: STG 1 forwarding 2: STG 1 forwarding NOTE – If Spanning Tree Protocol on any port in the trunk group is set to forwarding. When trunk groups are configured.Nortel Application Switch Operating System 23. the remaining ports in the trunk group will also be set to forwarding. larger virtual link. combining their bandwidth to create a single.2 Command Reference /info/l2/trunk Trunk Group Information Trunk groups can provide super-bandwidth. 102 Chapter 4: The Information Menu 320506-A. bw contract 1024. A trunk group is a group of ports that act together. Trunk group 1. January 2006 . multi-link connections between Nortel Application Switches or other trunk-capable devices.0. you can view the state of each port in the various trunk groups.

----. January 2006 103 . Port membership is represented in slot/port format.-----.----.---.----Default VLAN ena n 1024 ena 1-28 This information display includes all configured VLANs and all member ports that have an active link state.0.2 Command Reference /info/l2/vlan VLAN Information VLAN ---1 Name Status Jumbo BWC Learn Ports -------------------------------.Nortel Application Switch Operating System 23. VLAN information includes: VLAN Number VLAN Name Status Jumbo Frames Bandwidth Contract if BWM is enabled Source MAC Address Learning Port membership of the VLAN Chapter 4: The Information Menu 320506-A.

----.0.----Default VLAN ena n 1024 ena 1-28 104 Chapter 4: The Information Menu 320506-A. January 2006 .Nortel Application Switch Operating System 23.-----.----.2 Command Reference /info/l2/vlan VLAN Information VLAN ---1 Name Status Jumbo BWC Learn Ports -------------------------------.---.

January 2006 105 .------ 8000-00:01:81:2e:a1:80 32773 Chapter 4: The Information Menu 320506-A.Nortel Application Switch Operating System 23.0. /info/l2/dump Layer2 Dump Information Spanning Tree Group 1: On Current Root: 8000 00:01:81:2e:a1:80 Parameters: Priority 32768 Cost ---0 0 0 0 5 0 0 0 0 0 0 0 Path-Cost 0 Port Hello MaxAge FwdDel Aging 0 2 20 15 300 FwdDel 15 Aging 300 Hello 2 MaxAge 20 Port -----1 2 3 4 5 6 7 8 9 10 11 12 Priority -------128 128 128 128 128 128 128 128 128 128 128 128 State ---------DISABLED DISABLED DISABLED DISABLED FORWARDING DISABLED DISABLED DISABLED DISABLED DISABLED DISABLED DISABLED Designated Bridge Des Port ---------------------.2 Command Reference /info/l2/team Status of port teams >> Layer 2# team All port teams are disabled.

see page 115. specifying the number of hops to the destination (1-15 hops. January 2006 . and gateway address Type of route Tag indicating origin of route Metric for RIP tagged routes. see page 117. 106 Chapter 4: The Information Menu 320506-A. the system displays the following for each configured or learned route: Route destination IP address. see page 119.Nortel Application Switch Operating System 23. nbrcache IP6 Neighbor Cache Menu. arp Displays the Address Resolution Protocol (ARP) Information Menu. route6 IP6 Routing Information Menu. To view menu options. For details. ospf Displays OSPF routing information menu.0. To view menu options. bgp Displays BGP Information Menu. see page 107. subnet mask. or 16 for infinite hops) The IP interface that the route uses For details.2 Command Reference /info/l3 Layer3 Information Menu [Layer 3 Menu] route route6 arp nbrcache bgp ospf ip vrrp dump IP Routing Information Menu IP6 Routing Information Menu ARP Information Menu IP6 Neighbor Cache Information Menu BGP Information Menu OSPF Routing Information Menu Show IP information Show Virtual Router Redundancy Protocol information Dump all layer 3 information Table 4-17 Layer 3 Information Menu Options Command Syntax and Usage route Displays the IP Routing Menu. see page 110. Using the options of this menu. To view menu options. see page 112. For details.

gw <default gateway address (such as. and health status IP forwarding information: Enable status.4. IP address.0. /info/l3/route IP Routing Information [IP Routing Menu] find .17. subnet mask.Show gw .Show type .Show tag . see page 127.Show dump . Table 4-18 Route Information Menu Options (/info/route) Command Syntax and Usage find <IP address (such as.2 Command Reference Table 4-17 Layer 3 Information Menu Options Command Syntax and Usage ip Displays IP Information.Show if . includes: IP interface information: Interface number.4. 192. For details.Show a single route by destination IP address routes to a single gateway routes of a single type routes of a single tag routes on a single interface all routes Using the commands listed below. IP information. IP address. type indirect|direct|local|broadcast|martian|multicast Displays routes of a single type.Nortel Application Switch Operating System 23. gateway number.44)> Displays routes to a single gateway. January 2006 107 . 192. and operational status. For a description of IP routing types.17. you can display all or a portion of the IP routes currently held in the switch. see Table 4-19 on page 109. Chapter 4: The Information Menu 320506-A. see page 126. broadcast address. dump Displays all Layer 3 information. VLAN number. For details. lnet and lmask Port status vrrp Displays the VRRP Information Menu. Default gateway information: Metric for selecting which configured gateway to use.101)> Displays a single route by destination IP address.

23.0.0.0. For a description of IP routing types.255 255.255.80.249 direct fixed 1 * 47.80.255 broadcast broadcast 108 Chapter 4: The Information Menu 320506-A.0 47. /info/l3/route/dump Show All IP Route Information Status code: * .255.23.0.255 0.----.255.255 47.255.0.249 255.0.0 martian martian * 224.0.80.0 255.255 255.0 224.80.0.6 255.255 broadcast broadcast 1 * 127.255. see Table 4-20 on page 109.80.0 0.0.5 255.255.23.23.0.0 0.0 martian martian * 224. dump Displays all routes configured in the switch.0.80.255.0.1 indirect static 1 * 47. January 2006 .--------.255.0.0.0 multicast addr * 255.0.255 47.0 255.0. see page 108. NOTE – The total number of interfaces on a Nortel Application Switch 2424-SSL is 1-255.255.0. For more information.--------------.255.255.------------.0 multicast addr * 224.best Destination Mask Gateway Type Tag Metr If --------------.0 0.0.255.0.23.Nortel Application Switch Operating System 23.0 47.0.255.255 0.255.0.0.80.255 255.22.254.255.2 Command Reference Table 4-18 Route Information Menu Options (/info/route) Command Syntax and Usage tag fixed|static|addr|rip|ospf|bgp|broadcast|martian|vip Displays routes of a single tag.0.-* 0.0.249 local addr 1 * 47. if <interface number (1-256)> Displays routes on a single interface.22.0.

Packets to this destination are discarded. The destination belongs to a host or subnet which is filtered out. The address was learned by Open Shortest Path First (OSPF). The address was learned via Border Gateway Protocol (BGP) Indicates a broadcast address. The address belongs to one of the switch’s IP interfaces.0. The address is a static route which has been configured on the Nortel Application Switch. January 2006 109 . Chapter 4: The Information Menu 320506-A. Indicates a route destination that is a virtual server IP address. Table 4-19 IP Routing Type Parameters (/info/l3/route/dump/type) Parameter indirect direct local broadcast martian multicast Description The next hop to the host or subnet destination will be forwarded through a router at the Gateway address.Nortel Application Switch Operating System 23. Table 4-20 IP Routing Tag Parameters (info/l3/route/tag) Parameter fixed static addr rip ospf bgp broadcast martian vip Description The address belongs to a host or subnet attached to the switch. Indicates a broadcast route. Indicates a route to one of the switch’s IP interfaces. Indicates a multicast route. Packets will be delivered to a destination host or subnet attached to the switch. Tag Parameters The following table describes the Tag parameters. VIP routes are needed to advertise virtual server IP addresses via BGP.2 Command Reference Type Parameters The following table describes the Type parameters. The address belongs to a filtered group. The address was learned by the Routing Information Protocol (RIP).

Nortel Application Switch Operating System 23.Show all routes Table 4-21provides a description of this menu. static routes. the link-local network. January 2006 . NOTE – Presently there is no mechanism for clearing this IPv6 routing table.0. The IPv6 routing table stores routes it learns from network traffic and pre-configured. 110 Chapter 4: The Information Menu 320506-A. Table 4-21 IPv6 Routing Information Menu Options (/info/l3/route6) Command Syntax and Usage dump The /info/l3/route6/dump command shows all the IPv6 routes maintained. such as FE80::/ 10. Since each link-local interface is shown with an entry prefix of /128.2 Command Reference /info/l3/route6 IPv6 Routing Information Menu This menu provides a mechanism for viewing IPv6 routing information.. is not shown for each interface to avoid too many network entries in the table. [IP6 Routing Menu] dump .

0. >> Main# /info/l3/route6/dump IPv6 Forwarding Table: Destination: NextHop: Destination: NextHop: Destination: NextHop: Destination: NextHop: Destination: NextHop: Destination: NextHop: Destination: NextHop: Destination: NextHop: Destination: NextHop: Destination: NextHop: 0:0:0:0:0:0:0:0/0 2005:0:0:0:0:0:0:16 2005:0:0:0:0:0:0:0/64 0:0:0:0:0:0:0:0 2005:0:0:0:0:0:0:1/128 0:0:0:0:0:0:0:0 2005:0:0:0:0:0:0:16/128 0:0:0:0:0:0:0:0 fe80:0:0:0:201:81ff:fe2e:a100/128 0:0:0:0:0:0:0:0 ff02:0:0:0:0:0:0:1/128 0:0:0:0:0:0:0:0 ff02:0:0:0:0:0:0:2/128 0:0:0:0:0:0:0:0 ff02:0:0:0:0:1:ff00:0/128 0:0:0:0:0:0:0:0 ff02:0:0:0:0:1:ff00:1/128 0:0:0:0:0:0:0:0 ff02:0:0:0:0:1:ff2e:a100/128 0:0:0:0:0:0:0:0 If:1 Proto: If:1 Proto: If:1 Proto: If:1 Proto: If:1 Proto: If:1 Proto: If:1 Proto: If:1 Proto: If:1 Proto: If:1 Proto: STATIC LOCAL LOCAL STATIC LOCAL STATIC STATIC STATIC STATIC STATIC Total number of route6 entries: 10 Chapter 4: The Information Menu 320506-A.2 Command Reference The following is an example of output from the /info/l3/route6/dump command.Nortel Application Switch Operating System 23. January 2006 111 .

ARP resolves a physical address from an IP address.Show a single ARP entry by IP address port . the ARP cache is consulted to see if the IP address of the router is present in the ARP cache. vlan <VLAN number (1-4090)> Displays the ARP entries on a single VLAN. address status flags (see Table 4-23 on page 114). VLAN and port for the address. ARP queries machines on the local network for their physical addresses.4.17. For details.2 Command Reference /info/l3/arp ARP Information Menu Address Resolution Protocol (ARP) is the TCP/IP protocol that resides within the Internet layer.Show ARP entries on a single port vlan .Show help on the fields of ARP entries addr . Table 4-22 ARP Information Menu Options (/info/l3/arp) Command Syntax and Usage find <IP address (such as. 112 Chapter 4: The Information Menu 320506-A. [Address Resolution Protocol Menu] find . In any IP communication. port <port number> Displays the ARP entries on a single port. Then the corresponding physical address is used to send a packet. ARP also maintains IP to physical address pairs in its cache memory. January 2006 . and port referencing information. refpt <SP number (1-4)> Displays the ARP entries referenced by a single SP. see page 113.Nortel Application Switch Operating System 23.Show ARP entries on a single VLAN refpt .Show all ARP entries help .Show ARP address list The ARP information includes IP address and MAC address of each entry.101> Displays a single ARP entry by IP address. 192.Show ARP entries referenced by a single SP dump .0.

The MAC address has not been learned. January 2006 113 . MAC address. MAC address: VLAN: Port: Referenced SPs: MAC address of ARP entry VLAN of this ARP entry Physical port where this IP address owner is connected SPs on which this ARP entry is present addr Displays the ARP address list: IP address.249 P MAC address VLAN Port ----------------.g. R .Layer 4 IP address (VIP) u . see page 114. /info/l3/arp/refpt Show ARP Entries on Referenced SP IP address Flags ------------.ARP entry belongs to a Jumbo capable VLAN P . For example: IP address: Flags: IP address of ARP entry J .2 Command Reference Table 4-22 ARP Information Menu Options (/info/l3/arp) Command Syntax and Usage dump Displays all ARP entries. e. VIP.Permanent ARP entry (not obtained via ARP request).0.Indirect ARP (cache) entry for IP address reachable via indirect routes (static/dynamic) 4 .Unresolved ARP entry.Nortel Application Switch Operating System 23. IP mask. and VLAN flags.---. IP interface.----00:0e:40:2f:5b:00 1 Referenced SPs -----------1-4 Chapter 4: The Information Menu 320506-A.80.23. help Displays help on the ARP field entries. including: IP address and MAC address of each entry Address status flag (see below) The VLAN and port to which the address belongs The ports which have referenced the address (empty if no port has routed traffic to the IP address shown) For more information. etc.----47.

the designated port will be the normal ingress port.---1.31.31.1 P 00:09:97:16:5f:00 1 172.80.80. The Flag field is interpreted as follows: Table 4-23 ARP Dump Flag Parameters Flag P P 4 R U J Description Permanent entry created for switch IP interface. Indirect route entry. So the traffic coming into the referenced ports has the destination IP address.2 Command Reference /info/l3/arp/dump Show All ARP Entry Information IP address Flags MAC address VLAN Port --------------.3.----.81 P 00:09:97:16:5f:00 1 172.11 00:b0:d0:98:d8:1b 1 3 Referenced SPs ------------1-4 1-4 empty 1-4 1-4 empty empty Referenced ports are the ports that request the ARP entry.0.10 P 4 00:09:97:16:5f:01 47.Nortel Application Switch Operating System 23. From the ARP entry (the referenced ports).1 P 4 00:09:97:16:5f:01 10.1 00:e0:16:7c:28:86 1 23 47.11. Permanent entry created for Layer 4 proxy IP address or virtual server IP address.22.3.10. The MAC address has not been learned. Unresolved ARP entry.31.10 00:b0:d0:98:d8:1b 1 3 172. the referenced port will be the designated port.10.3. January 2006 . ARP entry belongs to a Jumbo capable VLAN 114 Chapter 4: The Information Menu 320506-A.1.23. If you have VMA turned off. this traffic needs to be forwarded to the egress port (port 6 in the above example). NOTE – If you have VMA turned on.---.----------------.

81 IP mask --------------255.255.255.255 MAC address ----------------00:09:97:16:5f:01 00:09:97:16:5f:01 00:09:97:16:5f:0e 00:09:97:16:5f:00 00:09:97:16:5f:00 00:09:97:16:5f:00 VLAN ---Flags ----- D 1 1 1 /info/l3/nbrcache IPv6 Neighbor Cache Information This menu provides a mechanism for viewing IPv6 Neighbor Cache information.255. 3.11. The information collected from ND is stored in the Neighbor Cache. The Neighbor Cache maintains information about each neighbor such as: MAC Address Reachability State Neighbor Type VLAN Ingress Port Neighbor Cache entries are added in a number of situations: 1.255 255. ND can also auto-configure addresses and detect duplicate addresses.2 Command Reference /info/l3/arp/addr ARP Address List Information IP address --------------10.255. Chapter 4: The Information Menu 320506-A.1 172. Entries are added when an IPv6 Interface or Virtual IP is operational.255 255.255.255.255.23. IPv6 uses the Neighbor Discovery (ND) protocol to discover its neighbors link-layer addresses and neighbor reachabilty.255 255. A switch sends ND packets to resolve a link-layer address that it wishes to send packets to.10.1 47. ND enables routers to advertise their presence and address prefixes and to inform hosts of a better next-hop address to forward packets.255.255.1 172.10.255. 2. Reception of ND messages from neighbor.200 172.31.10 1.255.4. January 2006 115 .31.31.80.255 255.3.0.Nortel Application Switch Operating System 23.1.4.255.255 255.

January 2006 .Show all IP6 neighbor cache entries Table 4-24 provides a description of this menu. [IP6 Neighbor Discovery Protocol Menu] dump . NOTE – Once the Neighbor Cache table reaches 2000 entries.Nortel Application Switch Operating System 23. 116 Chapter 4: The Information Menu 320506-A. DELAY The neighbor is no longer known to be reachable and traffic has recently been sent to the neighbor. REACHABLE The neighbor is known to have been reachable recently. Table entries are kept until the entry is replaced by a new one. no new entries will be used to sort for display. During this 2000 full entries period. STALE The neighbor is no longer known to be reachable but until traffic is sent to the neighbor.2 Command Reference There are 5 reachability states: INCOMPLETE The link-layer address of the neighbor has not yet been determined. PROBE The neighbor is no longer known to be reachable. table entries are replaced by adding the new entry and dropping the 2000th entry off the list. The neighbor types are LOCAL and DYNAMIC. The LOCAL neighbor type is for switch pre-configured addresses and DYNAMIC is for neighbor addresses learnt from ND.0. no attempt should be made to verify its reachability. Table 4-24 IPv6 Neighbor Cache Information Menu (/info/l3/nbrcache) Command Syntax and Usage dump Displays all IPv6 neighbor cache entries. and ND messages are sent to the neighbor to verify reachability.

See page 119 for a sample output. summary Displays peer summary information such as AS. dump Displays the BGP routing table.0.----------------. Chapter 4: The Information Menu 320506-A. See page 118 for a sample output.Nortel Application Switch Operating System 23. state. >> IP6 Neighbor Discovery Protocol# IP address State ----------------------------.Show all BGP peers in summary dump . January 2006 117 . [BGP Menu] peer . message sent.Show BGP routing table Table 4-25 BGP Peer Information Menu Options (/info/l3/bgp) Command Syntax and Usage peer Displays BGP peer information.---LOC 00:0e:62:f6:b2:00 1 DYN 00:50:da:16:f7:27 1 1 LOC 00:0e:62:f6:b2:00 1 LOC 00:0e:62:f6:b2:0e 1 LOC 00:0e:62:f6:b2:00 1 DYN 00:11:11:e3:32:b9 1 9 DYN 00:50:da:16:f7:27 1 1 Total dynamic neighbor cache entries: 3 Total local neighbor cache entries: 4 Other neighbor cache entries: 0 /info/l3/bgp BGP Information Menu Border Gateway Protocol (BGP) is an Internet protocol that enables routers on a network to share routing information with each other and advertise information about the segments of the IP address space they can access within their network with routers on external networks.---.2 Command Reference The following is an example of output from the /info/l3/nbrcache/dump command.Show all BGP peers summary . message received. refer to BGP section in chapter: “The Configuration Menu” on page 257 and the Application Guide. See page 119 for a sample output.----2000:0:0:0:0:0:0:0 REACH 2000:0:0:0:0:0:0:1 STALE 2000:0:0:0:0:0:0:100 REACH 2000:0:0:0:0:0:0:200 REACH fe80:0:0:0:20e:62ff:fef6:b200 REACH fe80:0:0:0:211:11ff:fee3:32b9 STALE fe80:0:0:0:250:daff:fe16:f727 STALE dump Type MAC address VLAN Port --. For more information. up/down.

Total sent packets: 0 Received updates: 0.0.5 BGP status: idle. Local router ID: 1. BGP Peer Information: 3: 2. Local router ID: 1.Nortel Application Switch Operating System 23.0. Old status: idle Total received packets: 0. Local AS: 0. version 0. Link type: IBGP Remote router ID: 0.201.0. TTL 1 Remote AS: 0.1. Old status: idle Total received packets: 0.1.5 BGP status: idle. Holdtime: 0. MinAdvTime: 60 LastErrorCode: unknown(0).1.201. version 0.1 .2 Command Reference /info/l3/bgp/peer BGP Peer information Following is an example of the information that /info/l3/bgp/peer provides.0. LastErrorSubcode: unspecified(0) Established state transitions: 0 4: 2.1. LastErrorSubcode: unspecified(0) Established state transitions: 0 118 Chapter 4: The Information Menu 320506-A. MinAdvTime: 60 LastErrorCode: unknown(0). Sent updates: 0 Keepalive: 0. TTL 1 Remote AS: 0. Total sent packets: 0 Received updates: 0.4 . Link type: IBGP Remote router ID: 0.1.0. Holdtime: 0.1.0. Local AS: 0.0. January 2006 . Sent updates: 0 Keepalive: 0.

In any AS with multiple areas.0 * 205.17.147 1 256 *>i205..----.internal Origin codes: i .148 0 148 0 0 never connect /info/l3/bgp/dump Dump BGP Information Following is an example of the information that /info/l3/bgp/dump provides. OSPF is designed for routing traffic within a single IP domain called an Autonomous System (AS).-------.147 1 128 *> 205.0.0. For more Chapter 4: The Information Menu 320506-A. January 2006 119 .21. >> BGP# dump Status codes: * valid.178.15.0.2 Command Reference /info/l3/bgp/summary BGP Summary information Following is an example of the information that /info/l3/bgp/summary provides.147 1 128 13.0.21. e .-------. known as the backbone.178.178.----*> 10.0 205. > best.21. All other areas in the AS must be connected to the backbone.178. Areas inject summary routing information into the backbone.142 4 142 113 121 00:00:28 established 2: 205.0.Nortel Application Switch Operating System 23.EGP.178.178. The Nortel Application Switch Operating System implementation conforms to the OSPF version 2 specifications detailed in Internet RFC 1583.--------------.incomplete Network Next Hop Metr LcPrf Wght --------------.0.23. which then distributes it to other areas as needed.IGP.-------.0 0.178. ? . The AS can be divided into smaller logical units known as areas. The backbone acts as the central OSPF area.0 205.15.---------1: 205.178.-------.---.21. i . BGP Peer Summary Information: Peer V AS MsgRcvd MsgSent Up/Down State --------------.0 205. one area must be designated as area 0.147 1 256 Path -------------147 148 i 0 i 147 i 147 i 147 {35} ? /info/l3/ospf OSPF Information Menu Nortel Application Switch Operating System supports the Open Shortest Path First (OSPF) routing protocol.0.

Show summary address list nsumadd . See page 121 for a sample output. refer to the OSPF section in chapter “The Configuration Menu” on page 257 and your Nortel Application Switch Operating System Application Guide.Show neighbor(s) information dbase .Show OSPF information Table 4-26 OSPF Information Menu (/info/l3/ospf) Command Syntax and Usage general Displays general OSPF information. [OSPF Information Menu] general .Show NSSA summary address list routes .D)> Displays the status of a neighbor with a particular router ID. it displays area information for all the areas. January 2006 .Show interface(s) information virtual .Show general information aindex . see page 122. To view menu options.C. it displays the information about all the current neighbors. See page 122 for a sample output. nsumadd <area index (0-2)> Displays the list of summary ranges belonging to NSSA areas. 120 Chapter 4: The Information Menu 320506-A. routes Displays OSPF routing table. sumaddr <area index (0-2)> Displays the list of summary ranges belonging to non-NSSA areas. nbr <nbr router-id (A.Nortel Application Switch Operating System 23. See page 124 for a sample output. it displays information for all the interfaces.B. virtual Displays information about all the configured virtual links. If no parameter is supplied.Show details of virtual links nbr . if <interface number [1-256]> Displays interface information for a particular interface.Show area(s) information if .2 Command Reference information on how to configure OSPF on the switch.0. aindex <area index [0-2]> Displays area information for a particular area index.Database Menu sumaddr . If no router ID is supplied.Show OSPF routes dump . dbase Displays OSPF database menu. If no parameter is supplied.

0.247 Started at 95 and the process uptime is 352315 Area Border Router: yes. 2 are =FULL state Number of areas is 2. See for a sample output. of which 3-transit 0-nssa Area Id : 0. January 2006 121 .0.80. 2 are >=EXCH state. of which 2 are >=INIT state. /info/l3/ospf/general OSPF General Information OSPF Version 2 Router ID: 47.0 Authentication : none Import ASExtern : yes Number of times SPF ran : 8 Area Border Router count : 2 AS Boundary Router count : 0 LSA count : 5 LSA Checksum sum : 0x2237B Summary : noSummary Chapter 4: The Information Menu 320506-A. AS Boundary Router: no LS types supported are 6 External LSA count 0 External LSA checksum sum 0x0 Number of interfaces in this router is 2 Number of virtual links in this router is 1 16 new lsa received and 34 lsa originated from this router Total number of entries in the LSDB 10 Database checksum sum 0x0 Total neighbors are 1.23.2 Command Reference Table 4-26 OSPF Information Menu (/info/l3/ospf) Command Syntax and Usage dump Display all the OSPF information.0.Nortel Application Switch Operating System 23.

D)>|<self> Displays ASBR summary LSAs.1. asbrsum <adv-rtr (A. Priority 1 Designated Router (ID) 10. b) asbrsum link_state_id 10.10.10. Ip Address 10.B.10. for example: 20.1. January 2006 .B. The usage of this command is as follows: a) asbrsum adv-rtr 20.10.1.1.1. 122 Chapter 4: The Information Menu 320506-A.1.Nortel Application Switch Operating System 23.2 Timer intervals.1.0.1. Area 0.1 displays ASBR summary LSAs having the advertising router 20.D)> Takes advertising router as a parameter.C.LS Database summary ext .1.0.C. State DR.12. Wait 1663. Dead 40.1.Network LS Database info nssa .10.Router LS Database info self .All Table 4-27 OSPF Database Information Menu (/info/l3/ospf/dbase) Command Syntax and Usage advrtr <router-id (A.10.Network-Summary LS Database info all . Poll interval 0.1.1.12. Transit delay 1 Neighbor count is 1 If Events 4.14.12.1. Displays all the Link State Advertisements (LSAs) in the LS database that have the advertising router with the specified router ID. Authentication type none /info/l3/ospf/dbase OSPF Database Information [OSPF Database Menu] advrtr .1 displays ASBR summary LSAs having the link state ID 10.External LS Database info nw . d) asbrsum with no parameters displays all the ASBR summary LSAs.1.D)>|<link_state_id (A.C.1.LS Database info for an Advertising Router asbrsum . Ip Address 10.NSSA External LS Database info rtr .1.1.Self Originated LS Database info summ . Admin Status UP Router ID 10.1 Backup Designated Router (ID) 10.0.1.B. Hello 10. c) asbrsum self displays the self advertised ASBR summary LSAs.10.2 Command Reference /info/l3/ospf/if OSPF Interface Information Ip Address 10.ASBR Summary LS Database info dbsumm .10. Retransmit 5.

B.D)>|<self> Displays the router (type 1) LSAs with detailed information of each field of the LSAs.0. nw <adv-rtr (A. ext <adv-rtr (A.B.B. The usage of this command is the same as the usage of the command asbrsum.2 Command Reference Table 4-27 OSPF Database Information Menu (/info/l3/ospf/dbase) Command Syntax and Usage dbsumm Displays the following information about the LS database in a table format: a) the number of LSAs of each type in each area. No parameters are required. c) the total number of LSAs for each LSA type for all areas combined. January 2006 123 .C. all Displays all the LSAs.B. The usage of this command is the same as the usage of the command asbrsum.B. d) the total number of LSAs for all LSA types for all areas combined.D)>|<link_state_id (A. The usage of this command is the same as the usage of the command asbrsum.C.C.D)>|<link_state_id (A. The usage of this command is the same as the usage of the command asbrsum.D)>|<link_state_id (A.D)>|<self> Displays the AS-external (type 5) LSAs with detailed information of each field of the LSAs. rtr <adv-rtr (A.D)>|<self> Displays the network summary (type 3) LSAs with detailed information of each field of the LSAs.C. Chapter 4: The Information Menu 320506-A. The usage of this command is the same as the usage of the command asbrsum.C.B.C.B.B. summ <adv-rtr (A.D)>|<self> Displays the NSSA (type 7) LSAs with detailed information of each field of the LSAs. No parameters are required.D)>|<link_state_id (A. self Displays all the self-advertised LSAs.C.C.Nortel Application Switch Operating System 23.D)>|<self> Displays the network (type 2) LSAs with detailed information of each field of the LSA. nssa <adv-rtr (A.network LS database.D)>|<link_state_id (A. b) the total number of LSAs for each area.B.B.C.C.

2 IA 80.1.1.18.6/32 via 30.OSPF external type 2 IA 10.1.1. N1 .1.2 E2 172.1.1.0/28 via 200.1.2 E2 172.1.1.1.0/27 via 20.1.1.1.18.1.1.1.Nortel Application Switch Operating System 23.18.OSPF NSSA external type 1.1.1.2 E2 172.0.1.1.2 IA 140.1.1.2 E2 172.2 IA 100.1.1.2 IA 40.5/32 via 30.1.1.1.0/28 via 20. N2 .4/32 via 30.1.18.1.OSPF inter area.18.2 Command Reference /info/l3/ospf/routes OSPF Information Route Codes Codes: IA .1/32 via 30.1.1.1. January 2006 .0/24 via 20.1.1.1.10.1.1.OSPF external type 1.18.0.18.OSPF NSSA external type 2 E1 .1.0/24 via 200.2/32 via 30.2 E2 172.1.2 E2 172.1.3/32 via 30.18.1.8/32 via 30. E2 .1.1.2 124 Chapter 4: The Information Menu 320506-A.0/16 via 200.2 E2 172.2 E2 172.1.2 IA 150.7/32 via 30.1.

1) No areas enabled. AS Boundary Router: no External LSA count 0 Number of interfaces in this router is 0 Number of virtual links in this router is 0 0 new lsa received and 0 lsa originated from this router Total number of entries in the LSDB 0 Total neighbors are 0.0. Chapter 4: The Information Menu 320506-A.1 Started at 42 and the process uptime is 1197051 Area Border Router: no. 0 are >=EXCH state. 0 are =FULL state Number of areas is 0. of which 0-transit 0-nssa OSPF Neighbors: Intf NeighborID ---.2 Command Reference /info/ospf/dump OSPF Dump Information OSPF Version 2 Router ID: 1. of which 0 are >=INIT state.1. January 2006 125 .1.Nortel Application Switch Operating System 23.---------- Prio ---- State ----- Address ------- OSPF LS Database: OSPF LSDB breakdown for router with ID (1.1.1.

vlan 1.255.31.Nortel Application Switch Operating System 23.255.1 255.1.2 Command Reference /info/l3/ip IP Information Interface information: 1: 47.0.1 lsdb limit 0 126 Chapter 4: The Information Menu 320506-A.31.80.255.3.255.1.1 255.80. vlan any.81 255.23.0 47. up vlan 1. up Current IP forwarding settings: ON.1. 172.80.255.255.31.22.255. 172. up Default gateway information: metric strict 2: 47.23.4. January 2006 .0 2: 172.255.31.4. up vlan 1.0 3: 172.254.3. dirbr disabled Current local networks: Current IP port settings: All other ports have forwarding ON Current network filter settings: none Current route map settings: Current OSPF settings: ON Default route none Router ID: 1.

renter. backup 172. 20. you can view the status of each virtual router using this command. backup 13.18. January 2006 127 . 13.8. prio 118.2.202. prio 110. prio 102. master 27. renter. server 172: vrid 172. renter.2. prio 100.200.204. renter. renter identifies virtual routers which are not owned by this device. VRRP information includes: Virtual router number Virtual router ID and IP address Interface number Ownership status owner identifies the preferred master virtual router. master 14.2 Command Reference /info/l3/vrrp VRRP Information Virtual Router Redundancy Protocol (VRRP) support on Nortel Application Switch provides redundancy between routers in a LAN. 28. 172.200.Nortel Application Switch Operating System 23.200. prio 102. Chapter 4: The Information Menu 320506-A. server 255: vrid 255. 1.2.8. 11.210.100. if 172. This is accomplished by configuring the same virtual router IP address and ID number on each participating VRRP-capable routing device. renter. proxy When virtual routers are configured. if 2: vrid 1. master 28. 12. 12: vrid 12.21. 11: vrid 11.1.1.178. 14: vrid 14. server 1.18. master if 27. If the master fails. renter. prio 118.18.2. 28: vrid 28. backup. prio 100. renter. A virtual router is the owner when the IP address of the virtual router and its IP interface are the same. 254: vrid 254. renter. 14. 28. master 11. renter.1. and assumes control of the shared virtual router IP address. prio 100. prio 118. prio 102.1. renter. 20: vrid 20. VRRP information: 10: vrid 10. 13: vrid 13.1. backup 1. if 3: vrid 3.2.1.200. renter. prio 110.21. 205. One of the virtual routers is then elected as the master. one of the backup virtual routers will assume routing authority and take control of the virtual router IP address. server VRRP information: 1: vrid 2. prio 110. renter. 27. renter.200.0.2.1.1.200.1.100. 27. 172.178.178.2. prio 102. renter.200. if 28. renter. prio 110. if if if if if if if if if if 10.1. master. 205. Refer to your Nortel Application Switch Operating System Application Guide for more information on VRRP. 100: vrid 100.200. master. master.200.100. 205. prio 118. master 12. 10.2. backup 20. master. based on a number of priority criteria. 27: vrid 27.2.2.

Proxy status. the virtual router with the highest priority becomes master.2 Command Reference Priority value. During the election process. The proxy state identifies virtual proxy routers.0. 128 Chapter 4: The Information Menu 320506-A. minimizing the number of unique IP addresses that must be configured. January 2006 . These are known as virtual server routers: any virtual router whose IP address is the same as any configured virtual server IP address. Activity status master identifies the elected master virtual router. The use of virtual proxy routers enables redundant switches to share the same IP address. The server state identifies virtual routers that support Layer 4 services. backup identifies that the virtual router is in backup mode.Nortel Application Switch Operating System 23. where the virtual router shares the same IP address as a proxy IP address. Server status.

IP information: IP information: Router ID: 45. This dump is a collection of all the individual commands described in the sections above. hold 180.255 . alive 60.21. dirbr disabled Current local networks: Current IP port settings: All other ports have forwarding ON Current network filter settings: none Current route map settings: Current BGP settings: ON.0 4: 172.255. 172.1. vlan 1.255. orig 15.1. ospf disabled fixed disabled. ttl 1.1. up vlan 1. enabled metric none.203. static disabled.254 255.201 255.201 255. up vlan 1.1.1.255.1.0. rip disabled. 205.1. AS number 100 Current BGP peer settings: 1: 45.1.21.255.1.Nortel Application Switch Operating System 23.255 .1.0 45.1.255.2 Command Reference /info/l3/dump Layer3 Dump Information This command dumps all the information about Layer 3 parameters.0 3: 205. ras 300.1. pref 100. default none.201.0. January 2006 129 .255. adv 60 retry 120.0. vip disabled in-rmap: empty out-rmap: empty Current BGP aggr settings: Continued Chapter 4: The Information Menu 320506-A. up Default gateway information: metric strict Current IP forwarding settings: ON. AS number 100 Interface information: 2: 45.255 .

1.3 00:09:6b:00:6f:b7 1 24 empty 205.255.6 00:09:6b:00:71:bb 1 24 empty 205.254 P 00:01:81:2e:a2:20 1 1-4 205.0.------------.1.-----------.0.100 P 4 00:01:81:2e:a2:2e 1-4 205.1.1.255.----------------.21.0.5 00:09:6b:00:74:97 1 24 empty 205.255.1.1.255.201 255.1.255.1. ARP cache information: IP address Flags MAC address VLAN Port Referenced SPs --------------.21.1.1.255.254 255.255.------------.255.0 172.1.1.0.201 local addr 2 * 45.0.1.1.255 45.255 broadcast broadcast 4 Continued 130 Chapter 4: The Information Menu 320506-A.255broadcast broadcast 2 * 127.0.2 Command Reference Virtual Router Redundancy is globally turned OFF.1.255.----00:01:81:2e:a2:2e D 00:01:81:2e:a2:20 1 00:01:81:2e:a2:20 1 00:01:81:2e:a2:20 1 Route table information: Status code: * .255.254 direct fixed 4 * 172.0.255 45.0.255 255.4 00:09:6b:00:76:1b 1 24 empty 205.----.0.21.201 255.1.255.21.21.best Destination Mask Gateway Type Tag Metr If --------------.2 00:09:6b:b5:08:48 1 24 empty 205.0 45.1.1.255 205.-* 45.1.1.1.1.255 172.255 172.201 255.---.1 00:09:6b:b5:0b:d6 1 24 empty 205.201 direct fixed 2 * 45.1.100 255.1.----.0 martian martian * 172.255 MAC address VLAN Flags ----------------.255.1.254 255.255.1.202 00:09:97:5e:69:00 1 24 empty 172.254 local addr 4 * 172.1.1.21.21.1.---.255.21.0.1.255.Nortel Application Switch Operating System 23.0 255.75 00:0f:06:ec:8a:00 1 24 empty 45.255 45.0 255.0 0.201 P 00:01:81:2e:a2:20 1 1-4 ARP address information: IP address IP mask --------------.1.255.1.255.255.---------------45.1. January 2006 .0.1.255.1.0 255.--------------205.255 172.1.1.1.255.1.201 P 00:01:81:2e:a2:20 1 1-4 45.255.1.1.255 255.255.1.

255.1.255.1.----.255 broadcast broadcast 3 * 224.0 205.1.0.255.255.100 255.0.255 255.1.255.0 0 ? *> 172.1.0.0.0.0 224.0 0.255.0 0 ? *> 205.1.255 broadcast broadcast OSPF is disabled.1.201 local addr 3 * 205.0.0 0.0.2 Command Reference * 205.0 255.255. January 2006 131 .1.1.255.1.0 martian martian * 255.0.201 direct fixed 3 * 205.255 255.incomplete Network Next Hop Metr LcPrf Wght Path --------------.255.EGP.0 0 ? Chapter 4: The Information Menu 320506-A.0.1.--------------.1.255. e .1.255 255. Status codes: * valid.IGP.21.255 205.1.255 205.1.----.255 205.1.internal Origin codes: i .1.0.0.255. > best.0 0.0.255. ? .0.Nortel Application Switch Operating System 23.0.----.1.100 direct vip * 205. i .255.0.0 0.--------------*> 45.255.201 255.1.

Show filter information port . Refer to your Nortel Application Switch Operating System Application Guide for detailed information on this feature. the switch is aware of the services provided by each server and can direct user session traffic to an appropriate server.Show port information wlm .Decode the HEX value to get VIP. or minmisses metric cookie . and health check result. see page 134. gslb Displays the Global SLB Information Menu. phash.Show Workload Manager information idshash . each server usually specializes in providing one or two unique services. Placing this kind of strain on a server can decrease the performance of the entire network as user requests are rejected by the server and then resubmitted by the user stations.Session Table Information Menu gslb .Show real server information group . VLAN.Show real server selected by hash. physical switch port. RIP and Rport synatk .Show all layer 4 information Table 4-28 Layer 4 Information Menu Options (/info/slb) Command Syntax and Usage sess Displays the Session Table Information Menu. To view menu options. real IP address.Global SLB Information Menu real . To view menu options. see page 139.Show virtual server information filt . January 2006 .Show real server group information virt .Show IDS server selected by hash or minmisses metric bind .: [Server Load Balancing Information Menu] sess . MAC address. If one of these servers provides access to applications or data that is in high demand. With this software feature. it can become overutilized.Nortel Application Switch Operating System 23. 132 Chapter 4: The Information Menu 320506-A.2 Command Reference /info/slb Layer 4 Information Menu Server Load Balancing (SLB) allows you to configure the Nortel Application Switch to balance user session traffic among a pool of available servers that provide shared services.0.Show SYN attack detection information dump . layer where health check is performed. In an average network that employs multiple servers without server load balancing. real <real server number (1-1023)> Displays Real server number. based on a variety of load-balancing algorithms.

port <port number> Displays the physical port number. filt <filter ID (1-2048)>|list|allow|deny|redir|nat Displays the filter number. real server group. Chapter 4: The Information Menu 320506-A. group backup server. wlm <work_load_manager_number. bind <IP address> <mask> <group number> Displays the real server selected by hash. and client and/or server Layer 4 activity. 1 to 16> Show workload manager information. This feature requires dbind to be enabled. health check layer. real server port. or minmisses metric. server port mapping. real server IP address. backup server. IP address. destination port. a list of applied filters. synatk Displays SYN attack detection information. For details. idshash <IP address 1> <IP address 2> Displays the Intrusion Detection System server selected by hash or minmisses metric.0. every two seconds.Nortel Application Switch Operating System 23. January 2006 133 . cookie <16 or 20 bytes cookie value in HEX as 0xXXXXXXXXXXXXXXXX> Decodes the hexadecimal value to get the virtual server IP address. and status.2 Command Reference Table 4-28 Layer 4 Information Menu Options (/info/slb) Command Syntax and Usage group <real server group number. group backup server. To identify whether or not the server is under SYN attack. and real server port. proxy IP address. see page 140. filter status. 1-1024> Real server group information virt <virtual server number (1-1024)> Displays Virtual Server State: Virtual server number. URL for health checks. IP address. virtual MAC address Virtual Port State: Virtual service or port. dump Displays all Layer 4 information for the switch. real server group. phash. for example. the number of new half open sessions is examined within a set period of time. and real server group.

Show all session entries on sp dump .Show all session entries with ingress port real .Show all session entries with source port dip .Show all session entries with real IP address sp .Session entry description Table 4-29 Session Information Menu Options (/info/slb/sess) Command Syntax and Usage cip <IP address> Displays all session entries with client’s source IP address. pport <proxy port> Displays all session entries with proxy port.2 Command Reference /info/slb/sess Session Table Information [Session Table Information Menu] cip . dport <Destination real port> Displays all session entries with destination port.Show all session entries with proxy port filter . 134 Chapter 4: The Information Menu 320506-A.Show all session entries with matching flag port .Show all session entries with destination port pip . dip <Destination IP address> Displays all session entries with the destination IP address. pip <Proxy IP address> Displays all session entries with proxy IP address.Show all session entries with source IP address cip6 .Show all session entries with proxy IP address pport . cip6 <IP6_address> Display session entries with the specified IP6 address.Show all session entries help .Nortel Application Switch Operating System 23.Show all session entries with matching filter flag .Show all session entries with destination IP address dip6 .Show all session entries with source IP6 address dport .Show all session entries with source IP6 address cport . dip6 <IP6_address> Display session entries with the specified IP6 address. January 2006 . cport <real port> Displays all session entries with source (client) port.0.

2. 01: 1. real <IP address> Displays all session entries with real server IP address.1 http -> 47.8. 2.81.1. January 2006 135 .1 http -> 1.2.1 http -> 47.2. 39. 172.12.2 Command Reference Table 4-29 Session Information Menu Options (/info/slb/sess) Command Syntax and Usage filter <filter ID (1-2048)> Displays all session entries with matching filter.12.79 urlwcr age 6 f:123 E RTSP L4-L7 RTSP Chapter 4: The Information Menu 320506-A.2. dump <v4 | v6> Displays all session entries.168.8.79 http age 4 L4-L7 WCR HTTP 2.200 44687. flag <E|L|N|P|S|Rt|Ru|Ri|Vi|Vr|Vs|Vm|Vd|U|W> Displays all session entries with matching flag.0.2. Information similar to the following may appear in a session entry dump: 3.19 1040.24.19 1040. v6 to dump IPv6 information or no parameter to display all information. Samples of Session Dumps for Different Applications L4 HTTP 3.1.1.81.01: 172. are described in “Session dump information in Nortel Application Switch Operating System” on page 137.1 http age 6 f:10 EUSPT c (1) (2) (3) (4) (5) (6) (7a) (7) (8) (9) (10) (11) (12) (13) Note: The fields. 39.21.21.2 3567 3.11 wcr age 4 f:12 E 3. 1 to 13 associated with a session as identified in the above example.51 http -> 192.3.16: 172.1.21.01: 172.24.3.Nortel Application Switch Operating System 23.1. port <port number> Displays all session entries on the ingress port. Specify v4 to dump IPv4 information. sp <port number (1-4)> Displays all session entries on switch processor. See “Session dump information in Nortel Application Switch Operating System” on page 137 for a description of these options.21.2. help Displays the description of the session entry.1 4586.

123 160.215 80.30 age 4 EPS C:3 The destination port.31.215 4102. 39.2.31.4.200 0 172.52.13 rtsp age 10 EU 3.10.31.0. 136 Chapter 4: The Information Menu 320506-A.81.8.1 rtsp -> 47.2.12. 3.4.20 ftp-data age 10 E NAT 2.4.178.1 21220 -> 47.01: 172. 10.00: 237.2.4.21. 39.26 1706.81.01: 172.2. 39. 172. real server IP and server port are not shown for persistent session.2.2.10 linklb age 8 f:10 E FTP 1.21.19 6970.21. 205.4.144.2.19 4586.05: 172.2.81.81.21.200 ftp-data ->172.0.12.3.200 ftp ->172.09: 172. The second session is RTSP UDP data connection.26 http NAT age 2 f:24 E Persistent session 3.2.31.84 http -> 192.19 4586.81. 39. January 2006 .14.00: 172.01: 172.1 rtsp -> 47.19 6970.07: 10.162.31.31.12.13 0 age 10 P During client-server port negotiation.1.13 21220 age 10 P Filtering LinkLB 2.144.13 21220 age 10 P The first session is RTSP TCP control connection.11 age 8 EP c:1 1.168.19 6970.09: 172.01: 172.215 4098.01: 172.12.144.0.3.20.21.4.20 ftp age 10 EU 1. the destination port shows “rtsp” and server port shows “0” L7 WCR RTSP 3.21.2.Nortel Application Switch Operating System 23.2 Command Reference 3.12.1 rtsp -> 47.31.31.3.4.1 21220 -> 47.144. 172.144. 172.16 2559.31.13 urlwcr age 10 f:100 EU 3. 39.1.

1 1040. DENY or NAT instead.1.3. No address is shown if the filter action is Allow.01: 1.1 http -> 3.2 Command Reference Session dump information in Nortel Application Switch Field (1) SP number (2) Ingress port (3) Source IP address (4) Source port (5) Destination IP address (6) Destination port (7a) Proxy IP address Description This field indicates the Switch Processor number that created the session. this field also shows the real server IP address.4. Deny or NAT. If the switch does not find live server.1. This field also shows the real server IP address for filtering.2. It will show “ALLOW”.1.10 linklb age 8 f:10 E Chapter 4: The Information Menu 320506-A. (7) Proxy Port (8) Real Server IP Address This field identifies the TCP/UDP source port substituted by the switch.1.2.1 1040.2.3. If the switch does not find a live server. this field contains the IP address of the real server that the switch selects to forward client packet to. “DENY” or “NAT” instead.2.2. this field is the same as destination IP address (as in row 5). This field identifies the destination IP address from the client’s TCP/UDP packet.1 http age 10 f:11 2.07: 1.3.1 21220 age 10 P For filtering.1 http-> 192. This field contains the Proxy IP address substituted by the switch.01: 1. this field contains the same information as the destination IP address mentioned in field (5).168. 2. for load balancing. For load balancing. 2.2. For example: 3. 2.2. No address is shown if the filter action is Allow. January 2006 137 . 2.2.3.1.1 rtsp -> 2.2.Nortel Application Switch Operating System 23.1 http -> 3.1.1.1.2. For example: 3. This field contains the real server IP address of the corresponding server that the switch selects to forward the client packet to. This field contains the source IP address from the client’s IP packet in IPv4 or IPv6.0. This field identifies the destination port from client’s TCP/UDP packet.1 6970. Deny or NAT. This field identifies the source port from the client’s TCP/UDP packet.1 1706. It will show ALLOW. This field shows the physical port through which the client traffic enters the switch.1 http age 10 3.01: 1.

(10) Age This is the session timeout value. If no packet is received within the value specified. age < 160 . wcr. if: age 10 . linkslb or nonat. this server port is obtained from the client-server negotiation. “P”: Indicates the session is a persistent session and is not to be aged out. “Vm”: Indicates the session is a SIP MESSAGE session. “Rt”: Indicates the session is TCP rate limiting for every client entry. Operating System 138 Chapter 4: The Information Menu 320506-A. “Vs”: Indicates the session is a SIP SUBSCRIBE session. which means the session only translates the destination MAC when forwarding client traffic to the real server. (11) Filter number (12) Flag This field indicates the session created by filtering code as a result of the IP header keys matching the filtering criteria.2 Command Reference Field (9) Server port Description This field is the same as the destination port (field 6) for load balancing except for the RTSP UDP session. “W”: Indicates the session only translates the destination MAC when forwarding Layer 7 WCR traffic to the real server. Fields (6). “U”: Indicates the session is Layer 7 delayed binding and the switch is trying to open TCP connection to the real server. For example. “N”: Indicates no NAT. This field can be urlwcr. This indicates that slowage is used.The session is aged out in 10 minutes. “Vi”: Indicates the session is a SIP INVITE session. “E”: Indicates the session is established and will be aged out if no traffic is received within session timeout value. This field is the filtering application port for filtering. or Cookie Pbind.0.The session is aged out in 160 minutes. (13) Persistent session user count This counter indicates the number of client sessions created to associate with this persistent session.Nortel Application Switch Operating System 23. (7) and (8) cannot have persistent session. “Vd”: Indicates the session is a SIP NAT data session. “Vr”: Indicates the session is a SIP REGISTER session. “L”: Indicates the session is a link load balance session. “S”: Indicates the session is a persistent session and the application is SSL session ID. the session is freed. January 2006 . idslb. The user can configure slowage by using the command: /cfg/slb/adv/slowage. “Ru”: Indicates UDP rate limiting for every client entry. For RTSP UDP session. It is for internal use only. “Ri”: Indicates the session is ICMP rate limiting per-client entry.

January 2006 139 .Show Global SLB rule . geo Displays the Global SLB geographical preference information. the number of the local and remote virtual servers. Chapter 4: The Information Menu 320506-A.Show Global SLB pers .Show Global SLB dump .Nortel Application Switch Operating System 23.0. The menu for this feature displays the following information: [Global SLB Information Menu] virt .Show Global SLB site .Show Global SLB geo . dump Displays all Global SLB information. and the group of real servers associated with the local and remote virtual servers. pers <IP_Address> Display the Global SLB DNS persistence cache information. the number of virtual services on those virtual servers.Show all Global virtual server information remote site information rule information geographical preference information DNS persistence cache information SLB information Table 4-30 Global SLB Information Menu Options (/info/slb/gslb) Command Syntax and Usage virt <virtual server number (1-1024)> Displays the Global SLB virtual server information such as the domain name of the virtual server. site Displays the Global SLB remote site information.2 Command Reference /info/slb/gslb Global SLB Information Menu An Nortel Application Switch Operating System running Global SLB selects the most appropriate site to direct the client traffic for a given domain during the initial client connection.

up 20. up Port 1: 2: 3: 4: state: filt disabled. backup none. port 1.2.20. port 8. vlan 1. up Virtual server state: 1: 20.102.2. up 2: 210.20.20.0.20.20. up 20. filters: 50 200 140 Chapter 4: The Information Menu 320506-A. backup none proxy enabled.101.200. filters: 200 idslb filt enabled.20. port 7. backup none. health 3. 00:01:02:71:9c:a6. health 3. up 210. 3 ms.20. up exclusionary string matching: disabled 1: any 2: urlone 27: 20.Nortel Application Switch Operating System 23. 00:60:cf:47:5c:1e virtual ports: http: rport http. filters: 200 filt disabled. 00:01:02:70:4d:4a.1. up exclusionary string matching: disabled 3: urltwo 4: urlthree Redirect filter state: Action redir dport http. backup none.20. 2 ms.20.200.1. backup none. vlan 1. 1 ms. port 6. radius snoop disabled real servers: 1: 210.2 Command Reference /info/slb/dump Show All Layer 4 Information Real 1: 2: 26: 27: server state: 210.1.200. health 3. 2 ms.2.1. backup none.101.20. rport 3128.1. 00:03:47:07:a4:9e.1. January 2006 . filters: 80 idslb filt enabled. group 88. dbind HTTP Application: urlslb real servers: 26: 20. vlan 1. vlan any 200: group 1. vlan 1. 00:01:02:c1:4b:48. health 3. health 3.2.102.

Chapter 4: The Information Menu 320506-A. BWM policies can be configured to set lower and upper bounds on the bandwidth allocation.BWM IP User Entries Information Menu cont .Show Bandwidth Management Contract information Table 4-31 Bandwidth Management Information Command Syntax and Usage ipuser Displays the IP user entries with their IP addresses. such as e-commerce transactions. You can see the following information on your switch when you execute this command: [Bandwidth Management Information Menu] ipuser . See page 142 for sample output. receive higher priority versus non-criticaltraffic.2 Command Reference /info/bwm Bandwidth Management Information Bandwidth Management (BWM) enables Web site managers to allocate a portion of the available bandwidth for specific users or applications. cont Displays the BWM contract information configured on this switch. Traffic classification can be based on user or application information.0. January 2006 141 .Nortel Application Switch Operating System 23. It allows companies to guarantee that critical business traffic.

Show all IP user entries on sp dump . The same fields as described in cont above are displayed. January 2006 . sp <SP number (1-4)> Displays the IP user entries on the Switch Processor.0.Show all IP user entries with IP address cont .Show all IP user entries for a contract sp . cont <BW Contract number.2 Command Reference /info/bwm/ipuser BWM IP User Information Menu [BWM IP User Entries Information Menu] ip .Nortel Application Switch Operating System 23. but only for the specified sp number. dump Displays all the IP user entries. 1-1024> Displays the IP user entries for a specific BWM contract.Show all IP user entries Table 4-32 BWM IP User Information Menu (/info/bwm/ipuser) Command Syntax and Usage ip <IP address> Displays the IP user entries for a specific IP address. 142 Chapter 4: The Information Menu 320506-A.

1.-------.----2 11 11.1. Octets: the number of octets processed on this ipuser entry Discards: the number of octets discarded on this ipuser entry Allowed Rate: the rate of traffic allowed for this IP address Offered Rate: the rate including the discards for this IP address Chapter 4: The Information Menu 320506-A.109 16 203016 0 99 99 SP Rate: the switch processor number (1-4) of the ipuser entry.102 16 198402 0 96 96 2 10 11.1.0.---------.106 16 199940 0 97 97 2 10 11.1.Nortel Application Switch Operating System 23.0.---------.0.---------------.1.103 16 196864 0 96 96 2 10 11.2 Command Reference The format of the output of the above commands: SP Contract IP Address Age Octets Discards Allowed Offered Rate Rate -.0.1.104 16 204554 0 99 99 2 10 11.1.0. IP address: the IP address of the ipuser entry.0.101 16 201478 0 98 98 2 10 11.100 86 21500000 301001440 1953 29297 2 10 11.0.0. Contract Rate: the BWM contract number of the ipuser entry.0.100 86 1076600 0 97 97 2 10 11.0.0.107 16 199940 0 97 97 2 10 11.1.1.1. Age: the age of the entry in seconds.105 16 198402 0 96 96 2 10 11.1.0. January 2006 143 .--.108 16 199940 0 97 97 2 10 11.

26' BWM IP user table entries 64k Contract Policy Per User Traffic Num Name Prec Hard Soft Resv Limit Key State Shaping 1 123456789012345 2 1 50M 1M 500K E D 2 vlan 4 1 60M 2M 500K E D 3 filter 7 20 2M 1M 500K E D 4 5 1 2M 1M 500K D D 5 512 1 2M 1M 500K E D 10 10 1 1M 0K 0K 500K sip E D 11 11 1 100M 80M 500K 2M sip E D 12 12 1 2M 1M 500K E D 13 13 1 3M 1M 500K E D 14 14 1 4M 400K 100K E D 15 15 1 2M 1M 500K E D This command displays information about any configured contracts and the BWM policies applied to the contracts.Nortel Application Switch Operating System 23. Includes the following: The policy number applied to the contract Prec: the precedence applied to the policy Hard: the hard limit applied to the policy Soft: the soft limit applied to the policy Resv: the reserve limit applied to the policy 144 Chapter 4: The Information Menu 320506-A.81. January 2006 .138.0.2 Command Reference /info/bwm/cont BWM Contract Information Current Bandwidth Management setting: ON Policy Enforcement:enabled BWM history will be mailed in a minute to 'abcd' at host '100. Displays specific information about a policy applied to a contract. Table 4-33 BWM Contract Information Field Contract Policy Description Displays the BWM contract number.

State Traffic Shaping Displays whether Traffic Shaping is enabled (E) or disabled (D) for this contract. if applied to the contract.0. Chapter 4: The Information Menu 320506-A. this field displays whether the user limit is enforced on a source IP address (sip) or a destination IP address (dip). January 2006 145 .2 Command Reference Table 4-33 BWM Contract Information Field Per User Description These two columns display information for an ipuser limit. Includes the following: Limit: the user rate limit applied to the ipuser. Displays whether the BWM contract is enabled (E) or disabled (D).Nortel Application Switch Operating System 23. Key: If an ipuser rate limit is enforced.

Show IP ACL information udpblast .0. ipacl This menu displays the current IP ACL settings. January 2006 .Show port security information ipacl .2 Command Reference /info/security Security Information [Security Information Menu] port .Show all security information The information provided by each menu option is described in Table 4-34.Show UDP blast protection information dos . 146 Chapter 4: The Information Menu 320506-A. Table 4-34 Security Information Menu (/info/security) Command Syntax and Usage port This menu displays the current port security settings.Nortel Application Switch Operating System 23. udpblast This menu displays UDP blast protection settings. dos This menu displays DoS protection settings.Show protocol anomaly and DoS attack prevention information dump . dump This menu displays all security settings.

or auto) Chapter 4: The Information Menu 320506-A. any. January 2006 147 . full.0. or 1000) Duplex mode (half. 10/100.2 Command Reference /info/link Link Status Information Alias -----1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Port ---1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Speed ----10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 10/100 1000 1000 1000 1000 Duplex -------any any any any any any any any any any any any any any any any any any any any any any any any full full full full Flow Ctrl --TX-----RX-yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes Link -----down down down down down down down down down down down down down down down down down down down down down down down down down down down down Use this command to display link status information about each port on an Nortel Application Switch slot. yes. 100. including: Port Alias Port number Port speed (10. or auto) Flow control for transmit and receive (no.Nortel Application Switch Operating System 23.

Nortel Application Switch Operating System 23. January 2006 .0.2 Command Reference Link status (up or down) 148 Chapter 4: The Information Menu 320506-A.

2 Command Reference /info/port Port Information Alias -----1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Port ---1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Tag --y n n n n n n n n n n n n n n n n n n n n n n n n n n n RMON ---d d d d d d d d d d d d d d d d d d d d d d d d d d d d PVID ---1 2 3 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 BWC ----1024 1024 1024 1024 1024 5 1024 1024 1024 1024 1024 1024 6 1024 1024 1024 1024 1024 1024 1024 1024 1024 1024 1024 1024 1024 1024 1024 NAME -------------VLAN(s) -------------1 2 3 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Port information includes: Port alias Port number Whether the port uses VLAN tagging or not (y or n) Whether Remote Monitor is enabled or disabled Port VLAN ID (PVID) Port name VLAN membership Chapter 4: The Information Menu 320506-A. January 2006 149 .0.Nortel Application Switch Operating System 23.

/info/dump Information Dump Use the dump command to dump all switch information available from the Information Menu (10K or more. the information would be displayed as follows: Enabled Software features: Layer 4: GSLB Bandwidth Management Security Pack Enabled Software features: Layer 4: GSLB Inbound Linklb Intelligent Traffic Management Software key information includes a list of all the optional software packages which have been activated or installed on your switch.Nortel Application Switch Operating System 23. depending on your configuration). January 2006 . see “How to Get Help” on page 24. If you want to capture dump data to a file. set your communication software on your workstation to capture session data prior to issuing the dump commands.2 Command Reference Whether RMON is enabled or disabled on the port /info/swkey Software Enabled Keys For optional Layer 4 switching software. For information on ordering optional software license keys.0. 150 Chapter 4: The Information Menu 320506-A. This data is useful for tuning and debugging switch performance.

Layer 3 Stats Menu slb .Layer 2 Stats Menu l3 .Port Stats Menu pmirr .System Stats Menu port .SP-specific Stats Menu dump .Dump all stats 151 320506-A. /stats Statistics Menu [Statistics Menu] sys . January 2006 .Bandwidth Management Stats Menu security . This chapter discusses how to use the command line interface to display switch statistics.Server Load Balancing (Layer 4-7) Stats Menu bwm .Port Mirroring Stats Menu l2 .Security Stats Menu mp .CHAPTER 5 The Statistics Menu You can view switch performance statistics in both the user and administrator command modes.MP-specific Stats Menu sp .

To view menu options. You can execute the clear command option to delete all statistics. see page 232. l2 Displays Layer 2 Statistics Menu. See page 255 for sample output. January 2006 . pm Displays Port Mirroring Statistics Menu. see page 253. ntp <clear> Displays Network Time Protocol (NTP) Statistics. To view menu options. To view menu options. Traffic statistics are included in SNMP Management Information Base (MIB) objects. security Displays Security Statistics Menu. To view menu options.Nortel Application Switch Operating System 23. To view menu options.0. see page 154. slb Displays the Server Load Balancing (SLB) Menu. To view menu options. To view menu options. Use this command to view information on how switch management processes and resources are currently being allocated. see page 199. see page 255. snmp Displays SNMP Statistics. see page 248. To view menu options. mgmt Displays interface statistics for the Management Port. mp Displays the Management Processor Statistics Menu. sp <SP number (1-4)> Displays Switch Processor-Specific Menu. see page 174. To view menu options. Use this command to display traffic statistics on a port-by-port basis. see page 170. 152 Chapter 5: The Statistics Menu 320506-A. bwm Displays the Bandwidth Management Menu.2 Command Reference Table 5-1 Statistics Menu Options (/stats) Command Syntax and Usage sys System statistics menu port <port number> Displays the Port Statistics Menu for the specified port. l3 Displays Layer3 Statistics Menu. see page 239.

Nortel Application Switch Operating System 23. For details. see page 256.0. If you want to capture dump data to a file. January 2006 153 . Use this command to gather data for tuning and debugging switch performance. set your communication software on your workstation to capture session data prior to issuing the dump command.2 Command Reference Table 5-1 Statistics Menu Options (/stats) Command Syntax and Usage dump Dumps all switch statistics. Chapter 5: The Statistics Menu 320506-A.

snmp Show SNMP statistics. dump Dump system statistics. 154 Chapter 5: The Statistics Menu 320506-A.0.Show management port stats ntp .System Access Menu mgmt .2 Command Reference /stats/sys System statistics menu This menu displays traffic statistics on a system basis.Show NTP server stats snmp .Show SNMP stats dump . ntp Show NTP server statistics. mgmt Management port interface statistics.Dump system stats Table 5-2 System Statistics Menu Options (/stats/sys) Command Syntax and Usage access Go to the System Access menu. January 2006 . [System Statistics Menu] access .Nortel Application Switch Operating System 23.

link Displays link statistics for the port.Show bridging ("dot1") stats ether . dump Displays all the port statistics. See page 163 for a sample output and the description of statistics. if Displays interface statistics for the port. See page 157 for a sample output and the description of statistics. January 2006 155 . See page 162 for a sample output and the description of statistics. Traffic statistics include SNMP Management Information Base (MIB) objects.Show link stats rmon .Show RMON stats dump .Dump port stats clear . rmon Displays Remote Monitor (RMON) statistics for the port. ip Displays IP statistics for the port.Show Internet Protocol ("IP") stats link . See page 156 for a sample output and the description of statistics.Show interface ("if") stats ip .Nortel Application Switch Operating System 23.Clear all port stats Table 5-3 Port Statistics Menu Options (/stats/port) Command Syntax and Usage brg Displays bridging (“dot1”) statistics for the port.2 Command Reference /stats/port <port number> Port Statistics Menu This menu displays traffic statistics on a port-by-port basis.0. See page 161 for a sample output and the description of statistics.Show Ethernet ("dot3") stats if . Chapter 5: The Statistics Menu 320506-A. [Port Statistics Menu] brg . See page 164 for a sample output and the description of statistics. ether Displays Ethernet (“dot1”) statistics for the port.

Nortel Application Switch Operating System 23. filtered) by the Forwarding Process. but have been discarded due to a lack of space to store them in the Forwarding Database. If this counter is increasing. including bridge management frames. The total number of Forwarding Database entries. If this counter has a significant value but is not presently increasing.0. dot1PortOutFrames dot1PortInDiscards dot1TpLearnedEntry Discards 156 Chapter 5: The Statistics Menu 320506-A. /stats/port <port number>/brg Bridging Statistics This menu option enables you to display the bridging statistics of the selected port. it indicates that the Forwarding Database is regularly becoming full (a condition which has unpleasant performance effects on the subnetwork). it indicates that the problem has been occurring but is not persistent.2 Command Reference Table 5-3 Port Statistics Menu Options (/stats/port) (Continued) Command Syntax and Usage clear This command clears all the statistics on this port. Bridging statistics for port 1: dot1PortInFrames: dot1PortOutFrames: dot1PortInDiscards: dot1TpLearnedEntryDiscards: dot1BasePortDelayExceededDiscards: dot1BasePortMtuExceededDiscards: dot1StpPortForwardTransitions: 63242584 63277826 0 0 NA NA 0 Table 5-4 Bridging Statistics of a Port (/stats/port/brg) Statistics dot1PortInFrames Description The number of frames that have been received by this port from its segment. January 2006 . A frame received on the interface corresponding to this port is only counted by this object if and only if it is for a protocol being processed by the local bridging function. Note that a frame transmitted on the interface corresponding to this port is only counted by this object if and only if it is for a protocol being processed by the local bridging function. The number of frames that have been transmitted by this port to its segment. including bridge management frames. which have been or would have been learnt. Count of valid frames received which were discarded (that is.

It is incremented by both transparent and source route bridges. The number of frames discarded by this port due to an excessive size. It is incremented by both transparent and source route bridges. The number of times this port has transitioned from the Learning state to the Forwarding state.0. January 2006 157 .Nortel Application Switch Operating System 23.2 Command Reference Table 5-4 Bridging Statistics of a Port (/stats/port/brg) Statistics dot1BasePortDelay ExceededDiscards dot1BasePortMtu ExceededDiscards dot1StpPortForward Transitions Description The number of frames discarded by this port due to excessive transit delay through the bridge. /stats/port <port number>/ether Ethernet Statistics This menu option enables you to display the ethernet statistics of the selected port Ethernet statistics for port 1: dot3StatsAlignmentErrors: dot3StatsFCSErrors: dot3StatsSingleCollisionFrames: dot3StatsMultipleCollisionFrames: dot3StatsSQETestErrors: dot3StatsDeferredTransmissions: dot3StatsLateCollisions: dot3StatsExcessiveCollisions: dot3StatsInternalMacTransmitErrors: dot3StatsCarrierSenseErrors: dot3StatsFrameTooLongs: dot3StatsInternalMacReceiveErrors: dot3CollFrequencies [1-15]: 0 0 0 0 NA 0 0 0 NA 0 0 0 NA Chapter 5: The Statistics Menu 320506-A.

ifOutMulticastPkts.2 Command Reference Table 5-5 Ethernet Statistics for Port (/stats/port/ether) Statistics dot3StatsAlignment Errors Description A count of frames received on a particular interface that are not an integral number of octets in length and do not pass the Frame Check Sequence (FCS) check. This counter does not increment when the interface is operating in fullduplex mode. and is not counted by the corresponding instance of the dot3StatsMultipleCollisionFrame object. or ifOutBroadcastPkts. or ifOutBroadcastPkts.Nortel Application Switch Operating System 23. Received frames for which multiple error conditions are obtained are. Note: Coding errors detected by the physical layer for speeds above 10 Mb/s will cause the frame to fail FCS check. according to the conventions of IEEE 802. Received frames for which multiple error conditions are obtained are. counted exclusively according to the error status presented to the LLC.0. and is not counted by the corresponding instance of the dot3StatsSingleCollisionFrames object. ifOutMulticastPkts. This counter does not increment when the interface is operating in fullduplex mode. dot3StatsSingleCollisionFrames dot3StatsMultipleCollisionFrames 158 Chapter 5: The Statistics Menu 320506-A. dot3StatsFCSErrors A count of frames received on a particular interface that are an integral number of octets in length but do not pass the Frame Check Sequence (FCS) check.3 Layer Management. A frame that is counted by an instance of this object is also counted by the corresponding instance of either the ifOutUcastPkts. A count of successfully transmitted frames on a particular interface for which transmission is inhibited by more than one collision. A count of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision. A frame that is counted by an instance of this object is also counted by the corresponding instance of either the ifOutUcastPkts. This count does not include frames received with frametoo-long or frame-too-short errors.3 Layer Management. counted exclusively according to the error status presented to the LLC. January 2006 . The count represented by an instance of this object is incremented when the frameCheckError status is returned by the MAC service to the LLC (or other MAC user). according to the conventions of IEEE 802. The count represented by an instance of this object is incremented when the alignmentError status is returned by the MAC service to the Logical Link Control (LLC) (or other MAC user).

2. This counter does not increment when the interface is operating in fullduplex mode.Nortel Application Switch Operating System 23.0. The number of times that a collision is detected on a particular interface later than one slotTime into the transmission of a packet. Five hundred and twelve bit-times corresponds to 51. This counter does not increment when the interface is operating in fullduplex mode. This counter does not increment when the interface is operating in fullduplex mode.4.31998 Edition.802. This counter does not increment when the interface is operating in fullduplex mode.6. In particular. A count of frames for which transmission on a particular interface fails due to excessive collisions. The SQE TEST ERROR is set in accordance with the rules for the verification of the SQE detection mechanism in the PLS Carrier Sense Function as described in IEEE Std. The count represented by an instance of this object does not include frames involved in collisions. or the dot3StatsCarrierSenseErrors object. A count of frames for which the first transmission attempt on a particular interface is delayed because the medium is busy. an instance of this object may represent a count of transmission errors on a particular interface that are not otherwise counted. section 7. A count of frames for which transmission on a particular interface fails due to an internal MAC sub layer transmit error. The precise meaning of the count represented by an instance of this object is implementation-specific. dot3StatsDeferredTransmissions dot3StatsLateCollisions dot3StatsExcessive Collisions dot3StatsInternalMacTransmitErrors Chapter 5: The Statistics Menu 320506-A.2 microseconds on a 10 Mbit/s system. the dot3StatsExcessiveCollisions object. January 2006 159 . A (late) collision included in a count represented by an instance of this object is also considered as a (generic) collision for purposes of other collision-related statistics.2 Command Reference Table 5-5 Ethernet Statistics for Port (/stats/port/ether) Statistics dot3StatsSQETestErrors Description A count of times that the SQE TEST ERROR message is generated by the PLS sub layer for a particular interface. A frame is only counted by an instance of this object if it is not counted by the corresponding instance of either the dot3StatsLateCollisions object.

This counter does not increment when the interface is operating in fullduplex mode. counted exclusively according to the error status presented to the LLC. January 2006 . an instance of this object may represent a count of received errors on a particular interface that are not otherwise counted. For example.2 Command Reference Table 5-5 Ethernet Statistics for Port (/stats/port/ether) Statistics dot3StatsCarrierSenseErrors Description The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame on a particular interface. The count represented by an instance of this object is incremented when the frameTooLong status is returned by the MAC service to the LLC (or other MAC user). dot3StatsFrameTooLongs dot3StatsInternalMacReceiveErrors dot3CollFrequencies 160 Chapter 5: The Statistics Menu 320506-A. In particular. or the dot3StatsFCSErrors object. Received frames for which multiple error conditions are obtained are. according to the conventions of IEEE 802. the dot3StatsAlignmentErrors object.3 Layer Management.0. No other instance of dot3CollFrequencies would be incremented in this example. A frame is only counted by an instance of this object if it is not counted by the corresponding instance of either the dot3StatsFrameTooLongs object. A count of individual MAC frames for which the transmission (successful or otherwise) on a particular interface occurs after the frame has experienced exactly the number of collisions specified by the index.Nortel Application Switch Operating System 23. The precise meaning of the count represented by an instance of this object is implementation-specific. even if the carrier sense condition fluctuates during a transmission attempt. A count of frames received on a particular interface that exceed the maximum permitted frame size. a frame which is transmitted after experiencing exactly 4 collisions would be indicated by incrementing only dot3CollFrequencies [4]. The count represented by an instance of this object is incremented at most once per transmission attempt. This counter does not increment when the interface is operating in fullduplex mode. A count of frames for which reception on a particular interface fails due to an internal MAC sub layer receive error.

dot3StatsInternalMacReceiveErrors and dot3StatsSymbolErrors. January 2006 161 . including the MAC header and FCS. this includes both Group and Functional addresses. The sum for this interface of dot3statsAlignmentErrors. ifHCInUcastPkts ifHCInBroadcastPkts ifHCInMulticastPkts ifHCInDiscards ifHCInErrors ifHCOutOctets Chapter 5: The Statistics Menu 320506-A. Interface statistics for port 1: ifHCIn Counters Octets: 51697080313 UcastPkts: 65356399 BroadcastPkts: 0 MulticastPkts: 0 Discards: 0 Errors: 0 ifHCOut Counters 51721056808 65385714 6516 0 0 0 Table 5-6 Interface Statistics for Port (/stats/port/if) Statistics ifHCInOctets Description The number of octets in valid MAC frames received on the interface.layer. This does include the number of octets in valid MAC Control frames received on this interface. The number of packets delivered by this sub-layer to a higher (sub) layer. For a MAC layer protocol. The number of packets. This does not include the number of octets in valid MAC Control frames transmitted on this interface. which were addressed to a multicast address at this sub-layer.0.layer. The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being delivered to a higher-layer protocol. The number of octets transmitted in valid MAC frames on this interface.Nortel Application Switch Operating System 23. delivered by this sub-layer to a higher sub. One possible reason for discarding such a packet could be to free up buffer space. dot3StatsFrameTooLongs.2 Command Reference /stats/port <port number>/if Interface Statistics This menu option enables you to display the interface statistics of the selected port. which were not addressed to a multicast or broadcast address at this sublayer. The number of packets. which were addressed to a broadcast address at this sub-layer. including the MAC header and FCS. dot3StatsFCSErrors. delivered by this sub-layer to a higher sub.

The sum for this interface of: dot3statsSQETestErrors. One possible reason for discarding such a packet could be to free up buffer space.Nortel Application Switch Operating System 23. For a MAC layer protocol. The total number of packets that higher-level protocols requested to be transmitted. and which were addressed to a broadcast address at this sublayer. including those that were discarded or not sent.2 Command Reference Table 5-6 Interface Statistics for Port (/stats/port/if) Statistics ifHCOutUcastPkts Description The total number of packets that higher-level protocols requested to be transmitted. dot3StatsExcessiveCollisions. dot3StatsInternalMacTransmitErrors and dot3StatsCarrierSenseErrors. 162 Chapter 5: The Statistics Menu 320506-A. this includes both Group and Functional addresses. dot3StatsLateCollisions.0. The total number of packets that higher-level protocols requested to be transmitted. including those that were discarded or not sent. The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being transmitted. IP statistics for port 1: ipInReceives: ipInAddrErrors: ipInUnknownProtos: ipInDelivers: ipTtlExceeds: ipLANDattacks: 0 0 0 0 0 0 ipForwDatagrams: ipInDiscards: 0 0 Table 5-7 Interface Protocol Statistics (/stats/port/ip) Statistics ipInReceives Description The total number of input datagrams received from interfaces. including those that were discarded or not sent. January 2006 . and which were not addressed to a multicast or broadcast address at this sub-layer. including those received in error. and which were addressed to a multicast address at this sublayer. ifHCOutBroadcastPkts ifHCOutMulticastPkts ifHCOutDiscards ifHCOutErrors /stats/port <port number>/ip Interface Protocol Statistics This menu option enables you to display the interface statistics of the selected port.

For entities which are not IP Gateways and therefore do not forward datagrams. but which were discarded (for example.2 Command Reference Table 5-7 Interface Protocol Statistics (/stats/port/ip) Statistics ipInAddrErrors Description The number of input datagrams discarded because the IP address in their IP header's destination field was not a valid address to be received at this entity (the switch). This count includes invalid addresses (for example.0.0. as a result of which an attempt was made to find a route to forward them to that final destination.Nortel Application Switch Operating System 23. The number of IP datagram for which an ICMP TTL exceeded message was sent.0) and addresses of unsupported Classes (for example.0. Link statistics for port 1: linkStateChange: 4 Chapter 5: The Statistics Menu 320506-A. The total number of input datagrams successfully delivered to IP userprotocols (including ICMP). Class E). for lack of buffer space). Note that this counter does not include any datagrams discarded while awaiting re-assembly. The number of input IP datagrams for which no problems were encountered to prevent their continued processing. In entities which do not act as IP Gateways. ipForwDatagrams ipInUnknownProtos ipInDiscards ipInDelivers ipTtlExceeds ipLANDattacks /stats/port <port number>/link Link Statistics This menu enables you to display the link statistics of the selected port. The number of packets that have the same source and destination IP address. this counter will include only those packets which were Source-Routed via this entity (the switch).Route option processing was successful. January 2006 163 . this counter includes datagrams discarded because the destination address was not a local address. 0. and the Source. The number of input datagrams for which this entity (the switch) was not their final IP destination. The number of locally-addressed datagrams received successfully but discarded because of an unknown or unsupported protocol.

it is just the number of times this condition has been detected. Note that this number is not necessarily the number of packets dropped.2 Command Reference Table 5-8 Link Statistics (/stats/port/link) Statistics linkStateChange Description The total number of link state changes.0. 164 Chapter 5: The Statistics Menu 320506-A. RMON statistics for port 1: etherStatsDropEvents: etherStatsOctets: etherStatsPkts: etherStatsBroadcastPkts: etherStatsMulticastPkts: etherStatsCRCAlignErrors: etherStatsUndersizePkts: etherStatsOversizePkts: etherStatsFragments: etherStatsJabbers: etherStatsCollisions: etherStatsPkts64Octets: etherStatsPkts65to127Octets: etherStatsPkts128to255Octets: etherStatsPkts256to511Octets: etherStatsPkts512to1023Octets: etherStatsPkts1024to1518Octets: 0 129677 1485 734 712 0 0 0 0 0 0 954 578 35 26 16 8 Table 5-9 Remote Monitor Statistics (/stats/port/rmon) Statistics etherStatsDrop Events Description The total number of events in which packets were dropped by the probe due to lack of resources.Nortel Application Switch Operating System 23. January 2006 . /stats/port <port number>/rmon RMON Statistics This menu option enables you to display the remote monitor statistics of the selected port.

but including Frame Check Sequence (FCS) octets) of between 64 and 1518 octets. etherStatsUndersizePkts etherStatsOversizePkts Chapter 5: The Statistics Menu 320506-A. The total number of packets received that were less than 64 octets long (excluding framing bits. January 2006 165 . If greater precision is desired. This object can be used as a reasonable estimate of utilization (which is the percent utilization of the ethernet segment). The differences in the sampled values are Pkts and Octets. The total number of good packets received that were directed to the broadcast address. but including FCS octets) and were otherwise well formed. inclusive. broadcast packets. Note that this does not include multicast packets. 000 The result of this equation is the percent value of utilization.4 ) + ( Octets × 0. and multicast packets) received.0. These values are used to calculate the utilization as follows: Pkts × ( 9. etherStatsPkts etherStatsBroadcastPkts etherStatsMulticastPkts etherStatsCRCAlign Errors The total number of packets (including bad packets.Nortel Application Switch Operating System 23. and the number of seconds in the interval is Interval.8 ) Utilization = --------------------------------------------------------------------------------------Interval × 10.6 + 6. but including FCS octets) and were otherwise well formed. Note that this number does not include packets directed to the broadcast address. the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval. The total number of good packets received that were directed to a multicast address. but had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).2 Command Reference Table 5-9 Remote Monitor Statistics (/stats/port/rmon) Statistics etherStatsOctets Description The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). The total number of packets received that were longer than 1518 octets (excluding framing bits. respectively. The total number of packets received that had a length (excluding framing bits.

The best estimate of the total number of collisions on this Ethernet segment. The total number of packets (including bad packets) received that were 64 octets in length (excluding framing bits but including Frame Check Sequence (FCS) octets).0. Section 8. Note that this definition of jabber is different than the definition in IEEE802.5 (10Base-5) and section 10.2.2. Note that it is entirely normal for etherStatsFragments to increment.3 defines a collision as the simultaneous presence of signals on the DO and RD circuits (transmitting and receiving at the same time).2 Command Reference Table 5-9 Remote Monitor Statistics (/stats/port/rmon) Statistics etherStatsFragments Description The total number of packets received that were less than 64 octets in length (excluding framing bits but including FCS octets) and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).Nortel Application Switch Operating System 23.4 (10Base-T) of IEEE standard 802. if three or more stations are transmitting simultaneously.3k) plus receiver collisions observed on any coax segments to which the repeater is connected.1.4 (10Base-2). This is because it counts both runts (which are normal occurrences due to collisions) and noise hits.3 (10Base-5) and section 10. Thus a probe placed on a repeater port could record more collisions than a probe connected to a station on the same segment would. The value returned will depend on the location of the RMON probe. Probe location plays a much smaller role when considering 10Base-T.1. and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). Thus probes placed on a station and a repeater. A 10Base-T station can only detect collisions when it is transmitting.3 section 8. should report the same number of collisions. but including FCS octets). These documents define jabber as the condition where any packet exceeds 20 ms. 14. The allowed range to detect jabber is between 20 milliseconds and 150 milliseconds. Note also that an RMON probe inside a repeater should ideally report collisions between the repeater and one or more other hosts (transmit collisions as defined by IEEE 802. etherStatsJabbers etherStatsCollisions etherStatsPkts64Octets 166 Chapter 5: The Statistics Menu 320506-A.3.2.1.1.1. January 2006 . A repeater port must detect a collision when two or more stations are transmitting simultaneously. (A runt is a packet that is less than 64 bytes.3 (10Base-2) of IEEE standard 802. in the receive mode.) The total number of packets received that were longer than 1518 octets (excluding framing bits.3.3 states that a station must detect a collision.

The total number of packets (including bad packets) received that were between 128 and 255 octets in length (excluding framing bits but including Frame Check Sequence (FCS) octets). The total number of packets (including bad packets) received that were between 256 and 511 octets in length (excluding framing bits but including FCS octets). January 2006 167 . The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length (excluding framing bits but including FCS octets).0.Nortel Application Switch Operating System 23. The total number of packets (including bad packets) received that were between 512 and 1023 octets in length (excluding framing bits but including FCS octets).2 Command Reference Table 5-9 Remote Monitor Statistics (/stats/port/rmon) Statistics etherStatsPkts65to127Octets etherStatsPkts128to255Octets etherStatsPkts256to511Octets etherStatsPkts512to1023Octets etherStatsPkts1024to1518Octets Description The total number of packets (including bad packets) received that were between 65 and 127 octets in length (excluding framing bits but including FCS octets). Chapter 5: The Statistics Menu 320506-A.

0. January 2006 .Nortel Application Switch Operating System 23.2 Command Reference /stats/port <port number>/dump Port Dump Statistics Bridging statistics for port 1: dot1PortInFrames: 1284 dot1PortOutFrames: 142 dot1PortInDiscards: 130 dot1TpLearnedEntryDiscards: 0 dot1BasePortDelayExceededDiscards: NA dot1BasePortMtuExceededDiscards: NA dot1StpPortForwardTransitions: 2 -----------------------------------------------------------------Ethernet statistics for port 1: dot3StatsAlignmentErrors: 0 dot3StatsFCSErrors: 0 dot3StatsSingleCollisionFrames: 0 dot3StatsMultipleCollisionFrames: 0 dot3StatsSQETestErrors: NA dot3StatsDeferredTransmissions: 0 dot3StatsLateCollisions: 0 dot3StatsExcessiveCollisions: 0 dot3StatsInternalMacTransmitErrors: NA dot3StatsCarrierSenseErrors: 1 dot3StatsFrameTooLongs: 0 dot3StatsInternalMacReceiveErrors: 0 dot3CollFrequencies [1-15]: NA -----------------------------------------------------------------Interface statistics for port 1: ifHCIn Counters ifHCOut Counters Octets: 124166 19560 UcastPkts: 39 27 BroadcastPkts: 631 14 MulticastPkts: 614 101 Discards: 130 0 Errors: 1 0 -----------------------------------------------------------------IP statistics for port 1: ipInReceives: 0 ipInAddrErrors: 0 ipForwDatagrams: 0 ipInUnknownProtos: 0 ipInDiscards: 0 ipInDelivers: 0 ipTtlExceeds: 0 ipLANDattacks: 0 -----------------------------------------------------------------Link statistics for port 1: linkStateChange: 3 ------------------------------------------------------------------ 168 Chapter 5: The Statistics Menu 320506-A.

0.2 Command Reference RMON statistics for port 1: etherStatsDropEvents: etherStatsOctets: etherStatsPkts: etherStatsBroadcastPkts: etherStatsMulticastPkts: etherStatsCRCAlignErrors: etherStatsUndersizePkts: etherStatsOversizePkts: etherStatsFragments: etherStatsJabbers: etherStatsCollisions: etherStatsPkts64Octets: etherStatsPkts65to127Octets: etherStatsPkts128to255Octets: etherStatsPkts256to511Octets: etherStatsPkts512to1023Octets: etherStatsPkts1024to1518Octets: 0 123840 1406 698 669 0 0 0 0 0 0 906 548 35 25 16 8 Chapter 5: The Statistics Menu 320506-A.Nortel Application Switch Operating System 23. January 2006 169 .

stg Displays Spanning Tree Group statistics.Dump layer 2 stats Table 5-11 Layer 2 Statistics Menu Options (/stats/l2) Command Syntax and Usage fdb Displays Forwarding Database statistics.2 Command Reference /stats/pmirr Port mirroring statistics menu This menu displays port mirroring statistics on an all ports basis.Show LACP stats stg .Show FDB stats lacp . clear Clears the port statistics. [Port Mirroring Statistics Menu] dump . To view statistics and their description. January 2006 . To view statistics and their description. see page 172. To view statistics and their description.Show STG stats dump . 170 Chapter 5: The Statistics Menu 320506-A.Clear all port mirroring stats Table 5-10 PMIRR Statistics Menu Options (/stats/pmirr) Command Syntax and Usage dump Displays all mirrored port statistics.0. /stats/l2 Layer 2 Statistics Menu [Layer 2 Statistics Menu] fdb . lacp <port number (1 to max num ports)> Displays Link Aggregation Control Protocol statistics.Nortel Application Switch Operating System 23. see page 173. see page 171.Show port mirroring stats clear .

Number of entries overflowing the Forwarding Database. FDB statistics are described in the following table: Table 5-12 Forwarding Database Statistics (/stats/l2/fdb) Statistic creates current lookups finds find_or_c’s deletes hiwat lookup fails find fails overflows Description Number of entries created in the Forwarding Database. Current number of entries in the Forwarding Database.2 Command Reference Table 5-11 Layer 2 Statistics Menu Options (/stats/l2) Command Syntax and Usage dump Dump the Layer 2 statistics. Number of unsuccessful searches made in the Forwarding Database. including the number of new entries.Nortel Application Switch Operating System 23.0. finds. Chapter 5: The Statistics Menu 320506-A. Number of search failures in the Forwarding Database. January 2006 171 . Number of entry lookups in the Forwarding Database. /stats/l2/fdb FDB Statistics FDB statistics: creates: current: lookups: finds: find_or_c's: max: 9611 58 850254 5832 11874 16384 deletes: hiwat: lookup fails: find fails: overflows: 9553 65 151373 0 0 This menu option enables you to display statistics regarding the use of the forwarding database. Number of entries found or created in the Forwarding Database. Highest number of entries recorded at any given time in the Forwarding Database. Number of entries deleted from the Forwarding Database. and unsuccessful searches. Number of successful searches in the Forwarding Database.

January 2006 . The number of valid Marker Responses that the switch received on this port.Nortel Application Switch Operating System 23. /stats/l2/lacp LACP Statistics >> Layer 2 Statistics# lacp 1 port 1 Valid LACPDUs received Valid Marker PDUs received Valid Marker Rsp PDUs received Unknown version/TLV type Illegal subtype received LACPDUs transmitted Marker PDUs transmitted Marker Rsp PDUs transmitted - 9394 0 0 0 0 8516 0 0 Table 5-13 LACP Statistics Parameters (/stats?l2/lacp) Field Description Valid LACPDUs received The number of LACPDUs that the switch received on this port. Marker Rsp PDUs trans. The number of unknown version or TLV type that the switch received on this port. mitted 172 Chapter 5: The Statistics Menu 320506-A.0.2 Command Reference Table 5-12 Forwarding Database Statistics (/stats/l2/fdb) Statistic max Description Number of maximum Forwarding Database entries supported by the switch. The number of illegal LACP subtype received on this port.The number of Marker Responses transmitted out of this port. The number of LACPDUs transmitted out of this port. The number of Marker PDUs transmitted out of this port. Valid Marker PDUs received Valid Marker Rsp PDUs received Unknown version/TLV type Illegal subtype received LACPDUs transmitted Marker PDUs transmitted The number of valid Marker PDUs that the switch received on this port.

Displays the number of configuration BPDUs received Displays the number of TCN (Topology Change Notification) messages received.0. Displays the number of configuration BPDUs transmitted.------------------1 0 0 2 0 0 3 0 0 4 0 0 5 0 0 6 0 0 7 0 0 8 0 0 9 139046 176 10 0 0 11 0 0 12 0 0 13 0 0 14 0 0 15 0 0 16 0 0 17 0 0 18 0 0 19 0 0 20 0 0 21 0 0 22 0 0 23 0 0 24 0 0 25 0 0 26 0 0 27 0 0 28 0 0 Xmt Cfg ---------0 0 0 0 0 0 0 0 27 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Xmt TCN ---------0 0 0 0 0 0 0 0 15 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Table 5-14 Spanning Tree Group Statistics Parameters (/stats/l2/stg) Field Port Rcv cfg Rcv TCN Xmt Cfg Description Displays the port number.Nortel Application Switch Operating System 23.2 Command Reference /stats/l2/stg Spanning Tree Group Statistics Spanning Tree Group 1: Port Rcv Cfg Rcv TCN ----. Chapter 5: The Statistics Menu 320506-A. January 2006 173 .

Show ARP stats vrrp .Dump layer 3 stats Table 5-15 Layer 3 Statistics Menu (/stats/l3) Command Syntax and Usage ospf Displays OSPF statistics Menu.Show VRRP stats dns . See page 181 for sample output. See page 176 for sample output.Show route stats arp .2 Command Reference Table 5-14 Spanning Tree Group Statistics Parameters (/stats/l2/stg) Field Xmt TCN Description Displays the number of TCN (Topology Change Notification) messages transmitted /stats/l3 Layer 3 Statistics Menu [Layer 3 Statistics Menu] ospf .Show TCP stats udp .Nortel Application Switch Operating System 23.Clear IP stats dump .OSPF Statistics Menu ip .Show ICMP stats if . 174 Chapter 5: The Statistics Menu 320506-A. January 2006 .Show UDP stats ifclear .Show IP interface ("if") stats tcp .Show IP6 stats route .Show IP stats ip6 . ip6 Displays IP6 statistics.Clear IP interface ("if") stats ipclear . See page 190 for sample output. arp Displays Address Resolution Protocol (ARP) statistics.See page 184 for sample output. See page 189 for sample output. route Displays route statistics. ip Displays IP statistics.0.Show DNS stats icmp .

udp Displays UDP statistics. See page 197 for sample output. dns Displays Domain Name Server/System (DNS) statistics. Use this command to gather data for tuning and debugging Layer 3 switch performance. set your communication software on your workstation to capture session data prior to issuing the dump command. you can display the following protocol statistics for VRRP: Advertisements received (vrrpInAdvers) Advertisements transmitted (vrrpOutAdvers) Advertisements received. if <interface number (1-256)> Displays IP interface statistics for the management processors. See page 193 for sample output. dump Dumps all Layer 3 switch statistics. If you want to capture dump data to a file. January 2006 175 .2 Command Reference Table 5-15 Layer 3 Statistics Menu (/stats/l3) Command Syntax and Usage vrrp When virtual routers are configured. ipclear Clears IP statistics. See page 195 for sample output. ifclear Clears IP interface statistics.0. See page 192 for sample output.Nortel Application Switch Operating System 23. icmp Displays ICMP statistics. but ignored (vrrpBadAdvers) See page 191 for sample output. Use this command with caution as it will delete all the IP statistics. See page 199 for sample output. Use this command with caution as it will delete all the IP interface statistics. tcp Displays TCP statistics. Chapter 5: The Statistics Menu 320506-A.

See page 177 for sample output and details. January 2006 .Show global stats aindex .0. aindex <area index (0-2)> Displays area index statistics.Show interface(s) stats Table 5-16 OSPF Statistics Menu (/stats/l3/ospf) Command Syntax and Usage general Displays global statistics. if <interface number (1-256)> Displays interface statistics.2 Command Reference /stats/l3/ospf OSPF Statistics Menu [OSPF stats Menu] general .Nortel Application Switch Operating System 23.Show area(s) stats if . 176 Chapter 5: The Statistics Menu 320506-A.

2 Command Reference /stats/l3/ospf/general OSPF Global Statistics The OSPF General Statistics contain the sum total of all OSPF packets received on all OSPF areas and interfaces.Nortel Application Switch Operating System 23.0. January 2006 177 . OSPF stats ---------Rx/Tx Stats: Pkts hello database ls requests ls acks ls updates Nbr change stats: hello start n2way adjoint ok negotiation done exchange done bad requests bad sequence loading done n1way rst_ad down Timers kickoff hello retransmit lsa lock lsa ack dbage summary ase export Rx -------0 23 4 3 7 9 Tx -------0 518 12 1 7 7 Intf change Stats: hello down loop unloop wait timer backup nbr change 2 0 2 2 2 2 0 0 2 0 0 1 4 2 0 0 2 0 5 514 1028 0 0 0 0 0 Chapter 5: The Statistics Menu 320506-A.

Nortel Application Switch Operating System 23. The sum total of all Database Description packets transmitted on all OSPF areas and interfaces. The sum total of all Database Description packets received on all OSPF areas and interfaces. Description 178 Chapter 5: The Statistics Menu 320506-A. The sum total of all Link State Update packets transmitted on all OSPF areas and interfaces. The sum total of all Hello packets received on all OSPF areas and interfaces. The sum total of all Link State Acknowledgement packets transmitted on all OSPF areas and interfaces. The sum total of all Hello packets transmitted on all OSPF areas and interfaces.2 Command Reference Table 5-17 OSPF General Statistics (stats/l3/ospf/general) Statistics Rx/Tx Stats: Rx Pkts Tx Pkts Rx Hello Tx Hello Rx Database Tx Database Rx ls Requests Tx ls Requests Rx ls Acks Tx ls Acks Rx ls Updates Tx ls Updates The sum total of all OSPF packets received on all OSPF areas and interfaces. The sum total of all Link State Request packets transmitted on all OSPF areas and interfaces. The sum total of all Link State Request packets received on all OSPF areas and interfaces. The sum total of all OSPF packets transmitted on all OSPF areas and interfaces. The sum total of all Link State Acknowledgement packets received on all OSPF areas and interfaces.0. The sum total of all Link State Update packets received on all OSPF areas and interfaces. January 2006 .

The sum total number of link state updates received for all out-of-date portions of the database across all OSPF areas and interfaces. The sum total number of neighbors in this state (that is. The sum total number of decisions to be made (again) as to whether an adjacency should be established/maintained with the neighbor across all OSPF areas and interfaces. Description n2way adjoint ok negotiation done exchange done bad requests bad sequence loading done n1way rst_ad Chapter 5: The Statistics Menu 320506-A. The sum total number of bidirectional communication establishment between this router and other neighboring routers. The sum total number of Database Description packets which have been received that either: a) Has an unexpected DD sequence number b) Unexpectedly has the init bit set c) Has an options field differing from the last Options field received in a Database Description packet. Any of these conditions indicate that some error has occurred during adjacency establishment for all OSPF areas and interfaces. The sum total number of times the Neighbor adjacency has been reset across all OPSF areas and interfaces. January 2006 179 . in an adjacency's final state) having transmitted a full sequence of Database Description packets. across all OSPF areas and interfaces.0. The sum total number of neighbors in this state (that is. The sum total number of Link State Requests which have been received for a link state advertisement not contained in the database across all interfaces and OSPF areas. across all OSPF areas and interfaces.Nortel Application Switch Operating System 23. The sum total number of neighbors in this state wherein the Master/slave relationship has been negotiated. The sum total number of Hello packets received from neighbors. and sequence numbers have been exchanged.2 Command Reference Table 5-17 OSPF General Statistics (stats/l3/ospf/general) (Continued) Statistics Nbr Change Stats: hello Start The sum total of all Hello packets received from neighbors on all OSPF areas and interfaces. in which this router is not mentioned across all OSPF interfaces and areas. an indication that Hello packets should now be sent to the neighbor at intervals of HelloInterval seconds) across all OSPF areas and interfaces.

The total number of times the Autonomous System Export (ASE) timer has been fired. The total number of times the data base age (Dbage) has been fired. connected to the attached network in all OSPF areas. The total number of times the Summary timer has been fired. backup nbr change Timers Kickoff: hello retransmit lsa lock lsa ack dbage summary ase export The sum total number of times the Hello timer has been fired (which triggers the send of a Hello packet) across all OPSF areas and interfaces. indicating the end of the waiting period that is required before electing a (Backup) Designated Router across all OSPF areas and interfaces. The sum total number of times the Wait Timer has been fired. in the initial state of a neighbor conversation) across all OSPF areas and interfaces. The sum total number of times the Retransmit timer has been fired across all OPSF areas and interfaces. The sum total number of changes in the set of bidirectional neighbors associated with any interface across all OSPF areas. January 2006 . The sum total number of interfaces. The sum total number of times the Link State Advertisement (LSA) lock timer has been fired across all OSPF areas and interfaces.Nortel Application Switch Operating System 23. The sum total number of Backup Designated Routers on the attached network for all OSPF areas and interfaces. The sum total number of interfaces down in all OSPF areas.2 Command Reference Table 5-17 OSPF General Statistics (stats/l3/ospf/general) (Continued) Statistics down Intf Change Stats: hello down loop unloop wait timer The sum total number of Hello packets sent on all interfaces and areas. The sum total number of times the LSA Ack timer has been fired across all OSPF areas and interfaces. Description The total number of Neighboring routers down (that is. The sum total of interfaces no longer connected to the attached network across all OSPF areas and interfaces.0. 180 Chapter 5: The Statistics Menu 320506-A.

January 2006 181 . time-to-live exceeded. For entities which are not IP Gateways and therefore do not forward datagrams. and so forth. ipInAddrErrors ipForwDatagrams ipInUnknownProtos Chapter 5: The Statistics Menu 320506-A. which were Source-Routed via this entity (the switch). version number mismatch. The number of input datagrams discarded because the IP address in their IP header's destination field was not a valid address to be received at this entity (the switch). as a result of which an attempt was made to find a route to forward them to that final destination.Nortel Application Switch Operating System 23.0. In entities which do not act as IP Gateways. this counter will include only those packets. The number of input datagrams for which this entity (the switch) was not their final IP destination. and the Source.0) and addresses of unsupported Classes (for example. including bad checksums. Class E). other format errors. This count includes invalid addresses (for example. The number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol.0.2 Command Reference /stats/l3/ip IP Statistics IP statistics: ipInReceives: ipInAddrErrors: ipInUnknownProtos: ipInDelivers: ipOutDiscards: ipReasmReqds: ipReasmFails: ipFragFails: ipRoutingDiscards: ipReasmTimeout: 3115873 35447 500504 2334166 4 0 0 0 0 5 ipInHdrErrors: ipForwDatagrams: ipInDiscards: ipOutRequests: ipOutNoRoutes: ipReasmOKs: ipFragOKs: ipFragCreates: ipDefaultTTL: 1 0 0 1010542 4 0 0 0 255 Table 5-18 IP Statistics (/stats/l3/ip) Statistics ipInReceives ipInHdrErrors Description The total number of input datagrams received from interfaces.0.Route option processing was successful. errors discovered in processing their IP options. 0. including those received in error. The number of input datagrams discarded due to errors in their IP headers. this counter includes datagrams discarded because the destination address was not a local address.

The number of IP datagrams that have been successfully fragmented at this entity (the switch). Note that this includes any datagrams which a host cannot route because all of its default gateways are down. Note that this counter does not include any datagrams discarded while awaiting re-assembly. but which were discarded (for example. The number of IP fragments received which needed to be reassembled at this entity (the switch). Note that this counter does not include any datagrams counted in ipForwDatagrams. The number of failures detected by the IP re. because their Don't Fragment flag was set. January 2006 .assembly algorithm (for whatever reason: timed out. which meet this no-route criterion. The number of IP datagrams discarded because no route could be found to transmit them to their destination. for lack of buffer space).Nortel Application Switch Operating System 23. Note that this counter includes any packets counted in ipForwDatagrams. Note that this is not necessarily a count of discarded IP fragments since some algorithms (notably the algorithm in RFC 815) can lose track of the number of fragments by combining them as they are received. ipInDelivers ipOutRequests ipOutDiscards ipOutNoRoutes ipReasmReqds ipReasmOKs ipReasmFails ipFragOKs ipFragFails ipFragCreates 182 Chapter 5: The Statistics Menu 320506-A. for lack of buffer space). for example. errors. The number of IP datagram fragments that have been generated as a result of fragmentation at this entity (the switch). Note that this counter would include datagrams counted in ipForwDatagrams if any such packets met this (discretionary) discard criterion.assembled.0. The number of IP datagrams that have been discarded because they needed to be fragmented at this entity (the switch) but could not be. The number of IP datagrams successfully re. The total number of input datagrams successfully delivered to IP userprotocols (including ICMP). but which were discarded (for example. The total number of IP datagrams which local IP user-protocols (including ICMP) supplied to IP in requests for transmission.2 Command Reference Table 5-18 IP Statistics (/stats/l3/ip) Statistics ipInDiscards Description The number of input IP datagrams for which no problems were encountered to prevent their continued processing. The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination. and so forth).

Nortel Application Switch Operating System 23.0.2 Command Reference Table 5-18 IP Statistics (/stats/l3/ip) Statistics ipRoutingDiscards Description The number of routing entries. which were chosen to be discarded even though they are valid. The maximum number of seconds. One possible reason for discarding such an entry could be to free-up buffer space for other routing entries. ipDefaultTTL ipReasmTimeout Chapter 5: The Statistics Menu 320506-A. The default value inserted into the Time-To-Live (TTL) field of the IP header of datagrams originated at this entity (the switch). whenever a TTL value is not supplied by the transport layer protocol. January 2006 183 . which received fragments are held while they are awaiting reassembly at this entity (the switch).

Nortel Application Switch Operating System 23. January 2006 .2 Command Reference /stats/l3/ip6 IP6 Statistics Menu >> Layer 3 Statistics# /stat/l3/ip6 -----------------------------------------------------------------IP6 statistics: InReceives: 20519 InDiscards: 2 InDelivers: 24793 ForwDatagrams: 0 UnknownProtos: 0 InAddrErrors: 0 OutRequests: 34548 OutNoRoutes: 0 ReasmOKs: 0 ReasmFails: 0 IcmpInMsgs: 24793 IcmpInErrors: 4268 IcmpOutMsgs: 12829 IcmpOutErrors: 4271 InEchos: 0 OutEchos: 8538 InEchoReplies: 8536 OutEchoReplies: 0 InDestUnreachs: 4268 OutDestUnreachs: 4271 InPktTooBigs: 0 OutPktTooBigs: 0 InTimeExcds: 0 OutTimeExcds: 0 -----------------------------------------------------------------ICMP6 statistics: Interface: 1 InMsgs: 18929 InErrors: 0 InEchos: 0 InEchoReplies: 4268 InNeighborSolicits: 4513 InNeighborAdvertisements:4271 InRouterSolicits: 0 InRouterAdvertisements: 5877 InDestUnreachs: 0 InTimeExcds: 0 InPktTooBigs: 0 InParmProblems: 0 InRedirects: 0 OutMsgs: 4280 OutErrors: 0 OutEchos: 4269 OutEchoReplies: 0 OutNeighborSolicits: 3 OutNeighborAdvertisements:4516 OutRouterSolicits: 0 OutRouterAdvertisements: 1 OutRedirects: 0 -----------------------------------------------------------------Interface: 7 InMsgs: 5864 InErrors: 4268 InEchos: 0 InEchoReplies: 4268 InNeighborSolicits: 122 InNeighborAdvertisements: 3 InRouterSolicits: 0 InRouterAdvertisements: 1471 InDestUnreachs: 4268 InTimeExcds: 0 InPktTooBigs: 0 InParmProblems: 0 InRedirects: 0 OutMsgs: 8549 OutErrors: 4271 OutEchos: 4269 OutEchoReplies: 0 OutNeighborSolicits: 2 OutNeighborAdvertisements:124 OutRouterSolicits: 0 OutRouterAdvertisements: 1 OutRedirects: 0 -----------------------------------------------------------------IP6 gateway health check statistics: gateway 5 echo-req 4269 echo-resp gateway 7 echo-req 4269 echo-resp 4268 fails 0 fails 0 4268 184 Chapter 5: The Statistics Menu 320506-A.0.

g. this counter includes datagrams discarded because the destination address was not a local address. The number of IPv6 datagrams successfully reassembled. This count includes invalid addresses (e. but which were discarded (e. For entities which are not IPv6 routers and therefore do not forward datagrams. The number of locally-addressed datagrams received successfully but discarded because of an unknown or unsupported protocol.Nortel Application Switch Operating System 23. This counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the datagrams. The number of input IPv6 datagrams for which no problems were encountered to prevent their continued processing. for lack of buffer space). this counter will include only those packets which were Source-Routed via this entity. January 2006 185 . Note that this counter does not include any datagrams discarded while awaiting re-assembly.g.2 Command Reference Table 5-19 IPv6 Statistics (/stats/l3/ip6) Statistics IP6 Statistics Section InReceives InDelivers The total number of input datagrams received by the interface. including those received in error. Note that this counter does not include any datagrams counted in ipv6IfStatsOutForwDatagrams. and the Source-Route processing was successful. The number of output datagrams which this entity received and forwarded to their final destinations. This counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the datagrams. The total number of datagrams successfully delivered to IPv6 userprotocols (including ICMP).g.. The total number of IPv6 datagrams which local IPv6 user-protocols (including ICMP) supplied to IPv6 in requests for transmission.0. Description UnknownProtos OutRequests ReasmOKs InDiscards ForwDatagrams InAddrErrors Chapter 5: The Statistics Menu 320506-A. In entities which do not act as IPv6 routers. addresses with unallocated prefixes). Note that this counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the fragments. Note that for a successfully forwarded datagram the counter of the outgoing interface is incremented. ::0) and unsupported addresses (e.. The number of input datagrams discarded because the IPv6 address in their IPv6 header's destination field was not a valid address to be received at this entity..

The number of ICMP Echo (request) messages received by the interface. bad length. errors.). January 2006 .Nortel Application Switch Operating System 23. IcmpInMsgs IcmpOutMsgs IcmpInErrors IcmpOutErrors IcmpInEchos ICMP6 Statistics Section InMsgs The total number of ICMP messages received by the interface which includes all those counted by ipv6IfIcmpInErrors. In some implementations there may be no types of error which contribute to this counter's value. The number of failures detected by the IPv6 re-assembly algorithm (for whatever reason: timed out. This value should not include errors discovered outside the ICMP layer such as the inability of IPv6 to route the resultant datagram.).0. Note that this interface is the interface to which the ICMP messages were addressed which may not be necessarily the input interface for the messages. The total number of ICMP messages which this interface attempted to send. etc. InNeighborSolicits 186 Chapter 5: The Statistics Menu 320506-A. This counter is incremented at the interface to which these fragments were addressed which might not be necessarily the input interface for some of the fragments. Note that this is not necessarily a count of discarded IPv6 fragments since some algorithms (notably the algorithm in RFC 815) can lose track of the number of fragments by combining them as they are received. The number of ICMP Neighbor Solicit messages received by the interface. Note that this interface is the interface to which the ICMP messages were addressed which may not be necessarily the input interface for the messages. The total number of ICMP messages received by the interface which includes all those counted by ipv6IfIcmpInErrors. The number of ICMP messages which this interface did not send due to problems discovered within ICMP such as a lack of buffers.2 Command Reference Table 5-19 IPv6 Statistics (/stats/l3/ip6) (Continued) Statistics OutNoRoutes ReasmFails Description The number of locally generated IP datagrams discarded because no route could be found to transmit them to their destination. etc. Note that this counter includes all those counted by icmpOutErrors The number of ICMP messages which the interface received but determined as having ICMP-specific errors (bad ICMP checksums.

The number of ICMP Router Solicitation messages sent by the interface. The number of ICMP messages which the interface received but determined as having ICMP-specific errors (bad ICMP checksums. The number of ICMP Neighbor Advertisement messages received by the interface. The number of ICMP Parameter Problem messages received by the interface. The total number of ICMP messages which this interface attempted to send. InEchoReplies InNeighborAdvertisements InRouterAdvertisements InTimeExcds InParmProblems OutMsgs OutEchos OutNeighborSolicits OutRouterSolicits OutRedirects Chapter 5: The Statistics Menu 320506-A.). this object will always be zero. The number of ICMP Destination Unreachable messages received by the interface. The number of Redirect messages received by the interface. For a host. etc. The number of ICMP Neighbor Solicitation messages sent by the interface. The number of ICMP Echo Reply messages received by the interface. The number of Redirect messages sent. The number of ICMP Router Advertisement messages received by the interface.2 Command Reference Table 5-19 IPv6 Statistics (/stats/l3/ip6) (Continued) Statistics InRouterSolicits InDestUnreachs InPktTooBigs InRedirects InErrors Description The number of ICMP Router Solicit messages received by the interface. January 2006 187 . The number of ICMP Time Exceeded messages received by the interface. The number of ICMP Packet Too Big messages received by the interface. bad length. The number of ICMP Echo Request messages sent by the interface.0. since hosts do not send redirects.Nortel Application Switch Operating System 23.

Nortel Application Switch Operating System 23. The number of ICMP Router Advertisement messages sent by the interface. This value should not include errors discovered outside the ICMP layer such as the inability of IPv6 to route the resultant datagram. The number of ICMP Neighbor Advertisement messages sent by the interface. The number of ICMP Echo Reply messages sent by the interface.2 Command Reference Table 5-19 IPv6 Statistics (/stats/l3/ip6) (Continued) Statistics OutErrors Description The number of ICMP messages which this interface did not send due to problems discovered within ICMP such as a lack of buffers. OutEchoReplies OutNeighborAdvertisements OutRouterAdvertistments 188 Chapter 5: The Statistics Menu 320506-A.0. January 2006 . In some implementations there may be no types of error which contribute to this counter's value.

2 Command Reference /stats/l3/route Route Statistics Route statistics: ipRoutesCur: 3 ipRoutesHighWater: 3 ipRoutesMax: 4096 -----------------------------------------------------------------SP Route statistics: SP ipRoutesCur ipRoutesHighWater ipRoutesMax --.------------.------------------. The highest number of routes ever recorded in the route table. The total number of RIP advertisement packets sent. The maximum number of supported routes. January 2006 189 . The total number of RIP advertisement packets received that were dropped. Description Chapter 5: The Statistics Menu 320506-A.0. The total number of outstanding routes in the route table.------------1 3 3 4096 2 3 3 4096 3 3 3 4096 4 3 3 4096 -----------------------------------------------------------------RIP statistics: ripInPkts: ripDiscardPkts: BGP statistics: bgpInPkts: bgpBadPkts: bgpRoutesAdded: bgpRoutesCur: bgpRoutesIgnored: 0 ripOutPkts: 0 ripRoutesAgedOut: 0 0 0 0 0 0 0 bgpOutPkts: bgpSessFailures: bgpRoutesRemoved: bgpRoutesFailed: bgpRoutesFiltered: 0 0 0 0 0 Table 5-20 Route Statistics (/stats/l3/route) Statistics Route Statistics & SP Route Statistics: ipRoutesCur ipRoutesHighWater ipRoutesMax RIP statistics: ripInPkts ripOutPkts ripDiscardPkts The total number of good RIP advertisement packets received.Nortel Application Switch Operating System 23.

Nortel Application Switch Operating System 23. Description The total number of routes learned via RIP that has aged out. The total number of routes that were removed from the routing table. /stats/l3/arp ARP statistics This menu option enables you to display Address Resolution Protocol statistics. MP ARP statistics: arpEntriesCur: 2 arpEntriesHighWater: 2 arpEntriesMax: 8192 -----------------------------------------------------------------SP ARP statistics: SP arpEntriesCur arpEntriesHighWater arpEntriesMax --. The total number of routes ignored because the peer was not connected locally or multihop was not configured. The total number of BGP packets sent. The total number of current BGP routes.2 Command Reference Table 5-20 Route Statistics (/stats/l3/route) Statistics ripRoutesAgedOut BGP statistics: bgpInPkts bgpOutPkts bgpBadPkts bgpSessFailures bgpRoutesAdded bgpRoutesRemoved bgpRoutesCur bgpRoutesFailed bgpRoutesIgnored bgpRoutesFiltered The total number of BGP packets received. The total number of failed sessions. The total number of BGP routes that failed to add in the routing table. January 2006 . The total number of BGP packets dropped.--------------1 1 1 8192 2 1 1 8192 3 1 1 8192 4 1 1 8192 190 Chapter 5: The Statistics Menu 320506-A.--------------. The total number of routes dropped by the filter.0.--------------------. The total number of routes that were added to the routing table.

2 Command Reference Table 5-21 ARP Statistics (/stats/l3/arp) Statistics arpEntriesCur arpEntriesHighWater arpEntriesMax Description The total number of outstanding ARP entries in the ARP table.Nortel Application Switch Operating System 23. one of the backup virtual routers will assume routing authority and take control of the virtual router IP address. /stats/l3/vrrp VRRP Statistics Virtual Router Redundancy Protocol (VRRP) support on the Nortel Application Switch provides redundancy between routers in a LAN. but ignored (vrrpBadAdvers) The statistics for the VRRP LAN are displayed: VRRP statistics: vrrpInAdvers: vrrpOutAdvers: vrrpBadVersion: vrrpBadAddress: vrrpBadPassword: 0 0 0 0 0 vrrpBadAdvers: vrrpBadVrid: vrrpBadData: vrrpBadInterval: 0 0 0 0 Table 5-22 VRRP Statistics (/stats/l3/vrrp) Statistics vrrpInAdvers vrrpBadAdvers vrrpOutAdvers vrrpBadVersion Description The total number of VRRP advertisements that have been received. This is accomplished by configuring the same virtual router IP address and ID number on each participating VRRP-capable routing device. One of the virtual routers is then elected as the master. When virtual routers are configured. you can display the following protocol statistics for VRRP: Advertisements received (vrrpInAdvers) Advertisements transmitted (vrrpOutAdvers) Advertisements received. The total number of VRRP advertisements received that were dropped. If the master fails. January 2006 191 . and assumes control of the shared virtual router IP address. Chapter 5: The Statistics Menu 320506-A. The total number of VRRP advertisements that have been sent. The maximum number of ARP entries that are supported. based on a number of priority criteria. The highest number of ARP entries ever recorded in the ARP table.0.

0. The total number of DNS response packets that have been transmitted. 192 Chapter 5: The Statistics Menu 320506-A. January 2006 . DNS statistics: dnsInRequests: dnsBadRequests: 0 0 dnsOutRequests: 0 Table 5-23 DNS Statistics (/stats/l3/dns) Statistics dnsInRequests dnsOutRequests dnsBadRequests Description The total number of DNS request packets that have been received. The total number of DNS request packets received that were dropped.Nortel Application Switch Operating System 23.2 Command Reference Table 5-22 VRRP Statistics (/stats/l3/vrrp) Statistics vrrpBadVrid vrrpBadAddress vrrpBadData vrrpBadPassword vrrpBadInterval Description /stats/l3/dns DNS Statistics This menu option enables you to display Domain Name System statistics.

0. icmpInErrors icmpInDestUnreachs icmpInTimeExcds icmpInParmProbs icmpInSrcQuenchs icmpInRedirects icmpInEchos icmpInEchoReps icmpInTimestamps icmpInTimestampReps icmpInAddrMasks Chapter 5: The Statistics Menu 320506-A. The number of ICMP Destination Unreachable messages received. The number of ICMP Parameter Problem messages received. The number of ICMP Echo Reply messages received. The number of ICMP Source Quench (buffer almost full. The number of ICMP Echo (request) messages received. and so forth). The number of ICMP Redirect messages received. January 2006 193 .Nortel Application Switch Operating System 23.2 Command Reference /stats/l3/icmp ICMP Statistics ICMP statistics: icmpInMsgs: icmpInDestUnreachs: icmpInParmProbs: icmpInRedirects: icmpInEchoReps: icmpInTimestampReps: icmpInAddrMaskReps: icmpOutErrors: icmpOutTimeExcds: icmpOutSrcQuenchs: icmpOutEchos: icmpOutTimestamps: icmpOutAddrMasks: 245802 41 0 0 244350 0 0 0 0 0 253777 0 0 icmpInErrors: icmpInTimeExcds: icmpInSrcQuenchs: icmpInEchos: icmpInTimestamps: icmpInAddrMasks: icmpOutMsgs: icmpOutDestUnreachs: icmpOutParmProbs: icmpOutRedirects: icmpOutEchoReps: icmpOutTimestampReps: icmpOutAddrMaskReps: 1393 0 0 18 0 0 253810 15 0 0 18 0 0 Table 5-24 ICMP Statistics (/stats/l3/icmp) Statistics icmpInMsgs Description The total number of ICMP messages which the entity (the switch) received. bad length. The number of ICMP messages which the entity (the switch) received but determined as having ICMP-specific errors (bad ICMP checksums. The number of ICMP Address Mask Request messages received. The number of ICMP Timestamp Reply messages received. Note that this counter includes all those counted by icmpInErrors. stop sending data) messages received. The number of ICMP Time Exceeded messages received. The number of ICMP Timestamp (request) messages received.

The number of ICMP Echo (request) messages sent. January 2006 . The number of ICMP Parameter Problem messages sent. The number of ICMP Destination Unreachable messages sent. stop sending data) messages sent. The number of ICMP Redirect messages sent.Nortel Application Switch Operating System 23. since hosts do not send redirects. icmpOutErrors icmpOutDestUnreachs icmpOutTimeExcds icmpOutParmProbs icmpOutSrcQuenchs icmpOutRedirects icmpOutEchos icmpOutEchoReps icmpOutTimestamps icmpOutTimestampReps icmpOutAddrMasks icmpOutAddrMaskReps 194 Chapter 5: The Statistics Menu 320506-A. The number of ICMP messages which this entity (the switch) did not send due to problems discovered within ICMP such as a lack of buffer. The total number of ICMP messages which this entity (the switch) attempted to send. The number of ICMP Address Mask Reply messages sent. The number of ICMP Source Quench (buffer almost full. In some implementations there may be no types of errors that contribute to this counter's value. This value should not include errors discovered outside the ICMP layer such as the inability of IP to route the resultant datagram. The number of ICMP Timestamp Reply messages sent. The number of ICMP Time Exceeded messages sent. The number of ICMP Timestamp (request) messages sent. Note that this counter includes all those counted by icmpOutErrors. For a host. this object will always be zero.0. The number of ICMP Echo Reply messages sent.2 Command Reference Table 5-24 ICMP Statistics (/stats/l3/icmp) Statistics icmpInAddrMaskReps icmpOutMsgs Description The number of ICMP Address Mask Reply messages received. The number of ICMP Address Mask Request messages sent.

which were not addressed to a multicast or broadcast address at this sub-layer. The number of packets. including framing characters. the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. The number of packets. For character-oriented or fixed-length interfaces which support protocol multiplexing the number of transmission units received via the interface which were discarded because of an unknown or unsupported protocol. ifInNUCastPkts ifInDiscards ifInErrors ifInUnknownProtos Chapter 5: The Statistics Menu 320506-A. which were addressed to a multicast or broadcast address at this sub-layer.2 Command Reference /stats/l3/if <interface number> Interface Statistics IP interface 1 statistics: ifInOctets: 48948386 ifInNUCastPkts: 167895 ifInErrors: 0 ifOutOctets: 27100789 ifOutNUcastPkts: 218652 ifOutErrors: 0 ifInUcastPkts: ifInDiscards: ifInUnknownProtos: ifOutUcastPkts: ifOutDiscards: ifStateChanges 220553 0 0 441938 0 1 Table 5-25 Interface Statistics (/stats/if) Statistics ifInOctets ifInUcastPkts Description The total number of octets received on the interface. For character-oriented or fixed-length interfaces. the number of inbound packets that contained errors preventing them from being delivered to a higher-layer protocol. January 2006 195 . delivered by this sub-layer to a higher (sublayer). The number of inbound packets that were chosen to be discarded even though no errors had been detected to prevent their being delivered to a higher-layer protocol. For packet-oriented interfaces. One possible reason for discarding such a packet could be to free up buffer space. For any interface which does not support protocol multiplexing.0. For packet-oriented interfaces. delivered by this sub-layer to a higher (sublayer). this counter will always be 0. This object is deprecated in favor of ifInMulticastPkts and ifInBroadcastPkts. the number of packets received via the interface which were discarded because of an unknown or unsupported protocol.Nortel Application Switch Operating System 23.

and which were not addressed to a multicast or broadcast address at this sub-layer. The total number of packets that higher-level protocols requested to be transmitted. ifOutNUcastPkts ifOutDiscards ifOutErrors ifStateChanges 196 Chapter 5: The Statistics Menu 320506-A. January 2006 . The number of outbound packets. The total number of packets that higher-level protocols requested to be transmitted. and which were addressed to a multicast or broadcast address at this sub-layer. including those that were discarded or not sent.2 Command Reference Table 5-25 Interface Statistics (/stats/if) Statistics ifOutOctets ifOutUcastPkts Description The total number of octets transmitted out of the interface. One possible reason for discarding such a packet could be to free up buffer space.Nortel Application Switch Operating System 23. the number of outbound packets that could not be transmitted because of errors. including those that were discarded or not sent. the number of outbound transmission units that could not be transmitted because of errors. For character-oriented or fixed-length interfaces. This object is deprecated in favor of ifOutMulticastPkts and ifOutBroadcastPkts. The number of times an interface has transitioned from either down to up or from up to down. For packet-oriented interfaces. including framing characters. which were chosen to be discarded even though no errors had been detected to prevent their being transmitted.0.

0. an object of this type has the semantics of the LBOUND quantity described in RFC 793. More refined semantics for objects of this type depend upon the algorithm used to determine the retransmission timeout. an object of this type has the semantics of the UBOUND quantity described in RFC 793. In particular. when the timeout algorithm is rsre(3).Nortel Application Switch Operating System 23. The maximum value permitted by a TCP implementation for the retransmission timeout. The limit on the total number of TCP connections the entity (the switch) can support. More refined semantics for objects of this type depend upon the algorithm used to determine the retransmission timeout. January 2006 197 .2 Command Reference /stats/l3/tcp TCP Statistics TCP statistics: tcpRtoAlgorithm: tcpRtoMax: tcpActiveOpens: tcpAttemptFails: tcpInSegs: tcpRetransSegs: tcpCurBuff: tcpCurInConn: tcpCurLstnConn: tcpAllocTCBFails: 4 240000 0 0 0 0 0 0 3 0 tcpRtoMin: tcpMaxConn: tcpPassiveOpens: tcpEstabResets: tcpOutSegs: tcpInErrs: tcpCurConn: tcpCurOutConn: tcpOutRsts: 0 1600 0 0 0 0 6 0 0 Table 5-26 TCP Statistics (/stats/l3/tcp) Statistics tcpRtoAlgorithm tcpRtoMin Description The algorithm used to determine the timeout value used for retransmitting unacknowledged octets. The number of times TCP connections have made a direct transition to the SYN-RCVD state from the LISTEN state. The number of times TCP connections have made a direct transition to the SYN-SENT state from the CLOSED state. measured in milliseconds. this object should contain the value -1. The minimum value permitted by a TCP implementation for the retransmission timeout. measured in milliseconds. In particular. when the timeout algorithm is rsre(3). tcpRtoMax tcpMaxConn tcpActiveOpens tcpPassiveOpens Chapter 5: The Statistics Menu 320506-A. In entities where the maximum number of connections is dynamic.

bad TCP checksums). The total number of remotely-initiated TCP connections. including those received in error. January 2006 . The total number of outstanding memory allocations from heap by TCP protocol stack. The total number of outstanding TCP sessions that are currently opened. The total number of TCP ports on which the switch is listening.2 Command Reference Table 5-26 TCP Statistics (/stats/l3/tcp) Statistics tcpAttemptFails Description The number of times TCP connections have made a direct transition to the CLOSED state from either the SYN-SENT state or the SYN-RCVD state. tcpEstabResets tcpInSegs tcpOutSegs tcpRetransSegs tcpInErrs tcpCurBuff tcpCurConn tcpCurInConn tcpCurOutConn tcpCurLstnConn tcpOutRsts tcpAllocTCBFails 198 Chapter 5: The Statistics Menu 320506-A. including those on current connections but excluding those containing only retransmitted octets. The number of TCP segments sent containing the RST flag. The total number of segments retransmitted . plus the number of times TCP connections have made a direct transition to the LISTEN state from the SYN-RCVD state. The total number of segments received in error (for example.that is. The total number of switch-originated TCP connection requests. This count includes segments received on currently established connections. the number of TCP segments transmitted containing one or more previously transmitted octets.Nortel Application Switch Operating System 23.0. The number of times TCP connections have made a direct transition to the CLOSED state from either the ESTABLISHED state or the CLOSEWAIT state. The total number of segments sent. The total number of segments received.

Show filter stats layer7 . The total number of received UDP datagrams for which there was no application at the destination port.0.Show virtual server stats filt .Show Session mirroring stats clear .Show Layer 7 stats ssl .Global SLB Stats Menu real .Show RTSP SLB stats dns . /stats/slb Server Load Balancing Statistics Menu [Server Load Balancing Statistics Menu] sp .2 Command Reference /stats/l3/udp UDP Statistics UDP statistics: udpInDatagrams: udpInErrors: 54 0 udpOutDatagrams: udpNoPorts: 43 1578077 Table 5-27 UDP Statistics (/stats/l3/udp) Statistics udpInDatagrams udpOutDatagrams udpInErrors udpNoPorts Description The total number of UDP datagrams delivered to the switch. The total number of UDP datagrams sent from this entity (the switch).SLB Switch SP Stats Menu gslb .Show maintenance stats sip .Show real server group stats virt .Show real server stats group .Clear non-operational Server Load Balancing stats aux .Dump all SLB statistics Chapter 5: The Statistics Menu 320506-A.Show SSL SLB stats ftp .Show WAP SLB stats maint .Show auxiliary session table stats dump . The number of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port.Show DNS SLB stats wap .Show FTP SLB parsing and NAT stats rtsp . January 2006 199 .Nortel Application Switch Operating System 23.Show SIP SLB stats wlm .Show Workload Manager SASP stats mirror .

see page 211. filt <filter ID (1-2048)> Displays the total number of times any filter has been used. See page 213 for sample output.0. layer7 Displays Layer 7 statistics. See page 223 for sample output. To view menu options. Highest number of simultaneous sessions recorded for each real server. ftp Displays FTP SLB parsing and NAT statistics. Real server transmit/receive octets. For more information. see page 206. See page 220 for sample output. Real server transmit/receive octets. For per-service octet counters. gslb Displays the Global SLB Statistics menu. see page 202. Current and total sessions for all real servers associated with the real server group. Current and total sessions for all real servers associated with the virtual server. ssl Displays SSL server load balancing statistics.2 Command Reference Table 5-28 SLB Statistics Menu Options (/stats/slb) Command Syntax and Usage sp <SP number (1-4)> Displays the server load balancing statistics menu. See page 212 for sample output. real <real server number (1-1023)> Displays the following real server statistics: Number of times the real server has failed its health checks Number of sessions currently open on the real server Total sessions the real server was assigned Highest number of simultaneous sessions recorded for each real server Real server transmit/receive octets See page 211 for sample output. For per-service octet counters. see page 211. January 2006 . 200 Chapter 5: The Statistics Menu 320506-A.Nortel Application Switch Operating System 23. See page 219 for sample output. virt <virtual server number (1-1024)> Displays the following virtual server statistics: Current and total sessions for each real server associated with the virtual server. group <real server group number (1-1024)> Displays the following real server group statistics: Current and total sessions for each real server in the real server group. Highest number of simultaneous sessions recorded for each real server. See page 214 for sample output. rtsp Displays RTSP SLB statistics. See page 213 for sample output.

2 Command Reference Table 5-28 SLB Statistics Menu Options (/stats/slb) Command Syntax and Usage dns Displays DNS SLB statistics. See page 227 for sample output. See page 230 for sample output. clear [y|n] Clears all non-operating SLB statistics on the Nortel Application Switch. refer to Table 5-51 on page 230. See page 229 for sample output. See page 231 for sample output. This command does not reset the switch and does not affect the following counters: Counters required for Layer 4 and Layer 7 operation (such as current real server sessions). maint Displays SLB maintenance statistics.0. All related SNMP counters. wap Displays WAP SLB statistics. mirror Display session mirroring statistics.Nortel Application Switch Operating System 23. Chapter 5: The Statistics Menu 320506-A. wlm <Workload Manager number. See page 225 for sample output. January 2006 201 . sip Displays SIP SLB statistics. See page 224 for sample output. To save dump data to a file. Use this command to gather data for tuning and debugging switch performance. aux Displays auxiliary session table statistics. dump Dumps all switch SLB statistics. 1-16> <clear> Display Workload Manager SASP statistics. To view the statistics reset by this command. resetting them to zero. set your communication software on your workstation to capture session data prior to issuing the dump command.

See page 202 for a sample output.Nortel Application Switch Operating System 23. group <real server group number (1-1024)> Displays real server group statistics of the switch port. See page 204 for a sample output.Show real server group stats virt . aux Displays the statistics of the auxiliary session table. January 2006 . filt <filter ID (1-2048)> Displays statistics of the filter. See page 203 for a sample output.2 Command Reference /stats/slb/sp Server Load Balancing SP statistics Menu [Server Load Balancing SP Statistics Menu] real .0.Show maintenance stats aux . See page 203 for a sample output.Show filter stats maint .Clear SP stats Table 5-29 SP Statistics Menu options (/stats/slb/sp) Command Syntax and Usage real <real server number (1-1023)> Displays real server statistics of the switch port. See page 203 for a sample output. maint Displays the SP maintenance statistics. clear Deletes all the SP statistics.Show auxiliary session table stats clear . virt <virtual server number (1-1024)> Displays statistics of the virtual server. /stats/slb/sp/real <real server number> SP Real Server Statistics Port 1 Real server 1 stats: Current sessions: Total sessions: Octets: 3 3 24 202 Chapter 5: The Statistics Menu 320506-A.Show virtual server stats filt .Show real server stats group .

0.100.--------------.-------1 200.100 40 137 21 Octets --------------480000 616000 --------------1096000 /stats/slb/sp <sp number>/filt <filter number> SP Filter Statistics SP 1 Filter 1 stats: Total firings: 2 Chapter 5: The Statistics Menu 320506-A.Nortel Application Switch Operating System 23.---------.-------40 137 21 Octets --------------480000 616000 --------------1096000 /stats/slb/sp <sp number>/virt <virtual server number> SP Virtual Server Statistics Real server group 1 stats: Current Total Highest Real IP address Sessions Sessions Sessions ---.-------1 200. January 2006 203 .10.-------.--------------.-------.100.10.100.---------.--------------.15 20 77 12 ---.2 Command Reference /stats/slb/sp <sp number>/group <real group server number> SP Real Group Server Statistics Real server group 1 stats: Current Total Highest Real IP address Sessions Sessions Sessions ---.-------.14 20 60 9 2 200.--------------.-------.15 20 77 12 ---.---------.14 20 60 9 2 200.10.100.10.-------200.100.---------.10.

Indicates that the virtual server IP address and MAC are receiving UDP frames when UDP balancing is not turned on.2 Command Reference /stats/slb/sp <sp number>/maint SP Maintenance Statistics SP 1 SLB Maintenance stats: Maximum sessions: Current sessions: 4 second average: 64 second average: Terminated sessions: Allocation failures: Non TCP/IP frames: UDP datagrams: Incorrect VIPs: Incorrect Vports: No available real server: Filtered (denied) frames: LAND attacks: No TCP control bits: Invalid reset packet drops: Total IP fragment sessions: IP fragment sessions: IP fragment discards: IP fragment table full: 524276 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Table 5-30 SP Maintenance Statistics (/stats/slb/sp/maint) Statistic Maximum sessions Current Sessions Terminated Sessions Description The maximum number of simultaneous sessions supported. Number of session bindings currently in use (the last 4 and 64 seconds). Number of sessions removed from the session table because the server assigned to them failed and graceful server failure was not enabled.0.Nortel Application Switch Operating System 23. Allocation Failures UDP Datagrams Non TCP/IP Frames Incorrect VIPs 204 Chapter 5: The Statistics Menu 320506-A. Indicates the number of non-IP based frames received by the virtual server. Indicates instances where the Switch ran out of available sessions for a port. Indicates the number of times the switch received a Layer 4 request for a virtual server which was not configured. January 2006 .

Nortel Application Switch Operating System 23. This counter increases whenever a packet has the same source and destination IP addresses and ports. but it may be an indication of a potential security probing application like SATAN. The number of packets that were dropped because the packet had no control bits set in the TCP header. This indicates the number of frames that were dropped because of one of the following reasons: 1.) 3. IP fragment table full This counter indicates how many times session table is full. The number of fragmented packets that are discarded due to lack of resources. January 2006 205 . They matched an active filter with the deny action set. No Available Real Server Backup Server Activations Overflow Server Activations Filtered (Denied) Frames LAND attacks No TCP Control Bits Invalid reset packet drops Total IP fragment ses. The number of packets that were dropped because the packet had an invalid reset flag set.0. Normally this indicates a mis-configuration on the virtual server or the client. This indicates the number of times a real server has reached the maxcon limit and caused an overflow server to be brought online. This indicates the number of times a real server failure has occurred and caused a backup server to be brought online.2 Command Reference Table 5-30 SP Maintenance Statistics (/stats/slb/sp/maint) Statistic Incorrect Vports Description This dropped frames counter indicates that the virtual server has received frames for TCP/UDP services that have not been configured. Chapter 5: The Statistics Menu 320506-A. There are no real servers (in the case of redirection filters. Current IP fragment sessions IP fragment discards This represents the current number of fragment sessions. This dropped frames counter indicates that all real servers are either out of service or at their maxcon limit. 2.This represents the total number of fragment sessions the switch has sions processed so far. When there are no available session entries.

virt <virtual server number (1-1024)> To view an example and description of what is displayed on-screen.0. To view an example. see page 208.2 Command Reference /stats/slb/gslb Global SLB Statistics Menu [Global SLB Statistics Menu] real .Show Global SLB network preference stats rule . To view an example and description of what is displayed on-screen. 1-64> Displays Global SLB statistics for the network. rule <rule. geo Displays Global SLB statistics for the geographical preference. maint To view an example and description of Global SLB maintenance statistics.Show Global SLB remote site stats network . site <remote site.Show all Global SLB stats Table 5-31 Global SLB Statistics Menu Options (/stats/slb/gslb) Command Syntax and Usage real <real server number (1-1023)> Where the real server number represents the real server ID on this switch.Show Global SLB remote real server stats virt .Show Global SLB virtual server stats site . 1-64> Displays Global SLB statistics for the remote site. clear Deletes all Global SLB statistics.Show Global SLB maintenance stats clear . network <network.Show Global SLB DNS persistence cache stats maint . 1-64> Displays Global SLB statistics for the rule.Clear all Global SLB stats dump . see page 207.Nortel Application Switch Operating System 23.Show Global SLB rule stats geo . 206 Chapter 5: The Statistics Menu 320506-A. see page 209. under which the remote server is configured. January 2006 . pers Displays Global SLB DNS persistence cache statistics.Show Global SLB geographical preference stats pers . see page 211.

----------.---.200. the following statistics can be viewed: Number of DNS responses directed to the remote real server Number of HTTP redirects to the remote real server /stats/slb/gslb/virt <virtual server number> Virtual Server Global SLB Statistics Global SLB virtual server 1 http service stats: Domain: www.---.200.--------------.-------------v1 200.2 Command Reference Table 5-31 Global SLB Statistics Menu Options (/stats/slb/gslb) Command Syntax and Usage dump Displays all Global SLB statistics. v# represents a local virtual server number r# represents a remote site.----------.example.0.10 5 0 0 -----.gslb. /stats/slb/gslb/real <real server number> Real Server Global SLB Statistics Real server 1 global stats: DNS directs: HTTP redirects: 3210 12 For any remote real server configured for Global Server Load Balancing. January 2006 207 .Nortel Application Switch Operating System 23. under which the remote server is configured.-------------Totals 0 0 Table 5-32 Virtual Server Global SLB Statistics (/stats/slb/gslb/virt) Field Server Description Type of server configuration and server ID number.com Server IP address Site DNS directs HTTP redirects -----. the number represents the real server ID on this switch. Since each remote sites is configured on its peers as if it were a real server (with certain special properties).1 0 0 r2 200.200.--------------. Chapter 5: The Statistics Menu 320506-A.200.

The remote site number. The number of remote site updates received using DSSP version 1. The number of HTTP requests redirected to the corresponding server.Nortel Application Switch Operating System 23. January 2006 . The number of DNS responses that return the IP address of the corresponding server. The number of remote site updates sent using DSSP version 2.2 Command Reference Table 5-32 Virtual Server Global SLB Statistics (/stats/slb/gslb/virt) Field IP Address Site DNS directs HTTP redirects Description IP address of the server. The number of remote site updates received using DSSP version 2. The number of remote site updates sent using DSSP version 1. 208 Chapter 5: The Statistics Menu 320506-A. /stats/slb/gslb/site Global SLB Site Statistics Global SLB remote site 1 stats: Bad remote site packets received: DSSPv1 remote site updates sent: DSSPv1 remote site updates received: DSSPv2 remote site updates sent: DSSPv2 remote site updates received: 386 0 0 768 348 Table 5-33 Global SLB Site Statistics Parameters (/stats/slb/gslb/site) Field Bad remote site packets received DSSPv1 remote site updates sent DSSPv1 remote site updates received DSSPv2 remote site updates sent DSSPv2 remote site updates received Description The number of bad packets received from remote site.0.

2 Command Reference /stats/slb/gslb/maint Global SLB Maintenance Statistics Global SLB maintenance stats: Bad remote site packets received: DSSPv1 remote site updates sent: DSSPv1 remote site updates received: DSSPv2 remote site updates sent: DSSPv2 remote site updates received: DNS queries received: Bad DNS queries received: DNS responses sent: HTTP requests received: Bad HTTP requests received: HTTP responses sent: Hostname domain hits: Network domain hits: Basic domain hits: No server selected for hostname domain: No server selected for network domain: No server selected for basic domain: No matching domain: Last no result domain: Last source IP: 0 0 0 127746 85164 0 0 0 0 0 0 0 0 0 0 0 0 0 0. January 2006 209 .Nortel Application Switch Operating System 23. The number of Distributed Site State Protocol (DSSP) version one updates/packets received from the remote sites. The number of Distributed Site State Protocol (DSSP) version one updates/packets sent to the remote sites. check your syslog for configuration error messages. DSSPv1 remote site updates sent DSSPv1 remote site updates received DSSPv2 remote site updates sent DSSPv2 remote site updates received Chapter 5: The Statistics Menu 320506-A. Bad updates or dropped packets usually indicate that there is a configuration problem at local or remote GSLB switches. If bad updates or dropped packets occur.0. The number of Distributed Site State Protocol (DSSP) version two updates/packets received from the remote sites.0. The number of Distributed Site State Protocol (DSSP) version two updates/packets sent to the remote sites.0.0 Table 5-34 Global SLB Maintenance Statistics (/stats/slb/gslb/maint) Field Bad remote site packets received Description The number of bad packets received from the remote site.

Bad HTTP requests received The number of bad/dropped client HTTP requests. HTTP responses sent Hostname domain hits Network domain hits Basic domain hits No server selected for hostname domain No server selected for network domain No server selected for basic domain No matching domain Last no result domain Last source IP 210 Chapter 5: The Statistics Menu 320506-A. domain name.2 Command Reference Table 5-34 Global SLB Maintenance Statistics (/stats/slb/gslb/maint) Field DNS queries received Bad DNS queries received DNS responses sent Description The number of DNS queries received. January 2006 . The number of times no server was selected after matching the network domain name. The number of times the DNS queries received did not match the host name. or the network domain configured. The number of HTTP responses sent by the switch that includes HTTP redirects. HTTP requests received The number of HTTP requests received. or the network domain configured.Nortel Application Switch Operating System 23. The number of bad DNS queries received. The number of DNS responses sent by the switch that includes DNS directs and DNS error responses. The number of times the DNS queries received matched for the basic domain name configured. Client HTTP GET request packets that do not contain the entire URL are considered bad and are dropped. domain name. The number of times no server was selected after matching the basic domain name. The number of times the DNS queries received matched for the hostname configured. The number of times no server was selected after matching the host name domain. The domain in the last DNS query received that did not match the host name. The number of times the DNS queries received matched for the network domain name configured. The source IP address of the last DNS query or HTTP request received.0.

January 2006 211 . you can configure IP address 10. Chapter 5: The Statistics Menu 320506-A.2 Command Reference /stats/slb/real <real server number> Real Server SLB Statistics Real server 1 stats: Current sessions: Total sessions: Highest sessions: Octets 129 65478 4343 523824000 NOTE – Octets are provided per server. If you need octet counters on a perservice basis. For instance. The octet counters are provided per server–not per service. the octet counters represent the combined number of transmit and receive bytes (octets). These counters are then added to report the total octets for each virtual server. Table 5-35 Real Server SLB Statistics (/stats/slb/real) Statistics Current sessions Total sessions Highest sessions Octets Description The total number of outstanding sessions that are established to the particular real server.21 for FTP services on the same physical server.Nortel Application Switch Operating System 23. The highest number of sessions ever recorded for the particular real server.1.1. unless configured as described in “Per Service Octet Counters” on page 211. you can accomplish this through the following configuration: 1. The total number of sessions that have been established to the particular real server.1. and 10. Configure a separate IP address for each service on each server being load balanced. The total number of octets sent by the particular real server.1. not per service.20 for HTTP services. Per Service Octet Counters For each load-balanced real server.0.

10 real servers would have to be configured: five for the HTTP services on each physical server.10. configure a real server with a real IP address for each service above.Nortel Application Switch Operating System 23. and five for the FTP services on each physical server.---------. 212 Chapter 5: The Statistics Menu 320506-A. Real server transmit/receive octets.14 20 60 9 200.-------200. two real servers would be configured for the physical server (representing each real service).100. Configure a virtual server and add the appropriate services to that virtual server. see the procedure on “Per Service Octet Counters” on page 211. On the Nortel Application Switch. and group each appropriate real server IP address into the group that handles the specific service.2 Command Reference 2. two groups would be configured: one for handling HTTP and one for handling FTP. Continuing the example above. January 2006 .15 20 77 12 --------------.-------.0.-------.10. Current and total sessions for all real servers associated with the real server group. 3. On the Nortel Application Switch. /stats/slb/group <real server group number> Real Server Group Statistics Real server group 1 stats: Total weight updates from WorkLoad Manager : 10 Current Total Highest IP address Sessions Sessions Sessions --------------.100. in keeping with our example. If there were five physical servers providing the two services (HTTP and FTP). Thus. configure one real server group for each type of service.---------. 4. For per-service octet counters.-------40 137 21 Real ---1 2 ---- Octets --------------480000 616000 --------------1096000 Real server group statistics include the following: Current and total sessions for each real server in the real server group. Highest number of simultaneous sessions recorded for each real server.

below the real server IP addresses.-------.0.100.---------.15 20 77 12 ---. /stats/slb/filt <filter number> Filter SLB Statistics Filter 1 stats: Total firings: 1011 You can obtain the total number of times any filter has been matched. Current and total sessions for all real servers associated with the virtual server.--------------. Chapter 5: The Statistics Menu 320506-A.10.-------200.20 40 309 21 Octets --------------480000 616000 --------------1096000 NOTE – The virtual server IP address is shown on the last line.--------------.-------.-------1 200.10.10. For per-service octet counters. Highest number of simultaneous sessions recorded for each real server. Virtual server statistics include the following: Current and total sessions for each real server associated with the virtual server.---------.Nortel Application Switch Operating System 23. see “Per Service Octet Counters” on page 211.100.100. January 2006 213 . Real server transmit/receive octets.14 20 60 9 2 200.2 Command Reference /stats/slb/virt <virtual server number> Virtual Server SLB Statistics Virtual server 1 stats: Current Total Highest Real IP address Sessions Sessions Sessions ---.

214 Chapter 5: The Statistics Menu 320506-A.Show connection pooling stats Table 5-36 SLB Layer 7 Statistics Menu Options (/stats/slb/layer7) Command Syntax & Usage redir Displays URL Redirection statistics.Show Layer 7 Maintenance stats pooling .Show SLB String stats maint .0. maint Displays Layer 7 maintenance statistics. str Displays SLB string statistics.Nortel Application Switch Operating System 23. /stats/slb/layer7/redir Layer7 Redirection Statistics Total Total Total Total Total Total Total Total Total Total URL based web cache redirection stats: cache server hits: origin server hits: straight to origin server hits: none-GETs hits: 'Cookie: ' hits: no-cache hits: RTSP cache server hits: RTSP origin server hits: HTTP redirection hits: 0 0 0 0 0 0 0 0 0 Table 5-37 Layer 7 Redirection Statistics (/stats/slb/layer7/redir) Statistics Description Total cache server hits The total number of HTTP requests redirected to the cache server. See page 216 for a sample output.Show URL Redirection stats str . January 2006 .2 Command Reference /stats/slb/layer7 SLB Layer7 Statistics Menu [Layer 7 Statistics Menu] redir . pooling Display the connection pooling statistics. See page 215 for a sample output.See page 216 for a sample output. See page 214 for a sample output. Total origin server hits The total number of HTTP requests forwarded to the origin server.

The total number of HTTP requests that were redirected by redirection filter.Nortel Application Switch Operating System 23.com 5 www.com 3 www.org Hits 1527115 0 0 0 0 0 0 Table 5-38 Layer 7 SLB String Statistics (/stats/slb/layer7/str) Statistics ID SLB String Hits Description The user-defined strings being used in URL matching. The total number of RTSP requests forwarded to the origin server. The total number of RTSP requests redirected to the cache server.2 Command Reference Table 5-37 Layer 7 Redirection Statistics (/stats/slb/layer7/redir) Statistics Description Total straight to ori.junk.abc.0.[abcdefghijklm]*. The total number of requests containing no-cache header forwarded to the origin server. The total number of instances that are load-balanced due to matching of the particular URL ID. Chapter 5: The Statistics Menu 320506-A. The total number of cookie requests forwarded to the origin server.org 7 www. /stats/slb/layer7/str Layer 7 SLB String Statistics SLB String stats: ID SLB String 1 any 2 www.com 4 www.The total number of HTTP requests forwarded from straight to the gin server hits origin server.[abcdefjhijklm]*.[nopqrstuvwxyz]*. Total none-GETs hits Total 'Cookie:' hits Total no-cache hits Total RTSP cache server hits Total RTSP origin server hits Total HTTP redirection hits The total number of none GET requests forwarded to the origin server.com 6 www. January 2006 215 .[nopqrstuvwxyz]*.

Nortel Application Switch Operating System 23.Seq buffers: 0 Alloc Fails .0 Clients reset by switch on server side Connection Splicing to support HTTP/1. January 2006 .1 216 Chapter 5: The Statistics Menu 320506-A. the switch will send a reset frame to the client to terminate the connection.0.2 Command Reference /stats/slb/layer7/maint Layer 7 SLB Maintenance Statistics Layer 7 maintenance stats: Clients reset by switch on client side: 0 Clients reset by switch on server side: 0 Connection Splicing to support HTTP/1. The number of reset frames sent to the server by the switch during server connection termination due to delayed binding.1: 0 Invalid HTTP methods: 0 Aged delayed binding sessions: 0 Half open connections: 0 Switch retries: 0 Random early drops: 0 Requests exceeded 9000 bytes: 0 Invalid 3-way handshakes: 0 Exceeded max frame size: 0 Out of order packet drops: 0 Current SP[1] memory units: 1260 Lowest: Current SP[2] memory units: 1260 Lowest: Current SP[3] memory units: 1260 Lowest: Current SP[4] memory units: 1260 Lowest: Current SP memory units: 5040 Current SEQ buffer entries: 0 Highest: Current Data buffer use: 0 Highest: Current SP buffer entries: 0 Highest: Total Nonzero SEQ Alloc: 0 Total SEQ Buffer Allocs: 0 Total SEQ Frees: Total Data Buffer Allocs: 0 Total Data Frees: Alloc Fails .Ubufs: Max sessions per bucket: 0 Max frames per session: Max bytes buffered (sess): 0 1260 1260 1260 1260 0 0 0 0 0 0 0 Table 5-39 SLB Layer 7 Maintenance Statistics (/stats/slb/layer7/maint) Statistics Clients reset by switch on client side Description The number of reset frames sent to the client by the switch during server connection termination. This means that when the switch could not connect to the real sever and the client’s retries exceeded the threshold due to delayed binding.1 client requests. The total number of connection swapping between different real servers in supporting multiple HTTP/1.

The total number of dropped frames because of invalid 3-way hand shakes. The total numbers of outstanding TCP connections that are half opened. The number of outstanding data buffers used. The total number of switch retries to connect to the real server.0. The number of outstanding sequence buffers used. The total number of SYN frames dropped when the buffer is low. The highest number of data buffers ever used. The total number of aged delayed binding sessions caused by failed connection initialization between the switch and the server. The highest number of sequence buffers ever used. The total number of TCP packets dropped because they were received out of order. The total number of GET requests that exceeded 4500 bytes. The total number of sequence buffer allocated. January 2006 217 . The currently available SP memory units.2 Command Reference Table 5-39 SLB Layer 7 Maintenance Statistics (/stats/slb/layer7/maint) Statistics Invalid HTTP methods Aged delayed binding sessions Half open connections Description The total number of HTTP requests that contain invalid methods sent by the client.Nortel Application Switch Operating System 23.2 The total number of sequence buffer allocations. Switch retries Random early drops Requests exceeded 4500 bytes Invalid 3-way handshakes Exceeded max frame size Out of order packet drops: Current SP memory units Current SEQ buffer entries Highest SEQ buffer entries Current Data buffer use Highest Data buffer use Total Nonzero SEQ Alloc Total SEQ Buffer Allocs Total SEQ Frees Chapter 5: The Statistics Menu 320506-A. It is incremented when the switch responds to TCP SYN packet and decremented upon receiving TCP SYN ACK packet from the requester. The total number of sequence buffer is freed. The total number of switch-generated frames that exceeded the maximum allowed frame size.

Max bytes buffered (sess) The maximum number of bytes to be buffered per session.2 The total of number buffers freed.Nortel Application Switch Operating System 23. The maximum number of items (sessions) allowed in the session table hash bucket chain.Ubufs Max sessions per bucket Description The total number of buffers allocated to store client request.0.2 Command Reference Table 5-39 SLB Layer 7 Maintenance Statistics (/stats/slb/layer7/maint) Statistics Total Data Buffer Allocs Total Data Frees Alloc Fails . The number of times sequence buffer allocation failed.Seq buffers Alloc Fails . /stats/slb/layer7/pooling Layer7 Pooling Statistics >> Layer 7 Statistics# pooling -----------------------------------------------------------------Connection pooling statistics: Current opened server connections: 0 Active server connections: 0 Available server connections: 0 Total number of aged out client connections: 0 Total number of aged out server connections: 0 218 Chapter 5: The Statistics Menu 320506-A. The number of times the URL data buffer allocation failed. Max frames per session The maximum number of frames to be buffered per session. January 2006 .

2 Command Reference /stats/slb/ssl SLB Secure Socket Layer Statistics SSL SLB maintenance stats: SessionId allocation fails: Total number of SSL ID reassignments: 0 0 Current Total Highest Sessions Sessions Sessions ------------------------. these should all bind to the same server. January 2006 219 . The number of SessionIds maintained to allow for persistence across different client ports.-------.-------Unique SessionIds 0 0 0 SSL connections 0 0 0 Persistent Port Sessions 0 0 0 Table 5-40 SLB Secure Socket Layer Statistics (/stats/slb/ssl) Statistics SSL SLB maintenance stats SessionId allocation fails Total number of SSL ID reassignments The table shows the Current Sessions. This number shows the number of unique SSL sessions seen on the switch.0.---------. SSL connections Persistent Port Sessions Chapter 5: The Statistics Menu 320506-A.Nortel Application Switch Operating System 23. the total sessions seen on the switch since last reset and the high water mark of current sessions for the following: Unique SessionIds Many SSL sessions can use the same SessionId. Description Debug stats for SSL SessionId based persistence. The number of different TCP connections using SSL service. The number of times allocation of a session table entry failed when attempting to store a SessionId in the table.

220 Chapter 5: The Statistics Menu 320506-A. See page 222.Show maint . January 2006 .0. See page 222 for sample output.2 Command Reference /stats/slb/ftp File Transfer Protocol SLB and Filter Statistics Menu [FTP SLB parsing and active . See page 221 for sample output.Dump Filter Statistics Menu] active FTP NAT filter stats FTP SLB parsing server stats FTP maintenance stats all FTP SLB/NAT stats Table 5-41 FTP SLB Parsing and Filter Statistics Menu Options (/stats/slb/ftp) Command Syntax and Usage active Shows active FTP SLB parsing and filter statistics. maint Shows maintenance statistics. dump Shows all FTP SLB/NAT statistics.Show parsing .Show dump . See page 221 for sample output. parsing Shows parsing statistics.Nortel Application Switch Operating System 23.

The number of times the switch receives both active and passive FTP connections.2 Command Reference /stats/slb/ftp/active Active FTP SLB Parsing and Filter Statistics Total Active FTP NAT stats(PORT): Total FTP: Total New Active FTP Index: Active FTP NAT ACK/SEQ diff: 0 0 0 Table 5-42 Active FTP Slb Parsing and Filter statistics (/stats/slb/ftp/active) Statistics Total Active FTP NAT stats (PORT) Total FTP Total New Active FTP Index Active FTP NAT ACK/SEQ diff Description The number of times the switch receives the port command from the client. /stats/slb/ftp/parsing Passive FTP SLB Parsing Statistics Total FTP SLB Parsing Stats(PASV): Total FTP: Total New FTP SLB parsing Index: FTP SLB parsing ACK/SEQ diff: 0 0 0 Table 5-43 Passive FTP SLB Parsing Statistics (/stats/slb/ftp/parsing) Statistics Total FTP Total New FTP SLB parsing Index FTP SLB parsing ACK/ SEQ diff Description The number of times the switch receives both active and passive FTP connections. Chapter 5: The Statistics Menu 320506-A. The difference in the numbers of ACK and SEQ that the switch needs FTP SLB parsing.Nortel Application Switch Operating System 23. The number of times the switch creates a new index in response to the pasv command from the client. The difference in the numbers of ACK and SEQ that the Switch needs for packet adjustment. January 2006 221 . The number of times the switch creates a new index due to port command from the client.0.

Nortel Application Switch Operating System 23.2 Command Reference /stats/slb/ftp/maint FTP SLB Maintenance Statistics FTP mode switch error: 0 Table 5-44 FTP SLB Maintenance Statistics (/stats/slb/ftp/maint) Statistics FTP mode switch error Description The number of times the switch is not able to switch modes from active to passive and vice versa. The total number of times the adjustment between ACK and SEQ occurred on the filter. 222 Chapter 5: The Statistics Menu 320506-A. The number of times the switch could not switch mode from active to passive and vice versa. January 2006 . Total FTP NAT Filtered The total number of FTP NAT filter sessions that occurred. The difference in the numbers of ACK and SEQ that the switch needs for FTP SLB parsing.0. /stats/slb/ftp/dump FTP SLB Statistics Dump Total FTP : Total FTP NAT Filtered: Total new active FTP NAT Index: Total new FTP SLB parsing Index: FTP Active FTP NAT ACK/SEQ diff: FTP SLB parsing ACK/SEQ diff: FTP mode switch error: 0 0 0 0 0 0 0 Table 5-45 FTP SLB Statistics Dump (/stats/slb/ftp/dump) Statistics Total FTP Description The total number of FTP sessions that occurred. Total new active FTP NAT Index Total new FTP SLB parsing Index FTP Active FTP NAT ACK/SEQ diff FTP SLB parsing ACK/ SEQ diff FTP mode switch error The total number of new data sessions created for FTP NAT filter in active mode. The number of times the switch creates a new index in response to the pasv command from the client.

The total number of UDP connections for data channels. The total number of times the connections got denied due to shortage of resources or the real server being down.---------.---------.---------.-------0 0 0 0 0 0 Table 5-46 RTSP SLB Statistics (/stats/slb/rtsp) Statistics ControlConnection UDP Streams Redirect ConnectionDenied BufferAllocs AllocFailures Description The total number of TCP connections for RTSP control connection.Nortel Application Switch Operating System 23. Chapter 5: The Statistics Menu 320506-A. January 2006 223 .---------. The number depends upon the type of media player being used.---------.---------.---------1 0 0 0 0 0 0 2 0 0 0 0 0 0 3 0 0 0 0 0 0 4 0 0 0 0 0 0 -. The total number of times the buffer allocation failed.---------.0. The total number of buffer allocations used.2 Command Reference /stats/slb/rtsp RTSP SLB Statistics Control UDP Connection Buffer Alloc SP Connection Streams Redirect Denied Allocs Failures -.---------.---------.---------. The total number of times the connection got redirected.

The total number of times the user failed to find a real server which has the same layer 7 strings that match the domain name to be resolved. Currently only one domain name resolution per request is supported. The total number of DNS queries that contain more than one domain name to be resolved.2 Command Reference /stats/slb/dns DNS SLB Statistics Total Total Total Total Total Total Total number number number number number number number of of of of of of of TCP DNS queries: UDP DNS queries: invalid DNS queries: multiple DNS queries: domain name parse errors: failed real server name matches: DNS parsing internal errors: 0 0 0 0 0 0 0 Table 5-47 DNS SLB Statistics (/stats/slb/dns) Statistics Total number of TCP DNS queries Total number of UDP DNS queries Total number of invalid DNS queries Total number of multiple DNS queries Total number of domain name parse errors Total number of failed real server name matches Total number of DNS parsing internal errors Description The total number of DNS queries that received through TCP connections. The total number of DNS queries that have short or invalid domain names to be resolved. 224 Chapter 5: The Statistics Menu 320506-A. The total number of out of memory and other unexpected errors the user gets while processing the DNS query. The total number of DNS queries received through UDP requests.0. January 2006 . The total number of malformed DNS queries received.Nortel Application Switch Operating System 23.

no available real server requests to wrong SP The number of session add/delete requests sent to the wrong SP.2 Command Reference /stats/slb/wap WAP SLB Statistics This command displays all the Radius and WAP related counters.0.SP dead: 0 req fails. This dropped frames counter indicates that the virtual server has received frames for TCP/UDP services that have not been configured.DMA: 0 Table 5-48 WAP SLB Statistics (/stats/slb/wap) Statistics Description WAP Maintenance stats: current sessions allocation failures incorrect VIPs incorrect Vports The number of session bindings currently in use. This dropped frames counter indicates that all real servers are either out of service or at their maxcon limit. Chapter 5: The Statistics Menu 320506-A. Indicates the number of times the switch received a Layer 4 request for a virtual server which was not configured. Indicates instances where the switch ran out of available bindings for a port. Normally this indicates a mis-configuration on the virtual server or the client. January 2006 225 .Nortel Application Switch Operating System 23.SP dead: 0 -----------------------------------------------------------------RADIUS Snooping stats: acct reqs: 0 acct wrap reqs: 0 acct start reqs: 0 acct update reqs: 0 acct stop reqs: 0 acct bad reqs: 0 acct reqs(FIP): 0 acct reqs(no FIP): 0 add session reqs: 0 del session reqs: 0 req fails.SP dead: 0 req fails. WAP Maintenance stats: current sessions: 0 allocation failures: 0 incorrect VIPs: 0 incorrect Vports: 0 no available real server: 0 requests to wrong SP: 0 -----------------------------------------------------------------TPCP External Notification stats: add session reqs: 0 del session reqs: 0 req fails.

The number of bad RADIUS Accounting frames received. The number of wrapped RADIUS Accounting frames received. The number of add-request failures due to dead target SP. 226 Chapter 5: The Statistics Menu 320506-A. The number of RADIUS Accounting Update frames.SP dead The number of WAP session add requests via TPCP. The number of add/delete requests failed due to DMA write failure.DMA The number of RADIUS Accounting frames received. The number of WAP session add requests via RADIUS snooping. RADIUS Snooping stats: acct reqs acct wrap reqs acct start reqs acct update reqs acct stop reqs acct bad reqs add session reqs del session reqs req fails. January 2006 . The number of WAP session delete requests via RADIUS snooping. The number of RADIUS Accounting Start frames received. The number of add/delete request failures due to dead target SP.2 Command Reference Table 5-48 WAP SLB Statistics (/stats/slb/wap) Statistics Description TPCP External Notification stats: add session reqs req fails.SP dead req fails.Nortel Application Switch Operating System 23. The number of RADIUS Accounting Stop frames received.0.

Nortel Application Switch Operating System 23. Number of session bindings currently in use (the last 4 and 64 seconds). January 2006 227 . Terminated Sessions Number of sessions removed from the session table because the server assigned to them failed and graceful server failure was not enabled. Table 5-49 Server Load Balancing Maintenance Statistics (/stats/slb/maint) Statistic Maximum sessions Current Sessions Description The maximum number of simultaneous sessions supported.0.2 Command Reference /stats/slb/maint SLB Maintenance Statistics SLB Maintenance stats: Maximum sessions: Current sessions: 4 second average: 64 second average: Terminated sessions: Allocation failures: UDP datagrams: Non TCP/IP frames: Incorrect VIPs: Incorrect Vports: No available real server: Backup server activations: Overflow server activations: Filtered (denied) frames: LAND attacks: No TCP control bits: Invalid reset packet drops: Total IP fragment sessions: Current IP fragment sessions IP fragment discards: IP fragment table full: Current IPF buffer sessions: Highest IPF buffer sessions: IPF buffer alloc fails: IPF SP buffer alloc fails: SP buffer too low: Exceeded 16 OOO packets: Free Service pool entries: Current IP6 sessions: Incorrect IP6 VIPs: Incorrect IP6 Vports: IP6 packets drops: 2097104 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 8192 0 0 0 0 SLB Maintenance statistics are described in the following table. Chapter 5: The Statistics Menu 320506-A.

Indicates the number of times the switch received a Layer 4 request for a virtual server which was not configured. January 2006 . This counter indicates how many times session table is full. but it may be an indication of a potential security probing application like SATAN. This indicates the number of times a real server failure has occurred and caused a backup server to be brought online. This represents the current number of fragment sessions. This counter increases whenever a packet has the same source and destination IP addresses and ports. The number of fragmented packets that are discarded due to lack of resources. Invalid reset packet drops Total IP fragment sessions Current IP fragment sessions IP fragment discards IP fragment table full Free service pool entries The number of packets that were dropped because the packet had an invalid reset flag set.2 Command Reference Table 5-49 Server Load Balancing Maintenance Statistics (/stats/slb/maint) Statistic Description Allocation Failures Indicates instances where the Switch ran out of available sessions for a port. This dropped frames counter indicates that the virtual server has received frames for TCP/UDP services that have not been configured. No Available Real Server Backup Server Activations Overflow Server Activations Filtered (Denied) Frames LAND attacks No TCP Control Bits The number of packets that were dropped because the packet had no control bits set in the TCP header. Indicates the number of non-IP based frames received by the virtual server.0.Nortel Application Switch Operating System 23. This represents the total number of fragment sessions the switch has processed so far. This dropped frames counter indicates that all real servers are either out of service or at their maxcon limit. Normally this indicates a mis-configuration on the virtual server or the client. This counter indicates the number of free service pool entries. 228 Chapter 5: The Statistics Menu 320506-A. This indicates the number of frames that were dropped because they matched an active filter with the deny action set. This indicates the number of times a real server has reached the maxcon limit and caused an overflow server to be brought online. UDP Datagrams Non TCP/IP Frames Incorrect VIPs Incorrect Vports Indicates that the virtual server IP address and MAC are receiving UDP frames when UDP balancing is not turned on.

Total number of SIP Incomplete Messages Total number of SIP Filter Parse Errors Total number of packets with SIP SDP NAT Total number of packets received which do not have the complete SIP message in a single packet. Total number of packets received that have SIP SDP NAT information. The total number of errors encountered during server processing when parsing an incoming SIP packet. Chapter 5: The Statistics Menu 320506-A. Total number of SIP Total number of packets received with methods not known to the Unknown Method packets SIP parser on the switch.Nortel Application Switch Operating System 23. Total number of errors encountered during filter processing when parsing an incoming SIP packet.0. January 2006 229 .2 Command Reference /stats/slb/sip SIP SLB Statistics SIP Stats: Total Total Total Total Total Total number number number number number number of of of of of of SIP Client Parse Errors SIP Server Parse Errors SIP Unknown Method packets SIP Incomplete Messages SIP Filter Parse Errors packets with SIP SDP NAT : : : : : : 0 0 0 0 0 0 Table 5-50 SIP SLB Statistics (/stats/slb/sip) Statistics Total number of SIP Client Parse Errors Total number of SIP Server Parse Errors Description The total number of errors encountered during client processing when parsing an incoming SIP packet.

January 2006 .Nortel Application Switch Operating System 23.0.2 Command Reference /stats/slb/wlm <wlm number> Display Workload Manager SASP statistics Table 5-51 SLB WorkLoad Manager SASP (/stats/slb/wlm) >> Server Load Balancing Statistics# /st/sl/wlm 1 -----------------------------------------------------------------Workload Manager 1 Statistics: Registration Requests: 1 Registration Replies: 1 Registration Reply Errors: 0 Deregisteration Requests: Deregisteration Replies: Deregisteration Reply Errors: Set LB State Requests: Set LB State Replies: Set LB State Reply Errors: Set Member State Requests: Set Member State Replies: Set Member State Reply Errors: Send Weights Messages received: Send Weights Message Parse Errors: Total Messages with Invalid LB Name: Total Messages with Invalid Group Name: Total Messages with Invalid Real Server Name: Messages with Invalid SASP Header: Messages with parse errors: Messages with Unsuppored Message Type: 1 1 0 1 1 0 0 0 0 47 0 0 0 0 0 0 0 /stats/slb/wlm <wlm number>/clear Clear Workload Manager SASP Statistics This command clears statistics for the specified Workload Manager. 230 Chapter 5: The Statistics Menu 320506-A.

0.2 Command Reference /stats/slb/mirror Display Workload Manager SASP statistics Table 5-52 SLB Session Mirroring statistics (/stats/slb/mirror) >> Server Load Balancing Statistics# mirror -----------------------------------------------------------------Session Mirroring Stats: Rx Tx Total Create Session Messages 0 0 Total Update Session Messages 0 0 Total Delete Session Messages 0 0 Total Create Data Session Messages 0 0 Total Update Data Session Messages 0 0 Total Delete Data Session Messages 0 0 Total Sessions Created 0 Total Sessions Updated 0 Total Sessions Deleted 0 Total Data Sessions Created 0 Total Data Sessions Updated 0 Total Data Sessions Deleted 0 Session table full 0 Unvailable pport 0 Session already present 0 Session not found 0 Control session not found 0 Chapter 5: The Statistics Menu 320506-A.Nortel Application Switch Operating System 23. January 2006 231 .

See page 238 for sample output.2 Command Reference /stats/bwm BWM Statistics Menu [Bandwidth Management Statistics Menu] port . see page 233.BW History stats maint . cont <BW Contract number (1-1024)> Displays bandwidth management contract statistics. January 2006 .Dump all BWM statistics clear . maint Displays bandwidth management maintenance statistics. See page 237 for sample output. Each IP address is limited to the user limit configured in /cfg/bwm/contract on page 319. ipusers Displays Bandwidth Management IP user stats for iplimit contracts. To view menu options. rcont <BW Contract number (1-1024)> Displays bandwidth management contract rate statistics.Show BWM IP user stats for iplimit contracts dump . dump Displays all bandwidth management statistics. hist Displays bandwidth management history statistics. See page 238 for sample output. 232 Chapter 5: The Statistics Menu 320506-A.BW Contract rate stats hist .Nortel Application Switch Operating System 23.0.BW Contract stats rcont . See page 235 for details.Switch Port Contract Stats Menu cont .Show BWM maint statistics ipusers .Clear BWM statistics Table 5-53 Bandwidth Management Statistics Menu Options (/stats/bwm) Command Syntax and Usage port <port number> Displays Switch Port Contract Statistics Menu. See page 234 for details. clear Clears all bandwidth management statistics.

---------. /stats/bwm/port <port number>/cont BWM Switch Processor Contract Statistics Menu >> Bandwidth Management Port Statistics# cont -----------------------------------------------------------------BW Contract statistics Contract Name Octets Discards Total Pkts BufUsed BufMax -------.Nortel Application Switch Operating System 23.Bandwidth Management Statistics# lines ? lines sets lines-per-screen 0-300.BW Contract stats rcont . January 2006 233 .Bandwidth Management Statistics# lines Current lines-per-screen: 24 >> AAS_2424 . zero for infinite Chapter 5: The Statistics Menu 320506-A.2 Command Reference /stats/bwm/port <port number> BWM Switch Processor Statistics [Bandwidth Management Port Statistics Menu] cont . the command will continue to repeat its output until you type a key on the console or telnet session. rcont <BW Contract number (1-1024)> Displays bandwidth management contract rate statistics.------------------.------.---1024 Default 0 0 0 0 16320 /stats/bwm/port <port number>/rcont BWM Switch Processor Rate Contract Statistics This command repeats its output when the printed lines are less than the configured CLI lines per screen. See page 233 for a sample output.---------. You can configure the number of CLI lines per screen using the global (hidden) command: lines <number of lines>.BW Contract rate stats Table 5-54 Management Port Statistics Menu Options (/stats/bwm/sp) Command Syntax and Usage cont <BW Contract number (1-1024)> Displays bandwidth management contract statistics. For example: >> AAS_2424 . If the CLI lines are configured at zero per screen.0.

---------.---------. NOTE – This command displays enabled contracts only.0.------.------1024 Default 0 0 0 0 16320 The following description of statistics applies on a specific switch port for all enabled contracts. The current amount of buffer space used to store the packets that is waiting to be transmitted. The number of octets that are being transmitted through a particular contract since the switch is booted. Table 5-55 Bandwidth Management Contract Statistics (/stats/bwm/cont) Statistics Contract Name Octets Discards Total Pkts BufUsed Description The contract number.--------------. The contract name.---------.---------. The number of octets that are being discarded because of seeing more traffic than the bandwidth contract limit permits.----1 cont1 0 40465360 262049256 0 16320 2 cont2 0 0 0 0 16320 20 cont20 5230 682947936 1822133376 16384 16320 26 cont26 0 0 0 0 16320 1024 Default 0 773974 0 0 16320 1 cont1 0 40465360 262049256 0 16320 2 cont2 0 0 0 0 16320 20 cont20 5238 684289056 1825753104 16384 16320 26 cont26 0 0 0 0 16320 1024 Default 0 774114 0 0 16320 /stats/bwm/cont <contract number> BWM Contract Statistics BW Contract statistics Contract Name Octets Discards Total Pkts BufUsed BufMax -------.---------. January 2006 .2 Command Reference BW Contract statistics Contract Name Rate(Kbps) Octets Discards BufUsed BufMax -------. 234 Chapter 5: The Statistics Menu 320506-A.---------.------.Nortel Application Switch Operating System 23. The total number of packets classified for that contract.---------.

zero for infinite Chapter 5: The Statistics Menu 320506-A.Nortel Application Switch Operating System 23. This command repeats its output when the printed lines are less than the configured CLI lines per screen. The switch starts dropping the packets of a particular contract after the maximum buffer space allocated for that contract is being occupied. January 2006 235 .0. If the CLI lines are configured at zero per screen. For example: >> AAS_2424 . the command will continue to repeat its output until you type a key on the console or telnet session. You can configure the number of CLI lines per screen using the global (hidden) command: lines <number of lines>.Bandwidth Management Statistics# lines Current lines-per-screen: 24 >> AAS_2424 .2 Command Reference Table 5-55 Bandwidth Management Contract Statistics (/stats/bwm/cont) Statistics BufMax Description Maximum buffer space that can be used to store the packets before they can be transmitted. NOTE – This command displays enabled contracts only.Bandwidth Management Statistics# lines ? lines sets lines-per-screen 0-300. /stats/bwm/rcont BWM Contract Rate Statistics Use this command to show the rate statistics of all the enabled contracts.

The switch starts dropping the packets of a particular contract after the maximum buffer space allocated for that contract is being occupied.Nortel Application Switch Operating System 23.--------------. January 2006 . 236 Chapter 5: The Statistics Menu 320506-A. The number of octets that are being discarded because of seeing more traffic than the bandwidth contract limits. Rate at which the packets are going out of the switch on a particular contract.---------. Maximum buffer space that can be used to store the packets before they can be transmitted.---------.------.---------.2 Command Reference BW Contract statistics Contract Name Rate(Kbps) Octets Discards BufUsed BufMax -------.----1 cont1 5222 285408288 735607152 16384 456960 2 cont2 0 0 0 0 456960 20 cont20 5238 285720864 735308784 16384 456960 26 cont26 0 0 0 0 456960 1024 Default 4 517182 0 0 456960 1 cont1 5230 286747296 739228896 16384 456960 2 cont2 0 0 0 0 456960 20 cont20 5230 287059872 738930528 16384 456960 26 cont26 0 0 0 0 456960 1024 Default 8 519400 0 0 456960 1 cont1 5222 288084192 742853160 16384 456960 2 cont2 0 0 0 0 456960 20 cont20 5238 288400992 742550760 16384 456960 26 cont26 0 0 0 0 456960 1024 Default 8 521578 0 0 456960 Table 5-56 Bandwidth Management Contract Rate Statistics (/stats/bwm/rcont) Statistics Contract Name Rate (in Kbps) Octets Discards BufUsed BufMax Description The contract number.0. The contract name. The current amount of buffer space used to store the packets that is waiting to be transmitted. The number of octets that are being transmitted through a particular contract since the switch is booted.

124 1 filter_number01 0 0 20030910:15:11/ -8:00 47.23.80.80.80.23. The number of octets sent out on a particular contract. Indicates the time the packets were received or discarded.Nortel Application Switch Operating System 23. Use this command to show the history of all the contracts for which history command is enabled.124 8 filter_number08 0 0 20030910:15:11/ -8:00 47.---------47. This command is used to keep long term history only for the contracts that are enabled and have history command turned on.124 4 filter_number04 0 0 20030910:15:11/ -8:00 47.124 3 filter_number03 0 0 20030910:15:11/ -8:00 47. Chapter 5: The Statistics Menu 320506-A. The number of octets discarded because of seeing more traffic than the bandwidth contract limit permits.---------.124 9 filter_number09 0 0 20030910:15:11/ -8:00 47. Table 5-57 Bandwidth Management History Statistics (/stats/bwm/hist) Statistics Contract Octets Discards TimeStamp Description The contract number for which history is enabled.124 7 filter_number07 0 0 20030910:15:11/ -8:00 47.---.80.80.80.23.80.0. NOTE – These statistics can only be viewed when the e-mail option is enabled.23.80.124 6 filter_number06 0 0 20030910:15:11/ -8:00 47.23.80.23.80.124 2 filter_number02 0 0 20030910:15:11/ -8:00 47.80.23.23.---------.124 1024 Default 608 0 20030910:15:11/ -8:00 Switch IP Cont Name Octets You can dump the stats kept in the SMTP history buffer that get dumped periodically when an E-mail is sent.23. The sampling is done at one-minute intervals.2 Command Reference /stats/bwm/hist BWM History Statistics Discards TimeStamp YyyyMmDd:Hr:Mi/TmZone --------------.124 5 filter_number05 0 0 20030910:15:11/ -8:00 47.---------------. January 2006 237 .23.23.124 10 filter_number10 0 0 20030910:15:11/ -8:00 47.

---------.---------0 20 0 0 20 238 Chapter 5: The Statistics Menu 320506-A.---------.---------.2 Command Reference /stats/bwm/maint BWM Maintenance Statistics BWM Maint statistics -----------------------------------------------------------------Maint Stats for rate limiting contracts Discard pkts 0 Discard octets 0 Out pkts 0 Out octets 0 Transmit failed 0 User Limit entry allocation failures 0 -----------------------------------------------------------------Maint Stats for traffic shaping contracts QFull Discard pkts 0 QFull Discard octets 0 Out of buffers pkts 0 Out of buffers pkts 0 Transmit failed 0 TDT set when qfull 0 TDT set between soft and hard 0 TDT set at soft 0 /stats/bwm/ipusers BWM IP Users Statistics This command displays the number of BWM IP user entries for each BWM contract for each SP.Nortel Application Switch Operating System 23.---------. BWM IP users statistics Contract SP1 SP2 SP3 SP4 Total -------.---------10 0 10 0 0 10 11 0 10 0 0 10 ---------.---------.---------. January 2006 .---------.0.

ratelim Displays the Rate Limiting statistics menu. To view a sample output and a description of the stats. Chapter 5: The Statistics Menu 320506-A.DoS Attack Statistics Menu pgroup . ipacl Displays the IP Address Access Control List statistics menu. see page 246. udpblast Displays the UDP Blast statistics menu.Show rate limiting statistics dump . January 2006 239 .UDP Blast Statistics Menu dos .Nortel Application Switch Operating System 23. see page 246. To view a sample output and a description of the statistics. To view a sample output and a description of the stats. To view a sample output and a description of the statistics.Dump all security statistics Command Syntax and Usage dos Displays the DOS Attack statistics menu. see page 240. see page 244. To view a sample output and a description of the statistics. dump Displays all security statistics.2 Command Reference /stats/security Security Statistics [Security Statistics Menu] ipacl . pgroup Displays the Pattern Match Group statistics menu. see page 245.0.Show pattern match group statistics ratelim .IP Address ACL Statistics Menu udpblast .

finscan.Clear all protocol anomaly and DoS attack prevention stats help . udplen. fragboundary. fullxmasscan. January 2006 . ipreserved. igmplen. garp. ipttl. ipprot. on the selected port only. tcpreserved. vecnascan. seqzero. fragdata. icmptype.Protocol anomaly and DoS attack prevention description Table 5-58 DOS Attacks Statistics Menu Options (/stats/security/dos) Command Syntax and Usage port <port number> Displays the number of times the packets were dropped for each of the following types of DOS attacks.2 Command Reference /stats/security/dos DOS Attack Statistics Menu [Protocol Anomaly and DoS Attack Prevention Statistics Menu] port . smurf. syndata. tcpportzero.Dump all protocol anomaly and DoS attack prevention stats clear . loopback. tcplen. rc8. synfinscan. clear Deletes all DOS attack statistics. igmptype. ftpport. 240 Chapter 5: The Statistics Menu 320506-A. arpspoof. dump Displays the number of times the packets were dropped on the switch. dnsport. ipoptlen. ip6version For a description of these different types of DOS attacks. arplen. arpnucast. blat. icmpdata. ip6len. flagabnormal. icmpoff. nullscan. fragdontoff. land. ipversion. for each of the following types of DOS attacks: iplen. igmpfrag. fragoversize. arpnbcast. help Displays a description of each type of DOS attack by name and how it works. udpportzero. pepsi. ackzero.Show port protocol anomaly and DoS attack prevention stats dump . fraglast. synfrag. tcpoptlen. broadcast. fraggle. icmplen. fragmoredont.0. fragopt. snmpnull. see “Types of DOS Attacks” on page 241. xmasscan.Nortel Application Switch Operating System 23. fragoff.

Nullscan. Xmascan. Fraggle. January 2006 241 . Enable DOS protection on ports connected to any network that could be the source of an attack.2 Command Reference Types of DOS Attacks Nortel Application Switch Operating System can protect switch ports against a variety of Denial of Service (DOS) attacks including Port Smurf. PortZero. You can use the help command to obtain a brief explanation of each type of DOS attack detected by the switch. Chapter 5: The Statistics Menu 320506-A. LandAttack. and ScanSynFin.0.Nortel Application Switch Operating System 23.

loopback : IPv4 packets with loopback source or destination IP [127.0. ipversion : IPv4 packets with IP version not 4. fragdata : IPv4 packets with more fragments bit is set and small payload.255. fragopt : IPv4 packets with non-zero fragment offset and IP options. vecnascan : TCP packets with only URG or PUSH or URG|FIN or PSH|FIN or URG|PSH bits are set.0.255. tcplen : TCP packets with bad TCP header length. tcpportzero : TCP packets with source or destination port is zero.255.255]. fullxmasscan: TCP packets with all control bits are set. land : IPv4 packets with same source and destination IP.0. ipoptlen : IPv4 packets with bad IP options length. fragboundary: IPv4 packets with more fragments bit is set and payload not at 8-byte boundary. blat : TCP packets with SIP!=DIP and SPORT=DPORT. ipprot : IPv4 packets with IP protocol is unassigned or reserved. broadcast : IPv4 packets with broadcast source or destination IP [0. fragmoredont: IPv4 packets with more fragments and don't fragment bits are set.0. fragdontoff : IPv4 packets with non-zero fragment offset and don't fragment bits are set.2 Command Reference Refer to your Nortel Application Switch Operating System Application Guide for a detailed description of DOS attacks. fragoff : IPv4 packets with small non-zero fragment offset. ipttl : IPv4 packets with small IP TTL. >> /stats/security/dos help iplen : IPv4 packets with bad IP header or payload length.0/8]. nullscan : TCP packets with all control bits are zero. finscan : TCP packets with only FIN bit is set.Nortel Application Switch Operating System 23. fragoversize: IPv4 packets with non-zero fragment offset and oversize payload.0. January 2006 . ipreserved : IPv4 packets with IP reserved bit is set. tcpreserved : TCP packets with TCP reserved bit is set. fraglast : IPv4 packets last fragment without payload.0. 242 Chapter 5: The Statistics Menu 320506-A.

smurf : ICMP ping requests to a broadcast destination IP (x.255). pepsi : UDP packets with SPORT=19.2 Command Reference xmasscan : TCP packets with FIN. seqzero : TCP packets with sequence number is zero. arplen : ARP request or reply packets with bad length. DPORT=7 or SPORT=7. fraggle : UDP packets to broadcast destination IP (x. ftpport : TCP packets with SPORT=20.255). rc8 : UDP packets with SPORT=7 and DPORT=7. udplen : UDP packets with bad UDP header length. ip6len : IPv6 packets with bad header length. syndata : TCP packets with SYN bit is set and with payload. tcpoptlen : TCP packets with bad TCP options length. igmplen : IGMP packets with bad IGMP header length. igmptype : IGMP packets with type is unassigned or reserved.x. igmpfrag : IGMP packets with more fragments bit is set or non-zero fragment offset. arpspoof : ARP request or reply packets with mismatch source with sender MACs or destination with target MACs. synfrag : TCP packets with SYN bit is set and more fragments bit is set. URG and PSH bits are set. arpnucast : ARP reply packets with non unicast destination MAC. DPORT<1024 and SYN bit is set. dnsport : TCP packets with SPORT=53. icmpdata : ICMP packets with zero fragment offset and large payload. icmplen : ICMP packets with bad ICMP header length. Chapter 5: The Statistics Menu 320506-A.0. flagabnormal: TCP packets with abnormal control bits combination.x. udpportzero : UDP packets with source or destination port is zero. arpnbcast : ARP request packets with non broadcast destination MAC. icmptype : ICMP packets with type is unassigned or reserved. snmpnull : UDP packets with DPORT=161 and without payload. synfinscan : TCP packets with SYN and FIN bits are set. icmpoff : ICMP packets with large fragment offset. ip6version : IPv6 packets with IP version not 6. DPORT<1024 and SYN bit is set. DPORT=19. ackzero : TCP packets with acknowledgement number is zero and ACK bit is set.Nortel Application Switch Operating System 23. garp : ARP request or reply packets with same source and destination IP.x.x. January 2006 243 .

Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/security/ipacl
IP Access Control List Statistics
The following IP Access Control List statistics can be viewed with this command:
[IP ACL Statistics Menu] dump - IP address access control Stats clear - Clear all access control Stats

Table 5-59 IPACL Security Statistics Menu Options (/stats/security/ipacl)
Command Syntax and Usage dump Displays the accumulated blocked packets for each source or destination IP address and mask pair in the access control list. >> Main# /stats/security/ipacl/dump ----------------------------------------------------------------IP ACL stats: Source IP Addr Mask Type Blocked Packets --------------- --------------- ----- --------------No source IP ACL's created Dest IP Addr Mask Type Blocked Packets --------------- --------------- ----- --------------No destination IP ACL's created clear Deletes all the statistics of accumulated blocked packets.

244

Chapter 5: The Statistics Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/security/udpblast
UDP Blast Statistics
[UDP Blast Statistics Menu] dump - UDP Blast Stats clear - Clear all UDP Blast Stats

Table 5-60 UDP Blast Statistics Menu Options (/stats/security/udpblast)
Command Syntax and Usage dump Displays all the accumulated blocked packets for each port, and the current packet rate per second. See page 245 for a sample output and a description of the statistics. clear Deletes all the accumulated blocked packets.

/stats/security/udpblast/dump
UDP Blast Dump Statistics
UDP blast protection stats: UDP Port Blocked Packets ------------------------Current Packet Rate/Second --------------------------

Table 5-61 UDP Blast Dump Statistics Parameters (/stats/security/udpblast/dump)
Field UDP Port Blocked Packets Current Packet Rate/ Second Description UDP ports that experienced UDP blast attacks. The number of blocked packets. Displays the current rate of packet to the UDP port.

Chapter 5: The Statistics Menu
320506-A, January 2006

245

Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/security/pgroup
UDP Pattern Match Statistics
Pattern Match Group stats: ID Name 1 Hits 0

This menu displays how many times each configured pattern group has been matched and a subsequent filtering action performed. Pattern groups are configured in the “Pattern Matching Menu” on page 404.

/stats/security/ratelim
Rate Limiting Statistics
Rate limiting stats: TCP: Total hold downs triggered: Current per-client state entries: UDP: Total hold downs triggered: Current per-client state entries: ICMP: Total hold downs triggered: Current per-client state entries:

0 0

0 0

0 0

Table 5-62 Rate Limiting Statistics (/stats/security/ratelim)
Field Total holds down triggered Current per-client state entries Description The total number of packets dropped after the hold-down period expired. The total number of per-client state entries for TCP/UDP/ICMP rate limiting.

246

Chapter 5: The Statistics Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/security/dump
Dump Statistics for Security
IP ACL stats: Address Blocked Packets ---------------------------------------------------------------------------------------------UDP blast protection stats: UDP Port Blocked Packets Current Packet Rate/Second ------------------------------------------------------------------------------------------------------------------Pattern Match Group stats: ID Name Hits 1 0 100 0 101 0 -----------------------------------------------------------------Rate limiting stats: TCP: Total hold downs triggered: Current per-client state entries: UDP: Total hold downs triggered: Current per-client state entries: ICMP: Total hold downs triggered: Current per-client state entries:

0 0

0 0

0 0

Chapter 5: The Statistics Menu
320506-A, January 2006

247

Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/mp Management Processor Statistics
[MP-specific Statistics Menu] pkt - Show Packet and TCP stats tcb - Show All TCP control blocks in use ucb - Show All UDP control blocks in use sfd - Show All Socket FD in use cpu - Show CPU utilization mem - Show memory stats

Table 5-63 Management Processor Statistics Menu Options (/stats/mp)
Command Syntax and Usage pkt Displays packet statistics, to check for leads and load. To view a sample output and a description of the stats, see page 249. tcb Displays all TCP control blocks that are in use. To view a sample output and a description of the stats, see page 251. ucb Displays all UDP control blocks that are in use. To view a sample output, see page 251. sfd Displays all Socket File Descriptors that are in use. To view a sample output, see page 252. cpu Displays CPU utilization for periods of up to 1, 4, and 64 seconds. To view a sample output and a description of the stats, see page 252. mem Displays memory statistics.

248

Chapter 5: The Statistics Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/mp/pkt
MP Packet Statistics
Packet counts: allocs: mediums: jumbos: smalls: alloc fails: TCP counts: allocs: current: alloc fails: 89262 0 0 0 0 4866 46 0 frees: mediums hi-watermark: jumbos hi-watermark: smalls hi-watermark: packet discards: frees: current hi-watermark: alloc discards: 89262 4 0 4 0 4827 146 0

Table 5-64 Packet Statistics (/stats/mp/pkt)
Statistics Packet counts: allocs frees mediums jumbos smalls alloc fails frees mediums hi-watermark Total number of packet allocations from the packet buffer pool by the TCP/IP protocol stack. Total number of times the packet buffers are freed (released) to the packet buffer pool by the TCP/IP protocol stack. Total number of packet allocations with size between 128 to 1536 bytes from the packet buffer pool by the TCP/IP protocol stack. Total number of packet allocations with size between 1536 bytes to 9K bytes from the packet buffer pool by the TCP/IP protocol stack. Total number of packet allocations with size less than 128 bytes from the packet buffer pool by the TCP/IP protocol stack. Total number of packet allocation failures from the packet buffer pool by the TCP/IP protocol stack. Total number of packets freed from the packet buffer pool by the TCP/IP protocol stack. The highest number of packet allocation with size between 128 to 1536 bytes from the packet buffer pool by the TCP/IP protocol stack. Description

jumbos hi-watermark The highest number of packet allocation with size between 1536 bytes to 9K bytes from the packet buffer pool by the TCP/IP protocol stack. smalls hi-watermark The highest number of packet allocation with size less than 128 bytes from the packet buffer pool by the TCP/IP protocol stack.

Chapter 5: The Statistics Menu
320506-A, January 2006

249

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-64 Packet Statistics (/stats/mp/pkt)
Statistics packet discards Description The number of packets that are discarded by the MP. The packets are discarded because buffer resources are not available or the buffer threshold is reached and the low priority packets are discarded.

TCP counts: allocs current alloc fails frees current hi-watermark alloc discards Total number of TCP packet allocations from MP memory by the TCP/IP protocol stack. Total number of TCP packet allocations from MP memory by the TCP/IP protocol stack. Total number of TCP packet allocation failures from MP memory by the TCP/IP protocol stack. Total number of times the TCP packet buffers are freed (released) to MP memory by the TCP/IP protocol stack. The highest number of TCP packet allocation from MP memory by the TCP/IP protocol stack. The number of TCP packets that are discarded by the MP. The packets are discarded because MP memory resources are not available.

250

Chapter 5: The Statistics Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/mp/tcb
TCP Statistics
All TCP allocated control blocks: 117f6d00: 0.0.0.0 0 <=> 0.0.0.0 117f81a8: 47.81.27.6 1331 <=> 47.80.16.59 80 23 listen established

Table 5-65 MP Specified TCP Statistics (/stats/mp/tcb)
Statistics 117f6d00/117f81a8 0.0.0.0/47.81.27.6 0/1331 0.0.0.0/47.80.16.59 80/23 listen/established Description Memory Destination IP address Destination port Source IP Source port State

/stats/mp/ucb
UCB Statistics
All UDP allocated control blocks: 161: listen 1985: listen 3122: listen

Table 5-66 UCB Statistics on MP (/stats/mp/ucb)
Field 161/1985/3122 Listen Description UDP port number State

Chapter 5: The Statistics Menu
320506-A, January 2006

251

Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/mp/sfd
MP-Specific SFD Statistics
All Socket FD allocated: 0 -1 16 1180b128: 0.0.0.0 server 1 -1 17 108c5bd8: 0.0.0.0 server 2 -1 18 108d5cfc: 0.0.0.0 server 3 -1 19 1180a258: 0.0.0.0 server 0 <=> 47.133.88.31 0 <=> 47.133.88.31 0 <=> 47.133.88.31 0 <=> 47.133.88.31 81 23 22 443 listen listen listen listen TCP TCP TCP TCP

/stats/mp/cpu
CPU Statistics
This menu option enables you to display the CPU utilization statistics on MP.
CPU utilization: cpuUtil1Second: cpuUtil4Seconds: cpuUtil64Seconds:

100% 100% 100%

Table 5-67 CPU Statistics (stats/mp/cpu)
Statistics cpuUtil1Second cpuUtil4Seconds cpuUtil64Seconds Description The percentage of CPU utilization as measured over the last one second interval. The percentage of CPU utilization as measured over the last four second interval. The percentage of CPU utilization as measured over the last 64 second interval.

252

Chapter 5: The Statistics Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/sp <SP Number> SP Specific Statistics
[SP-specific Statistics Menu] maint - Show maintenance stats clear - Clear maintenance stats cpu - Show CPU utilization

Table 5-68 SP Specific Statistics (/stats/sp)
Statistics maint clear cpu Description Displays internal statistics, Layer 2 FDB maintenance statistics, and MP DOS shield statistics. See page 254 for a sample output. Deletes all the maintenance statistics. Displays what percentage of the CPU has been utilized. To view a sample output and a description of the stats, see page 254.

Chapter 5: The Statistics Menu
320506-A, January 2006

253

Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/sp <SP number>/maint
SP-Specific Maintenance Statistics
Maintenance statistics for SP 1: Receive Letter success from MP: 158648 Receive Letter success from SP 2: 0 Receive Letter success from SP 3: 0 Receive Letter success from SP 4: 0 Receive Letter errors from MP: 0 Receive Letter errors from SP 2: 0 Receive Letter errors from SP 3: 0 Receive Letter errors from SP 4: 0 Send Letter success to MP: 125516 Send Letter success to SP 2: 0 Send Letter success to SP 3: 6799 Send Letter success to SP 4: 6791 Send Letter failures to MP: 0 Send Letter failures to SP 2: 0 Send Letter failures to SP 3: 0 Send Letter failures to SP 4: 0 learnErrNoddw: 0 resolveErrNoddw: ageMPNoddw: 0 deleteMiss: pfdbFreeEmpty: 0 arpDiscards: 0 icmpDiscards: tcpDiscards: 0 udpDiscards:

0 0 0 0

/stats/sp/cpu
CPU Statistics
This menu option enables you to display the CPU utilization statistics on the Switch Processor (SP).
CPU utilization for SP 1: cpuUtil1Second: cpuUtil4Seconds: cpuUtil64Seconds:

6% 6% 6%

Table 5-69 CPU Statistics (stats/sp/cpu)
Statistics cpuUtil1Second Description The percentage of CPU utilization as measured over the last one second interval.

254

Chapter 5: The Statistics Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-69 CPU Statistics (stats/sp/cpu)
Statistics cpuUtil4Seconds cpuUtil64Seconds Description The percentage of CPU utilization as measured over the last four second interval. The percentage of CPU utilization as measured over the last 64 second interval.

/stats/pmirr Port Mirroring Statistics Menu
[Port Mirroring Statistics Menu] dump - Port Mirroring Stats clear - Clear all Port Mirroring Stats

Table 5-70 Port Mirroring
Command Syntax and Usage dump Displays the port number, and the statistics of the traffic on the ingress and egress ports. clear Deletes all the port mirroring statistics.

CAUTION—Use this command carefully as it will delete all statistics permanently.

/stats/mgmt Management Port Statistics
Management port interface RX bytes: RX packets: RX errors: RX dropped: RX overruns: RX frame errors: RX multicast: statistics: 0 TX bytes: 0 TX packets: 0 TX errors: 0 TX dropped: 0 TX overruns: 0 TX carrier errors: 0 TX collisions: 0 0 0 0 0 0 0

Chapter 5: The Statistics Menu
320506-A, January 2006

255

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-71 Management Port Statistics (/stats/mgmt)
Statistics RX bytes RX packets RX errors RX dropped RX overruns RX frame errors RX multicast TX bytes TX packets TX errors TX dropped TX overruns TX carrier errors TX collisions Description The total number of incoming bytes successfully transferred by the interface. The total number of incoming packets successfully transferred by the interface. The number of bad packets received. The number of incoming packets that were dropped due to lack of receive buffers. The number of received packets that were dropped because their size exceeded that of the receive queue. The number of incoming packets dropped due to IP framing errors. The number of multicast packets received. The total number of outgoing bytes successfully transferred by the interface. The total number of outgoing packets successfully transferred by the interface. The number of packets dropped due to transmission problems. The number of packets dropped due to lack of transmit buffers. The number of packets dropped because size exceeded that of the transmit queue. Not applicable. The number of collisions due to congestion on the medium. Collisions occur when two or more stations are transmitting signals at the same time.

/stats/dump Dump Statistics
Use the dump command to dump all switch statistics available from the Statistics Menu (40K or more, depending on your configuration). This data can be used to tune or debug switch performance. If you want to capture dump data to a file, set your communication software on your workstation to capture session data prior to issuing the dump commands.
256 Chapter 5: The Statistics Menu
320506-A, January 2006

To make finding information easier.SSL Processor Setup Menu setup .CHAPTER 6 The Configuration Menu This chapter discusses how to use the Command Line Interface (CLI) for making. and saving switch configuration changes. viewing.Bandwidth Management Menu l2 .System-wide Parameter Menu port . the menu options under the Server Load Balancing Menu (/cfg/slb) are in Chapter 7.Restore current configuration from FTP/TFTP server 257 320506-A.Dump current configuration to script file ptcfg .Step by step configuration set up dump . /cfg Configuration Menu [Configuration Menu] sys . display more or different information than in the previous version.Layer 2 Menu l3 . Important difference are called out in the text. January 2006 .Backup current configuration to FTP/TFTP server gtcfg . Many of the commands.Server Load Balancing (Layer 4-7) Menu security .Layer 3 Menu slb . although not new.Security Menu sslproc .Port Menu pmirr .Port Mirroring Menu bwm .

see page 301. To view menu options. l2 Displays Layer 2 Configuration Menu. To view menu options. see page 342. To view menu options. To view menu options. 258 Chapter 6: The Configuration Menu 320506-A. sslproc Displays the SSL processor setup Menu. January 2006 . To view menu options. see page 397. For details.Nortel Application Switch Operating System 23. l3 Displays Layer 3 Configuration Menu. To view menu options. For details. ptcfg <host name or IP address of TFTP server> <filename on host> Backs up current configuration to TFTP server. “The SLB Configuration Menu”.2 Command Reference Table 6-1 Configuration Menu Options (/cfg) Command Syntax and Usage sys Displays the System-wide parameter Configuration Menu.0. see page 407. see page 408. see Chapter 7. slb Displays the Server Load Balancing Configuration Menu. see page 315. see page 325. see page 403. see page 408. To view menu options. To view menu options. gtcfg <host name or IP address of TFTP server> <filename on host> Restores current configuration from TFTP server. see page 403 setup Step-by-step configuration set-up of the switch. To view menu options. pmirr Displays the Mirroring Configuration Menu. dump Dumps current configuration to a script file. For details. port <port number> Displays the Port Configuration Menu. For details. see page 316. see page 261. security Displays the Security Menu. bwm Displays the Bandwidth Management Configuration Menu.

Chapter 6: The Configuration Menu 320506-A. you must apply the changes. To turn STP on or off. you can do the following: View the pending changes Apply the pending changes Save the changes to flash memory Viewing Pending Changes You can view all pending configuration changes by entering diff at the menu prompt. While configuration changes are in the pending state. except for starting Spanning Tree Protocol. Also.0. Applying. and Saving Changes As you use the configuration menus to set switch parameters. you can enter diff at any prompt in the CLI. any changes are lost the next time the switch boots unless the changes are explicitly saved. Saving the Configuration In addition to applying the configuration changes. Therefore. save them (see below). NOTE – The diff command is a global command. you can enter apply at any prompt in the administrative interface. enter apply at any prompt in the CLI. you must apply them. January 2006 259 . you can save them to flash memory on the Nortel Application Switch. All changes are considered “pending” until you explicitly apply them. and then reset the switch (see “Resetting the Switch” on page 517). Applying Pending Changes To make your configuration changes active. # apply NOTE – The apply command is a global command. the changes you make do not take effect immediately.2 Command Reference Viewing. Therefore. To apply configuration changes.Nortel Application Switch Operating System 23. NOTE – All configuration changes take effect immediately when applied.

the changes are saved to the active configuration block. Your options include: The active configuration block The backup configuration block Factory default configuration You can view all pending configuration changes that have been applied but not saved to flash memory using the diff flash command. enter the following command at any CLI prompt: # save When you save configuration changes. If you do not want the previous configuration block copied to the backup configuration block. January 2006 . enter the following instead: # save n You can decide which configuration you want to run the next time you reset the switch. see “Selecting a Configuration Block” on page 515.0. It is a global command that can be executed from any menu. For instructions on selecting the configuration to run at the next system reset. 260 Chapter 6: The Configuration Menu 320506-A.2 Command Reference NOTE – If you do not save the changes. To save the new configuration.Nortel Application Switch Operating System 23. they will be lost the next time the system is rebooted. The configuration being replaced by the save is first copied to the backup configuration block.

Nortel Application Switch Operating System 23. Web-based management settings. ntp Displays the Network Time Protocol (NTP) Server Menu. To view menu options.2 Command Reference /cfg/sys System Configuration [System Menu] syslog mmgmt radius tacacs ntp sonmp ssnmp health access date time timezone idle notice bannr smtp hprompt bootp cur Syslog Menu Management Port Menu RADIUS Authentication Menu TACACS+ Authentication Menu NTP Server Menu SONMP Menu System SNMP Menu System Health Check Menu System Access Menu Set system date Set system time Set system timezone (daylight savings) Set timeout for idle CLI sessions Set login notice Set login banner Set SMTP host Enable/disable display hostname (sysName) in CLI prompt Enable/disable use of BOOTP Display current system-wide parameters This menu provides configuration of switch management parameters such as user and administrator privilege mode passwords. see page 271. To view menu options. tacacs Displays TACACS+ authentication Menu. To view menu options.0. To view menu options. see page 270. January 2006 261 . and management access list. Table 6-2 System Configuration Menu Options (/cfg/sys) Command Syntax and Usage syslog Displays the Syslog Menu. see page 263. radius Displays the RADIUS Authentication Menu. Chapter 6: The Configuration Menu 320506-A. see page 264. mmgmt Displays Management Port Menu. To view menu options. see page 268.

To view an example. from 1 to 10080 minutes. bootp disable|enable Enables or disables the use of BOOTP. see page 287. health Displays system health check menu. cur Displays the current system parameters. hprompt disable|enable Enables or disables displaying of the host name (system administrator’s name) in the Command Line Interface (CLI). time Configures the system time using a 24-hour clock format. This notice can contain up to 1024 characters and new lines. which is used for sending bandwidth management history information.Nortel Application Switch Operating System 23. The default is 5 minutes.2 Command Reference Table 6-2 System Configuration Menu Options (/cfg/sys) Command Syntax and Usage sonmp Displays the SynOptics Network Management Protocol (SONMP) menu. date Prompts the user for the system date. January 2006 . ssnmp Displays the System SNMP Menu. see page 300. access Displays System Access Menu. If you enable BOOTP. see page 273. the switch will query its BOOTP server for all of the switch IP parameters.0. To view menu options. When a user or administrator logs into the switch. timezone Configures the system time zone. This command is disabled by default. see page 288. see page 273. To view menu options. bannr <string. maximum 80 characters> Configures a login banner of up to 80 characters. To view menu options. notice <max 1024 char multi-line login notice> <'-' to end> Displays login notice immediately before the “Enter password:” prompt. affects both console and Telnet> Sets the idle timeout for CLI sessions. the login banner is displayed. To view menu options. idle <idle timeout in minutes. 262 Chapter 6: The Configuration Menu 320506-A. It is also displayed as part of the output from the /info/sys command. smtp <SMTP host name or IP address> Sets the Simple Mail Transfer Protocol (SMTP) host.

sever <syslog host local severity (0–7)> This option sets the severity level of the first syslog host displayed. 192. log all the seven severity levels.17. For a detailed description of the seven levels of severity. console disable|enable Enables or disables delivering syslog messages to the console.223)> Sets the IP address of the first syslog host.223)> Sets the IP address of the second syslog host. see page 264. It is enabled by default. facil2 <syslog host local facility (0-7)> This option sets the facility level of the second syslog host displayed.17. When necessary. see page 264.0. The default is 7.4. facil <syslog host local facility (0-7)> This option sets the facility level of the first syslog host displayed. [Syslog Menu] host host2 sever sever2 facil facil2 console log cur - Set IP address of first syslog host Set IP address of second syslog host Set the severity of first syslog host Set the severity of second syslog host Set facility of first syslog host Set facility of second syslog host Enable/disable console output of syslog messages Enable/disable syslogging of features Display current syslog settings Table 6-3 System Configuration Menu Options (/cfg/sys/syslog) Command Syntax and Usage host <new syslog host IP address (such as.4. January 2006 263 . which means. host2 <new syslog host IP address (such as.Nortel Application Switch Operating System 23. sever2 <syslog host local severity (0–7)> This option sets the severity level of the second syslog host displayed.2 Command Reference /cfg/sys/syslog System Host Log Configuration NOTE – Nortel Application Switch Operating System 23. disabling console ensures the switch is not affected by syslog messages. The default is 7. Chapter 6: The Configuration Menu 320506-A. For a detailed description of the seven levels of severity. The default is 0. which means log all the seven severity levels. The default is 0.0 supports the RFC 3164 standard for Syslogs. 192.

or HTTP. broadcast address. This means that the system is unusable. This means that the system is giving a warning. Debug.Nortel Application Switch Operating System 23. the Management port saves consuming a port that could otherwise be used for processing data and traffic. The Management port must be configured with a static IP address. This means that the system is working but giving out information about certain unfavorable conditions. and must be enabled before it can be used. You can choose to enable/ disable specific features (such as vlans. January 2006 . 3: Error. 6: Informational. This port is isolated from and does not participate in the networking protocols that run on the network ports. subnet mask. filter). SNMP. cur Displays the current syslog settings. This means that corrective action must be taken immediately. This means that the system is giving out debug-level messages. or enable/disable syslog on all available features. the network ports have to perform all switch management (other than the switch management 264 Chapter 6: The Configuration Menu 320506-A.0. and default gateway. Seven Levels of Severity Following is the description of the seven levels of severity: 0: Emergency. This means the condition of the system is critical. 2: Critical. 4: Warning.2 Command Reference Table 6-3 System Configuration Menu Options (/cfg/sys/syslog) Command Syntax and Usage log <feature|all> <enable|disable> Displays a list of features for which syslog messages can be generated. 7. 1: Alert. This means that the system has errors that should be corrected. /cfg/sys/mmgmt Management Port Configuration Menu The Management port is a Fast Ethernet port that is used exclusively to manage the switch. This port manages the switch using either telnet CLI. If this port is disabled. 5: Notice. gslb. This means that the condition of the system is normal but with significant conditions that need attention. While the switch can be managed from any network port.

You can change the defaults by configuring these features to permanently use the management port.Set default port for NTP radius .Management Port Phy Menu addr . see page 268.255.Set interval between gateway ping attempts retry . If this port is enabled. 192. To view the menu options.Disable management port cur . addr <IP address (such as. 255.Set default port for SYSLOG sonmp .4. gw <gateway address (such as.Set default port for TACACS+ smtp .Set subnet mask gw .Set default gateway address intr .Set default port for SNMP traps syslog .Set default port for FTP/TFTP wlm .Set default port for Reporting server ena .Nortel Application Switch Operating System 23.17.17. January 2006 265 .0)> Sets the subnet mask.101)> Sets the IP address.Display current configuration Table 6-4 Management Port Configuration Menu Options (/cfg/sys/mmgmt) Command Syntax and Usage port Displays the management port link menu.4. 192.Set default IP for SONMP hello packets tftp .Set default port for SMTP snmp .1)> Sets the IP address for the default gateway.2 Command Reference using the console).Set IP address mask .Enable management port dis .Set number of failed attempts to declare gateway DOWN dns . NOTE – The Management port does not support BOOTP. the factory default settings for some of the management features remain with the network ports.Set default port for DNS ntp . [Management Port Menu] port . Chapter 6: The Configuration Menu 320506-A.255.60 seconds)> Sets the interval between gateway ping attempts.Set default port for Workload Manager report .0. or in some cases. mask <subnet mask (such as. by using the operational commands to set these options on a one-time basis. intr <interval (0 .Set default port for RADIUS tacacs .

wlm ["mgmt"|"data"] Set the default port for the workload manager. Default is data port. ntp default port mgmt|data Sets NTP over management or data ports. 266 Chapter 6: The Configuration Menu 320506-A.0. report ["mgmt"|"data"] Set the default port for the reporting server. smtp default port mgmt|data Sets SMTP over management or data ports. dns default port mgmt|data Sets DNS over management or data port. snmp default port mgmt|data Sets SNMP trap host over management or data ports. The default is data port. sonmp default port mgmt|data Sets default IP address for SONMP hello packets. Default is data port.2 Command Reference Table 6-4 Management Port Configuration Menu Options (/cfg/sys/mmgmt) Command Syntax and Usage retry <number of attempts (1-120> Sets the number of failed ping attempts before a gateway is declared DOWN. syslog default port mgmt|data Sets syslog host access over management or data ports. January 2006 . Default is data port.Nortel Application Switch Operating System 23. radius default port mgmt|data Sets RADIUS over management or data ports. Default is data port. ena Enables the Management port. tftp default port mgmt|data Sets TFTP over management or data port. Default is data port. Default is data port. Default is data port. tacacs mgmt|data Sets TACACS+ over management or data ports. then the IP address of the data port interface specified by srcif (/cfg/sys/sonmp/srcif) command is used in the hello packets. When this option is set to mgmt then the Management Port IP address is used in the SONMP hello packets transmitted by the switch. But if it is set to data.

Chapter 6: The Configuration Menu 320506-A.Nortel Application Switch Operating System 23. cur Displays the current configuration.2 Command Reference Table 6-4 Management Port Configuration Menu Options (/cfg/sys/mmgmt) Command Syntax and Usage dis Disables the Management port.0. January 2006 267 .

Display current RADIUS configuration 268 Chapter 6: The Configuration Menu 320506-A.Set autonegotiation cur . mode full|half|any Sets half or full duplex mode.Nortel Application Switch Operating System 23.Set link speed mode . By default this command is turned on.Set RADIUS server retries timeout . Default is any.Set primary RADIUS server secret secret2 .Turn RADIUS authentication ON off . auto on|off Sets auto negotiation for the port.2 Command Reference /cfg/sys/mmgmt/port Management Port Link Menu [Management Port Link Menu] speed .Set RADIUS server timeout telnet . Default is any.Set secondary RADIUS server secret port .0.Turn RADIUS authentication OFF cur .Set secondary RADIUS server address secret . /cfg/sys/radius RADIUS Server Configuration [RADIUS Server Menu] prisrv .Set primary RADIUS server address secsrv .Set RADIUS port retries .Set full or half duplex mode auto . cur Displays the current link configuration. January 2006 .Display current link configuration Table 6-5 Management Port Link Menu Options (/cfg/sys/mgmt/port) Command Syntax and Usage speed 10|100|any Sets the speed of the link with the Management port.Enable/disable RADIUS backdoor for telnet on .

retries <RADIUS server retries (1-3)> Sets the number of failed authentication requests before switching to a different RADIUS server. cur Displays the current RADIUS server parameters. port <RADIUS port to configure. on Enables the RADIUS server. between 1500 . Telnet also applies to SSH/SCP connections. in seconds. The default is 3 seconds. Chapter 6: The Configuration Menu 320506-A. default 1645> Enter the number of the UDP port to be configured. before a RADIUS server authentication attempt is considered to have failed. The default is 1645. secret <1-128 character secret> This is the shared secret password between the switch and the primary RADIUS server(s). secret2 <1-128 character secret> This is the shared secret password between the switch and the secondary RADIUS server(s). secsrv <IP address> Sets the secondary RADIUS server address.2 Command Reference Table 6-6 RADIUS Server Configuration Menu Options (/cfg/sys/radius) Command Syntax and Usage prisrv <IP address> Sets the primary RADIUS server address.0. timeout <RADIUS server timeout seconds (1-10)> Sets the amount of time. The default is 3 requests. January 2006 269 . off Disables the RADIUS server.3000. telnet disable|enable Enables or disables the RADIUS back door for telnet.Nortel Application Switch Operating System 23.

TACACS+ protocol has been implemented on Nortel Application Switch Operating System to support the customers that have Cisco’s TACACS+ protocol as their network security feature. and accounting. TACACS+ offers the following advantages over RADIUS as the authentication device: TACACS+ is TCP-based so it facilitates connection-oriented traffic. Supports decoupled authentication. RADIUS combines authentication and authorization in a user profile. Apart from that.2 Command Reference /cfg/sys/tacacs TACACS+ Server Configuration Menu TACACS (Terminal Access Controller Access Control System) is an authentication protocol that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system. TACACS is an encryption protocol and therefore less secure than TACACS+ and Remote Authentication Dial-In User Service (RADIUS) protocols. whereas TACACS+ separates the two operations. (Both TACACS and TACACS+ are described in RFC 1492. [TACACS+ Server prisrv secsrv secret secret2 port retries timeout telnet on off cur - Menu] Set primary TACACS+ server address Set secondary TACACS+ server address Set primary TACACS+ server secret Set secondary TACACS+ server secret Set TACACS+ TCP port Set TACACS+ server retries Set TACACS+ server timeout (seconds) Enable/disable TACACS+ backdoor for telnet Turn TACACS+ authentication ON Turn TACACS+ authentication OFF Display current TACACS+ configuration 270 Chapter 6: The Configuration Menu 320506-A.Nortel Application Switch Operating System 23. Also. January 2006 .) TACACS+ protocol is seen as more reliable than RADIUS as TACACS+ uses the Transmission Control Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP).0. authorization. It supports full-packet encryption as against password-only in authentication requests.

/cfg/sys/ntp NTP Server Configuration Chapter 6: The Configuration Menu 320506-A. secret <1-128 character secret> This is the shared secret between the switch and the primary TACACS+ server(s). port <RADIUS port configure. between 1500 . default 1645> Enter the number of the TCP port to be configured. timeout <RADIUS server timeout seconds. retries <RADIUS server retries.0. on Enables the TACACS+ server. in seconds. 1-3> Sets the number of failed authentication requests before switching to a different TACACS+ server. off Disables the TACACS+ server. cur Displays current TACACS+ configuration parameters. secret2 <1-128 character secret> This is the shared secret between the switch and the secondary TACACS+ server(s). Telnet also applies to SSH/SCP connections.3000. The default is 1645. January 2006 271 . The default is 3 requests.Nortel Application Switch Operating System 23. telnet disable|enable Enables or disables the TACACS+ back door for telnet. secsrv <IP address> Defines the secondary TACACS+ server address. 4 to 15> Sets the amount of time. The default is 3 seconds.2 Command Reference Table 6-7 TACACS+ Server Menu Options (/cfg/sys/tacacs) Command Syntax and Usage prisrv <IP address> Defines the primary TACACS+ server address. before a TACACS+ server authentication attempt is considered to have failed.

This interval of time will be specified in minutes (1-44640).Set NTP timezone offset from GMT on .Set NTP server resync interval tzone .Turn NTP service ON off . in HH:MM> Prompts for the NTP time zone offset. in hours and minutes.Turn NTP service OFF cur . on Enables the NTP synchronization service. By default.2 Command Reference This menu enables you to synchronize the switch clock to a Network Time Protocol (NTP) server. The default value is 1440 minutes.Set primary NTP server address secsrv . this option is disabled.0. 272 Chapter 6: The Configuration Menu 320506-A. secsrv <secondary NTP server IP address> Prompts for the IP address of the secondary NTP server to which you want to synchronize the switch clock.Set secondary NTP server address intrval . off Disables the NTP synchronization service. tzone <offset from GMT.Display current NTP configuration Table 6-8 NTP Server Configuration Menu Options (/cfg/sys/ntp) Command Syntax and Usage prisrv <primary NTP server IP address> Prompts for the IP address of the primary NTP server to which you want to synchronize the switch clock. intrval <resync interval in minutes> Specifies how often the switch will re-synchronize the switch clock with the NTP server. January 2006 .Nortel Application Switch Operating System 23. cur Displays the current NTP service settings. of the switch you are synchronizing from Greenwich Mean Time (GMT). [NTP Server Menu] prisrv .

you can manage the switch using the following standard SNMP MIBs: MIB II (RFC 1213) Ethernet MIB (RFC 1643) Chapter 6: The Configuration Menu 320506-A.2 Command Reference /cfg/sys/sonmp SynOptics Network Management Protocol Configuration [SONMP Menu] srcif on off cur Set source interface to be used in hello packets Turn Ethernet Autotopology ON Turn Ethernet Autotopology OFF Display current SONMP configuration SynOptics Network Management Protocol (SONMP) is a proprietary network management protocol that is used by Nortel Networks Optivitiy Switch Manager (OSM) to discover Nortel Application Switches on the network. cur This command displays the current SONMP configuration. Table 6-9 System Configuration Menu Options (/cfg/sys/sonmp) Command Syntax and Usage srcif <interface number (1-256)> This command specifies the IP address to be used in the hello packets. and turns Ethernet Autotopology on. If you are running an SNMP network management station on your network.Nortel Application Switch Operating System 23. off This command disables the SONMP protocol. The following commands add support for the Ethernet Autotopology algorithm and the Bay Topology MIB.0. If the interface specified by this command is not up. January 2006 273 . The topology algorithm is executed by each Nortel Application Switch on which SONMP is enabled. In SNMP model of network management. then the first interface which is up and running is used in the hello packets. a management station (client/manager) accesses a set of variables known as MIBs (Management Information Base) provided by the managed device (agent). /cfg/sys/ssnmp System SNMP Configuration Nortel Application Switch Operating System supports SNMP-based network management. and turns Ethernet Autotopology off. on This command enables the SONMP protocol.

The contact can have a maximum of 64 characters.Enable/disable SNMP "sysAuthenTrap" linkt . name <new string (maximum 64 characters)> Configures the name for the system.Set SNMP "sysName" locn .Set SNMP "sysLocation" cont . see page 276. Each SNMP message sent to the agent contains a list of management objects to retrieve or to modify. cont <new string (maximum 64 characters)> Configures the name of the system contact.Set SNMP read community string wcomm . January 2006 .Set SNMP write community string trsrc . SNMP parameters that can be modified include: System name System location System contact Use of the SNMP system authentication trap function Read community string Write community string Trap community strings [System SNMP Menu] snmpv3 . locn <new string (maximum 64 characters)> Configures the name of the system location.Set timeout for the SNMP state machine auth .Set SNMP "sysContact" rcomm . To view menu options. 274 Chapter 6: The Configuration Menu 320506-A. The name can have a maximum of 64 characters.SNMPv3 Menu name .Display current system SNMP configuration Table 6-10 SNMP Configuration Menu Options (/cfg/sys/ssnmp) Command Syntax and Usage snmpv3 Displays SNMPv3 menu.Set SNMP trap source interface timeout .2 Command Reference Bridge MIB (RFC 1493) An SNMP agent is a software process on the managed device that listens on UDP port 161 for SNMP messages.Nortel Application Switch Operating System 23.Enable/disable SNMP link up/down trap cur .0. The location can have a maximum of 64 characters.

The default setting is enabled. The SNMPv3 packets do not contain this field. linkt <port> <disable|enable> Enables or disables the sending of SNMP link up and link down traps.Nortel Application Switch Operating System 23. trsrc <interface number (1-256)> Defines the interface number for SNMP trap source interface. The timeout period determines when the resources/memory allocated for the output will be freed.0.2 Command Reference Table 6-10 SNMP Configuration Menu Options (/cfg/sys/ssnmp) Command Syntax and Usage rcomm <new SNMP read community string (maximum 32 characters)> Configures the SNMP read community string. The default read community string is public. The default write community string is private. Chapter 6: The Configuration Menu 320506-A. It can have a maximum of 32 characters. It can have a maximum of 32 characters. January 2006 275 . This command enables the user to select one of the configured interfaces as the source interface using the interface number. auth disable|enable Enables or disables the use of the system authentication trap facility. wcomm <new SNMP write community string (maximum 32 characters)> Configures the SNMP write community string. When you use diff and apply. NOTE – This command is applicable only to SNMPv1 and SNMPv2 traps because only the SNMPv1 and SNMPv2 trap packets contain the source IP address that can be set with this command. 1-30> Defines the timeout period for SNMP state machine. timeout <SNMP state machine timeout minutes. The read community string controls SNMP “get” access to the switch. The default setting is disabled. memory is allocated to store the output of the command. cur Displays the current STP port parameters. The write community string controls SNMP “set” and “get” access to the switch.

see page 280.0. see page 278. The View-based Access Control Model defines a set of services that an application can use for checking access rights of the user. [SNMPv3 Menu] usm view access group comm taddr tparam notify v1v2 cur - usmUser Table menu vacmViewTreeFamily Table menu vacmAccess Table menu vacmSecurityToGroup Table menu community Table menu targetAddr Table menu targetParams Table menu notify Table menu Enable/disable V1/V2 access Display current SNMPv3 configuration Table 6-11 SNMPv3 Configuration Menu Options (/cfg/sys/ssnmp/snmpv3) Command Syntax and Usage usm <usmUser number [1-16]> This command allows you to create a user security model (USM) entry for an authorized user. To view menu options. To view menu options. view <vacmViewTreeFamily number [1-128]> This command allows you to create different MIB views.2 Command Reference /cfg/sys/ssnmp/snmpv3 SNMPv3 Configuration Menu SNMP version 3 (SNMPv3) is an extensible SNMP Framework that supplements the SNMPv2 Framework by supporting the following: a new SNMP message format security for messages access control remote configuration of SNMP parameters For more details on the SNMPv3 architecture please refer to RFC2271 to RFC2276. You need access control when you have to process retrieval or modification request from an SNMP entity. You can also configure this entry through SNMP.Nortel Application Switch Operating System 23. access <vacmAccess number [1-32]> This command allows you to specify access rights. 276 Chapter 6: The Configuration Menu 320506-A. To view menu options. January 2006 . see page 279.

see page 285. consisting of message processing model. To view menu options. January 2006 277 . A group defines the access rights assigned to all names that belong to a particular group.0. security model. and generates Notification-Class messages based on these events or conditions. There may be multiple transport endpoints associated with a particular set of SNMP parameters. see page 284. cur Displays the current SNMPv3 configuration. Chapter 6: The Configuration Menu 320506-A. see page 286. notify <notify index [1-16]> A notification application typically monitors a system for particular events or conditions. To view menu options. see page 282. security level. see page 283. and security name information. This is also termed as transport endpoint. To view menu options. tparam <target params index [1-16]> This command allows you to configure SNMP parameters. The SNMP MIB provides a mechanism for performing source address validation on incoming requests. consisting of a transport domain and a transport address. or a particular transport endpoint may be associated with several sets of SNMP parameters. and for selecting community strings based on target addresses for outgoing notifications. To view menu options. To view menu options. This command is enabled by default.2 Command Reference Table 6-11 SNMPv3 Configuration Menu Options (/cfg/sys/ssnmp/snmpv3) group <vacmSecurityToGroup number [1-16]> A group maps the user name to the access group names and their access rights needed to access SNMP management objects. v1v2 disable|enable This command allows you to enable or disable the access to SNMP version 1 and version 2. comm <snmpCommunity number [1-16]> The community table contains objects for mapping community strings and version-independent SNMP message parameters. taddr <snmpTargetAddr number [1-16]> This command allows you to configure destination information.Nortel Application Switch Operating System 23.

If you select none as the authentication protocol. [SNMPv3 usmUser name auth authpw priv privpw del cur 1 Menu] Set USM user name Set authentication protocol Set authentication password Set privacy protocol Set privacy password Delete usmUser entry Display current usmUser configuration Table 6-12 User Security Model Configuration Menu Options (/cfg/sys/ssnmp/ snmpv3/usm) Command Syntax and Usage name <32 character name> This command allows you to configure a string up to 32 characters long that represents the name of the user. authpw If you selected an authentication algorithm using the above command. An SNMP engine must have the knowledge of applicable attributes of a user. otherwise you will get an error message during validation. This menu helps you create a user security model entry for an authorized user. This command allows you to create or change your password for authentication. then make sure that you have selected one of the authentication protocols (MD5 or HMAC-SHA-96). The default algorithm is none.2 Command Reference /cfg/sys/ssnmp/snmpv3/usm User Security Model Configuration Menu You can make use of a defined set of user identities using this Security Model. you will get an error message. This is the login name that you need in order to access the switch. you need to provide a password.Nortel Application Switch Operating System 23. privpw This command allows you to create or change the privacy password. The options are des (CBC-DES Symmetric Encryption Protocol) or none. You need to provide a security name to create the USM entry. If you specify des as the privacy protocol. 278 Chapter 6: The Configuration Menu 320506-A.0. auth md5|sha|none This command allows you to configure the authentication protocol between HMAC-MD5-96 or HMAC-SHA-96. priv des|none This command allows you to configure the type of privacy protocol on your switch. The privacy protocol protects messages from disclosure. January 2006 .

January 2006 279 .6. type included|excluded This command indicates whether the corresponding instances of vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask define a family of view subtrees. Chapter 6: The Configuration Menu 320506-A.2. cfg/sys/ssnmp/snmpv3/view SNMPv3 View Configuration Menu [SNMPv3 vacmViewTreeFamily 1 Menu] name . which in combination with the corresponding tree defines a family of view subtrees.0.Set view mask type . cur Displays the current vacmViewTreeFamily configuration.. which when combined with the corresponding mask defines a family of view subtrees.Set view name tree . 1. max 32 characters> This command defines MIB tree. a string of maximum 32 characters. max size 32 characters> This command defines the bit mask.1.0.1. mask <bitmask.Nortel Application Switch Operating System 23.3.Set MIB subtree(OID) which defines a family of view subtrees mask .1.1.Display current vacmViewTreeFamily configuration Table 6-13 SNMPv3 View Menu Options (/cfg/sys/ssnmp/snmpv3/view) Command Syntax and Usage name <32 character name> This command defines the name for a family of view subtrees up to a maximum of 32 characters.Set view type del . such as. del Deletes the vacmViewTreeFamily group entry.2 Command Reference Table 6-12 User Security Model Configuration Menu Options (/cfg/sys/ssnmp/ snmpv3/usm) Command Syntax and Usage del Deletes the USM user entries. which is included in or excluded from the MIB view.Delete vacmViewTreeFamily entry cur . tree <object identifier. cur Displays the USM user entries.

Nortel Application Switch Operating System 23. model usm|snmpv1|snmpv2 Allows you to select the security model to be used.Set security model level .Set content prefix model .Set write view index nview . An SNMP context is a collection of management information that an SNMP entity can access. 280 Chapter 6: The Configuration Menu 320506-A.Set prefix only or exact match rview . The view-based Access Control Model defines a table that lists the locally available contexts by contextName.Set read view index wview .Display current vacmAccess configuration Table 6-14 View-based Access Control Model Menu Options (/cfg/sys/ssnmp/ snmpv3/access) Command Syntax and Usage name <32 character name> Defines the name of the group. The authPriv means that the SNMP message will be sent both with authentication and using a privacy protocol.2 Command Reference /cfg/sys/ssnmp/snmpv3/access View-based Access Control Model Configuration Menu The view-based Access Control Model defines a set of services that an application can use for checking access rights of the user. see RFC2571.0. The level noAuthNoPriv means that the SNMP message will be sent without authentication and without using a privacy protocol. For more information on naming the management information. [SNMPv3 vacmAccess 1 Menu] name . prefix <32 character name> Defines the name of the context.Set group name prefix .Set notify view index del . January 2006 . An SNMP entity has access to many contexts. the SNMP Architecture document.Set minimum level of security match . Access control is needed when the user has to process SNMP retrieval or modification request from an SNMP entity. level noAuthNoPriv|authNoPriv|authPriv Defines the minimum level of security required to gain access rights. The level authNoPriv means that the SNMP message will be sent with authentication but without using a privacy protocol.Delete vacmAccess entry cur .

If the value is empty or if there is no active MIB view having this value then no access is granted. Chapter 6: The Configuration Menu 320506-A. January 2006 281 .Nortel Application Switch Operating System 23.0. cur Displays the View-based Access Control configuration. wview <32 character view name> This is a 32 character long write view name that allows you write access to the MIB view. then all the rows whose contextName exactly matches the prefix are selected. If the value is set to prefix then the all the rows where the starting octets of the contextName exactly match the prefix are selected. nview <32 character view name> This is a 32 character long notify view name that allows you notify access to the MIB view. del Deletes the View-based Access Control entry. If the value is empty or if there is no active MIB view having this value then no access is granted.2 Command Reference Table 6-14 View-based Access Control Model Menu Options (/cfg/sys/ssnmp/ snmpv3/access) Command Syntax and Usage match exact|prefix If the value is set to exact. rview <32 character view name> This is a 32 character long read view name that allows you read access to a particular MIB view.

January 2006 . cur Displays the current vacmSecurityToGroup configuration.Set group gname del .2 Command Reference /cfg/sys/ssnmp/snmpv3/group SNMPv3 Group Configuration Menu [SNMPv3 vacmSecurityToGroup 1 Menu] model .Set security model uname .0.Display current vacmSecurityToGroup configuration Table 6-15 SNMPv3 Group Menu Options (/cfg/sys/ssnmp/snmpv3/group) Command Syntax and Usage model usm|snmpv1|snmpv2 Defines the security model.Delete vacmSecurityToGroup entry cur . del Deletes the vacmSecurityToGroup entry.Set USM user name gname . uname <32 character name> Sets the user name as defined in /cfg/sys/ssnmp/snmpv3/usm/name on page 278. 282 Chapter 6: The Configuration Menu 320506-A. gname <32 character name> The name for the access group as defined in /cfg/sys/ssnmp/snmpv3/access/name on page 280.Nortel Application Switch Operating System 23.

The configured entry is stored in the community table list in the SNMP engine. tag <list of tag string.2 Command Reference /cfg/sys/ssnmp/snmpv3/comm SNMPv3 Community Table Configuration Menu This command is used for configuring the community table entry.Set community index name . max 255 characters> Allows you to configure a tag of up to 255 characters maximum.0. cur Displays the community table configuration.Set community tag del . name <32 character name> Defines the user name as defined in /cfg/sys/ssnmp/snmpv3/usm/name on page 278.Delete communityTable entry cur . del Deletes the community table entry.Nortel Application Switch Operating System 23.Display current communityTable configuration Table 6-16 SNMPv3 Community Table Configuration Menu Options (/cfg/sys/ ssnmp/snmpv3/comm) Command Syntax and Usage index <32 character name> Allows you to configure the unique index value of a row in this table consisting of 32 characters maximum. January 2006 283 . This tag specifies a set of transport endpoints to which a command responder application sends an SNMP trap.Set community string uname . [SNMPv3 snmpCommunityTable 1 Menu] index . Chapter 6: The Configuration Menu 320506-A.Set USM user name tag . uname <32 character name> Defines a readable 32 character long string that represents the corresponding value of an SNMP community name in a security model. This table is used to configure community strings in the Local Configuration Datastore (LCD) of SNMP engine.

January 2006 .Display current targetAddrTable configuration Table 6-17 Target Address Table Menu Options (/cfg/sys/ssnmp/snmpv3/taddr) Command Syntax and Usage name <32 character name> Allows you to configure the locally arbitrary. port <transport address port> Allows you to configure a transport address port that can be used in the generation of SNMP traps. target address name associated with this entry. [SNMPv3 snmpTargetAddrTable 1 Menu] name .0. but unique identifier. max 255 characters> Allows you to configure a list of tags that are used to select target addresses for a particular operation.2 Command Reference /cfg/sys/ssnmp/snmpv3/taddr SNMPv3 Target Address Table Configuration Menu This command is used to configure the target transport entry. taglist <list of tag string. del Deletes the Target Address Table entry.Set target transport address IP port .Delete targetAddrTable entry cur .Set targetParams name del . This table of transport addresses is used in the generation of SNMP messages.Set tag list pname . 284 Chapter 6: The Configuration Menu 320506-A.Nortel Application Switch Operating System 23.Set target address name addr . The configured entry is stored in the target address table list in the SNMP engine.Set target transport address port taglist . addr <transport address ip> Allows you to configure a transport address IP that can be used in the generation of SNMP traps. pname <32 character name> Defines the name as defined in /cfg/sys/ssnmp/snmpv3/tparam/name on page 285. cur Displays the current Target Address Table configuration.

SNMPv2c.Set message processing model model .2 Command Reference /cfg/sys/ssnmp/snmpv3/tparam SNMPv3 Target Parameters Table Configuration Menu You can configure the target parameters entry and store it in the target parameters table in the SNMP engine.Set USM user name level . [SNMPv3 snmpTargetParamsTable 1 Menu] name .Display current targetParamsTable configuration Table 6-18 Target Parameters Table Configuration Menu Options (/cfg/sys/ ssnmp/snmpv3/tparam) Command Syntax and Usage name <32 character name> Allows you to configure the locally arbitrary. Chapter 6: The Configuration Menu 320506-A. This table contains parameters that are used to generate a message. The parameters include the message processing model (for example: SNMPv3. The level authNoPriv means that the SNMP message will be sent with authentication but without using a privacy protocol.Delete targetParamsTable entry cur .Set minimum level of security del . uname <32 character name> Defines the name that identifies the user in the USM table (page 278) on whose behalf the SNMP messages are generated using this entry. authNoPriv. The level noAuthNoPriv means that the SNMP message will be sent without authentication and without using a privacy protocol. mpmodel snmpv3|snmpv1|snmpv2c Allows you to configure the message processing model that is used to generate SNMP messages. the security name. level noAuthNoPriv|authNoPriv|authPriv Allows you to select the level of security to be used when generating the SNMP messages using this entry.Set target params name mpmodel . or authPriv). and the security level (noAuthnoPriv.Set security model uname . but unique identifier that is associated with this entry. model usm|snmpv1|snmpv2 Allows you to select the security model to be used when generating the SNMP messages.Nortel Application Switch Operating System 23. the security model (for example: USM). The authPriv means that the SNMP message will be sent both with authentication and using a privacy protocol. SNMPv1). January 2006 285 .0.

is selected. A notification typically monitors a system for particular events or conditions. and generates Notification-Class messages based on these events or conditions. max 255 characters> Allows you to configure a tag of 255 characters maximum that contains a tag value which is used to select entries in the Target Address Table. tag <list of tag string.Display current notifyTable configuration Table 6-19 Notify Table Menu Options (/cfg/sys/ssnmp/snmpv3/notify) Command Syntax and Usage name <32 character name> Defines a locally arbitrary but unique identifier associated with this SNMP notify entry.2 Command Reference Table 6-18 Target Parameters Table Configuration Menu Options (/cfg/sys/ ssnmp/snmpv3/tparam) Command Syntax and Usage del Deletes the targetParamsTable entry. [SNMPv3 snmpNotifyTable 1 Menu] name . Any entry in the snmpTargetAddrTable.Delete notifyTable entry cur . cur Displays the current notify table configuration.Set notify name tag . 286 Chapter 6: The Configuration Menu 320506-A. /cfg/sys/ssnmp/snmpv3/notify SNMPv3 Notify Table Configuration Menu SNMPv3 uses Notification Originator to send out traps.Nortel Application Switch Operating System 23.Set notify tag del . that matches the value of this tag. del Deletes the notify table entry.0. cur Displays the current targetParamsTable configuration. January 2006 .

Turn system TCP health services ON off . rem <TCP port (2-65534)> Removes TCP services that were added for listening to health checks. off Turns off the TCP health check services.Turn system TCP health services OFF cur . such as 80 for HTTP.Nortel Application Switch Operating System 23.0.Remove TCP services from listening on . January 2006 287 . Specify a TCP service port number.Display current TCP health services configuration Table 6-20 System Health Check Configuration Menu Options (/cfg/sys/health) Command Syntax and Usage add <TCP port (2-65534)> Adds TCP services to listen to the health checks. such as 80 for HTTP.2 Command Reference /cfg/sys/health System Health Check Configuration Menu [System TCP Health Menu] add . cur Displays the current TCP health check services configuration. Chapter 6: The Configuration Menu 320506-A.Add TCP services to listen for health check rem . Specify a TCP service port number. on Turns on the TCP health check services.

set this to a different port (such as 8080).XML Configuration Access Menu http . see page 295.To view menu options. The default is HTTP port 80.Nortel Application Switch Operating System 23. If Global Server Load Balancing is to be used. ICMP. http disable|enable Enables or disables HTTP (Web) access to the browser-based interface. https Displays HTTPS Server Access Menu.SSH Server Menu xml .0.Set Telnet server port number rlimit .Set HTTP (Web) server port number snmp . To view menu options. read-only. 288 Chapter 6: The Configuration Menu 320506-A. user Displays the User Access Control Menu. wport <TCP port number (1-65535)> Sets the switch port used for serving switch Web content. snmp disable|read-only|read-write Sets the snmp user access level to either disabled. You will see this command only if you are connected to the switch through the console port.Set SNMP access control tnport .Enable/disable HTTP (Web) server access wport .Set max rate of ARP. see page 291.2 Command Reference /cfg/sys/access System Access Control Configuration [System Access Menu] mgmt . TCP. This command is disabled by default. January 2006 .User Access Control Menu (passwords) https .Display current system access configuration Table 6-21 System Access Configuration Menu Options (/cfg/sys/access) Command Syntax and Usage mgmt Displays the Management Configuration Menu. see page 289. or UDP packets to MP cur . tnet Enables or disables Telnet access to the switch. It is disabled by default. or read-write.HTTPS (Web) Server Access Menu sshd . To view menu options. port Dispal the port management access menu.Port Management Access Menu user . see page 291. To view menu options.Management Network Access Menu port .

Then specify the maximum rate. Specify which protocol you wish to limit.Remove mgmt network definition cur . /cfg/sys/access/mgmt Management Networks Menu This menu is used to define IP address ranges which are allowed to access the switch for management purposes. which the maximum number of packets per second that is allowed to enter the switch. TCP. Nortel Application Switch Operating System 23. cur Displays the current configuration. rlimit <arp|icmp|tcp|udp> <max rate. NOTE – The add and rem commands below replace the /cfg/sys/mnet and /cfg/ sys/mmask commands found in earlier releases of Nortel Application Switch Operating System. or UDP protocols. [Management Networks Menu] add .0 supports up to 10 management networks.Nortel Application Switch Operating System 23.Display current mgmt network definitions Chapter 6: The Configuration Menu 320506-A.2 Command Reference Table 6-21 System Access Configuration Menu Options (/cfg/sys/access) Command Syntax and Usage tnport <TCP port number> The TCP port number that the telnet server listens for telnet sessions. January 2006 289 . ICMP. 0-65535 (pkts/sec)> Sets switch-wide rate limiting on traffic entering the switch over ARP.0. Sets an optional telnet server port number for cases where the server listens for telnet sessions on a non-standard port.Add mgmt network definition rem .

RIP. January 2006 . NOTE – If you configure the management network without including the switch interfaces. which consists of a management network address and a management network mask address. or the Nortel Application Switch Operating System browser-based interface.0. it will cause the Firewall Load Balancing health checks to fail and will create a “Network Down” state on the network.2 Command Reference Table 6-22 Management Network Menu Options (/cfg/sys/access/mgmt) Command Syntax and Usage add <mgmt network address> <mgmt network mask> Adds a defined network through which switch access is allowed through Telnet. SNMP. Specify an IP address and mask address in dotted-decimal notation.Nortel Application Switch Operating System 23. A range of IP addresses is produced when used with a network mask address. rem <mgmt network address> <mgmt network mask> Removes a defined network. 290 Chapter 6: The Configuration Menu 320506-A. cur Displays the current configuration.

rem <port_number> Remove a port from management access. January 2006 291 . aadd Add all ports with management access. /cfg/sys/access/user User Access Control Menu uid usrpw sopw l4opw opw sapw l4apw admpw cur User ID Menu Set user password (user) Set SLB operator password (slboper) Set L4 operator password (l4oper) Set operator password (oper) Set Slb administrator password (slbadmin) Set L4 administrator password (l4admin) Set administrator password (admin) Display current user status Chapter 6: The Configuration Menu 320506-A. arem Remove all ports from management access. cur Displays the port numbers that currently have management access.Remove all ports from management access cur .2 Command Reference /cfg/sys/access/port Port Management Access Menu [Port Management Access Menu] add .Display current ports with management access Table 6-23 Port Management Access Menu Options Command Syntax and Usage add <port_number> Add a port with management access.Nortel Application Switch Operating System 23.Add port with management access aadd .Add all ports with management access rem .0.Remove port from management access arem .

Table 6-24 User Access Control Menu Options (/cfg/sys/access/user) Command Syntax and Usage uid <User ID. usrpw Sets the user (user) password. l4opw Sets the Layer 4 operator (l4oper)password. He or she can view switch status information and statistics.0. 1-10> Displays the User ID Menu.Nortel Application Switch Operating System 23. He or she can view all switch information and statistics and can reset ports or the entire switch. The Layer 4 administrator configures and manages traffic on the lines leading to the shared Internet services. sapw Sets the SLB administrator (slbadmin) password. l4apw Sets the Layer 4 administrator (l4admin) password. but can configure changes only on the Server Load Balancing menus. see page 294. opw Sets the operator (oper)password. The operator manages all functions of the switch. Access includes “slbadmin” functions. The SLB operator manages Web servers and other Internet services and their loads. He or she can view all switch information and statistics.2 Command Reference NOTE – Passwords can be a maximum of 15 characters. He or she can view all switch information and statistics. To view menu options. He or she can view all switch information and statistics and can configure parameters on the Server Load Balancing menus. Access includes “slboper” functions. The Layer 4 operator manages traffic on the lines leading to the shared Internet services. January 2006 . Administrator who configures and manages Web servers and other Internet services and their loads. Access includes “l4oper” functions. but cannot make any configuration changes. The operator password can have a maximum of 15 characters. with the exception of not being able to configure filters. He or she can view all switch information and statistics and can enable/disable servers using the Server Load Balancing configuration menus. sopw Sets the SLB operator (slboper)password. The user has no direct responsibility for switch management. 292 Chapter 6: The Configuration Menu 320506-A. Note that the Filter Menu options are not accessible to the SLB administrator. Access includes “user” functions. Access includes “l4oper” functions.

and configuration commands on the Nortel Application Switch. January 2006 293 .Nortel Application Switch Operating System 23.2 Command Reference Table 6-24 User Access Control Menu Options (/cfg/sys/access/user) Command Syntax and Usage admpw Sets the administrator (admin) password. including the ability to change both the user and administrator passwords.0. Chapter 6: The Configuration Menu 320506-A. cur Displays the current user status. The super user administrator has complete access to all menus. Access includes “oper” and “l4admin” functions. information.

the real server name. ena Enables the user ID. SLB Administrator. 1-1023> Removes a real server access from this user.Nortel Application Switch Operating System 23.Enable user ID . January 2006 . the operational state of the real server.Add real server . add <real server number. 1-1023> Assigns a real server access to this user.Disable user ID . and the number of current sessions.Display current user configuration Table 6-25 User ID Configuration Menu Options (/cfg/sys/access/user/uid) Command Syntax and Usage cos <user|slboper|l4oper|oper|slbadmin|l4admin|admin> Sets the Class-of-Service to define the user’s authority level. dis Disables the user ID.Set class of service . Nortel Application Switch Operating System defines these levels as: User. Using this command you can list the current status of the real server including the real server number.2 Command Reference /cfg/sys/access/user/uid System User ID Configuration Menu This feature allows the users to operate the real servers assigned to them. pswd <15 char max> Sets the user password of up to 15 characters maximum. 294 Chapter 6: The Configuration Menu 320506-A.Remove real server . [User ID 1 cos name pswd add rem ena dis del cur Menu] . with User being the most restricted level. name <8 char max> Defines the user name of maximum eight characters.Set user name .0.Set user password . You can enable or disable the real servers and change the password for accessing these real servers. Operator. and Administrator. Layer 4 Operator. rem <real server number.Delete user ID . SLB Operator.

port <TCP port number> Defines the HTTPS Web server port number.0. Then the switch will restart SSL agent. section) []: Alteon Common Name (for example. For example: Country Name (2 letter code) [ ]: CA State or Province Name (full name) []: Ontario Locality Name (for example.com You will be asked to confirm if you want to generate the certificate. cur Displays the current user ID configuration.Nortel Application Switch Operating System 23. A default certificate is created when HTTPS is enabled for the first time. The user can create a new certificate defining the information that they want to be used in the various fields. city) []: Ottawa Organization Name (for example. email address) []: info@nortelnetworks. Chapter 6: The Configuration Menu 320506-A. user’s name) []: Mr Smith Email (for example. company) []: Nortel Networks Organizational Unit Name (for example. /cfg/sys/access/https HTTPS Access Configuration Menu [https Menu] https port generate certSave cur Enable/Disable HTTPS Web access HTTPS WebServer port number Generate self-signed HTTPS server certificate save HTTPS certificate Display current SSL Web Access configuration Table 6-26 HTTPS Access Configuration Menu Options (/cfg/sys/access/https) Command Syntax and Usage https Enables or disables BBI access (Web access) using HTTPS. It will take approximately 30 seconds to generate the certificate.2 Command Reference Table 6-25 User ID Configuration Menu Options (/cfg/sys/access/user/uid) Command Syntax and Usage del Deletes the user ID. January 2006 295 . generate Allows you to generate a certificate to connect to the SSL to be used during the key exchange.

2 Command Reference Table 6-26 HTTPS Access Configuration Menu Options (/cfg/sys/access/https) Command Syntax and Usage certSave Allows the client.0. cur Displays the current SSL Web Access configuration. or the Web browser. January 2006 . 296 Chapter 6: The Configuration Menu 320506-A.Nortel Application Switch Operating System 23. to accept the certificate and save the certificate to Flash to be used when the switch is rebooted.

Enable SCP apply and save on .Display current SSH server configuration Table 6-27 SSH Server Menu Options Command Syntax and Usage sshport <TCP_port_number> Set the server port number.Turn SSH server ON (SSHv1/SSHv2) cur .Nortel Application Switch Operating System 23. January 2006 297 . Chapter 6: The Configuration Menu 320506-A.0.2 Command Reference /cfg/sys/access/sshd SSH Server Menu [SSH Server Menu] sshport . ena Sets the SCP apply and save. on Set the SSH server to on.Set SSH server port number ena . cur Display the current SSH server configuration.

Current XML client certificate has been deleted from FLASH dispcert Display the current XML certificate. Current XML debug: enabled Enter new XML debug [d/e]: cur Display current XML configuration. Enter hostname or IP address of FTP/TFTP server: Enter name of file on FTP/TFTP server: Enter username for FTP server or hit return for TFTP server: delcert Delete XML client certificate. January 2006 .Delete XML client certificate dispcert .Debug XML operations cur . use "diff" to see them.Enable/disable XML config access port .2 Command Reference /cfg/sys/access/xml XML Configuration Access Menu [XML Config Access Menu] xml .Import XML client certificate delcert . see page 299 port <TCP_port_number> Set the XML server port number. 298 Chapter 6: The Configuration Menu 320506-A. Enabling XML debugging causes all commands in the XML file to be echoed to the Console and prefaces each one with running XML cmd: or Invalid XML cmd:.Nortel Application Switch Operating System 23.Display XML client certificate debug . debug Toggle Debug mode on or off.0. For an example.Set XML server port number gtcert .Display current XML config access configuration Table 6-28 XML Configuration Menu Options Command Syntax and Usage xml Enable or disable XML access. gtcert Import an XML client certificate. All responses to the commands will also be output to the Console. XML config access currently disabled on TCP port 443 XML debug is enabled Note: there are pending config changes.

Nortel Application Switch Operating System 23.0.2 Command Reference /cfg/sys/access/xml/xml Example of enabling or disabling XML access Current XML access: disabled Pending new XML access: enabled Enter new XML access [d/e]: Chapter 6: The Configuration Menu 320506-A. January 2006 299 .

0. 1) Anguilla 18) Ecuador 35) Paraguay 2) Antigua & Barbuda 19) El Salvador 36) Peru 3) Argentina 20) French Guiana 37) Puerto Rico 4) Aruba 21) Greenland 38) St Kitts & Nevis 5) Bahamas 22) Grenada 39) St Lucia 6) Barbados 23) Guadeloupe 40) St Pierre & Miquelon 7) Belize 24) Guatemala 41) St Vincent 8) Bolivia 25) Guyana 42) Suriname 9) Brazil 26) Haiti 43) Trinidad & Tobago 10) Canada 27) Honduras 44) Turks & Caicos Is 11) Cayman Islands 28) Jamaica 45) United States 12) Chile 29) Martinique 46) Uruguay 13) Colombia 30) Mexico 47) Venezuela 14) Costa Rica 31) Montserrat 48) Virgin Islands (UK) 15) Cuba 32) Netherlands Antilles 49) Virgin Islands (US) 16) Dominica 33) Nicaragua 17) Dominican Republic 34) Panama Enter the number of your choice: 10 300 Chapter 6: The Configuration Menu 320506-A.2 Command Reference /cfg/sys/timezone Configure the Timezone >> Main# /cfg/sys/timezone Please identify a location so that time zone rules can be set correctly.Nortel Application Switch Operating System 23. 1) Africa 2) Americas 3) Antarctica 4) Arctic Ocean 5) Asia 6) Atlantic Ocean 7) Australia 8) Europe 9) Indian Ocean 10) Pacific Ocean 11) None .disable timezone setting Enter the number of your choice: 2 Please select a country. January 2006 . Please select a continent or ocean.

Saskatchewan .most locations 13) Central Standard Time . east British Columbia & west Saskatchewan 15) Mountain Time .Dawson Creek & Fort Saint John.Alberta.most locations 5) Eastern Time . E Quebec & PEI 3) Atlantic Time . NB. 1) Newfoundland Island 2) Atlantic Time .Saskatchewan .0.Nortel Application Switch Operating System 23.Rainy River & Fort Frances.2 Command Reference Please select one of the following time zone regions. British Columbia 18) Pacific Time .south Yukon 20) Pacific Time .central Nunavut 9) Central Time . Ontario 6) Eastern Standard Time .Ontario & Quebec .Nova Scotia (most places).E Labrador 4) Eastern Time .west Nunavut 12) Central Standard Time .north Yukon Enter the number of your choice: 2 /cfg/port <port number> Port Configuration The Port Menu enables you to configure settings for individual switch ports.Manitoba & west Ontario 10) Central Time .east Nunavut 8) Eastern Standard Time .Pangnirtung.west Northwest Territories 17) Mountain Standard Time . Chapter 6: The Configuration Menu 320506-A. This command is enabled by default. January 2006 301 .west British Columbia 19) Pacific Time . W Labrador.midwest 14) Mountain Time .Thunder Bay.central Northwest Territories 16) Mountain Time . Nunavut 7) Eastern Standard Time . Ontario 11) Central Time . Port configuration is different on Nortel Application Switch Operating System 2000 series and 3000 series.

302 Chapter 6: The Configuration Menu 320506-A. The SFP modules are not shipped with the product. January 2006 . You may order the SFP modules from Nortel Networks. and support half or full-duplex operation. auto-negotiating.0. please refer to the Hardware Installation Guide for Nortel Application Switch Operating System. SFP GBIC Ports The LC jack is used for connecting Gigabit Ethernet fiber optic segments.Nortel Application Switch Operating System 23. The ports are auto-sensing.2 Command Reference Nortel Application Switch Operating System 2000 Series The following table displays the number of Fast Ethernet ports and SFP GBIC ports with the numbering of the ports on Nortel Application Switch Operating System 2000 series: Table 6-29 Port Configuration and Numbering on Nortel Application Switch Operating System 2000 Series Model Nortel Application Switch 2208 (1U) Nortel Application Switch 2216 (1U) Nortel Application Switch 2224 (1U) Nortel Application Switch 2424 (1U) 10/100 Mbps Fast Ethernet 1000 Mbps SFP GBIC Port Port Numbers Numbers 1–8 1–16 1–24 1–24 9–10 17–18 25–26 25–28 Fast Ethernet Ports The RJ-45 jack is used for connecting 10/100 Mbps Ethernet segments to the port. For more information on connectors.

Enable/disable allowing only IP related frames at ingress ena .Set port alias name .Enable port dis .Disable port cur .Set BW Contract for non-IP traffic egbw .Enable/Disable RMON for port tag . pvid <VLAN number. The default number is 1. The assigned port name appears next to the port number on some information and statistics screens. The default is set to none. 1-4090> Sets the default VLAN number which will be used to forward frames which are not VLAN tagged.Gig Phy Menu pvid .Display current port configuration Table 6-30 Port Configuration Menu Options (/cfg/port) Command Syntax and Usage fast If a port is configured to support Fast Ethernet. alias <15 characters string> Set an alias for the port number.2 Command Reference The commands on Nortel Application Switch Operating System 2000 series and their description are as follows: [Port <port_number> Menu] fast . January 2006 303 .Set default port VLAN id alias . see page 313. name <64 character string>|none Sets a name for the port.Set port egress bandwidth Limit rmon . 1-1024> Sets the Bandwidth Management contract for non-IP traffic for this port.Set port name cont .Nortel Application Switch Operating System 23. see page 313.Fast Phy Menu gig . To view menu options.0. this option displays the Fast Ethernet Physical Link Menu.Enable/disable VLAN tagging for port iponly . Chapter 6: The Configuration Menu 320506-A. this option displays the Gigabit Ethernet Physical Link Menu. To view menu options.Set default port BW Contract nonip . gig If a port is configured to support Gigabit Ethernet. cont <BWM Contract (1-1024)> Sets the default Bandwidth Management Contract for this port. nonip <BW Contract number.

The default is 0. January 2006 .Nortel Application Switch Operating System 23. dis Disables the port. (To temporarily disable a port without changing its configuration attributes.Display current fast link configuration Use these menu options to set port parameters for the port link. /cfg/port <port number> fast|gig Port Link Configuration [Fast Link Menu] speed .0. For example. the egress bandwidth for an FE port will be 100m.Set link speed mode .Set auto negotiation cur . It is disabled by default. Using this command. rmon disable|enable Disables or enables RMON for this port. refer to “Temporarily Disabling a Port” on page 314. you can configure the egress bandwidth limit of the port to match with the bandwidth link of the receiving router or the switch. NOTE – You need Bandwidth Management license to use this command. tag disable|enable Disables or enables VLAN tagging for this port.2 Command Reference Table 6-30 Port Configuration Menu Options (/cfg/port) Command Syntax and Usage egbw <0k-5000k|1m-100m> Sets the egress bandwidth limit for the port to avoid overloading the receiving router or switch.Set full or half duplex mode fctl . iponly disable|enable Disables or enables allowing only IP-related frames. 304 Chapter 6: The Configuration Menu 320506-A. It is disabled by default. It is disabled by default. This means that the port’s speed will be taken as the egress bandwidth.Set flow control auto .) cur Displays the current port parameters. ena Enables the port.

and negotiation mode for the port link. The choices include: Any for automatic detection (default) 10 Mbps 100 Mbps This menu appears only if a Fast Ethernet port is selected.0. these options do not appear on the Gigabit Link Menu. NOTE – Since the speed and mode parameters cannot be set for Gigabit Ethernet ports. January 2006 305 . mode full|half|any Sets the operating mode. fctl rx|tx|both|none Sets the flow control. This command is available only in the Fast Link Menu. Not all options are valid on all ports. the following message is displayed: >> Port 1# gig Current Port 1 does not have Gig Ethernet phy. This command is available only in the Fast Link Menu. Table 6-31 Port Link Configuration Menu Options (/cfg/port/fast|gig) Command Syntax and Usage speed 10|100|any Sets the link speed. cur Displays the current port parameters.The choices include: Receive flow control Transmit flow control Both receive and transmit flow control (default) No flow control auto on|off Enables or disables auto negotiation for the port.2 Command Reference NOTE – If the port does not have a Gig Ethernet physical link. Using these configuration menus. Chapter 6: The Configuration Menu 320506-A. Link menu options are described in Table 6-38 and appear on the fast and gig port configuration menus for the Nortel Application Switch. you can set port parameters such as speed.Nortel Application Switch Operating System 23. flow control.The choices include: Any for auto negotiation (default) Full-duplex Half-duplex This menu appears only if a Fast Ethernet port is selected.

You can set either interface as the preferred or backup link. 2. autonegotiation must be turned on. 4. and 8) with RJ-45 connectors. However. These ports are designed to operate at 1000 Mbps and full duplex mode only. 306 Chapter 6: The Configuration Menu 320506-A. full-duplex with autonegotiation turned on. refer to the Nortel Application Switch Operating System Hardware Installation Guide Part Number 315393-E. if 1000 Mbps is selected. When the 1000 Mbps SFP GBIC port is selected as the preferred link.Nortel Application Switch Operating System 23. Their description is as follows: Four 1000BaseT ports (1. January 2006 . and 6). These ports have two interfaces each: 1000 Mbps SFP GBIC and 10/100/1000Base-T Copper. When the 10/100/1000Base-T copper port is selected as the preferred link. See “Dual-Mode Ports” on page 311 for more details.0. 2. it is fixed at 1000 Mbps. Four dual-mode ports (3. 7. 7. it can be configured at any speed. Four Small Form Pluggable (SFP) GBIC Fiber ports (9–12). NOTE – For more information on connectors.2 Command Reference Nortel Application Switch 3000 Series The following table displays the port configuration and numbering on Nortel Application Switch 3408: Table 6-32 Port configuration on Nortel Application Switch 3408 Model Nortel Application Switch 3408 (1U) 10/100/1000Base-T Copper Port Numbers 1. 8 Dual-Mode Port Numbers 3–6 1000 Mbps SFP GBIC Port Numbers 9–12 Port Configuration on Nortel Application Switch 3408 The Nortel Application Switch 3408 contains 12 ports. 5. The ports are autonegotiating and support half or full duplex operation.

The assigned port name appears next to the port number on some information and statistics screens. you see the menu below: [Port 1 Menu] fast gig pvid alias name cont nonip egbw rmon tag iponly ena dis cur - Fast Phy Menu Gig Phy Menu Set default port VLAN id Set port alias Set port name Set default port BW Contract Set BW Contract for non-IP traffic Set port egress bandwidth Limit Enable/Disable RMON for port Enable/disable VLAN tagging for port Enable/disable allow IP related frames at ingress Enable port Disable port Display current port configuration Table 6-33 Single-Mode Copper Port Configuration Menu Options (/cfg/port <1. 2. It is disabled by default. January 2006 307 . The default is set to None. Chapter 6: The Configuration Menu 320506-A. cont <BWM Contract (1-1024)> Sets the default Bandwidth Management Contract for this port. see page 308. 7. or 8>) Command Syntax and Usage gig If a port is configured to support Gigabit Ethernet. this option displays the Copper Gigabit Ethernet Physical Link Menu.Nortel Application Switch Operating System 23.2 Command Reference Single-Mode ports 10/100/1000Base-T Copper Ports When you select a single-mode copper port (1. 2. It is disabled by default. pvid <VLAN number (1-4090)> Sets the default VLAN number which will be used to forward frames which are not VLAN tagged. name <64 character string>|none Sets a name for the port. or 8). The default number is 1. rmon disable|enable Disables or enables RMON for this port. tag disable|enable Disables or enables VLAN tagging for this port. It is disabled by default. To view menu options.0. iponly disable|enable Disables or enables allowing only IP-related frames. 7.

The choices include: Any for automatic detection (default) 10 Mbps 100 Mbps 1000 Mbps mode full|half|any Sets the operating mode. you can set port parameters such as speed.Set link speed mode . 7.Display current ge copper link configuration Use these menu options to set port parameters for the port link. 2. The choices include: Any for auto negotiation (default) Full-duplex Half-duplex 308 Chapter 6: The Configuration Menu 320506-A. (To temporarily disable a port without changing its configuration attributes. Using these configuration menus. 7. Table 6-34 Single-Mode Copper Port Gigabit Ethernet Link Configuration Menu Options (/cfg/port <1. flow control. or 8>/gig) Command Syntax and Usage speed 10|100|1000|any Sets the link speed. or 8>) Command Syntax and Usage ena Enables the port.) cur Displays the current port parameters.Set flow control auto .Nortel Application Switch Operating System 23. /cfg/port <port number> gig Single-Mode Copper Port Gigabit Ethernet Link Configuration Menu [GE Copper Link Menu] speed .Set duplex mode fctl .0. Link menu options are described in Table 6-38 and appear on the gig port configuration menus for the Nortel Application Switch. January 2006 . and negotiation mode for the port link. 2. Not all options are valid on all ports.2 Command Reference Table 6-33 Single-Mode Copper Port Configuration Menu Options (/cfg/port <1. refer to “Temporarily Disabling a Port” on page 314.Set auto negotiate cur . dis Disables the port.

January 2006 309 . pvid <VLAN number (1-4090)> Sets the default VLAN number which will be used to forward frames which are not VLAN tagged. The default number is 1. cur Displays the current Gigabit Ethernet copper link port parameters. or 8>/gig) Command Syntax and Usage fctl rx|tx|both|none Sets the flow control.Nortel Application Switch Operating System 23. 7.The choices include: Receive flow control Transmit flow control Both receive and transmit flow control (default) No flow control auto on|off Enables or disables autonegotiation for the port. To view menu options.2 Command Reference Table 6-34 Single-Mode Copper Port Gigabit Ethernet Link Configuration Menu Options (/cfg/port <1.0. 2. this option displays the SFP Gigabit Ethernet Physical Link Menu. Chapter 6: The Configuration Menu 320506-A. 1000 Mbps SFP GBIC Fiber SFP Ports When you select a single-mode SFP fiber port (9–12). see page 310. you see a slightly different menu as below: [Port 9 Menu] gig pvid name cont egbw rmon tag iponly ena dis cur - SFP Gig Phy Menu Set default port VLAN id Set port name Set default port BW Contract Set port egress bandwidth Limit Enable/Disable RMON for port Enable/disable VLAN tagging for port Enable/disable allowing only IP related frames Enable port Disable port Display current port configuration Table 6-35 Single-Mode SFP Gigabit Ethernet Port Configuration Menu Options (/cfg/port <9–12>) Command Syntax and Usage gig If a port is configured to support Gigabit Ethernet. This command is available only in the Fast Link Menu.

It is disabled by default. cont <BWM Contract (1-1024)> Sets the default Bandwidth Management Contract for this port. ena Enables the port. 310 Chapter 6: The Configuration Menu 320506-A. January 2006 .) cur Displays the current port parameters.Set flow control . /cfg/port <port number> gig Single-Mode SFP Gigabit Ethernet Port Link Configuration Menu [GE SFP Link fctl auto cur Menu] . iponly disable|enable Disables or enables allowing only IP-related frames. The default is set to None. It is disabled by default.2 Command Reference Table 6-35 Single-Mode SFP Gigabit Ethernet Port Configuration Menu Options (/cfg/port <9–12>) Command Syntax and Usage name <64 character string>|none Sets a name for the port. It is disabled by default.Display current SFP gig link configuration Use these menu options to set port parameters for the port link.Nortel Application Switch Operating System 23. and negotiation mode for the port link. The assigned port name appears next to the port number on some information and statistics screens. refer to “Temporarily Disabling a Port” on page 314. you can set port parameters such as flow control. (To temporarily disable a port without changing its configuration attributes. dis Disables the port.Set auto negotiate . Using these configuration menus. rmon disable|enable Disables or enables RMON for this port. tag disable|enable Disables or enables VLAN tagging for this port. Link menu options are described in Table 6-38 and appear on the gig port configuration menus for the Nortel Application Switch.0.

Dual-Mode Ports When you select any one of the dual-mode ports (3–6). Chapter 6: The Configuration Menu 320506-A. see page 314. see page 313. The choices include: Receive flow control Transmit flow control Both receive and transmit flow control (default) No flow control auto on|off Enables or disables autonegotiation for the port. sfp Displays SFP Gigabit Physical Link Menu.Nortel Application Switch Operating System 23. cur Displays the current SFP Gigabit Ethernet link port parameters.2 Command Reference Table 6-36 Single-Mode SFP Gigabit Ethernet Port Link Configuration Menu Options (/cfg/port <9-12>/gig) Command Syntax and Usage fctl rx|tx|both|none Sets the flow control. you see the menu below: [Port 3 Menu] cop sfp pref back pvid name cont rmon tag iponly ena dis cur - Copper Gig Phy Menu SFP Gig Phy Menu Set preferred link Set backup link Set default port VLAN id Set port name Set default port BW Contract Enable/Disable RMON for port Enable/disable VLAN tagging for port Enable/disable allowing only IP related frames Enable port Disable port Display current port configuration Table 6-37 Dual-Mode Port Configuration Menu Options (/cfg/port <3–6>) Command Syntax and Usage cop Displays Copper Gigabit Physical Link Menu. To view menu options. To view menu options. January 2006 311 .0.

cont <BWM Contract (1-1024)> Sets the default Bandwidth Management Contract for this port. name <64 character string>|none Sets a name for the port.Nortel Application Switch Operating System 23. The assigned port name appears next to the port number on some information and statistics screens.0. dis Disables the port. back copper|sfp|none Sets the preference for the backup link if the preferred port is not available. The default number is 1. It is disabled by default. the port will not switch automatically to the backup port if the preferred port goes down. iponly disable|enable Disables or enables allowing only IP-related frames. The selected port will be used as the preferred port if both the ports are available.) cur Displays the current port parameters. 312 Chapter 6: The Configuration Menu 320506-A. refer to “Temporarily Disabling a Port” on page 314. You cannot set the preferred port as the backup port. rmon disable|enable Disables or enables RMON for this port. It is disabled by default. The default is set to None. It is disabled by default.2 Command Reference Table 6-37 Dual-Mode Port Configuration Menu Options (/cfg/port <3–6>) Command Syntax and Usage pref copper|sfp Sets the port preference between copper or SFP mode. pvid <VLAN number (1-4090)> Sets the default VLAN number which will be used to forward frames which are not VLAN tagged. If you choose none. ena Enables the port. January 2006 . (To temporarily disable a port without changing its configuration attributes. tag disable|enable Disables or enables VLAN tagging for this port.

Table 6-38 Dual-Mode Copper Port Link Configuration Menu Options (/cfg/port <3–6>/cop) Command Syntax and Usage speed 10|100|1000|any Sets the link speed.2 Command Reference /cfg/port <port number (3–6)> cop Dual-Mode Copper Port Link Configuration [GE Copper Link Menu] speed . January 2006 313 . Not all options are valid on all ports. The choices include: Receive flow control Transmit flow control Both receive and transmit flow control (default) No flow control auto on|off Enables or disables auto negotiation for the port.Set auto negotiate cur . you can set port parameters such as speed. The choices include: Any for automatic detection (default) 10 Mbps 100 Mbps 1000 Mbps mode full|half|any Sets the operating mode.Display current ge copper link configuration Use these menu options to set port parameters for the port link. Chapter 6: The Configuration Menu 320506-A. Using these configuration menus. cur Displays the current Gigabit Ethernet copper link port parameters.0. Link menu options are described in Table 6-38 and appear on the cop port configuration menus for the Nortel Application Switch. flow control. and negotiation mode for the port link.Set duplex mode fctl .Set link speed mode . The choices include: Any for autonegotiation (default) Full-duplex Half-duplex fctl rx|tx|both|none Sets the flow control.Nortel Application Switch Operating System 23.Set flow control auto .

Nortel Application Switch Operating System 23. See the “Operations Menu” on page 499 for other operations-level commands. Temporarily Disabling a Port To temporarily disable a port without changing its stored configuration attributes.0. The port state will revert to its original configuration when the Nortel Application Switch is reset.Set flow control . 314 Chapter 6: The Configuration Menu 320506-A. enter the following command at any prompt: Main# /oper/port <port number>/dis Because this configuration sets a temporary state for the port.Display current SFP gig link configuration Table 6-39 Dual-Mode SFP Gigabit Link Configuration Menu Options (/cfg/port <3-6>/sfp) Command Syntax and Usage fctl rx|tx|both|none Sets the flow control.2 Command Reference /cfg/port <port number (3–6)> sfp Dual-Mode SFP Gigabit Link Configuration Menu [GE SFP Link fctl cur Menu] . January 2006 . The choices include: Receive flow control Transmit flow control Both receive and transmit flow control (default) No flow control cur Displays the current SFP Gigabit link port configuration. you do not need to use apply or save.

0. network packets being sent and/or received on a target port are duplicated and sent to a monitor port. cur Displays the current settings of the mirrored and monitoring ports. see page 315.2 Command Reference /cfg/pmirr Port Mirroring Menu [Port Mirroring mirror monport cur Menu] Enable/Disable Mirroring Configure Monitor Port Display All Mirrored and Monitored Ports and VLANs Port mirroring is disabled by default. you can collect detailed information about your network performance and usage. January 2006 315 . The Port Mirroring Menu is used to configure. By attaching a network analyzer to the monitor port. When enabled.Rem "Mirrored" port and VLANs cur . Table 6-40 Port Mirroring menu options (/cfg/pmirr) Command Syntax and Usage mirror disable|enable Enables or disables port mirroring monport <monitoring port (port to mirror to)> Displays port-mirroring menu options that help configure the port. /cfg/pmirr monport Port-Mirroring Menu >> Port Mirroring# monport Enter port (1-28): <port_number> -----------------------------------------------------------[Port 1 Menu] add .Display current Port-based Port Mirroring configuration Chapter 6: The Configuration Menu 320506-A. enable. To view menu options.Add "Mirrored" port and VLANs rem .Nortel Application Switch Operating System 23. and disable the monitored port.

You can add specific VLAN(s) to a be monitored even if there are multiple VLANs associated with that port. rem <mirrored port (port to mirror from)> <vlan index or Carriage Return for all vlans> Removes the mirrored port. VLAN-based port mirroring allows the user to monitor traffic based on VLANs associated with a port.2 Command Reference Table 6-41 Port-Based Port-Mirroring Menu Options (/cfg/pmirr/monport) Command Syntax and Usage add <mirrored port (port to mirror from)> <direction (in. If the destination port of the frame matches the mirrored port and the mirrored direction is egress or both. This command also allows you to enter the direction of the traffic. cur Displays the current settings of the monitoring port. By default. the frame is sent to the mirrored port. In order to enable BWM. receive higher priority versus non-critical traffic.direction. Traffic classification can be based on user or application information. out. all traffic on that port will be mirrored. NOTE – BWM is a software key-enabled feature that requires users to purchase a license and a key. or both)> <vlan index or Carriage Return for all vlans> Adds the port to be mirrored. It is necessary to specify the direction because: If the source port of the frame matches the mirrored port and the mirrored direction is ingress or both (ingress and egress). such as e-commerce transactions. It allows companies to guarantee that critical business traffic. If you do not specify a VLAN.vlans) 1 none /cfg/bwm Bandwidth Management Configuration Bandwidth Management (BWM) enables Web site managers to allocate a portion of the available bandwidth for specific users or applications. For example: >> Port 1# cur Monitoring port (Mirrored port.0. Refer to your Application Guide for more information. 316 Chapter 6: The Configuration Menu 320506-A. BWM policies can be configured to set lower and upper bounds on the bandwidth allocation.Nortel Application Switch Operating System 23. the frame is sent to the monitoring port. users need to enter the Bandwidth Management key using the /oper/swkey command. BWM is turned off. January 2006 .

The switch uses these contracts to limit individual traffic flows. To view menu options. Bandwidth policies are bandwidth limita- tions defined for any set of frames.2 Application Guide.Nortel Application Switch Operating System 23.0. Table 6-42 Bandwidth Management Menu Options (/cfg/bwm) Command Syntax and Usage cont <BW contract number (1-1024)> Displays the Bandwidth Management Contract Menu.Set IP address of Reporting server entries .Contract Menu policy .0. see page 319.2 Command Reference [Bandwidth Management Menu] cont . report <IP4 address> | <IP6 address> Set the IP address of the Reporting Server.Group Menu user . To view menu options. see page 323.Enable/disable sending BWM statistics via email force .Set SMTP server user name report . user <user name> Sets the SMTP user name to whom the history statistics will be mailed. By default. policy <BW policy number (1-512)> Displays the Bandwidth Management Policy Menu. January 2006 317 . Chapter 6: The Configuration Menu 320506-A. you must create one or more bandwidth management contracts. specifying the guaranteed bandwidth rates.Policy Menu group .Globally turn Bandwidth Management processing ON off . To manage bandwidth on an Nortel Application Switch. The default is set to None. A bandwidth policy is often based on a rate structure whereby a Web host could charge a customer for bandwidth utilization. For further details. see the Nortel Application Switch Operating System 23.Globally turn Bandwidth Management processing OFF cur .Display current Bandwidth Management configuration NOTE – Up to 1024 bandwidth management contracts can be configured on the Nortel Application Switch Operating System. see the Nortel Application Switch Operating System 23.2 Application Guide. this option is disabled. For further details.Set the frequency of BWM statistics in minutes email . see page 322.0.Enable/disable enforce policies on .Set number of entries in the BWM IP user table frequen . group <BW Group number (1-32)> Displays the Bandwidth Management Group Menu. To view menu options.

0. this option is enabled. The default is set to 0.Nortel Application Switch Operating System 23. 318 Chapter 6: The Configuration Menu 320506-A. When this option is disabled. 0 for default behavior> Sets the frequency of Bandwidth Management email in minutes. force disable|enable Enables or disables the enforcement of bandwidth policy on the traffic. the reordering of the packets does not occur. This means that no bandwidth limit is applied on the queues. January 2006 . By default. on Globally enables Bandwidth Management on this switch. email disable|enable Enable/disable sending BWM statistics using email. When disabled. The packets will exit in the order they came in. cur Displays the current Bandwidth Management configuration. these statistics are sent using a socket mechanism. off Globally disables Bandwidth Management on this switch.2 Command Reference Table 6-42 Bandwidth Management Menu Options (/cfg/bwm) Command Syntax and Usage entries <64k|128k|256k|512k> Sets the number of entries in the Bandwidth Management IP user table. frequen <1-1440 minutes.

Time policy Menu name .Disable BW Contract del .Enable/disable monitor-only mode for this Contract shaping . Chapter 6: The Configuration Menu 320506-A.Set monitoring port for packet mirroring iplimit .Set user (IP address) limiting type for this contract pmirr . January 2006 319 . This command is available in maintenance mode only. The default value is 1. see page 320. iptype <sip|dip> Defines the IP type for this contract.Enable/disable traffic shaping . prec <Bandwidth precedence value (1-255)> Sets the precedence value for this Bandwidth Management contract.Enable/disable user (IP address) limiting for this contract history .Delete BW Contract cur . Enter a valid port to enable this feature or none to disable it.Enable/disable Saving Contract stats history wtos . The default policy number is 64.Set Contract Precedence iptype .Set Contract name policy .Display current BW Contract configuration Table 6-43 Bandwidth Management Policy Menu Options (/cfg/bwm/cont) Command Syntax and Usage timepol <BW Contract time policy number (1-2)> Displays Time Policy Menu.Set Contract Policy prec . whether the user (IP address) limiting is enforced by the source IP address (SIP) or the destination IP address (DIP). name <31 character name> Sets the name for this Bandwidth Management contract.Enable BW Contract dis .0. To view menu options. >> BW Contract 1# name Current BW Contract name: Enter new BW Contract name: policy <Bandwidth policy number (1-512)> Sets the policy number for this Bandwidth Management contract.Enable/disable overwriting IP TOS for this Contract mononly .2 Command Reference /cfg/bwm/cont <contract number> Bandwidth Management Contract Configuration [BW Contract <1 to 1024> Menu] timepol .disable is rate limiting wtcpwin .Enable/disable overwriting TCP Window for this Contract ena . pmirr <port | none> Defines a port to mirror contract packets to.Nortel Application Switch Operating System 23.

it is disabled. shaping means buffering a packet and keeping it ready to be sent. del Removes this contract from the switch. mononly disable|enable Enables or disables monitor-only mode for this Contract. The statistics are generated but no shaping or limiting will apply to this contract. This may help reduce the traffic congestion. history disable|enable Disables or enables saving statistics for this contract on the server. wtcpwin disable|enable Enables or disables overwriting TCP Window for this Contract. each IP address is limited to the user limit configured in /cfg/bwm/policy on page 322. it is enabled. /cfg/bwm/cont <contract number>/timepol <Contract time policy number> BWM Contract Time Policy Configuration Menu 320 Chapter 6: The Configuration Menu 320506-A. dis Disables this Bandwidth Management contract. Do not set the value to lower than 1500 bytes. cur Displays the current Bandwidth Management contract configuration. By overwriting the default window size. For details. If enabled. January 2006 .Nortel Application Switch Operating System 23. ena Enables this Bandwidth Management contract. the user can modify the TCP window size to a lower value so that when the packet arrives carrying the bytes within that window size. refer to the Application Guide. wtos disable|enable Disables or enables overwriting the IP Type of Service (TOS) for this contract. the receiver of that packet does not have to wait for acknowledgement. This command is used for design and auditing purposes only.2 Command Reference Table 6-43 Bandwidth Management Policy Menu Options (/cfg/bwm/cont) Command Syntax and Usage iplimit disable|enable Enables or disables user (IP address) limiting for this contract. In this context. By default. shaping disable|enable Disables or enables shaping of the traffic for this contract.0. By default.

Nortel Application Switch Operating System 23.0.2 Command Reference

This feature enables the user to configure different policies based on the time of the day using the following menu and commands:
[BW Contract 1 Time Policy 1 Menu] day - Set Time Policy day from - Set Time Policy from hour to - Set Time Policy to hour policy - Set Time Policy enable - Enable Time Policy disable - Disable Time Policy delete - Delete Time Policy cur - Display current Time Policy configuration

Table 6-44 BWM Contract Time Policy Configuration Menu Options (/cfg/bwm/ timepol)
Command Syntax and Usage day <mon|tue|wed|thu|fri|sat|sun|weekday|weekend|everyday> Defines the day(s) of the week, weekdays (Monday to Friday), weekend (Saturday and Sunday) or everyday. The default is everyday. from <1-12am/pm> Defines the time from where you need to start the time in hours. If am or pm is not specified, the switch will default to am for numbers lower than 12 and will default to pm for numbers 13 or higher. to <1-12am/pm> Sets the end limit of time in hours. If am or pm is not specified, the switch will default to am for numbers lower than 12 and will default to pm for numbers 13 or higher. policy <BW Policy number, 1-512> Defines the policy number for the contract. enable Enables the Time Policy command on the switch. disable Disables the Time Policy command on the switch. delete Deletes the current Time Policy. cur Displays the current Time Policy configuration on the switch. For example: Time Policy 1: Day everyday, From Hour 12am, To Hour 12am, Policy 512, disabled

Chapter 6: The Configuration Menu
320506-A, January 2006

321

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/bwm/policy <policy number>
Bandwidth Management Policy Configuration
[Policy 1 Menu] hard soft resv userlim utos otos buffer del cur Set hard Limit Set soft Limit Set Reservation Limit Set per user (IP address) Limit Set underlimit (soft limit) TOS Set overlimit (soft limit) TOS Set Buffer Limit Delete BW Policy Display current Policy configuration

Table 6-45 Bandwidth Management Policy Menu Options (/cfg/bwm/pol)
Command Syntax and Usage hard <0k-5000k|1m-1000m> Sets the hard bandwidth limit for this policy. This is the highest amount of bandwidth available to this policy. The default value is 2000 kbps. soft <0k-5000k|1m-1000m> Sets the soft bandwidth limit for this policy. The default value is 1000 kbps. resv <0k-5000k|1m-1000m> Sets the reserve limit for this policy. This is the amount of bandwidth always available to this policy. The default value is 500Kbytes. userlim <0k-5000k|1m-1000m> Sets the bandwidth limit for each IP address in the contract traffic. utos <BW Policy TOS (0-255)> Sets the new utos (underlimit TOS) value to overwrite the original TOS value if the traffic for this contract is under the soft limit. With this option set to the default value of “0,” the switch will not overwrite the TOS value. otos <BW Policy TOS (0-255)> Sets the new otos (over the limit TOS) value to overwrite the original TOS value if the traffic for this contract is over the soft limit. With this option set to the default value of “0,” the switch will not overwrite the TOS value. buffer <Maximum buffer space (bytes) (8192-128000)> Sets the buffer limit for this policy. The default value is 8192 bytes.

322

Chapter 6: The Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-45 Bandwidth Management Policy Menu Options (/cfg/bwm/pol)
Command Syntax and Usage del Deletes the bandwidth management policy. cur Displays the current value of the bandwidth policy configuration.

/cfg/bwm/group
Bandwidth Management Group Configuration Menu
[BW Group 1 Menu] add - Add Contract to this group rem - Remove Contract from this group del - Delete BW Group cur - Display current BW Group configuration

Table 6-46 Bandwidth Management Group Menu Options (/cfg/bwm/group)
Command Syntax and Usage add <BW Contract number, 1-1023 excluding default> Adds a contract to this group. rem <BW Contract number, 1-1023 excluding default> Removes a contract from this group. del Deletes this Bandwidth Management group. cur Displays all current Bandwidth Management Group configurations.

Chapter 6: The Configuration Menu
320506-A, January 2006

323

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/bwm/cur
Bandwidth Management Current Configuration
Current Bandwidth Management setting: ON Policy Enforcement: enabled SMTP server user name: Contract Name Policy Prec Hist TOS State Shaping 1 cont_1 1 1 E E E E 2 cont_2 2 1 E D D D 1024 Default -0 E D E D *Default contract gets all the BW that is available on a port after the active contracts reserved BW is taken. Policy 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Hard 25M 10M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M 2M Soft 20M 8M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M 1M Resv oTOS uTOS Buffer 500K 150 100 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320 500K 0 0 16320

324

Chapter 6: The Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2 Layer 2 Configuration Menu
[Layer 2 Menu] mrst stg trunk lacp vlan team ntmstg cur Multiple Spanning Tree/Rapid Spanning Tree Menu Spanning Tree Menu Trunk Group Menu Link Aggregation Control Protocol Menu VLAN Menu Port Teaming Menu Enable/disable Nortel multiple STG mode Display current layer 2 parameters

Table 6-47 Layer 2 Configuration Menu Options (/cfg/l2)
Command Syntax and Usage mrst Go to the Multiple/Rapid Spanning Tree menu. See page 326. stg <group number [1-16]> Displays Spanning Tree Group Menu. To view menu options, see page 329. trunk <trunk group number> Displays Trunk Group Menu. To view menu options, see page 333. lacp Displays Link Aggregation Control Protocol (LACP) Menu. To view menu options, see page 335. vlan <VLAN number (1-4090)> Displays VLAN Menu. To view menu options, see page 339. team Go to the port teaming menu. See page 341. ntmstg disable|enable Enables or disables Nortel Multiple Spanning Tree Group mode. When Nortel multiple STG mode is enabled, the Nortel implementation of multiple STGs will be followed. When Nortel multiple STG mode is disabled, the Cisco implementation of multiple STGs will be followed. The ntmstg enabled device will not work with the device configured for Cisco implementation of Spanning Tree BPDUs. The factory default value of this command is Nortel multiple STG mode disabled. You need to reset the switch with the command /boot/reset for the Spanning Tree Group configuration to change to ntmstg enabled. cur Displays the current Layer 2 parameters.

Chapter 6: The Configuration Menu
320506-A, January 2006

325

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2/mrst
Multiple Spanning Tree Menu
[Multiple Spanning Tree Menu] cist - Common and Internal Spanning Tree menu name - Set MST region name version - Set Version of this MST region maxhop - Set Maximum Hop Count for MST (4 - 60) mode - Spanning Tree Mode on - Globally turn Multiple Spanning Tree (MSTP/RSTP) ON off - Globally turn Multiple Spanning Tree (MSTP/RSTP) OFF cur - Display current MST parameters

Table 6-48 Multiple Spanning Tree Menu Options
Command Syntax and Usage cist Go to the Common and Internal Spanning Tree menu. See page 327. name <1-32 character region name> Set the MST region name. version <version number 1-65535> Set the MST region version. maxhop <max hops 4-60> Set the maximum MST hop count. mode mstp|rstp Set the spanning tree mode. on Set the spanning tree on (Bridge MSTP/RSTP runs normally). off Set the spanning tree off (Bridge MSTP/RSTP does not run). cur Display the current MST parameters.

326

Chapter 6: The Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2/mrst/cist
Multiple Spanning Tree Menu
[Common Internal Spanning Tree Menu] brg - CIST Bridge parameter menu port - CIST Port parameter menu default - Default Common Internal Spanning Tree and Member parms cur - Display current CIST parameters

Table 6-49 Mupltiple Spanning Tree CIST Bridge Menu Options
Command Syntax and Usage brg Go to the CIST Bridge parameter menu. See page 328. port <port_number> Set the port number. default Resets STG and Group member parameters to factory default. cur Displays current values of all objects settable from this menu.

Chapter 6: The Configuration Menu
320506-A, January 2006

327

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2/mrst/cist/brg
CIST Bridge Menu
[CIST Bridge Menu] prior - Set CIST bridge mxage - Set CIST bridge fwd - Set CIST bridge cur - Display current Priority (0-65535) Max Age (6-40 secs) Forward Delay (4-30 secs) CIST bridge parameters

Table 6-50 Mupltiple Spanning Tree CIST Bridge Menu Options
Command Syntax and Usage prior <new bridge Priority, 0-65535> Set the bridge priority. mxage <new bridge Max Age, 6-40 secs> Set the port number. fwd <new bridge Forward Delay, 4-30 secs> Set the CIST bridge forward delay. cur Displays current values of all objects settable from the CIST bridge menu.

/cfg/l2/mrst/cist/brg cur
Current configuration for CIST Bridge
>> CIST Bridge# cur -----------------------------------------------------------------Current Common Internal Spanning Tree settings: Bridge params: Priority MaxAge FwdDel 32768 20 15

Table 6-51 CIST bridge configuration
Statistics Priority MaxAge FwdDel Description The current CIST Bridge priority setting. Priority is a value between 0 and 65535. The current CIST Bridge maximum aging setting. MaxAge is a value in seconds between 6 and 40. The current CIST Bridge forwarding delay setting. FwdDel is a value in seconds between 4 and 30.

328

Chapter 6: The Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2/stg Spanning Tree Group Configuration
When multiple paths exist on a network, Spanning Tree Protocol (STP) configures the network so that a switch uses only the most efficient path. Spanning Tree Protocol (STP) detects and eliminates logical loops in a bridged or switched network. STP forces redundant data paths into a standby (blocked) state. When multiple paths exist, Spanning Tree configures the network so that a switch uses only the most efficient path. If that path fails, Spanning Tree automatically sets up another active path on the network to sustain network operations. Thus, STP is used to prevent loops in the network topology. Nortel Application Switch Operating System supports the IEEE 802.1p Spanning Tree Protocol (STP). Nortel Application Switch Operating System supports up to 16 instances of Spanning Trees or Spanning Tree groups. Each VLAN can be placed in only one Spanning Tree group per switch except for the default Spanning Tree group (STG 1). The default Spanning Tree group (1) can have more than one VLAN. All other Spanning Tree groups (2-16) can have only one VLAN associated with it. Spanning Tree can be enabled or disabled for each port. Multiple Spanning Trees can be enabled on tagged or untagged ports. See your Application Guide for a detailed description of this feature and how to configure Spanning Tree Groups on the switch. This command is turned on by default.
[Spanning Tree Group 1 Menu] brg - Bridge parameter menu port - Port parameter menu add - Add VLAN(s) to Spanning Tree Group remove - Remove VLAN(s) from Spanning Tree Group clear - Remove all VLANs from Spanning Tree Group on - Globally turn Spanning Tree ON off - Globally turn Spanning Tree OFF default - Default Spanning Tree and Member parameters cur - Display current bridge parameters

Chapter 6: The Configuration Menu
320506-A, January 2006

329

Nortel Application Switch Operating System 23.0.2 Command Reference

NOTE – When VRRP is used for active/active redundancy, STP must be enabled. Table 6-52 Spanning Tree Configuration Menu (/cfg/l2/stp)
Command Syntax and Usage brg Displays the Bridge Spanning Tree Menu. To view menu options, see page 331. port <port number> Displays the Spanning Tree Port Menu. To view menu options, see page 332. add <VLAN numbers (1-4090)> Associates a VLAN with a spanning tree and requires an external VLAN ID as a parameter. remove <VLAN numbers, 1-4095 (802.1d & RSTP) / 2-4094 (MSTP)> Breaks the association between a VLAN and a spanning tree and requires an external VLAN ID as a parameter. clear Removes all VLANs from a spanning tree. on Globally enables Spanning Tree Protocol. off Globally disables Spanning Tree Protocol. default Resets STG and Group member parameters to factory default. cur Displays the current Spanning Tree Protocol parameters.

330

Chapter 6: The Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2/stg/brg
Bridge Spanning Tree Configuration
[Bridge Spanning Tree Menu] prior - Set bridge Priority [0-65535] hello - Set bridge Hello Time [1-10 secs] mxage - Set bridge Max Age (6-40 secs) fwd - Set bridge Forward Delay (4-30 secs) aging - Set bridge Aging Time (1-65535 secs, 0 to disable) cur - Display current bridge parameters

Spanning Tree bridge parameters affect the global STP operation of the switch. STP bridge parameters include: Bridge priority Bridge hello time Bridge maximum age Forwarding delay Bridge aging time Table 6-53 Bridge Spanning Tree Menu Options (/cfg/l2/stp/brg)
Command Syntax and Usage prior <new bridge priority (0-65535)> Configures the bridge priority. The bridge priority parameter controls which bridge on the network is the STP root bridge. To make this switch the root bridge, configure the bridge priority lower than all other switches and bridges on your network. The lower the value, the higher the bridge priority. The range is 0 to 65535, and the default is 32768. hello <new bridge hello time (1-10 secs)> Configures the bridge hello time.The hello time specifies how often the root bridge transmits a configuration bridge protocol data unit (BPDU). Any bridge that is not the root bridge uses the root bridge hello value. The range is 1 to 10 seconds, and the default is 2 seconds. mxage <new bridge max age (6-40 secs)> Configures the bridge maximum age. The maximum age parameter specifies the maximum time the bridge waits without receiving a configuration bridge protocol data unit before it re configures the STP network. The range is 6 to 40 seconds, and the default is 20 seconds. fwd <new bridge Forward Delay (4-30 secs)> Configures the bridge forward delay parameter. The forward delay parameter specifies the amount of time that a bridge port has to wait before it changes from the listening state to the learning state and from the learning state to the forwarding state. The range is 4 to 30 seconds, and the default is 15 seconds.

Chapter 6: The Configuration Menu
320506-A, January 2006

331

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-53 Bridge Spanning Tree Menu Options (/cfg/l2/stp/brg)
Command Syntax and Usage aging <new bridge Aging Time (1-65535 secs, 0 to disable)> Configures the forwarding database aging time. The aging time specifies the amount of time the bridge waits without receiving a packet from a station before removing the station from the forwarding database. The range is 1 to 65535 seconds, and the default is 300 seconds. To disable aging, set this parameter to 0. cur Displays the current bridge STP parameters.

When configuring STP bridge parameters, the following formulas must be used: 2*(fwd-1) > mxage 2*(hello+1) < mxage

/cfg/l2/stg <STG Group Index>/port <port #>
Spanning Tree Port Configuration
[Spanning Tree Port 1 Menu] prior - Set port Priority (0-255) cost - Set port Path Cost link - Set port link type (auto,p2p,or shared; default: auto) edge - Enable/disable edge port on - Turn port's Spanning Tree ON off - Turn port's Spanning Tree OFF cur - Display current port Spanning Tree parameters

Spanning Tree port parameters are used to modify STP operation on an individual port basis. STP port parameters include: Port priority Port path cost STP is turned on by default for the port.

332

Chapter 6: The Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-54 Spanning Tree Port Menu (/cfg/l2/stp/port)
Command Syntax and Usage prior <new port Priority (0-255)> Configures the port priority. The port priority helps determine which bridge port becomes the designated port. In a network topology that has multiple bridge ports connected to a single segment, the port with the lowest port priority becomes the designated port for the segment. The range is 0 to 255, and the default is 128. cost <new port Path Cost (1-65535, 0 for default)> Configures the port path cost. The port path cost is used to help determine the designated port for a segment. Generally speaking, the faster the port, the lower the path cost. The range is 1 to 65535. The default is 10 for 100Mbps ports, and 1 for Gigabit ports. A value of 0 indicates that the default cost will be computed for an auto negotiated link speed. link auto|p2p|shared Set port link type (auto, p2p, or shared; default: auto) edge disable|enable Enable/disable edge port on Enables STP on the port. off Disables STP on the port. cur Displays the current STP port parameters.

/cfg/l2/trunk <trunk group number> Trunk Configuration
Trunk groups can provide super-bandwidth and multi-link connections between Nortel Application Switches or other trunk capable devices. A trunk group is a group of ports that act together, combining their bandwidth to create a single, larger virtual link. When trunk groups are configured, you can view the state of each port in the various trunk groups. Up to 12 trunk groups can be configured on the Nortel Application Switch, with the following restrictions: Any physical switch port can belong to no more than one trunk group. Up to eight ports/trunks can belong to the same trunk group. Best performance is achieved when all ports in a trunk are configured for the same speed.

Chapter 6: The Configuration Menu
320506-A, January 2006

333

Disable trunk group del . By default.Remove port from trunk group ena . del Removes the current trunk group configuration.Display current Trunk Group configuration Table 6-55 Trunk Configuration Menu Options (/cfg/l2/trunk) Command Syntax and Usage cont <BWM Contract (1-1024)> Sets the default Bandwidth Management Contract for this trunk group.Set BW contract for this trunk group add . 334 Chapter 6: The Configuration Menu 320506-A.Enable trunk group dis .2 Command Reference Trunking from non-Nortel devices must comply with Cisco® EtherChannel® technology. rem <port number> Removes a physical port from the current trunk group.0. dis Turns the current trunk group off. the trunk group is empty and disabled.Nortel Application Switch Operating System 23. ena Enables the current trunk group. By default.Delete trunk group cur . the contract number is 1024 for AD3 and 1024 for AD4. January 2006 .Add port to trunk group rem . cur Displays the current trunk group parameters. add <port number> Adds a physical port to the current trunk group. [Trunk group 1 Menu] cont .

The maximum number of configurable trunk groups are 40: 12 user configurable trunks and 28 LACP trunks depending upon the maximum number of ports in the switch. If a link in a LACP trunk group fails. active The port is capable of forming an LACP trunk. LACP automatically determines which member links can be aggregated and then aggregates them. and treating them as if they were part of a single. This protocol allows the user to group several physical ports into one logical port (LACP trunk group) with any switch that supports IEEE 802.3ad-2000 for a detailed information about the standard.2 Command Reference /cfg/l2/lacp Link Aggregation Control Protocol Menu Nortel Application Switch Operating System 23. logical link segment.0. all ports are in off mode by default.Nortel Application Switch Operating System 23. You can configure the trunk groups manually called the static trunks as well as you can configure dynamic trunk group using the IEEE 802.2 supports IEEE 802. Chapter 6: The Configuration Menu 320506-A. Link aggregation is a method of grouping physical link segments of the same media type and speed in full duplex. This port initiates negotiation with the partner system port by sending LACPDU (Link Aggregation Control Protocol Data Unit) packets. It provides for the controlled addition and removal of physical links for the link aggregation.3ad standard is Link Aggregation Control Protocol (LACP).3ad standard (LACP). Each external port in the Nortel Application Switch Operating System can have one of the following LACP modes. traffic is reassigned dynamically to the remaining links of the LACP trunk group or is assigned to the standby LACP links.0.3ad standard on the Nortel Application Switch Operating System. January 2006 335 . The 802.3ad standard allows two or more standard Ethernet links to form a single Layer 2 link using the Link Aggregation Control Protocol (LACP). off (default) The user can configure this port to a regular static trunk group. When the system initializes.3ad standard called the LACP trunks. NOTE – Refer to IEEE 802. The maximum number of active physical ports in any trunk group is eight and the number of standby ports is also eight. At the core of the 802.

Use the following commands to configure LACP on the Nortel Application Switch Operating System. decides which eight ports should be combined to form a trunk group between two switches. The default value is 32768. System priority is used when there are more than eight ports configured with the same adminkey. Lower numbers provide higher priority. The link can generate Link Aggregation ID (LAG ID) based on the operational key. NOTE – All ports are in LACP off mode by default. Please refer to your Nortel Application Switch Operating System Application Guide for a detailed information on this protocol. The rest of the ports stay in standby mode to substitute for any failed ports. an operational key. The system priority.0.LACP port Menu cur . You can form an active LACP trunk group with all the ports that have the same LAG ID. [LACP Menu] sysprio .Nortel Application Switch Operating System 23. in conjunction with port priority. All the aggregatable ports must have the same LAG ID.Display current LACP configuration Table 6-56 Link Aggregation Control Protocol Menu Options (/cfg/l2/lacp) Command Syntax and Usage sysprio <1-65535> Defines the priority value (1 through 65535) for the Nortel Application Switch Operating System. This port only responds to the negotiation requests sent from an LACP active port. The default value is long. timeout <short|long> Defines the timeout period before invalidating LACP data from a remote partner. Each LACP active or passive port needs an admin.2 Command Reference passive The port is capable of forming an LACP trunk. January 2006 .Set LACP system priority timeout . and an aggregator for LACP to start negotiation on these ports. 336 Chapter 6: The Configuration Menu 320506-A.Set LACP system timeout scale for timing out partner info port . You can choose between short (3 seconds) or long (90 seconds) timeout periods. You need to assign the same admin key to a group of ports to make them aggregatable.

Nortel Application Switch Operating System 23. Chapter 6: The Configuration Menu 320506-A.2 Command Reference Table 6-56 Link Aggregation Control Protocol Menu Options (/cfg/l2/lacp) Command Syntax and Usage port <port number> Displays the LACP Port menu. see page 338. cur Displays the current LACP configuration.0. To view menu options. January 2006 337 .

prio <1-65535> Sets the priority value for the selected port. Lower numbers provide higher priority. active: Using this option. adminkey <1-65535> Sets the admin key for this port. Only active ports initiate negotiation with the partner system port by sending the LACPDU packets.Set LACP port admin key cur . 338 Chapter 6: The Configuration Menu 320506-A. Passive ports do not initiate negotiation. but only respond to the negotiation requests from active ports. you can turn LACP on and set this port to passive mode.Set LACP mode prio . you can turn LACP off for this port. The default value is 128. cur Displays the current LACP configuration for this port. Table 6-57 Link Aggregation Control Protocol Port Configuration Menu Options (/cfg/l2/lacp/port #) Command Syntax and Usage mode <off for no LACP or active or passive> off: Using this option. You can use this port to manually configure a static trunk. you can turn LACP on and set this port to active. passive: Using this option. All ports are in off mode by default.Nortel Application Switch Operating System 23.0. January 2006 .Set LACP port priority adminkey .Display current LACP port configuration Use the following commands to configure Link Aggregation Control Protocol (LACP) on a selected port. Only ports with the same admin key and oper key (operational state generated internally) can form an LACP trunk group.2 Command Reference /cfg/l2/lacp/port <port number> LACP Port Configuration Menu [LACP Port 1 Menu] mode .

and change the port membership of the VLAN. Chapter 6: The Configuration Menu 320506-A. January 2006 339 . see “Setup Part 3: VLANs” on page 41. the VLAN menu option is disabled except VLAN 1. and to enforce security policies among logical segments. delete the VLAN. The default VLAN name is the first one.2 Command Reference /cfg/l2/vlan <VLAN number> VLAN Configuration VLANs are commonly used to split up groups of network users into manageable broadcast domains. add <port number> Adds port(s) or trunk group(s) to the VLAN membership. [VLAN 1 Menu] name stg cont add rem def jumbo learn ena dis del cur - Set VLAN name Assign VLAN to a Spanning Tree Group Set BW contract Add port to VLAN Remove port from VLAN Define VLAN as list of ports Enable/disable Jumbo Frame support Enable/disable smac learning Enable VLAN Disable VLAN Delete VLAN Display current VLAN configuration Table 6-58 VLAN Configuration Menu Options (/cfg/l2/vlan) Command Syntax and Usage name Assigns a name to the VLAN or changes the existing name. The commands in this menu configure VLAN attributes. to create logical segmentation of workgroups. stg <Spanning Tree Group index (1-16)> Assigns a VLAN to a Spanning Tree Group. (1-1024)> Sets the Bandwidth Management contract for this VLAN.Nortel Application Switch Operating System 23. rem <port number> Removes port(s) or trunk group(s) from this VLAN.0. The default contract number is 1024 on AD3 and AD4. which is enabled all the time. change the status of the VLAN. By default. For more information on configuring VLANs. cont <BW Contract number.

you cannot add a port to more than one VLAN unless the port has VLAN tagging turned on (see the tag command on page 307).2 Command Reference Table 6-58 VLAN Configuration Menu Options (/cfg/l2/vlan) Command Syntax and Usage def <list of port numbers> Defines which ports are members of this VLAN. jumbo disable|enable Enables or disables jumbo frame support on this VLAN. Any port which is removed from a VLAN and which is not a member of any other VLAN is automatically added to default VLAN #1. You cannot remove a port from VLAN #1 if the port has no membership in any other VLAN. cur Displays the current VLAN configuration. ena Enables this VLAN. del Deletes this VLAN.Nortel Application Switch Operating System 23. January 2006 .0. 340 Chapter 6: The Configuration Menu 320506-A. learn disable|enable Enables or disables source MAC address learning on this VLAN. You need to reset the switch using /boot/reset command to enable jumbo frames on the switch. Also. By default. it defines ports between 1-28 for VLAN 1. NOTE – All ports must belong to at least one VLAN. dis Disables this VLAN without removing it from the configuration. Every port must be a member of at least one VLAN.

Remove trunk group from team ena .Delete port team cur .Display current port team configuration Table 6-59 outlines the commands in this menu.Nortel Application Switch Operating System 23.2 Command Reference /cfg/l2/team <team number> Port Team Configuration Port teams are used to operationally link ports and interfaces together.Remove port from team addtrunk . Chapter 6: The Configuration Menu 320506-A. remtrunk <trunk group number> Removes a trunk group from the current team. remport <port number> Removes the specified port from the current team.Disable port team del .Add trunk group to team remtrunk .Enable port team dis . dis Disables the port team. addtrunk <trunk group number> Adds a trunk group to the current team. cur Displays the current port team configuration. [Port team 1 Menu] addport .Add port to team remport . January 2006 341 . Table 6-59 Port Team Configuration Menu Command Syntax and Usage addport <port number> Adds the specified port to the current team.0. del Deletes the port team. ena Enables the port team.

2 Command Reference /cfg/l3 Layer 3 Configuration Menu [Layer 3 Menu] if gw route arp frwd nwf rmap rip ospf bgp port dns bootp vrrp rtrid metrc cur Interface Menu Default Gateway Menu Static Route Menu ARP Menu Forwarding Menu Network Filters Menu Route Map Menu Routing Information Protocol Menu Open Shortest Path First (OSPF) Menu Border Gateway Protocol Menu IP Port Menu Domain Name System Menu Bootstrap Protocol Relay Menu Virtual Router Redundancy Protocol Menu Set router ID Set default gateway metric Display current IP configuration Table 6-60 Layer 3 Configuration Menu Options (/cfg/l3) Command Syntax and Usage if <interface number (1-256)> Displays the IP Interface Menu. see page 348. rip Displays the Routing Interface Protocol Menu. January 2006 . route Displays the IP Static Route Menu. 342 Chapter 6: The Configuration Menu 320506-A. frwd Displays the IP Forwarding Menu. see page 346. nwf <Network filter number (1-256)> Displays the Network Filter Configuration Menu. see page 348.0. To view menu options. rmap <route map number (1-32)> Displays the Route Map Menu. To view menu options. To view menu options. To view menu options. To view menu options see page 352.Nortel Application Switch Operating System 23. To view menu options see page 353. To view menu options. see page 350. arp Displays Address Resolution Protocol menu. gw <default gateway number (1-259)> Displays the IP Default Gateway Menu. see page 357. To view menu options. see page 344.

see page 396.101)> Defines the router ID.4. Chapter 6: The Configuration Menu 320506-A. cur Displays the current IP configuration. see page 379. January 2006 343 . see page 361. To view menu options. To view menu options.17. vrrp Displays Virtual Router Redundancy Protocol Menu. bootp Displays the Bootstrap Protocol Menu. To view menu options. rtrid <IP address (such as.0. To view menu options. see page 381. For more information on gateway metrics. To view menu options. see page 380. port <port number> Displays the IP Port Menu.2 Command Reference Table 6-60 Layer 3 Configuration Menu Options (/cfg/l3) Command Syntax and Usage ospf Displays the OSPF Menu. The default gateway metric is strict. bgp Displays the Border Gateway Protocol Menu. dns Displays the IP Domain Name System Menu. metrc strict|roundrobin Sets the default gateway metric for strict or roundrobin. To view menu options. see page 371. see page 378. 192.Nortel Application Switch Operating System 23.

The Interface option is disabled by default. For more information on this topic.17. 344 Chapter 6: The Configuration Menu 320506-A. January 2006 .255.0.Nortel Application Switch Operating System 23. mask <IP subnet mask for IPv4 or prefix length for IPv6 (such as 255. Table 6-61 IP Interface Menu Options (/cfg/l3/if) Command Syntax and Usage ip6nd Opens the IPv6 Neighbor Discovery menu This menu is used to enable or disable the sending of IPv6 Router Advertisement packets from this interface. refer to page 345. addr <IP address (such as 192. relay disable|enable Enables or disables the BOOTP relay on this interface.255. Each interface can belong to one VLAN. It is enabled by default.0 for IPv4 or 64 for IPv6)> Configures the IP subnet address mask for the interface using dotted decimal notation for IPv4 or prefix length for IPv6. Each IP interface represents the Nortel Application Switch on an IP subnet on your network.2 Command Reference /cfg/l3/if <interface number> IP Interface Configuration [IP Interface ip6nd ipver addr mask vlan relay ena dis del cur 1 Menu] IP6 Neighbor Discovery Menu Set IP version Set IP address Set subnet mask/prefix len Set VLAN number Enable/disable BOOTP relay Enable IP interface Disable IP interface Delete IP interface Display current interface configuration The Nortel Application Switch can be configured with up to 256 IP interfaces.101 for IPv4 or 3001::abcd:5678 for IPv6)> Configures the IP address of the switch interface using dotted decimal notation for IPv4 and colon notation for IPv6. ipver <IP version (v4 or v6)> Set the IP version. though any VLAN can have multiple IP interfaces in it.4. vlan <VLAN number (1-4090)> Configures the VLAN number for this interface.

Enable/disable router advertisement This menu is used to configure the sending of IPv6 Neighbor Discovery router advertisements from this interface. Table 6-62 IPv6 Neighbor Discovery Menu Options Command Syntax and Usage rtradv disable | enable Enables or disables the sending of IPv6 Neighbor Discovery router advertisements from this interface. dis Disables this IP interface. January 2006 345 . cur Displays the current interface settings. /cfg/l3/if/ip6nd IPv6 Neighbor Discovery Menu [IP6 Neighbor Discovery Menu] rtradv .2 Command Reference Table 6-61 IP Interface Menu Options (/cfg/l3/if) Command Syntax and Usage ena Enables this IP interface.0. Chapter 6: The Configuration Menu 320506-A. del Removes this IP interface.Nortel Application Switch Operating System 23.

17. The default is 8 attempts. This option is disabled by default.Set IP version addr .44 for IPv4 or 3001::abcd:1234 for IPv6)> Configures the IP address of the default IP gateway using dotted decimal notation for IPv4 and colon notation for IPv6.Nortel Application Switch Operating System 23.Enable default gateway dis .2 Command Reference /cfg/l3/gw <gateway number> Default IP Gateway Configuration [Default gateway 1 Menu] ipver .4. vlan <VLAN number (1-4090)> Sets the VLAN to be assigned to this default IP gateway. 192.Enable/disable ARP only health checks ena . January 2006 . Table 6-63 Default Gateway Options (/cfg/l3/gw) Command Syntax and Usage ipver <IP version (v4 or v6)> Set the IP version.Set number of failed attempts to declare gateway DOWN vlan . The intr option sets the time between health checks.Set interval between ping attempts retry . The default is 2 seconds.Disable default gateway del . The range is from 1 to 120 attempts. 346 Chapter 6: The Configuration Menu 320506-A.Display current default gateway configuration NOTE – The switch can be configured with up to 255 gateways. Gateways one to four are reserved for default gateway load balancing.0.Delete default gateway cur .Set IP address intr . retry <number of attempts (1-120)> Sets the number of failed health check attempts required before declaring this default gateway inoperative. intr <0-60 seconds> The switch pings the default gateway to verify that it’s up.Set priority of default gateway route arp . addr <default gateway address (such as.Set VLAN number prio . The range is from 1 to 120 seconds. Gateways five to 259 are used for load-balancing of VLAN-based gateways.

relative to learned default routes. cur Displays the current gateway settings. or RIP protocols). Chapter 6: The Configuration Menu 320506-A. If you set the priority to low. This command is disabled by default. ena Enables the gateway for use. Default Gateway Metrics For information about configuring which gateway is selected when multiple default gateways are enabled. January 2006 347 . arp disable|enable Enables or disables Address Resolution Protocol (ARP) health checks. then learned default routes will always be preferred over the default gateway route.Nortel Application Switch Operating System 23. NOTE – By default learned default route has higher priority than the configured default gateway route. dis Disables the gateway.2 Command Reference Table 6-63 Default Gateway Options (/cfg/l3/gw) Command Syntax and Usage prio <high|low> Allows you to change the priority of the default gateway route to either high or low. then the default gateway route will always be preferred over learned default routes (such as from OSPF. del Deletes the gateway from the configuration.0. If you set the priority to high. see page 396. BGP.

rem <destination> <mask> Removes a static route.Remove static route cur . ARP resolves a physical address from an IP address. Enter all addresses using dotted decimal notation. ARP queries machines on the local network for their physical addresses.0. If a gateway address is 0. and gateway address.0.Display current static routes Up to 128 static routes can be configured. [ARP Menu] static rearp cur .0. January 2006 . Then the corresponding physical address is used to send a packet. The destination address of the route to remove must be specified using dotted decimal notation. the ARP cache is consulted to see if the IP address of the computer or the router is present in the ARP cache. where any packet routed to this destination will be dropped. cur Displays the current IP static routes.. You will be prompted to enter a destination IP address. Table 6-64 IP Static Route Configuration Menu Options (cfg/l3/route) Command Syntax and Usage add <destination> <mask> <gateway> [interface number] Adds a static route. ARP also maintains IP to physical address pairs in its cache memory.Static ARP Menu . the route becomes a black hole route.Set re-ARP period in minutes .Add static route rem . destination subnet mask. /cfg/l3/arp ARP Configuration Menu Address Resolution Protocol (ARP) is the TCP/IP protocol that resides within the Internet layer.Display current ARP configuration 348 Chapter 6: The Configuration Menu 320506-A.Nortel Application Switch Operating System 23.2 Command Reference /cfg/l3/route IP Static Route Configuration [IP Static Route Menu] add . In any IP communication.0.

[Static ARP Menu] add .17. Static ARPs can also be configured on some gateways as a protection against malicious ARP Cache corruption and possible DOS attacks. Static ARPs are also useful to communicate with devices that do not respond to ARP requests. Nortel Application Switch Operating System 20.4. cur Displays current static ARP configuration. del <IP address (such as.2 Command Reference Table 6-65 ARP Configuration Menu Options (/cfg/l3/arp) Command Syntax and Usage static Displays Static ARP menu.Delete an ARP entry cur .Nortel Application Switch Operating System 23. You can set this duration between two and 120 minutes. /cfg/l3/arp/static ARP Static Configuration Menu Static ARP entries are permanent in the ARP cache and do not age out like the ARP entries that are learnt dynamically.Add a permanent ARP entry del . rearp <2-120 minutes> Defines re-ARP period in minutes.0. To view options. cur Displays the current ARP configurations. Static ARP entries enable the switch to reach the hosts without sending an ARP broadcast request to the network.Display current static ARP configuration Table 6-66 ARP Static Configuration Menu Options (/cfg/l3/arp/static) Command Syntax and Usage add <IP address> <MAC address> <VLAN number> <port number> Adds a permanent ARP entry. Chapter 6: The Configuration Menu 320506-A. see page 349.0 and above allows the static ARP configuration to be retained over reboots.x and below allow the user to configure the ARP information but that information cannot be retained over a switch reboot.101)> Deletes a permanent ARP entry. 192. NOTE – Nortel Application Switch Operating System 21. January 2006 349 .

on Enables IP forwarding (routing) on the Nortel Application Switch.2 Command Reference /cfg/l3/frwd IP Forwarding Configuration Menu [IP Forwarding Menu] local .Remove local network definition cur . To view menu options. This command is disabled by default.Display current local network definitions 350 Chapter 6: The Configuration Menu 320506-A.Globally turn IP Forwarding ON off . Forwarding is turned on by default. off Disables IP forwarding (routing) on the Nortel Application Switch. [IP Local Networks Menu] add . dirbr disable|enable Enables or disables forwarding directed broadcasts.Enable or disable forwarding directed broadcasts on .0.Globally turn IP Forwarding OFF cur . /cfg/l3/frwd/local Local Network Route Caching Definition This menu is used for adding local networks by setting the local network address and netmask for the route cache. cur Displays the current IP forwarding settings. and to remove local networks. January 2006 . Up to five local networks (lnets) can be configured.Nortel Application Switch Operating System 23.Add local network definition rem .Display current IP Forwarding configuration Table 6-67 IP Forwarding Configuration Menu Options (/cfg/l3/frwd) Command Syntax and Usage local Displays the menu used to define local network for route caching.Local network definition for route caching menu dirbr . see page 350.

0. Defining IP Address Ranges for the Local Route Cache The Local Route Cache lets you use switch resources more efficiently.0.0 128. cur Displays the current local network definitions.255.0 Mask 128.32. by reducing the size of the ARP table on the Nortel Application Switch.0.255. The default gateways must be within range. see “Defining IP Address Ranges for the Local Route Cache” on page 351.0 128.255 205. Table 6-68 Local Routing Cache Address Ranges Local Host Address Range 0.0.255. and the local network mask is the mask which is applied to produce the range.0.0.0.0.255 128.2 Command Reference Table 2 IP Local Networks Menu Options (/cfg/l3/frwd/local) Command Syntax and Usage add <local network address> <local network mask> Adds a definition for a local network.255.255.0.0. you could configure the parameters as shown in the examples in the following table.255.0.0.255.0. To limit the route cache to your local hosts. Chapter 6: The Configuration Menu 320506-A. The /cfg/l3/frwd/local/add parameters define a range of addresses that will be cached on the Nortel Application Switch.0.0 205.0.0 .0.127. rem <local network address> <local network mask> Removes a definition for a local network. For details.0.0.205.255.32. The local network address is used to define the base IP address in the range which will be cached.0 through 255.0 NOTE – All addresses that fall outside the defined range are forwarded to the default gateway. January 2006 351 .0 .255.255. the local network address and mask are both set to 0. This produces a range that includes all Internet addresses for route caching: 0. To determine if a route should be added to the memory cache.0.0.0 255. By default. Addresses to be cached are subnets that are directly connected and for which there is an interface configured on the Nortel Application Switch.0 . the destination address is masked (bitwise and) with the local network mask and checked against the local network address.0.32.255 Address 0.Nortel Application Switch Operating System 23.

255.0.Enable Network Filter disable .44)> Sets the starting IP address for this filter.0. enable Enables the Network Filter configuration. For Border Gateway Protocol (BGP). disable Disables the Network Filter configuration. The default value is 0.255. disabled 352 Chapter 6: The Configuration Menu 320506-A.0.0. January 2006 .Display current Network Filter configuration Table 6-69 IP Network Filter Menu Options (/cfg/l3/nwf) Command Syntax and Usage addr <IP address (such as.0.2 Command Reference /cfg/l3/nwf Network Filter Configuration [IP Network Filter 1 Menu] addr .IP Subnet mask enable .0. cur Displays the current the Network Filter configuration.0.0. For example: Current Network Filter 1: addr 0. delete Deletes the Network Filter configuration.0.0.0.255.0)> | <IP6 mask prefix len (eg.IP Address mask .4.Disable Network Filter delete . 64)> Sets the IP subnet mask that is used with /cfg/l3/nwf/addr to define the range of IP addresses that will be accepted by the peer when the filter is enabled. mask <IP4 subnet mask (such as. then assign the route map to the peer.Delete Network Filter cur .0. mask 0. assign the network filter to a route map.0.Nortel Application Switch Operating System 23.17. 192. The default address is 0.

Chapter 6: The Configuration Menu 320506-A. One to three path preferences can be configured. For more information. NOTE – The map number (1-32) represents the routing map you wish to configure. [IP Route Map alist aspath ap lp metric type prec weight enable disable delete cur 1 Menu] Access List number AS Filter Menu Set as-path prepend of the matched route Set local-preference of the matched route Set metric of the matched route Set OSPF metric-type of the matched route Set the precedence of this route map Set weight of the matched route Enable route map Disable route map Delete route map Display current route map configuration Table 6-70 Routing Map Menu Options (/cfg/l3/rmap) Command Syntax and Usage alist <number (1-8)> Displays the Access List menu. ap <AS number> [<AS number>] [<AS number>]|none Sets the AS path preference of the matched route. January 2006 353 . The path with the higher preference is preferred. lp <(value 0-4294967294)>|none Sets the local preference of the matched route. For more information. see page 355.Nortel Application Switch Operating System 23.2 Command Reference /cfg/l3/rmap <route map number> Route Map Configuration Menu Route maps control and modify routing information. which affects both inbound and outbound directions. metric <(value 0-4294967294)>|none Sets the metric of the matched route. aspath <number (1-8)> Displays the Autonomous System (AS) Filter menu. see page 356.0.

January 2006 . delete Deletes the route map. Type 2 routes have more cost than Type 2.2 Command Reference Table 6-70 Routing Map Menu Options (/cfg/l3/rmap) (Continued) Command Syntax and Usage type <value (1|2)>|none Assigns the type of OSPF metric. prec <value (1-255)> Sets the precedence of the route map. cur Displays the current route configuration. disable Disables the route map. none—Removes the OSPF metric. The default is type 1. The smaller the value.0. weight <value (0-65534)>|none Sets the weight of the route map. Default value is 10.Nortel Application Switch Operating System 23. 354 Chapter 6: The Configuration Menu 320506-A. Type 1—External routes are calculated using both internal and external metrics. Type 2—External routes are calculated using only the external metrics. enable Enables the route map. the higher the precedence.

metric <(1-4294967294)>|none Sets the metric value in the AS-External (ASE) LSA.2 Command Reference /cfg/l3/rmap <route map number/alist <access list number> IP Access List Configuration Menu NOTE – The route map number (1-32) and the access list number (1-8) represent the IP access list you wish to configure. [IP Access List nwf metric action enable disable delete cur 1 Menu] Network Filter number Metric Set Network Filter action Enable Access List Disable Access List Delete Access List Display current Access List configuration Table 6-71 IP Access List Menu Options (/cfg/l3/rmap/alist) Command Syntax and Usage nwf <network filter number (1-256)> Sets the network filter number. enable Enables the access list. disable Disables the access list. January 2006 355 . Chapter 6: The Configuration Menu 320506-A.0. cur Displays the current Access List configuration. action permit|deny or p|d Permits or denies action for the access list. See “/cfg/l3/nwf” on page 352 for details.Nortel Application Switch Operating System 23. delete Deletes the access list.

January 2006 .Disable AS Filter delete . action permit|deny or p|d Permits or denies Autonomous System filter action.0.Nortel Application Switch Operating System 23.Set AS Filter action enable . [AS Filter 1 Menu] as .Delete AS Filter cur .Display current AS Filter configuration Table 6-72 AS Filter Menu Options (/cfg/l3/rmap/aspath) Command Syntax and Usage as <AS number (1-65535)> Sets the Autonomous System filter’s path number. enable Enables the Autonomous System filter.AS number action .2 Command Reference /cfg/l3/rmap <route map number> aspath <autonomous system path> Autonomous System Filter Path NOTE – The rmap number (1-32) and the path number (1-8) represent the AS path you wish to configure. disable Disables the Autonomous System filter. delete Deletes the Autonomous System filter. cur Displays the current Autonomous System filter configuration. 356 Chapter 6: The Configuration Menu 320506-A.Enable AS Filter disable .

the route is finally removed from the routing table. See page 359.Enable/disable vip advertisement statc . This update contains known networks and the distances (hop count) associated with each one. For RIP2.0.2 Command Reference /cfg/l3/rip Routing Information Protocol Configuration The Routing Information Protocol (RIP) is an interior gateway protocol (IGP). It is set at 30 seconds by default. mask information is sent.Globally turn RIP ON off . Upon expiration of the timeout timer. The menu below is used for configuring globally Routing Information Protocol parameters. January 2006 357 . The timeout timer is set for 180 seconds and the garbage-collection timer is set for 120 seconds by default. no mask information is exchanged.Set update period in seconds vip . The distance or hop count is used as the metric to determine the best path to a remote network or host where the hop count does not exceed 15 hops assuming a cost of one for each network. For RIP1. RIP is one of a class of algorithms known as distance vector algorithms. the route is no longer valid but it is retained in the routing table for a short time so that neighbors can be notified that the route has been dropped. RIP uses broadcast User Datagram protocol (UDP) data packets to exchange routing information.RIP Interface Menu update .Globally turn RIP OFF current .Display current RIP configuration Table 6-73 Routing Information Protocol Menu (/cfg/l3/rip) Command Syntax and Usage if <Interface Number (1-256)> Go to the RIP Interface menu. Upon expiration of the garbage-collection timer. Chapter 6: The Configuration Menu 320506-A.Enable/disable static routes advertisement on . [Routing Information Protocol Menu] if . There are two timers associated with each route: a timeout and garbage-collection timer. update <update period (1-120 seconds)> Sets the RIP update period in seconds. the natural mask is always applied by the router receiving the update. The Routing Information Protocol is turned off by default. RIP sends routing information updates every 30 seconds.Nortel Application Switch Operating System 23.

it will always be advertised except when it is included in another network route that is already being advertised. off Globally turns RIP OFF. on Globally turns RIP ON. statc disable|enable Enables or disables the advertisement of static routes. If a VIP route exists in a routing table. and will not be advertised. 358 Chapter 6: The Configuration Menu 320506-A.Nortel Application Switch Operating System 23.2 Command Reference Table 6-73 Routing Information Protocol Menu (/cfg/l3/rip) Command Syntax and Usage vip disable|enable Enables or disables the advertisement of virtual IP addresses as Host Routes. the route gets removed from the routing table. the VIP route does not get eliminated from the routing table. January 2006 . Note: If all real servers behind a VIP go down.0. If we disable all the real servers using operation command. and the switch will continue to advertise the route. cur Displays the current RIP configuration.

Enable/disable listening to route updates poison .2 Command Reference /cfg/l3/rip/if RIP Interface Menu [RIP Interface 1 Menu] version .Enable/disable triggered updates mcast .Set authentication key enable .Set default route action metric . the switch stores routing information from other routers.Nortel Application Switch Operating System 23. auth none|password Set the type of authentication. The default value is 1.0. the switch uses split horizon only. The default is disabled. When enabled. default none|listen|supply|both Set the default route action. the switch supplies routes to other routers.Enable/disable supplying route updates listen . listen disable|enable When enabled. The default value is none.Set RIP version supply . the switch uses split horizon with poisoned reverse. poison disable|enable When enabled. metric <value [1-15]> Set metric value for this RIP interface. When disabled.Enable interface disable . This is enabled by default. The default is enabled. The default action is none.Display current RIP interface configuration Table 6-74 RIP Menu Options Command Syntax and Usage version 1|2|both Set the RIP version.Set metric auth .Set authentication type key . mcast disable|enable Enable or disable triggered updates. January 2006 359 . The default value is none. The default value is 2.Enable/disable multicast updates default . supply disable|enable Enables or disables supplying route updates.Disable interface current . key <key|none (to remove existing key value)> Set the authentication key. Chapter 6: The Configuration Menu 320506-A. The default is enabled.Enable/disable poisoned reverse trigg .

disable Disable the interface.2 Command Reference Table 6-74 RIP Menu Options Command Syntax and Usage enable Enable the interface. 360 Chapter 6: The Configuration Menu 320506-A.Nortel Application Switch Operating System 23.0. January 2006 . current Displays current values of all objects settable from this menu.

Set the LSDB limit for external LSA default . The AS can be divided into smaller logical units known as areas. All other areas in the AS must be connected to the backbone.Display current OSPF configuration Table 6-75 OSPF Configuration Menu Options (/cfg/l3/ospf) Command Syntax and Usage aindex <area index (0-2)> Displays the area index menu.2 Command Reference /cfg/l3/ospf Open Shortest Path First Configuration Nortel Application Switch Operating System supports the Open Shortest Path First (OSPF) routing protocol. The backbone acts as the central OSPF area. See page 367 to view menu options. range <range number (1-16)> Displays summary routes menu for up to 16 IP addresses.OSPF MD5 Key Menu host . refer to your Nortel Application Switch Operating System Application Guide. [Open Shortest Path First Menu] aindex . virt <virtual link (1-3)> Displays the Virtual Links menu used to configure OSPF for a Virtual Link. Chapter 6: The Configuration Menu 320506-A. OSPF is designed for routing traffic within a single IP domain called an Autonomous System (AS). if <interface number (1-255)> Displays the OSPF interface configuration menu.Globally turn OSPF ON off . The Nortel Application Switch Operating System implementation conforms to the OSPF version 2 specifications detailed in Internet RFC 1583.OSPF Summary Range Menu if . which then distributes it to other areas as needed. In any AS with multiple areas. See page 364 to view menu options. known as the backbone. This area index does not represent the actual OSPF area number. Areas inject summary routing information into the backbone.OSPF Host Entry Menu redist . See page 363 to view menu options.OSPF Virtual Links Menu md5key .OSPF Area (index) Menu range .0.Nortel Application Switch Operating System 23.OSPF Interface Menu virt .Globally turn OSPF OFF cur . For more information on how to configure OSPF on the switch.OSPF Route Redistribute Menu lsdb . one area must be designated as area 0.Export default route information on . January 2006 361 . See page 365 to view menu options.

Host routes are used for advertising network device IP addresses to external networks to perform server load balancing within OSPF. Up to 128 host routes can be configured. See page 369 to view menu options. redist <fixed|static|rip|ebgp|ibgp> Displays Route Distribution Menu See page 370 to view menu options. 0 for no limit)> Sets the link state database limit. See host <host entry number (1-128)> Displays the menu for configuring OSPF for the host routes. 362 Chapter 6: The Configuration Menu 320506-A.Nortel Application Switch Operating System 23. January 2006 .2 Command Reference Table 6-75 OSPF Configuration Menu Options (/cfg/l3/ospf) Command Syntax and Usage md5key <key ID (1-255)> Assigns a string to MD5 authentication key.0. Use none for no default. It also makes Area Border Route (ABR) load sharing and ABR failover possible. default <metric (1-16777215)> <metric-type 1|2>|none Sets one default route among multiple choices in an area. on Enables OSPF on the Nortel Application Switch. cur Displays the current OSPF configuration settings. lsdb <LSDB limit (0-2000. off Disables OSPF on the Nortel Application Switch.

Set stub area metric auth . Transit area: allows area summary information to be exchanged between routing devices. Any area that is not a stub area or NSSA is considered to be transit area. routes originating from within the NSSA can be propagated to adjacent transit and backbone areas. All routes received via that stub area carry the configured metric to potentially influencing routing decisions. 192. January 2006 363 .17.Nortel Application Switch Operating System 23.Disable area delete .101)> Defines the IP address of the OSPF area number. NSSA: Not-So-Stubby Area (NSSA) is similar to stub area with additional capabilities. auth none|password|md5 None: No authentication required.Set authentication type spf .Delete area cur . For example. Metric type determines the method for influencing routing decisions for external routes. a stub area is connected to only one other area. MD5: This parameter is used when MD5 cryptographic authentication is required. For example.2 Command Reference /cfg/l3/ospf/aindex Area Index Configuration Menu [OSPF Area (index) 1 Menu] areaid . type transit|stub|nssa Defines the type of area. Metric value assigns the priority for choosing the switch for default route. when a virtual link has to be established with the backbone. Password: Authenticates simple passwords so that only trusted routing devices can participate. Stub area: is an area where external routing information is not distributed. the area type must be defined as transit. Typically.4. External routes from outside the Autonomous System (AS) can be advertised within the NSSA but are not distributed into other areas.Enable area disable .Display current OSPF area configuration Table 6-76 Area Index Configuration Menu Options (/cfg/l3/ospf/aindex) Command Syntax and Usage areaid <IP address (such as.Set area ID type . metric <metric value (1-65535)> Configures a stub area to send a numeric metric value. Chapter 6: The Configuration Menu 320506-A.Set area type metric .Set time interval between two SPF calculations enable .0.

Nortel Application Switch Operating System 23.Enable/disable hide range .0. cur Displays the current OSPF configuration. delete Deletes the OSPF area. January 2006 .Disable range .4. 192.Set IP address .Set area index .17.Display current OSPF summary range configuration Table 6-77 OSPF Summary Range Configuration Menu Options (/cfg/l3/ospf/range) Command Syntax and Usage addr <IP Address (such as. aindex <area index [0-2]> Displays the area index used by the Nortel Application Switch. 364 Chapter 6: The Configuration Menu 320506-A.17.Set IP mask .4.Delete range . mask <IP address (such as. 192.101> Displays the IP address mask for the range. enable Enables the OSPF area.101)> Displays the base IP address for the range.Enable range . /cfg/l3/ospf/range OSPF Summary Range Configuration Menu [OSPF Summary addr mask aindex hide enable disable delete cur Range 1 Menu] . disable Disables the OSPF area.2 Command Reference Table 6-76 Area Index Configuration Menu Options (/cfg/l3/ospf/aindex) Command Syntax and Usage spf <interval (0-255)> Sets time interval between two successive SPF (shortest path first) calculations of the shortest path tree using the Dijkstra’s algorithm.

2 Command Reference Table 6-77 OSPF Summary Range Configuration Menu Options (/cfg/l3/ospf/range) Command Syntax and Usage hide disable|enable Hides the OSPF summary range.Nortel Application Switch Operating System 23. disable Disables the OSPF summary range. January 2006 365 . enable Enables the OSPF summary range. cur Displays the current OSPF summary range. delete Deletes the OSPF summary range.0. /cfg/l3/ospf/if OSPF Interface Configuration Menu [OSPF Interface aindex prio cost hello dead trans retra key mdkey enable disable delete cur 1 Menu] Set area index Set interface router priority Set interface cost Set hello interval in seconds Set dead interval in seconds Set transit delay in seconds Set retransmit interval in seconds Set authentication key Set MD5 key ID Enable interface Disable interface Delete interface Display current OSPF interface configuration Chapter 6: The Configuration Menu 320506-A.

retra <value (0-3600)> Displays the retransmit interval in seconds. A priority value of 0 specifies that the interface cannot be used as Designated Router (DR) or Backup Designated Router (BDR). key <key>|none Sets the authentication key to clear the password. dead <value (1-65535)> Displays the health parameters of a hello packet.2 Command Reference Table 6-78 OSPF Interface Configuration Menu Options (/cfg/l3/ospf/if) Command Syntax and Usage aindex <area index (0-2)> Displays the OSPF area index. disable Disables OSPF interface. mdkey <key ID (1-255)>|none Assigns an MD5 key to the interface.Nortel Application Switch Operating System 23.0. enable Enables OSPF interface. cur Displays the current settings for OSPF interface. prio <priority value (0-255)> Displays the assigned priority value to the Nortel Application Switch’s OSPF interfaces. (A priority value of 127 is the highest and 1 is the lowest. which is set for an interval of seconds before declaring a silent router to be down. Low cost indicates high bandwidth. January 2006 . trans <value (0-3600)> Displays the transit delay in seconds. hello <value (1-65535)> Displays the interval in seconds between the hello packets for the interfaces. Usually the cost is inversely proportional to the bandwidth of the interface.) cost <cost value (1-65535)> Displays cost set for the selected path—preferred or backup. delete Deletes OSPF interface. 366 Chapter 6: The Configuration Menu 320506-A.

Set router ID of virtual neighbor .Set transit delay in seconds . Default is none.Set area index .0. Default is 0.Set retransmit interval in seconds . Default is one seconds.0.2 Command Reference /cfg/l3/ospf/virt OSPF Virtual Link Configuration Menu [OSPF Virtual aindex hello dead trans retra nbr key mdkey enable disable delete cur Link 1 Menu] . January 2006 367 . key <key>|none Displays the password (up to eight characters) for each virtual link.0. nbr <nbr router ID (IP address)> Displays the router ID of the virtual neighbor. dead <value (1-65535)> Displays the health parameters of a hello packet.0. Default is 40 seconds.Delete interface . Default is none.Nortel Application Switch Operating System 23.Set hello interval in seconds . which is set to be in an interval of seconds. Chapter 6: The Configuration Menu 320506-A.Enable interface .Disable interface .Set authentication key . which is set to be in an interval of seconds.Display current OSPF interface configuration Table 6-79 OSPF Virtual Link Configuration Menu Options (/cfg/l3/ospf/virt) Command Syntax and Usage aindex <area index (0-2)> Displays the OSPF area index. hello <value (1-65535)> Displays the authentication parameters of a hello packet. mdkey <key ID (1-255)>|none Sets MD5 key ID for each virtual link. retra <value (1-3600)> Displays the retransmit interval in seconds. trans <value (1-3600)> Displays the delay in transit in seconds.Set MD5 key ID .Set dead interval in seconds . Default is five seconds.

up to 16 chars> Sets the authentication key up to 16 characters for this OSPF packet.0. 368 Chapter 6: The Configuration Menu 320506-A. delete Deletes the authentication key for this OSPF packet.Nortel Application Switch Operating System 23. January 2006 . disable Disables OSPF virtual link. /cfg/l3/ospf/md5key OSPF MD5 Key Configuration Menu [OSPF MD5 Key key delete cur 1 Menu] Set authentication key Delete key Display current MD5 key configuration Table 6-80 OSPF MD5 Key Configuration Menu Options (/cfg/l3/ospf/md5key) Command Syntax and Usage key <key.2 Command Reference Table 6-79 OSPF Virtual Link Configuration Menu Options (/cfg/l3/ospf/virt) Command Syntax and Usage enable Enables OSPF virtual link. cur Displays the current MD5 key configuration. cur Displays the current OSPF virtual link settings. delete Deletes OSPF virtual link.

cur Displays the current OSPF host entries.Delete host entry cur .Set host entry IP address aindex .Set cost of this host entry enable . aindex <area index [0-2]> Displays the area index of the host. enable Enables OSPF host entry. January 2006 369 . 192.Nortel Application Switch Operating System 23.0.4.2 Command Reference /cfg/l3/ospf/host OSPF Host Entry Configuration Menu [OSPF Host Entry 1 Menu] addr .101)> Displays the base IP address for the host entry. Chapter 6: The Configuration Menu 320506-A.Display current OSPF host entry configuration Table 6-81 OSPF Host Entry Configuration Menu Options (/cfg/l3/ospf/host) Command Syntax and Usage addr <IP address (such as.17. disable Disables OSPF host entry. delete Deletes OSPF host entry. cost <cost value [1-65535]> Displays the cost value of the host.Disable host entry delete .Set area index cost .Enable host entry disable .

To add all the 32 route maps.0.Export all routes of this protocol cur . The routes of the redistribution protocol matched by the route maps in the route redistribution list will be redistributed.Display current route-maps added Table 6-82 OSPF Route Redistribution Menu Options (/cfg/l3/ospf/redist) Command Syntax and Usage add (<route map (1-32)> <route map (1-32)>)|all Adds selected routing maps to the rmap list. To remove specific route maps. This option adds a route map to the route redistribution list. To remove a previous configuration and stop exporting the routes of the protocol.2 Command Reference /cfg/l3/ospf/redist <fixed|static|rip|ebgp|ibgp> OSPF Route Redistribution Configuration Menu. enter routing map numbers one per line.Remove rmap from route redistribution list export .. export <metric (1-16777215)><metric type (1|2)> |none Exports the routes of this protocol as external OSPF AS-external LSAs in which the metric and metric type are specified.Add rmap into route redistribution list rem . Removes routing maps from the rmap list. rem (<route map (1-32)> <route map (1-32)>) . 370 Chapter 6: The Configuration Menu 320506-A. enter routing map numbers one per line. enter none. To remove all 32 route maps. To add specific route maps. enter all. cur Displays the current route map settings. NULL at end.Nortel Application Switch Operating System 23. NULL at the end. |all Removes the route map from the route redistribution list. [OSPF Redistribute Fixed Menu] add .. enter all. January 2006 .

[Border Gateway peer aggr as maxpath pref on off cur Protocol Menu] Peer menu Aggregation menu Set Autonomous System (AS) number Set Max AS Path Length Set Local Preference Globally turn BGP ON Globally turn BGP OFF Display current BGP configuration NOTE – Fixed routes are subnet routes. Chapter 6: The Configuration Menu 320506-A.Nortel Application Switch Operating System 23. When run between different autonomous systems. When run within an autonomous system. fixed routes and virtual server IP addresses with other internal and external routers.2 Command Reference /cfg/l3/bgp Border Gateway Protocol Configuration Border Gateway Protocol (BGP) is an Internet protocol that enables routers on a network to share routing information with each other and advertise information about the segments of the IP address space they can access within their network with routers on external networks. To view menu options. exchanges routing information with routers on other external networks. The BGP Menu enables you to configure the switch to receive routes and to advertise static routes. BGP is defined in RFC 1771. rather than simply setting a default route from your border router(s) to your upstream provider(s). within an autonomous system. see page 373. it is called internal BGP (iBGP). Each border router. BGP is turned off by default. BGP allows you to decide what is the “best” route for a packet to take from your network to a destination on another network. To view menu options.0. There is one fixed route per IP interface. Table 6-83 Border Gateway Protocol Menu (/cfg/l3/bgp) Command Syntax and Usage peer <peer number (1-16)> Displays the menu used to configure each BGP peer. it is called external BGP (eBGP). You can configure BGP either within an autonomous system or between different autonomous systems. January 2006 371 . aggr <aggregate number (1-16)> Displays the Aggregation Menu. see page 377.

The default value is 50. maxpath <max AS path length (1-127)> This command limits the maximum length of an accepted AS Path.2 Command Reference Table 6-83 Border Gateway Protocol Menu (/cfg/l3/bgp) Command Syntax and Usage as <autonomous system number (1-65535)> Sets Autonomous System Number for this autonomous system. cur Displays the current BGP configuration. When multiple peers advertise the same route. 372 Chapter 6: The Configuration Menu 320506-A. Paths greater than this value will be ignored. The command is designed to protect the MP CPU.Nortel Application Switch Operating System 23. or a business division). a business enterprise. The path with the higher value is preferred. use the route with the shortest AS path as the preferred route if you are using eBGP. An autonomous system is assigned a globally unique number called an Autonomous System Number (ASN). An autonomous system shares routing information with other autonomous systems using the Border Gateway Protocol (BGP). memory resources and routing table from BGP-based attacks. January 2006 . on Globally turns BGP on. pref <preference (0-4294967294)> Sets the local preference.0. either a single network or a group of networks that is controlled by a common network administrator on behalf of an administrative entity (such as a university. off Globally turns BGP off. An autonomous system (AS) is the unit of router policy. BGP errors and probes designed to locate BGP speaking devices that do not limit the maximum AS Path. or use the local preference if you are using iBGP.

Set remote autonomous system number hold .101)> Defines the IP address for the specified peer (border router). Table 6-84 BGP Peer Configuration Options (/cfg/l3/bgp/peer) Command Syntax and Usage redist Displays BGP Redistribution Menu. It is set at 0 by default.Delete peer cur .0.Disable peer delete . 1-21845)> Sets the keep-alive time for the specified peer in seconds. that will elapse before the peer session is torn down because the switch hasn’t received a “keep alive” message from the peer. The peer option is disabled by default. Chapter 6: The Configuration Menu 320506-A. in seconds.Redistribution menu addr .Set min time between route originations ttl . addr <IP address (such as.Remove rmap from in-rmap list remo . ras <AS number (0-65535)> Sets the remote autonomous system number for the specified peer. It is set at 90 seconds by default.0.Add rmap into out-rmap list remi . see page 375.Nortel Application Switch Operating System 23. 192.0. which are border routers that exchange routing information with routers on internal and external networks. The default address is 0.2 Command Reference /cfg/l3/bgp/peer <peer number> BGP Peer Configuration Menu [BGP Peer 1 Menu] redist . alive <keepalive time (0.Set remote IP address ras .Set hold time alive .Set min time between advertisements retry .Add rmap into in-rmap list addo .17.Remove rmap from out-rmap list enable . 3-65535)> Sets the period of time. hold <hold time (0. To view the menu options.Display current peer configuration This menu is used to configure BGP peers.Enable peer disable .Set time-to-live of IP datagrams addi .Set keep alive time advert .Set connect retry interval orig .4. using dotted decimal notation.0. January 2006 373 .

del Deletes this peer configuration. would cause the packet to be discarded. which allow BGP peers to talk across a routed network. TTL specifies a certain time span in seconds that.Nortel Application Switch Operating System 23. This value is used to restrict the number of “hops” the advertisement makes. It is also used to support multi-hops.2 Command Reference Table 6-84 BGP Peer Configuration Options (/cfg/l3/bgp/peer) Command Syntax and Usage advert <min adv time (1-65535)> Sets time in seconds between advertisements. addi <route map ID (1-32)> Adds route map into in-route map list. addo <route map ID (1-32)> Adds route map into out-route map list. remi <route map ID (1-32)> Removes route map from in-route map list. remo <route map ID (1-32)> Removes route map from out-route map list. orig <min orig time (1-65535)> Sets the minimum time between route originations in seconds. This command specifies the number of router hops that the IP packet can make. The TTL is determined by the number of router hops the packet is allowed before it must be discarded. 374 Chapter 6: The Configuration Menu 320506-A. cur Displays the current BGP peer configuration. ttl <number of router hops (1-255)> Time-to-live (TTL) is a value in an IP packet that tells a network router whether or not the packet has been in the network too long and should be discarded. The default number is set at 1. January 2006 .0. dis Disables this peer configuration. when exhausted. ena Enables this peer configuration. retry <connect retry interval (1-65535)> Sets connection retry interval in seconds.

Originate: The switch sends a default route to peers even though it does not have any default routes in its routing table. None: No routes are configured Import: Import these routes. rip disable|enable Enables or disables advertising RIP routes ospf disable|enable Enables or disables advertising OSPF routes. if the routes are learned from a certain routing protocol. January 2006 375 . redistribute.Nortel Application Switch Operating System 23. Defaults routes can be configured as import. fixed disable|enable Enables or disables advertising fixed routes. Similarly. default none|import|originate|redistribute Sets default route action.0. static disable|enable Enables or disables advertising static routes. you have to enable static routes since the routes from default gateway are static routes. or none.2 Command Reference /cfg/l3/bgp/peer/redist BGP Redistribution Configuration Menu [Redistribution metric default rip ospf fixed static vip cur Menu] Set default-metric of advertised routes Set default route action Enable/disable advertising RIP routes Enable/disable advertising OSPF routes Enable/disable advertising fixed routes Enable/disable advertising static routes Enable/disable advertising VIP routes Display current redistribution configuration Table 6-85 BGP Redistribution Configuration Menu Options (/cfg/l3/bgp/peer/redist) Command Syntax and Usage metric <metric (1-4294967294)>|none Sets default metric of advertised routes. If the routes are learned from default gateway configuration. Chapter 6: The Configuration Menu 320506-A. you have to enable that protocol in this redistribute submenu. Redistribute: Default routes are either configured through default gateway or learned through other protocols and redistributed to peer. originate.

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-85 BGP Redistribution Configuration Menu Options (/cfg/l3/bgp/peer/redist)
Command Syntax and Usage vip disable|enable Enables or disables advertising VIP routes. cur Displays the current redistribution configuration.

376

Chapter 6: The Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/bgp/aggr <aggregate number>
BGP Aggregate Routing Configuration Menu
NOTE – The aggregate number (1-16) represents the aggregation route you wish to configure.
[BGP Aggr 1 Menu] addr - Set aggregation IP address mask - Set aggregation network mask enable - Enable aggregation disable - Disable aggregation delete - Delete aggregation current - Display current aggregation configuration

This menu allows you to configure aggregate routing to condense the number of routes between internal and external peer routers. Table 6-86 BGP Aggregate Menu Options (/cfg/l3/ip/bgp/aggr)
Command Syntax and Usage addr <IP address, such as 192.4.17.101> Adds the IP address to the selected aggregate. mask <IP subnet mask, such as 255.255.255.0> Sets the IP mask for the selected aggregate. enable Enables the selected aggregate. disable Disables the selected aggregate. delete Deletes the selected aggregate. current Displays the current aggregate configuration.

Chapter 6: The Configuration Menu
320506-A, January 2006

377

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/port <port number>
IP Forwarding Port Configuration Menu
[IP Forwarding Port 1 Menu] on - Turn Forwarding ON off - Turn Forwarding OFF cur - Display current port configuration

The Layer 3 Port Menu allows you to turn IP forwarding on or off on a port-by-port basis. By default, the port forwarding option is turned on. Table 6-87 IP Forwarding Port Configuration Menu Options (/cfg/l3/port)
Command Syntax and Usage on Enables IP forwarding for the current port. off Disables IP forwarding for the current port. cur Displays the current IP forwarding settings.

378

Chapter 6: The Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/dns
Domain Name System Configuration Menu
[Domain Name System Menu] prima - Set IP address of primary DNS server secon - Set IP address of secondary DNS server dname - Set default domain name cur - Display current DNS configuration

The Domain Name System (DNS) Menu is used for defining the primary and secondary DNS servers on your local network, and for setting the default domain name served by the switch services. DNS parameters must be configured prior to using hostname parameters with the ping, traceroute, and tftp commands. Table 6-88 Domain Name System Menu Options (/cfg/l3/dns)
Command Syntax and Usage prima <IP address (such as, 192.4.17.101)> You will be prompted to set the IP address for your primary DNS server. Use dotted decimal notation. secon <IP address (such as, 192.4.17.101)> You will be prompted to set the IP address for your secondary DNS server. If the primary DNS server fails, the configured secondary will be used instead. Enter the IP address using dotted decimal notation. dname <dotted DNS notation>|none Sets the default domain name used by the switch. For example: mycompany.com cur Displays the current Domain Name System settings.

Chapter 6: The Configuration Menu
320506-A, January 2006

379

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/bootp
Bootstrap Protocol Relay Configuration Menu
[Bootstrap Protocol Relay Menu] addr - Set IP address of BOOTP server addr2 - Set IP address of second BOOTP server on - Globally turn BOOTP relay ON off - Globally turn BOOTP relay OFF cur - Display current BOOTP relay configuration

The Bootstrap Protocol (BOOTP) Relay Menu is used to allow hosts to obtain their configurations from a Dynamic Host Configuration Protocol (DHCP) server. The BOOTP configuration enables the switch to forward a client request for an IP address to two DHCP/BOOTP servers with IP addresses that have been configured on the Nortel Application Switch. BOOTP relay menu is turned off by default. Table 6-89 Bootstrap Protocol Relay Configuration Menu Options (/cfg/l3/bootp)
Command Syntax and Usage addr <IP address (such as, 192.4.17.101)> Sets the IP address of the BOOTP server. addr2 <IP address (such as, 192.4.17.101)> Sets the IP address of the second BOOTP server. on Globally turns on BOOTP relay. off Globally turns off BOOTP relay. cur Displays the current BOOTP relay configuration.

380

Chapter 6: The Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/vrrp
VRRP Configuration Menu
[Virtual Router vr vrgroup group if track hotstan on off holdoff cur Redundancy Protocol Menu] VRRP Virtual Router Menu VRRP Virtual Router Vrgroup Menu VRRP Virtual Router Group Menu VRRP Interface Menu VRRP Priority Tracking Menu Enable/disable hot-standby processing Globally turn VRRP ON Globally turn VRRP OFF Globally VRRP hold off time Display current VRRP configuration

Virtual Router Redundancy Protocol (VRRP) support on Nortel Application Switch provides redundancy between routers in a LAN. This is accomplished by configuring the same virtual router IP address and ID number on each participating VRRP-capable routing device. One of the virtual routers is then elected as the master, based on a number of priority criteria, and assumes control of the shared virtual router IP address. If the master fails, one of the backup virtual routers will assume routing authority and take control of the virtual router IP address. By default, VRRP is disabled. Nortel Application Switch Operating System has extended VRRP to include virtual servers as well, allowing for full active/active redundancy between its Layer 4 switches.For more information on VRRP, see the “High Availability” chapter in your Nortel Application Switch Operating System 23.0.2 Application Guide. Table 6-90 Virtual Router Redundancy Protocol Options (/cfg/l3/vrrp)
Command Syntax and Usage vr <virtual router number (1-1024)> Displays the VRRP Virtual Router Menu. This menu is used for configuring up to 1024 virtual routers on this switch. To view menu options, see page 383. vrgroup <virtual router vrgroup number (1-16)> Displays VR Group Menu. To view menu options, see page 387. group Displays the VRRP virtual router group menu, used to combine all virtual routers together as one logical entity. Group options must be configured when using two or more Nortel Application Switches in a hot-standby failover configuration where only one switch is active at any given time. To view menu options, see page 390.

Chapter 6: The Configuration Menu
320506-A, January 2006

381

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-90 Virtual Router Redundancy Protocol Options (/cfg/l3/vrrp)
Command Syntax and Usage if <interface number (1-255)> Displays the VRRP Virtual Router Interface Menu. To view menu options, see page 394. track Displays the VRRP Tracking Menu. This menu is used for weighting the criteria used when modifying priority levels in the master router election process. To view menu options, see page 395. hotstan disable|enable Enables or disables hot standby processing, in which two or more switches provide redundancy for each other. By default, this option is disabled. on Globally enables VRRP on this switch. off Globally disables VRRP on this switch. holdoff <0-255 seconds> Globally suspends VRRP operation for the specified interval. cur Displays the current VRRP parameters.

382

Chapter 6: The Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/vrrp/vr <router number>
Virtual Router Configuration Menu
[VRRP Virtual track vrid addr if prio adver preem share ena dis del cur Router 1 Menu] - Priority Tracking Menu - Set virtual router ID - Set IP address - Set interface number - Set renter priority - Set advertisement interval - Enable or disable preemption - Enable or disable sharing - Enable virtual router - Disable virtual router - Delete virtual router - Display current VRRP virtual router configuration

This menu is used for configuring up to 256 virtual routers for this switch. A virtual router is defined by its virtual router ID and an IP address. On each VRRP-capable routing device participating in redundancy for this virtual router, a virtual router will be configured to share the same virtual router ID and IP address. Virtual routers are disabled by default. Table 6-91 VRRP Virtual Router Options (/cfg/l3/vrrp/vr)
Command Syntax and Usage track Displays the VRRP Priority Tracking Menu for this virtual router. Tracking is Nortel’s proprietary extension to VRRP, used for modifying the standard priority system used for electing the master router. Tracking is not needed if sharing (share) is enabled. To view menu options, see page 385. vrid <virtual router ID (1-1024)> Defines the virtual router ID. This is used in conjunction with addr (below) to define a virtual router on this switch. To create a pool of VRRP-enabled routing devices which can provide redundancy to each other, each participating VRRP device must be configured with the same virtual router: one that shares the same vrid and addr combination. The vrid for standard virtual routers (where the virtual router IP address is not the same as any virtual server) can be any integer between 1 and 255. The default value is 1. The vrid of virtual server routers where the virtual router IP address is the same as the virtual server can be between 1 and 1024. All vrid values must be unique within the VLAN to which the virtual router’s IP interface belongs.

Chapter 6: The Configuration Menu
320506-A, January 2006

383

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-91 VRRP Virtual Router Options (/cfg/l3/vrrp/vr)
Command Syntax and Usage addr <IP address (such as, 192.4.17.101)> Defines the IP address for this virtual router using dotted decimal notation. This is used in conjunction with the vrid (above) to configure the same virtual router on each participating VRRP device. The default address is 0.0.0.0. if <interface number (1-256)> Selects a switch IP interface (between 1 and 256). If the IP interface has the same IP address as the addr option above, this switch is considered the “owner” of the defined virtual router. An owner has a special priority of 255 (highest) and will always assume the role of master router, even if it must preempt another virtual router which has assumed master routing authority. This preemption occurs even if the preem option below is disabled. The default value is 1. prio <priority (1-254)> Defines the election priority bias for this virtual server. This can be any integer between 1 and 254. The default value is 100. During the master router election process, the routing device with the highest virtual router priority number wins. If there is a tie, the device with the highest IP interface address wins. If this virtual router’s IP address (addr) is the same as the one used by the IP interface, the priority for this virtual router will automatically be set to 255 (highest). When priority tracking is used (/cfg/l3/vrrp/track or /cfg/l3/vrrp/vr #/track), this base priority value can be modified according to a number of performance and operational criteria. adver <seconds (1-255)> Defines the time interval between VRRP master advertisements. This can be any integer between 1 and 255 seconds. The default value is 1. preem disable|enable Enables or disables master preemption. When enabled, if this virtual router is in backup mode but has a higher priority than the current master, this virtual router will preempt the lower priority master and assume control. Note that even when preem is disabled, this virtual router will always preempt any other master if this switch is the owner (the IP interface address and virtual router addr are the same). By default, this option is enabled. share disable|enable Enables or disables virtual router sharing, an Nortel proprietary extension to VRRP. When enabled, this switch will process any traffic addressed to this virtual router, even when in backup mode. By default, this option is enabled. ena Enables this virtual router. dis Disables this virtual router. del Deletes this virtual router from the switch configuration.

384

Chapter 6: The Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-91 VRRP Virtual Router Options (/cfg/l3/vrrp/vr)
Command Syntax and Usage cur Displays the current configuration information for this virtual router.

/cfg/l3/vrrp/vr <router number>/track
Virtual Router Priority Tracking Configuration
[VRRP Virtual vrs ifs ports l4pts reals hsrp hsrv cur Router 1 Priority Tracking Menu] - Enable/disable tracking master virtual routers - Enable/disable tracking other interfaces - Enable/disable tracking VLAN switch ports - Enable/disable tracking L4 switch ports - Enable/disable tracking L4 real servers - Enable/disable tracking HSRP - Enable/disable tracking HSRP by VLAN - Display current VRRP virtual router configuration

This menu is used for modifying the priority system used when electing the master router from a pool of virtual routers. Various tracking criteria can be used to bias the election results. Each time one of the tracking criteria is met, the priority level for the virtual router is increased by an amount defined through the VRRP Tracking Menu (see page 395). Criteria are tracked dynamically, continuously updating virtual router priority levels when enabled. If the virtual router preemption option (see preem in Table 6-91 on page 383) is enabled, this virtual router can assume master routing authority when its priority level rises above that of the current master. Some tracking criteria (vrs, ifs, and ports below) apply to standard virtual routers, otherwise called “virtual interface routers.” Other tracking criteria (l4pts, reals, and hsrp) apply to “virtual server routers,” which perform Layer 4 Server Load Balancing functions. A virtual server router is defined as any virtual router whose IP address (addr) is the same as any configured virtual server IP address.

Chapter 6: The Configuration Menu
320506-A, January 2006

385

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-92 VRRP Priority Tracking Menu Options (/cfg/l3/vrrp/vr/track)
Command Syntax and Usage vrs disable|enable When enabled, the priority for this virtual router will be increased for each virtual router in master mode on this switch. This is useful for making sure that traffic for any particular client/server pairing are handled by the same switch, increasing routing and load balancing efficiency. This command is disabled by default. ifs disable|enable When enabled, the priority for this virtual router will be increased for each IP interface active on this switch. An IP interface is considered active when there is at least one active port on the same VLAN. This helps elect the virtual routers with the most available routes as the master. This command is disabled by default. ports disable|enable When enabled, the priority for this virtual router will be increased for each active port on the same VLAN. A port is considered “active” if it has a link and is forwarding traffic. This helps elect the virtual routers with the most available ports as the master. This command is disabled by default. l4pts disable|enable When enabled for virtual server routers, the priority for this virtual router will be increased for each physical switch port which has active Layer 4 processing on this switch. This helps elect the main Layer 4 switch as the master. This command is disabled by default. reals disable|enable When enabled for virtual server routers, the priority for this virtual router will be increased for each healthy real server behind the virtual server IP address of the same IP address as the virtual router on this switch. This helps elect the switch with the largest server pool as the master, increasing Layer 4 efficiency. This command is disabled by default. hsrp disable|enable Hot Standby Router Protocol (HSRP) is used with some types of routers for establishing router failover. In networks where HSRP is used, enable this switch option to increase the priority of this virtual router for each Layer 4 client-only port that receives HSRP advertisements. Enabling HSRP helps elect the switch closest to the master HSRP router as the master, optimizing routing efficiency. This command is disabled by default. hsrv disable|enable Hot Standby Router on VLAN (HSRV) is used to work in VLAN-tagged environments. Enable this switch option to increment only that vrrp instance that is on the same VLAN as the tagged hsrp master flagged packet. This command is disabled by default. cur Displays the current configuration for priority tracking for this virtual router.

386

Chapter 6: The Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/vrrp/vrgroup
Virtual Router Group Menu
This feature allows the failover of individual groups of VIRs and VSRs. When Web hosting is shared between two or more customers on a single VRRP switch, you can group VIRs and VSRs to serve the high availability of a specific customer. If failover occurs on a customer link, the group of VIRs and VSRs associated with that customer alone will fail over to the backup switch. The VIRs and VSRs configured for the other customers on the master switch are not affected. Up to 16 virtual router groups can be configured on the switch.
[VRRP Virtual Router Vrgroup 1 Menu] track - Priority Tracking Menu name - Set virtual router group name add - Add virtual router to group rem - Remove virtual router from group prio - Set priority for virtual router group trackvr - Set track virtual router for group adver - Set advertisement interval for group preem - Enable/disable preemption for group share - Enable/disable sharing for group ena - Enable virtual router group dis - Disable virtual router group del - Delete virtual router group cur - Display current VRRP virtual router group configuration

Table 6-93 Virtual Router Group Menu Options (/cfg/l3/vrrp/vrgroup)
Command Syntax and Usage track Displays VRRP priority tracking menu for this virtual router group. Tracking is Nortel’s proprietary extension to VRRP, used for modifying the standard priority system used for electing the master router. To view menu options, see page 388. name Defines virtual router group name up to eight characters. add <virtual router number (1-1024)> Adds a virtual router to the group. Each virtual router group can have up to 64 virtual routers. rem <virtual router number (1-1024)> Removes a virtual router from the group.

Chapter 6: The Configuration Menu
320506-A, January 2006

387

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-93 Virtual Router Group Menu Options (/cfg/l3/vrrp/vrgroup)
Command Syntax and Usage prio <1-254> Defines the election priority bias for this virtual router group. This can be any integer between 1 and 254. The default value is 100. During the master router election process, the routing device with the highest virtual router priority number wins. If there is a tie, the device with the highest IP interface address wins. If this virtual router’s IP address (addr) is the same as the one used by the IP interface, the priority for this virtual router will automatically be set to 255 (highest). When priority tracking is used (/cfg/l3/vrrp/vrgroup #/track), this base priority value can be modified according to a number of performance and operational criteria. trackvr <virtual router number (0-1024)> Set track virtual router for group adver <1-255 seconds> Set advertisement interval for group. preem disable|enable Enable/disable preemption for group. share disable|enable Enable/disable sharing for group. ena Enables the virtual router group. dis Disables the virtual router group. del Deletes the virtual router group. cur Displays the current VRRP virtual router group configuration.

/cfg/l3/vrrp/vrgroup <vrgroup number>/ track
Virtual Router Group Priority Tracking Configuration Menu

388

Chapter 6: The Configuration Menu
320506-A, January 2006

A port is considered “active” if it has a link and is forwarding traffic. reals disable|enable When enabled for virtual server routers. This helps elect the virtual routers with the most available routes as the master. This command is disabled by default.Nortel Application Switch Operating System 23. This helps elect the main Layer 4 switch as the master.2 Command Reference This menu is used for modifying the priority system used when electing the master router from a pool of virtual routers. the priority level for the virtual router is increased by an amount defined through the VRRP Tracking Menu (see page 395). This command is disabled by default. This command is disabled by default. This helps elect the switch with the largest server pool as the master. Chapter 6: The Configuration Menu 320506-A.0. the priority will be increased for each healthy real server behind the virtual server IP address of the same IP address as the virtual router on this virtual router group. Criteria are tracked dynamically. ports disable|enable When enabled. An IP interface is considered active when there is at least one active port on the same VLAN. Various tracking criteria can be used to bias the election results. the priority will be increased for each physical switch port which has active Layer 4 processing on this virtual router group. continuously updating virtual router priority levels when enabled. This helps elect the virtual routers with the most available ports as the master. January 2006 389 . Each time one of the tracking criteria is met. the priority will be increased for each IP interface active on this virtual router group. [VRRP Vrgroup ifs ports l4pts reals hsrp hsrv cur 1 Priority Tracking Menu] Enable/disable tracking interfaces Enable/disable tracking VLAN switch ports Enable/disable tracking L4 switch ports Enable/disable tracking L4 real servers Enable/disable tracking HSRP Enable/disable tracking HSRP by VLAN Display current VRRP vrgroup tracking configuration Table 6-94 Virtual Router Group Priority Tracking Menu Options (/cfg/l3/vrrp/vrgroup/track) Command Syntax and Usage ifs disable|enable When enabled. the priority will be increased for each active port on the VLAN on this virtual router group. This command is disabled by default. increasing Layer 4 efficiency. l4pts disable|enable When enabled for virtual server routers.

hsrv disable|enable Hot Standby Router on VLAN (HSRV) is used to work in VLAN-tagged environments. A virtual router is defined by its virtual router ID and an IP address. a virtual router will be configured to share the same virtual router ID and IP address. This command is disabled by default.Set advertisement interval . Enable this switch option to increment only that vrrp instance on the virtual router group that is on the same VLAN as the tagged hsrp master flagged packet. enable this switch option to increase the priority of this virtual router group for each Layer 4 client-only port that receives HSRP advertisements.Set interface number . In networks where HSRP is used. cur Displays the current configuration for priority tracking for this virtual router group.Enable or disable preemption . /cfg/l3/vrrp/group Virtual Router Group Configuration [VRRP Virtual track vrid if prio adver preem share ena dis del cur Router Group Menu] .Delete virtual router . which forces all virtual routers on the Nortel Application Switch to either be master or backup as a group.Display current VRRP virtual router configuration The Virtual Router Group menu is used for associating all virtual routers into a single logical virtual router.Enable virtual router . Enabling HSRP helps elect the switch closest to the master HSRP router as the master.2 Command Reference Table 6-94 Virtual Router Group Priority Tracking Menu Options (/cfg/l3/vrrp/vrgroup/track) Command Syntax and Usage hsrp disable|enable Hot Standby Router Protocol (HSRP) is used with some types of routers for establishing router failover.Enable or disable sharing .Nortel Application Switch Operating System 23. optimizing routing efficiency.Disable virtual router . This command is disabled by default. January 2006 .0.Priority Tracking Menu . 390 Chapter 6: The Configuration Menu 320506-A.Set renter priority . On each VRRP-capable routing device participating in redundancy for this virtual router.Set virtual router ID .

if the virtual router group is in backup mode but has a higher priority than the current master. Nortel’s proprietary extension to VRRP. Tracking is not needed if sharing (share) is enabled. vrid <virtual router ID (1-1024)> Defines the virtual router ID for this group. When priority tracking is used (/cfg/l3/vrrp/track or /cfg/l3/vrrp/vr #/track). if <interface number (1-256)> Selects a switch IP interface (between 1 and 256). the routing device with the highest virtual router priority number wins. share disable|enable Enables or disables virtual router sharing.0. this virtual router will preempt the lower priority master and assume control. prio <priority (1-254)> Defines the election priority bias for this virtual router group. Tracking is Nortel’s proprietary extension to VRRP. Chapter 6: The Configuration Menu 320506-A. this base priority value can be modified according to a number of performance and operational criteria. this virtual router will always preempt any other master if this switch is the owner (the IP interface address and virtual router addr are the same). By default. used for modifying the standard priority system used for electing the master router. this switch will process any traffic addressed to this virtual router. If there is a tie. The default value is 100. this option is enabled. see page 395.Nortel Application Switch Operating System 23. The default switch IP interface number is 1. even when in backup mode. To view menu options. By default. the device with the highest IP interface address wins.2 Command Reference NOTE – This option is required to be configured only when using at least two Nortel Application Switches in a hot-standby failover configuration. Note that even when preem is disabled. When enabled. If this virtual router’s IP address (addr) is the same as the one used by the IP interface. The default is 1. When enabled. preem disable|enable Enables or disables master preemption. During the master router election process. this option is enabled. adver <1-255 (seconds)> Defines the time interval between VRRP master advertisements. Table 6-95 VRRP Virtual Router Group Options (/cfg/l3/vrrp/group) Command Syntax and Usage track Displays the VRRP Priority Tracking Menu for the virtual router group. the priority for this virtual router will automatically be set to 255 (highest). This can be any integer between 1 and 254. where only one switch is active at any time. This can be any integer between 1 and 255 seconds. January 2006 391 .

/cfg/l3/vrrp/group/track Virtual Router Group Priority Tracking Configuration [Virtual Router ifs ports l4pts reals hsrp hsrv cur Group Priority Tracking Menu] Enable/disable tracking other interfaces Enable/disable tracking VLAN switch ports Enable/disable tracking L4 switch ports Enable/disable tracking L4 real servers Enable/disable tracking HSRP Enable/disable tracking HSRP by VLAN Display current VRRP Group Tracking configuration NOTE – If Virtual Router Group Tracking is enabled. then the tracking option will be available only under group option.0. 392 Chapter 6: The Configuration Menu 320506-A. del Deletes the virtual router group from the switch configuration.Nortel Application Switch Operating System 23. The tracking setting for the other individual virtual routers will be ignored. January 2006 .2 Command Reference Table 6-95 VRRP Virtual Router Group Options (/cfg/l3/vrrp/group) Command Syntax and Usage ena Enables the virtual router group. dis Disables the virtual router group. cur Displays the current configuration information for the virtual router group.

enable this switch option to increase the priority of this virtual router for each Layer 4 client-only port that receives HSRP advertisements. the priority for this virtual router will be increased for each active port on the same VLAN. Enable this switch option to increment only that vrrp instance that is on the same VLAN as the tagged hsrp master flagged packet.Nortel Application Switch Operating System 23. This helps elect the switch closest to the master HSRP router as the master.2 Command Reference Table 6-96 Virtual Router Group Priority Tracking Options (/cfg/l3/vr/group/track) Command Syntax and Usage ifs disable|enable When enabled. In networks where HSRP is used. This command is disabled by default. the priority for this virtual router will be increased for each other IP interface active on this switch. hsrv disable|enable Hot Standby Router on VLAN (HSRV) is used to work in VLAN-tagged environments. A port is considered “active” if it has a link and is forwarding traffic. This helps elect the main Layer 4 switch as the master. This command is disabled by default. cur Displays the current configuration for priority tracking for this virtual router. An IP interface is considered active when there is at least one active port on the same VLAN. This command is disabled by default. This command is disabled by default. January 2006 393 . This helps elect the virtual routers with the most available routes as the master. l4pts disable|enable When enabled for virtual server routers. HSRP is used with some types of routers for establishing router failover. increasing Layer 4 efficiency. Chapter 6: The Configuration Menu 320506-A. reals disable|enable When enabled for virtual server routers. optimizing routing efficiency. This helps elect the virtual routers with the most available ports as the master. the priority for this virtual router will be increased for each physical switch port which has active Layer 4 processing on this switch. This helps elect the switch with the largest server pool as the master. This command is disabled by default. the priority for this virtual router will be increased for each healthy real server. hsrp disable|enable Enables Hot Standby Router Protocol (HSRP) for this virtual router group. This command is disabled by default.0. ports disable|enable When enabled.

394 Chapter 6: The Configuration Menu 320506-A. del Clears the authentication configuration parameters for this IP interface.2 Command Reference /cfg/l3/vrrp/if <interface number> VRRP Interface Configuration NOTE – The interface-number (1 to 256) represents the IP interface on which authentication parameters must be configured. or password (password authentication). Table 6-97 VRRP Interface Menu Options (/cfg/l3/vrrp/if) Command Syntax and Usage auth none|password Defines the type of authentication that will be used: none (no authentication). The IP interface itself is not deleted. [VRRP Interface auth passw del cur 1 Menu] Set authentication types Set plain-text password Delete interface Display current VRRP interface configuration This menu is used for configuring VRRP authentication parameters for the IP interfaces used with the virtual routers. cur Displays the current configuration for this IP interface’s authentication parameters. January 2006 . This password will be added to each VRRP packet transmitted by this interface when password authentication is chosen (see auth above). passw <password> Defines a plain text password up to eight characters long.Nortel Application Switch Operating System 23.0.

Chapter 6: The Configuration Menu 320506-A. ports <0-254> Defines the priority increment value (1 through 254) for active ports on the virtual router’s VLAN. hsrp <0-254> Defines the priority increment value (1 through 254) for switch ports with Layer 4 client-only processing that receive HSRP broadcasts. the priority level for the virtual router is increased by an amount defined through this menu. The default value is 2. The default value is 2.0. Each time one of the tracking criteria is met (see “VRRP Virtual Router Priority Tracking Menu” on page 385). The default value is 2.Nortel Application Switch Operating System 23. The default value is 2.Display current VRRP Priority Tracking configuration This menu is used for setting weights for the various criteria used to modify priority levels during the master router election process. l4pts <0-254> Defines the priority increment value (1 through 254) for physical switch ports with active Layer 4 processing. ifs <0-254> Defines the priority increment value (1 through 254) for active IP interfaces detected on this switch.Set priority increment for L4 real server tracking hsrp . January 2006 395 .Set priority increment for IP interface tracking ports .2 Command Reference /cfg/l3/vrrp/track VRRP Tracking Configuration [VRRP Tracking Menu] vrs .Set priority increment for HSRP tracking hsrv . The default value is 10.Set priority increment for VLAN switch port tracking l4pts .Set priority increment for HSRP by VLAN tracking cur .Set priority increment for L4 switch port tracking reals .Set priority increment for virtual router tracking ifs . reals <0-254> Defines the priority increment value (1 through 254) for healthy real servers behind the virtual server router. Table 6-98 VRRP Tracking Options (/cfg/l3/vrrp/track) Command Syntax and Usage vrs <0-254> Defines the priority increment value (1 through 254) for virtual routers in master mode detected on this switch. The default value is 2.

All gateway requests to the same destination IP address are resolved to the same gateway. This provides basic gateway load balancing. Table 6-99 Default Gateway Metrics (/cfg/l3/metrc) Option strict Description The gateway number determines its level of preference. a metric can be set to determine which primary gateway is selected. These priority tracking options only define increment values. at which point the next in line will take over as the default IP gateway. cur Displays the current configuration of priority tracking increment values. roundrobin 396 Chapter 6: The Configuration Menu 320506-A.Nortel Application Switch Operating System 23. There are two metrics.2 Command Reference Table 6-98 VRRP Tracking Options (/cfg/l3/vrrp/track) Command Syntax and Usage hsrv <0-254> Defines the priority increment value (1 through 254) for vrrp instances that are on the same VLAN. /cfg/l3/metrc <metric name> Default Gateway Metrics If multiple default gateways are configured and enabled. These options do not affect the VRRP master router election process until options under the VRRP Virtual Router Priority Tracking Menu (see page 385) are enabled.0. Gateway #1 acts as the preferred default IP gateway until it fails or is disabled. January 2006 . The default value is 10. which are described in the table “Default Gateway Metrics (/cfg/l3/metrc)” on page 396. The switch sends each new gateway request to the next healthy. enabled gateway in line.

dos Go to the Protocol Anomaly and DoS Attack Prevention Menu.2 Command Reference /cfg/slb /cfg/slb displays the Server Load Balancing Configuration Menu. To view menu options. To view menu options. see page 402. To view menu options. “The SLB Configuration Menu”. To view options. Any packets above the current threshold will be logged. January 2006 397 . see page 400. see page 404. Chapter 6: The Configuration Menu 320506-A.Nortel Application Switch Operating System 23. no rate threshold)> Defines the rate threshold for security logging by the number of packets per second. see Chapter 7. 0-1048576 (0. To view menu options.0. see page 403. /cfg/security Security Configuration Menu [Security Menu] port ipacl udpblast dos pgroup seclog pdepth cur Port Security Menu IP ACL Menu UDP Blast Protection Menu Protocol Anomaly and DoS Attack Prevention Menu Pattern Match Group Menu Set rate threshold for security logging Set packet depth for pattern matching Display current Security configuration Table 6-100 Security Configuration Menu Options (/cfg/security) Command Syntax and Usage port <port number> Displays Port Security Menu. To view menu options. udpblast Displays UDP Blast Menu. see page 399. ipacl Displays IP address Access Control Menu. seclog <rate threshold packets/sec. pgroup <pattern group ID (1-128)> Displays Pattern Match Group Menu.

Nortel Application Switch Operating System 23. The window is in units of packets. 398 Chapter 6: The Configuration Menu 320506-A.0. cur Displays the current security configuration. January 2006 .2 Command Reference Table 6-100 Security Configuration Menu Options (/cfg/security) Command Syntax and Usage pdepth <# of packets. 1-255|none> Defines the search window for pattern matching beginning from the start of the packet stream.

Enable/disable IP ACL udpblast . aadd Add all protocol anomaly/DoS attack to prevention for the port. dos enable|disable Enable or disable protocol anomaly and DoS attack prevention. add iplen | ipversion | broadcast | loopback | land | ipreerved |ipttl | ipprot | ipoptlen | fragmoredont | fragdata | fragboundary | fraglast | fragdontoff | fragopt | fragoff | frag oversize | tcplen | tcportzero | blat | tcpreserved | nullscan | fullxmasscan | finscan | vecnascan | xmasscan | synfinscan | flagabnormal | syndata | synfrag | ftpport | dnsport | seqzero |ackzero | tcpoptlen | udplen | udpportzero | fraggle | pepsi | rc8 | snmpnull | icmplen | smurf | icmpdata | icmpoff | icmptype | igmplen | igmpfrag | igmptype | arplen | arpnbcast | arpncast | arpspoof | garp | ip6len | ip6version Add protocol anomaly/DoS attack to prevention.Remove protocol anomaly/DoS attack from prevention arem . udpblast enable|disable Enable or disable UDP blast protection.Protocol anomaly and DoS attack prevention description cur .0.2 Command Reference /cfg/security/port Port Security Menu [Port <port_number> Menu] bogon .Enable/disable UDP blast protection dos . Chapter 6: The Configuration Menu 320506-A. ipacl enable|disable Enable or disable IP ACL.Enable/disable bogon IP ACL ipacl .Enable/disable protocol anomaly and DoS attack prevention add .Add all protocol anomaly/DoS attack to prevention rem .Add protocol anomaly/DoS attack to prevention aadd .Display current port configuration Table 6-101 Port Security Menu Options Command Syntax and Usage bogon enable|disable Enable or disable bogon IP ACL. January 2006 399 .Remove all protocol anomaly/DoS attack from prevention help .Nortel Application Switch Operating System 23.

When traffic ingresses the switch.2 Command Reference Table 6-101 Port Security Menu Options Command Syntax and Usage rem iplen | ipversion | broadcast | loopback | land | ipreerved |ipttl | ipprot | ipoptlen | fragmoredont | fragdata | fragboundary | fraglast | fragdontoff | fragopt | fragoff | frag oversize | tcplen | tcportzero | blat | tcpreserved | nullscan | fullxmasscan | finscan | vecnascan | xmasscan | synfinscan | flagabnormal | syndata | synfrag | ftpport | dnsport | seqzero |ackzero | tcpoptlen | udplen | udpportzero | fraggle | pepsi | rc8 | snmpnull | icmplen | smurf | icmpdata | icmpoff | icmptype | igmplen | igmpfrag | igmptype | arplen | arpnbcast | arpncast | arpspoof | garp | ip6len | ip6version Remove protocol anomaly/DoS attack from prevention. For example: Current port 1: bogon disabled. [IP ACL Menu] add rem arem dadd drem darem cfg bogon oper cur - Add configuration source IP Address/Mask Remove configuration source IP Address/Mask Remove all configuration source IP Address/Mask Add configuration destination IP Address/Mask Remove configuration destination IP Address/Mask Remove all configuration destination IP Address/Mask Display configuration IP Address/Mask Display bogon IP Address/Mask Display operations IP Address/Mask Display all IP Address/Mask 400 Chapter 6: The Configuration Menu 320506-A. help Description of Protocol anomaly and DoS attack prevention.Nortel Application Switch Operating System 23. ipacl disabled. the client source or destination IP address is checked against this pool of addresses. cur Display current port configuration. January 2006 . dos disabled /cfg/security/ipacl IP Address Access Control List Configuration Menu Nortel Application Switch Operating System can be configured with IP access control lists (ACLs) composed of ranges of client IP addresses that are to be denied access to the switch. udpblast disabled. If a match is found.0. then the client traffic is blocked. arem Remove all protocol anomaly/DoS attack from prevention for the port.

dadd <IP address> <IP subnet mask> Add configuration destination IP Address/Mask. defined by the IP address/mask pair index.Nortel Application Switch Operating System 23. defined by the IP address/mask pair. drem <IP address> <IP subnet mask> Remove configuration destination IP Address/Mask. oper Display operations IP Address/Mask. cur Displays current IP addresses ranges in Access Control List. January 2006 401 . Chapter 6: The Configuration Menu 320506-A.2 Command Reference Table 6-102 IP Address ACL Menu Options (/cfg/sec/ipacl) Command Syntax and Usage add <IP address> <IP mask> Adds range of source IP addresses to be denied. bogon Display bogon IP Address/Mask.0. rem <IP address/mask pair index> Removes range of source IP addresses to be denied. cfg Display configuration IP Address/Mask. darem Remove all configuration destination IP Address/Mask. arem Remove all configuration source IP Address/Mask.

Add UDP port/range for UDP blast protection rem . default <packet rate> Defines the default packet rate for UDP blast protection.Remove UDP port/range for UDP blast protection default . cur Displays all UDP blast protection ports. UDP traffic will be dropped. Nortel Application Switch Operating System supports up to 5000 UDP port numbers.Display all UDP blast protection Ports Table 6-103 UDP Blast Protection Menu Options (/cfg/sec/udpblast) Command Syntax and Usage add <UDP port number or range (first-last)> [packet rate] Adds UDP port or range for UDP blast protection.0. UDP traffic is shut down on those ports. the sum of ranges cannot exceed the maximum of 5000 ports. If the first port number is 300. using any integer from 1 to 65535. The maximum port range is 5000.Default packet rate for UDP blast protection cur . 402 Chapter 6: The Configuration Menu 320506-A.2 Command Reference /cfg/security/udpblast UDP Blast Protection Configuration Menu Malicious attacks over UDP protocol ports are becoming a common way to bring down real servers. thus ensuring that backend servers are not flooded with data and disabled. rem <UDP port number or range (first-last)> Removes UDP port or range for UDP blast protection. If the number of packets on this port range exceeds the maximum packet rate per second. January 2006 . When the maximum number of packets/second is reached. While you can configure multiple port ranges. the last number that can be used is 5300.Nortel Application Switch Operating System 23. as well as the maximum packet rate per second. You can specify a series of UDP port ranges and the allowed packet limit for that range. Nortel Application Switch Operating System can be configured to restrict the amount of traffic allowed on any UDP port. [UDP Blast Protection Menu] add .

icmpoff 101 Chapter 6: The Configuration Menu 320506-A. syndata 0.Set the largest allowable ICMP payload for icmpdata icmpoff .Set the largest allowable ICMP fragment offset for icmpoff help . cur Display current protocol anomaly and DoS attack prevention settings. ipprot 137. ipprot <highest allowable IPv4 protocol [0-255]> Set the highest allowable IP protocol for IP protection. fragoff <IPv4 fragment offset in multiples of 8 bytes.0.Set the highest allowable IP protocol for ipprot fragdata .2 Command Reference /cfg/security/dos Anomaly and Denial of Service Attack Prevention Menu [Protocol Anomaly and DoS Attack Prevention Menu] ipttl . icmpdata 800. help Description of the Anomaly and DoS attack prevention.Set smallest allowable IP fragment payload for fragdata fragoff . 0-255> Set the largest allowable IP SYN payload. icmpdata <ICMP packet payload size in bytes. 1-255> Set the smallest allowable IP fragment offset.Set the smallest allowable IP ttl for ipttl ipprot . For example: Current protocol anomaly and DoS attack prevention settings: ipttl 1.Nortel Application Switch Operating System 23. 1-9026> Set the largest allowable ICMP payload. 1-8190> Set the largest allowable ICMP fragment offset.Protocol anomaly and DoS attack prevention description cur . syndata <TCP packet payload size in bytes. For example: Current highest allowable IPv4 protocol: 137 Enter new highest allowable IPv4 protocol [0-255]: fragdata <IPv4 fragment payload size in bytes.Set the largest allowable TCP SYN payload for syndata icmpdata .Set the smallest allowable IP fragment offset for fragoff syndata . icmpoff <ICMP fragment offset in multiples of 8 bytes. 0-255> Set the smallest allowable IP ttl for IPTTL. January 2006 403 . fragoff 4. 16-248> Set the smallest allowable IP fragment payload.Display current protocol anomaly and DoS attack prevention Table 6-104 Anomaly and DoS Menu Options Command Syntax and Usage ipttl <IPv4 TTL. fragdata 32.

Add SLB string to group rem . To configure SLB strings.2 Command Reference /cfg/security/pgroup <pattern group number> Pattern Matching Menu When a virus or other attack contains multiple patterns or strings. the packet content can be detected and thus denied access to the network. By applying the patterns and groups to a deny filter. use the /cfg/slb/layer7/slb/cur command. Up to five patterns can be combined into a single pattern group. To view existing strings and their ID numbers.0. Configure the binary or ASCII pattern strings. also on page 475. rem <SLB string ID> Removes an SLB string from this pattern group. 404 Chapter 6: The Configuration Menu 320506-A. [Pattern Match Group 1 Menu] name . name the pattern group.Display current configuration Table 6-105 Pattern Matching Group Menu Options (/cfg/sec/pgroup) Command Syntax and Usage name <31 character name>|none Specifies a descriptive name for this pattern group. and then apply the group to a filter.Delete pattern group cur . The filtering commands in Nortel Application Switch Operating System Advanced Denial of Service Pack allow the administrator to define groups of patterns. group them into a pattern group. use the /cfg/slb/layer7/slb/add command described on page 475. The Nortel Application Switch Operating System 23. When a pattern group is applied to a deny filter.0 supports up to 1024 pattern matching groups.Nortel Application Switch Operating System 23. Up to five patterns can be combined into a single pattern group.Set pattern group name add . add <string ID> Adds a pre-configured SLB string to this pattern group by the string ID number. the switch will match any of the strings or patterns within that group before denying and dropping the packet. it is useful to combine them into one group and give the group a name that is easy to remember. Note: You can only add the binary or ASCII strings to a pattern matching group. January 2006 .Remove SLB string from group del . del Deletes the pattern group.

0.2 Command Reference Table 6-105 Pattern Matching Group Menu Options (/cfg/sec/pgroup) Command Syntax and Usage cur Displays the current configuration of this pattern group. January 2006 405 .Nortel Application Switch Operating System 23. Chapter 6: The Configuration Menu 320506-A.

1-2048> Add a filter. rem <filter ID. add <filter ID.Enable/disable RTS processing filt . see Chapter 2.” 406 Chapter 6: The Configuration Menu 320506-A.0. For a complete description of how to use setup. /cfg/setup Setup The setup program steps you through configuring the system date and time. and IP interfaces. port speed/mode. IP.Set SSL processor Web server port rts . VLAN parameters.Display current SSL processor configuration Table 6-106 SSL Processor Menu Options Command Syntax and Usage mip <SSL processor management IP> Set SSL processor management IP. “First-Time Configuration.Enable/disable filtering add . 1-2048> Remove a filter.Remove filter cur . port <SSL processor Web server port> Set SSL processor Web server port.Add filter rem .2 Command Reference /cfg/sslproc SSL Processor Menu [SSL Processor Menu] mip . BOOTP. January 2006 . cur Display current SSL processor configuration. Spanning Tree.Set SSL processor management IP port .Nortel Application Switch Operating System 23. rts enable|disable Enable/disable RTS processing filt enable|disable Enable/disable filtering.

which can be used to configure other switches through a Telnet connection. The active configuration can also be saved or loaded via TFTP.0. and placed in a script file. Port Speed/Mode. paste the configuration commands from the script file at the command line prompt of the switch. The screen display can be captured. January 2006 407 . To start the dump program. BOOTP. When using Telnet to configure a new switch. Spanning Tree.VLANs. enter: >> Configuration# setup "Set Up" will walk you through the configuration of System Date and Time. enter: Configuration# dump The configuration is displayed with parameters that have been changed from the default values. [type Ctrl-C to abort "Set Up"] ------------------------------------------------------------------ /cfg/dump Dump The dump program writes the current switch configuration to the terminal screen. and IP interfaces. at the Configuration# prompt.Nortel Application Switch Operating System 23. edited. as described on page 408. Chapter 6: The Configuration Menu 320506-A. Management Port.2 Command Reference To start the setup program. at the Configuration# prompt.

To start the switch configuration upload. enter: Configuration# gtcfg <TFTP/FTP server> <filename> {-tftp | ftp user name ftp password} [-m | -mgmt | -d | -data] 408 Chapter 6: The Configuration Menu 320506-A. at the Configuration# prompt. NOTE – The output file is formatted with line-breaks but no carriage returns—the file cannot be viewed with editors that require carriage returns (such as Microsoft Notepad). If the apply command is found in the configuration script file loaded using this command.0. The configuration loaded using gtcfg is not activated until the apply command is used.2 Command Reference /cfg/ptcfg Saving the Active Switch Configuration When the ptcfg command is used. /cfg/gtcfg Restoring the Active Switch Configuration When the gtcfg command is used.Nortel Application Switch Operating System 23. at the Configuration# prompt. the switch’s active configuration commands (as displayed using /cfg/dump) will be uploaded to the specified script configuration file on the TFTP or FTP server. January 2006 . The file can contain a full switch configuration or a partial switch configuration. and filename is the name of the target script configuration file. the active configuration will be replaced with the commands found in the specified configuration file. enter: Configuration# ptcfg <TFTP/FTP server> <filename> {-tftp | ftp user name ftp password} [-m | -mgmt | -d | -data] where server is the TFTP or FTP server IP address or hostname. the apply action will be performed automatically. the specified ptcfg file must exist prior to executing the ptcfg command and must be writable (set with proper permission. NOTE – If the TFTP server is running SunOS or the Solaris operating system. and not locked by any application). The contents of the specified file will be replaced with the current configuration data. To start the switch configuration download.

January 2006 409 . and filename is the name of the target script configuration file. Chapter 6: The Configuration Menu 320506-A.0.2 Command Reference where server is the TFTP or FTP server IP address or hostname.Nortel Application Switch Operating System 23.

2 Command Reference 410 Chapter 6: The Configuration Menu 320506-A.0. January 2006 .Nortel Application Switch Operating System 23.

This chapter discusses how to use the Command Line Interface (CLI) for configuring Server Load Balancing (SLB) on the Nortel Application Switch. Placing this kind of strain on a server can decrease the performance of the entire network as user requests are rejected by the server and then resubmitted by the user stations.CHAPTER 7 The SLB Configuration Menu Server Load Balancing (SLB) allows you to configure the Nortel Application Switch to balance user session traffic among a pool of available servers that provide shared services. If one of these servers provides access to applications or data that is in high demand. In an average network that employs multiple servers without server load balancing. With this software feature. it can become overutilized. the switch is aware of the services provided by each server and can direct user session traffic to an appropriate server. 411 320506-A. based on a variety of load-balancing algorithms. each server usually specializes in providing one or two unique services. Refer to your Nortel Application Switch Operating System Application Guide for detailed information on this feature. January 2006 .

see page 431. To view menu options. see page 414. To view menu options. filt <filter ID (1-2048)> Displays the menu for Filtering and Application Redirection. virt <virtual server number (1-1024)> Displays the menu for defining virtual servers.2 Command Reference /cfg/slb SLB Configuration [Layer 4 Menu] real group virt filt port gslb layer7 wap sync adv linklb advhc pip peerpip wlm on off cur Real Server Menu Real Server Group Menu Virtual Server Menu Filtering Menu Layer 4 Port Menu Global SLB Menu Layer 7 Resource Definition Menu WAP Menu Config Synch Menu Layer 4 Advanced Menu Inbound Linklb Menu Layer 4 Advanced Health Check Menu Proxy IP Address Menu Peer Proxy IP Address Menu Workload Manager Menu Globally turn Layer 4 processing ON Globally turn Layer 4 processing OFF Display current Layer 4 configuration Table 7-1 Server Load Balancing Configuration Menu Options (/cfg/slb) Command Syntax and Usage real <real server number (1-1023)> Displays the menu for configuring real servers.Nortel Application Switch Operating System 23.0. group <real server group number (1-1024)> Displays the menu for placing real servers into real server groups. January 2006 . see page 463. To view menu options. see page 423. port <port number> Displays the menu for setting physical switch port states for Layer 4 activity. To view menu options. see page 445. 412 Chapter 7: The SLB Configuration Menu 320506-A. To view menu options.

This happens because the peer switches are aware of each other’s proxy IP addresses. peerpip Displays Peer Proxy IP address Menu. the switch is able to forward traffic from the other switch. To view menu options. When this command is enabled. advhc Displays Layer 4 Advanced Health Check Menu. Enabling Layer 4 services is not necessary for using filters only to allow. on Globally turns on Layer 4 software services for Server Load Balancing and Application Redirection. This option can be performed only after the optional Layer 4 software is enabled (see “Activating Optional Software on page 509). see page 472. deny. adv Displays the Layer 4 Advanced Menu. pip This menu is used to set the switch proxy IP address using dotted decimal notation. see page 480. using Layer 2.0. Chapter 7: The SLB Configuration Menu 320506-A. without performing server processing on the packets of the other switch. see page 465. To view menu options. client address information in Layer 4 requests is replaced with this proxy IP address. see page 498.2 Command Reference Table 7-1 Server Load Balancing Configuration Menu Options (/cfg/slb) Command Syntax and Usage gslb Displays the menu for configuring Global Server Load Balancing. wlm Displays the menu for workload management of servers. To view menu options. or NAT traffic. To view menu options. sync Displays the Synch Peer Switch Menu. To view menu options. see page 477. layer7 Displays Layer 7 Resource Definition Menu. wap Displays WAP Menu. To view menu options. To view menu options. see page 478. This prevents the dropping of a packet or being sent to the backup switch in the absence of the proxy IP address of the peer switch. To view menu options. see page 486.Nortel Application Switch Operating System 23. When the pip is defined. January 2006 413 . linklb Displays Inbound Link Load Balancing Menu. see page 484. see page 496. To view menu options. see page 497.To view options.

2 Command Reference Table 7-1 Server Load Balancing Configuration Menu Options (/cfg/slb) Command Syntax and Usage off Globally disables Layer 4 services. however. All configuration information will remain in place (if applied or saved). Filtering and Layer 4 (Server Load Balancing) Filters configured to allow.Set maximum number of connections tmout .Set number of failed attempts to declare server DOWN restr .Enable real server dis . Application Redirection filters. require Layer 4 software services.Enable/Disable backup on overflow addport .Delete real server cur .Layer 7 Command Menu ids .Set weight for real server maxcon .Set backup real server inter . These filters are not affected by the Server Load Balancing on and off commands in this menu.Add real port to server remport .Set number of successful attempts to declare server UP overflo .Set real server name weight .Real Server Advanced Menu layer7 . January 2006 .Set interval between health checks retry . deny. or perform Network Address Translation (NAT) on traffic do not require Layer 4 software to be activated.Disable real server del .Remove real port from server ena .Nortel Application Switch Operating System 23.IDS Command Menu rip .Display current real server configuration 414 Chapter 7: The SLB Configuration Menu 320506-A. but the software processes will no longer be active in the switch cur Displays the current Server Load Balancing configuration.0. /cfg/slb/real <server number> Real Server SLB Configuration [Real Server 1 Menu] adv .Set IP addr of real server name .Set minutes inactive connection remains open backup . Layer 4 processing must be turned on before redirection filters will work.

name <string. To view menu options. ids Displays Intrusion Detection Server/system menu. weight <real server weight (1-48)> Sets the weighting value (1 to 48) that this real server will be given in the load balancing algorithms.Nortel Application Switch Operating System 23. January 2006 415 . This will enable the network administrator to quickly identify the server by a natural language keyword value. Chapter 7: The SLB Configuration Menu 320506-A.2 Command Reference This menu is used for configuring information about real servers that participate in a server pool for Server Load Balancing or Application Redirection. When this command is used. Higher weighting values force the server to receive more connections than the other servers configured in the same real server group. maximum 31 characters>|none Defines a 15-character alias for each real server. Weights are not applied when using the hash or minmisses metrics (see “Server Load Balancing Metrics” on page 429). To view menu options. By default. The required parameters are: Real server IP address Real server enabled (disabled by default) Table 7-2 Real Server Configuration Menu Options (/cfg/slb/real) Command Syntax and Usage adv Go to the Real Server Advanced menu. avail <server weight (1-48)> Displays the currently available real server for Global server load balancing and allows the user to change to another real server for Global server load balancing. and the administrator will be warned if the server does not respond. see page 421. see page 421. layer7 Displays the Layer 7 Menu. the address entered is PINGed to determine if the server is up. see page 422. A setting of 10 would assign the server roughly 10 times the number of connections as a server with a weight of 1. each real server is given a weight setting of 1. rip <real server IP address> Sets the IP address of the real server in dotted decimal format. To view menu options.0.

tmout <even number of minutes (2-32768)> Sets the number of minutes an inactive session remains open (in even numbered increments). backup <real server number (1-1023)>|none Sets the real server used as the backup/overflow server for this real server. The default setting is 10. the number of maximum connections is set at 200. Every client-to-server session being load balanced is recorded in the switch's Session Table. Settings must be specified in even numbered increments between 2 and 32768 minutes. In order to prevent table overflow. Using the tmout option. Then. the switch will activate the backup real server until the original becomes operative again. If all servers in a real server group for a virtual server reach their maxcon limit at the same time.0. you can set the number of minutes to wait before removing orphan table entries. such as when a client application is abnormally terminated by the client's system. client requests will be dropped by the virtual server. The data is transferred until the client ends the session. This option sets a threshold as an artificial barrier. New connections will be issued again to this server once the number of current connections has decreased below the maxcon setting. If no backup servers/server group are configured.Nortel Application Switch Operating System 23.000. if the real server becomes inoperative. and the session table entry is then removed. these orphaned entries must be aged out of the binding table. The same backup/overflow server may be assigned to more than one real server at the same time 416 Chapter 7: The SLB Configuration Menu 320506-A. If the real server reaches its maxcon (maximum connections) limit. the backup comes online to provide additional processing power until the original server becomes desaturated. This option is also used with the Persistent option (see /cfg/slb/virt/pbind). the session is recorded in the table. January 2006 . To prevent loss of service if a particular real server fails. The backup server is also used in overflow situations. When persistent is activated. When a client makes a request. this option sets how long an idle client is allowed to remain associated with a particular server.2 Command Reference Table 7-2 Real Server Configuration Menu Options (/cfg/slb/real) Command Syntax and Usage maxcon <maximum connections (0-200000)> Sets the maximum number of connections that this server should simultaneously support. use this option to assign a backup real server number. TCP/UDP connections will remain registered in the switch's binding table. In certain circumstances. client requests will be sent to the backup/overflow server or backup/overflow server group. By default. such that new connections will not be issued to this server if the maxcon limit is reached.

This command is enabled by default. the switch verifies that real servers and their corresponding services are operational by opening a TCP connection to each service. The default is 4 attempts restr <number of consecutive health checks (1-63)> Sets the number of successful health check attempts required before declaring a UDP service operational. The default is 8 attempts overflo enable|disable Enable or disable backup upon overflow. the switch pings servers to determine their status. When disabled. With this option enabled (default). The range is from 1 to 63 attempts. using the defined service ports configured as part of each virtual service. remote disable|enable Enables or disables remote site operation for this server. For UDP services. this option is disabled. The range is from 1 to 60 seconds. submac disable|enable Enables or disables source MAC address substitution. the real server will go down only after the configured health check interval. This option should be enabled when the real IP address supplied above represents a remote server (real or virtual) that this switch will access as part of its Global Server Load Balancing network. addport <real server port (2–65534)> Add multiple service ports to the server.Nortel Application Switch Operating System 23. proxy disable|enable Enables or disables proxy IP address translation. The default interval is 2 seconds. a client request from any application can be proxied using a load-balancing Proxy IP address (PIP). An interval of “0” disables health checking for the server. By default. For TCP services. Determining the health of each real server is a necessary function for Layer 4 switching. fasthc disable|enable Enables or disables Fast Health Check operation. By default. this option is disabled. the real server goes down operationally as soon as the physical port connected to the real server goes down.2 Command Reference Table 7-2 Real Server Configuration Menu Options (/cfg/slb/real) Command Syntax and Usage inter <number of seconds between health checks (0-60)> Sets the interval between real server health verification attempts. Chapter 7: The SLB Configuration Menu 320506-A. The range is from 1 to 63 attempts. When enabled. remport <real server port (2–65534)> Remove multiple service ports from the server. January 2006 417 .0. The inter option lets you choose the time between health checks. retry <number of consecutive health checks (1-63)> Sets the number of failed health check attempts required before declaring this real server inoperative.

This option. when the apply and save commands are used. This removes the real server from operation within its real server groups. when the apply and save commands are used. the real server can process virtual server requests associated with its real server group. NOTE – This option does not perform a graceful server shutdown. When enabled.Nortel Application Switch Operating System 23. A disabled server will no longer process virtual server requests as part of the real server group to which it is assigned. This option does not perform a graceful server shutdown. as it will delete any configuration options that have been set for this real server. See /oper/slb/dis on page 502 for an operations-level command that permits graceful server shutdown. January 2006 .2 Command Reference Table 7-2 Real Server Configuration Menu Options (/cfg/slb/real) Command Syntax and Usage ena You must perform this command to enable this real server for Layer 4 service. See /oper/slb/ena on page 412 for an operations-level command. dis Disables this real server from Layer 4 service. This option. Use this command with caution. enables this real server for operation until explicitly disabled.0. 418 Chapter 7: The SLB Configuration Menu 320506-A. cur Displays the current configuration information for this real server. disables this real server until it is explicitly re-enabled. del Deletes this real server from the Layer 4 switching software configuration.

Enable/disable source MAC address substitution subdmac . fasthc enable|disable Enable/disable fast health check operation.Enable/disable destination MAC address substitution cur . cur enable|disable Display current real server advanced configuration.Set Global SLB availability for real server remote . subdmac enable|disable Enable/disable destination MAC address substitution. 1-48> Set Global SLB availability for real server.Display current real server advanced configuration Table 7-3 Real Server Advanced Menu Options Command Syntax and Usage avail <server weight.Enable/disable client proxy operation buddyhc .0.Buddy Server Menu fasthc . Chapter 7: The SLB Configuration Menu 320506-A.2 Command Reference /cfg/slb/real/adv Real Server Advanced Menu [Real Server 1 Advanced Menu] avail . buddyhc Go to the Buddy Server Menu. submac enable|disable Enable/disable source MAC address substitution.Enable/disable fast health check operation submac . remote enable|disable Enable/disable Global SLB remote site operation proxy enable|disable Enable/disable client proxy operation.Nortel Application Switch Operating System 23. January 2006 419 .Enable/disable Global SLB remote site operation proxy .

420 Chapter 7: The SLB Configuration Menu 320506-A. January 2006 . delbd <real server number 1-1023> <real server group 1-1024> <service 9-65534> Deletes a previously added buddy server. cur Displays the current buddy server configuration.Display current buddy server configuration Table 7-4 Buddy Server Health Check Menu Options Command Syntax and Usage addbd <real server number 1-1023> <real server group 1-1024> <service 9-65534> Adds a buddy server.Add Buddy Server delbd .Nortel Application Switch Operating System 23.2 Command Reference /cfg/slb/real/adv/buddyhc Buddy Server Health Check Menu [Real server 1 Buddy Menu] addbd .Delete Buddy Server cur .0.

remlb <defined SLB string ID. You need to use read servers when you only want to browse the directory.Display current real server configuration This menu is used for entering commands and strings for Layer 7 processing. Chapter 7: The SLB Configuration Menu 320506-A.2 Command Reference /cfg/slb/real <server number>/layer7 Real Server Layer 7 Configuration [Real Server 1 Layer 7 Commands Menu] addlb . 1-1024> Adds the predefined URL loadbalance string ID to the real server. By default.Enable/disable LDAP Write server cur . This option is used if you want to designate a specific server to assign cookies only. This server gets the client request. 1-1024> Removes the predefined URL loadbalance string ID from the real server. Table 7-5 Layer 7 Commands Menu Options (/cfg/slb/real/layer7) Command Syntax and Usage addlb <defined SLB string ID.Enable/disable cookie assignment server exclude . LDAP servers are of two types: read servers and write servers. this option is disabled. cur Displays the current real server configuration. By default. cookser disable|enable Enables or disables the real server to handle client requests that don’t contain a cookie. The write server can conduct both read and write operations.Add SLB string for content load balance remlb . exclude disable|enable Enables or disables exclusionary string matching.Nortel Application Switch Operating System 23. ldapwr disable|enable Enables or disables LDAP write server. You need to use the write servers when you want to modify the directory on the server.Remove SLB string for content load balance cookser . January 2006 421 . and embeds the IP address of the real server that will handle the subsequent requests from the client. assigns the cookie.Enable/disable exclusionary string matching ldapwr .0. this option is disabled.

oid <SNMP health check object identifier to override group OID> Specifies the object identifier (OID). This OID overrides the OID for SNMP health checks.Override OID for SNMP HC comm . which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization).0. Note: IDS can only be configured on real servers between one to maximum number of ports on the switch. cur Displays the current real server configuration. An Intrusion Detection System gathers and analyzes information from various areas within a computer or a network to identify possible security breaches. Refer to your Application Guide for more information.Override community string for SNMP HC cur . [Real Server 1 IDS Menu] idsvlan . 422 Chapter 7: The SLB Configuration Menu 320506-A. comm <SNMP health check community string to override group community string> Overrides community string for SNMP health checks. idsport <port number> | none Defines port for Intrusion Detection Server.2 Command Reference /cfg/slb/real <real server number>/ids Real server IDS Configuration Menu Intrusion Detection System (IDS) is a type of security management system for computers and networks.Set Vlan ID for ID Server idsport .Nortel Application Switch Operating System 23.Display current real server configuration Table 7-6 IDS Configuration Menu options (/cfg/slb/real/ids) Command Syntax and Usage idsvlan <vlan number (1-4090> Defines VLAN ID for Intrusion Detection Server. January 2006 .Set Port for ID Server oid .

Add real server rem .Enable/disable Intrusion Detection Group Flood oper .Set Workload Manager number viphlth .Set an advance group health check formula mhash .Set real server failure threshold idsrprt .Set health check content health .Set metric used to select next server in group rmetric .Nortel Application Switch Operating System 23.Enable real server in this group dis .Remove real server del .Delete real server group cur .Set backup real server or group name . Each real server group should consist of all the real servers which provide a specific service for load balancing. Chapter 7: The SLB Configuration Menu 320506-A.2 Command Reference /cfg/slb/group <real server group number> Real Server Group SLB Configuration [Real Server Group 1 Menu] metric .Set real server group name realthr .Set Intrusion Detection Port advhlth .0.Set metric used to select next rport in server content . rmetric Sets the load balancing metric used for determining which port in the real server will be the target of the next client request. Each real server can belong to more than one group.Enable/disable the access to this group for operator ena . Real server groups are used both for Server Load Balancing and Application Redirection. Table 7-7 Real Server Group Configuration Menu Options (/cfg/slb/group) Command Syntax and Usage metric leastconns|roundrobin|minmisses|hash|response|bandwidth|phash Sets the load balancing metric used for determining which real server in the group will be the target of the next client request. The default setting is leastconns.Display current group configuration This menu is used for combining real servers into real server groups. January 2006 423 .Enable/disable VIP health checking in DSR mode ids .Set health check type backup .Enable/disable Intrusion Detection idsfld . Each group must consist of at least one real server.Set minmisses hash parameter wlm .Disable real server in this group add . See “Server Load Balancing Metrics” on page 429 for more information.

realthr <real servers (1-15. Then. the number reaches this minimum limit. The same backup/overflow server/server group may be assigned to more than one real server group at the same time. See “SLB Health Check Types” on page 426. use this option to assign a backup real server/real server group number. health link|arp|icmp|tcp|http|httphead|dns|pop3|smtp|nntp|ftp|imap| sslh|radius-auth|radius-acc|script<n>|udpdns|wsp|wtp|wtls|ldap| snmp<n>|tftp|rtsp|sip|sipoptions|wts http . January 2006 . The default is tcp. 0 for disabled)> Specifies a minimum number of real servers available.0.use HEAD method Sets the type of health checking performed. The backup server/server group is also used in overflow situations. If any time. the switch will activate the backup real server /server group until one of the original real servers becomes operative again.use GET method. The content depends on the type of health check specified in the health option (see below). This will enable the network administrator to quickly identify the server group by a natural language keyword value. a SYSLOG ALERT message is sent to the configured SYSLOG servers stating that the real server threshold has been reached for the concerned server load balancing group. To prevent loss of service if the entire real server group fails. backup r<real server number (1-1023)>|g<group number (1-1024)>|none Sets the real server or real server group used as the backup/overflow server/server group for this real server group. If all the servers in the real server group reach their maxcon (maximum connections) limit. 424 Chapter 7: The SLB Configuration Menu 320506-A. the backup server/server group comes online to provide additional processing power until one of the original servers becomes desaturated. httphead . which also means the option is disabled idsrprt <real server port (2-65534)>|any Sets real server port for the Intrusion Detection Server. name <maximum 31 characters>|none Defines a 15-character alias for each Real Server Group. if the real server group becomes inoperative.Nortel Application Switch Operating System 23. The default threshold is 0.2 Command Reference Table 7-7 Real Server Group Configuration Menu Options (/cfg/slb/group) Command Syntax and Usage content <filename>|//<host>/<filename>|none This option defines the specific content which is examined during health checks.

This command also supports a string expression which is up to 128 characters long. idsfld disable|enable Enables or disables the Intrusion Detection flood. This feature is enabled by default.).You can also select all 32-bits of the source IP address to hash to the real server. packets are copied to all IDS servers in the IDS group. whether DSR is enabled or disabled.. packets are only copied to the load balanced IDS server within the IDS group. ids disable|enable Enables or disables Intrusion Detection Server (IDS) load balancing for the designated real server group. add <real server number (1-1023)> Adds a real server to this real server group. dis <real server number. 128>|none Defines an advanced health check formula expression for the real servers. You will be prompted to enter the number of the real server to add to this group.16> | none Set Workload Manager number. For example. AND or OR that are used to manipulate TRUE or FLALSE values. Chapter 7: The SLB Configuration Menu 320506-A. if a real server is a member of more than one group. 1-1023> Enables a real server in this group gracefully or on a per group basis. Using parenthesis with the boolean operators. oper disable|enable Enables or disables the real server group operation. When Intrusion Detection flood is enabled. you can configure this real server to accept requests from all the groups or any number of groups that this real server is member of. This command allows you to create a boolean expression to health check the real server group based on the state of the virtual services. This feature can only be configured on real server groups between 1-63. viphlth disable|enable Enables or disables VIP health checking in a service.Nortel Application Switch Operating System 23. When viphlth is disabled. you can create a boolean expression to state the health of the server group. the switch uses RIP to perform all health checks. January 2006 425 . it works only when the service has DSR (Direct Server Return) feature enabled.0. By default the minmiss algorithm uses the upper 24-bits of the source IP address to calculate the real server that the traffic should be sent to when the minmiss metric is selected. When this is disabled. wlm <1 . mhash 24|32 <number of sip bits used for minmisses hash> Defines the minmisses hash parameter for this real server as either 24 or 32 bits. ena <real server number. However. This command supports two boolean operators.2 Command Reference Table 7-7 Real Server Group Configuration Menu Options (/cfg/slb/group) Command Syntax and Usage advhlth <(1&2|3. or you can also set the formula expression as none. 1-1023> Disables a real server in this group gracefully or on a per group basis.

This removes the group from operation under all virtual servers it is assigned to. Refer to your Application Guide for their detailed description. the virtual server will become inoperative. The health check options are described in the following table. arp Sends an ARP request for Layer 2 health checking. pings the server. 426 Chapter 7: The SLB Configuration Menu 320506-A. Use this command with caution: if you remove the only group that is assigned to a virtual server. cur Displays the current configuration parameters for this real server group. icmp For Layer 3 health checking. SLB Health Check Types Using the health command.Nortel Application Switch Operating System 23. You will be prompted for the ID number for the real server to remove from this group. tcp Opens and closes a TCP/IP connection to the server for TCP service. you can specify the type of health check for the group of real servers. January 2006 .0. >> Real Server Group 1# health Current health check type: Pending new health check type: Enter health check type: tcp sipoptions Table 7-8 SLB Health Check Types (/cfg/slb/group/health) Option and Description link Checks status of port for each server for IDSLB group only.2 Command Reference Table 7-7 Real Server Group Configuration Menu Options (/cfg/slb/group) Command Syntax and Usage rem <real server number (1-1023)> Remove a real server from this real server group. del Deletes this real server group from the Layer 4 software configuration.

Nortel Application Switch Operating System 23. smtp For mail-server services.0 GET occurs. check that the user:password account specified in content exists on the server. Chapter 7: The SLB Configuration Menu 320506-A. check that the user:password value specified in content exists on the serve sslh Enables the switch to query the health of the SSL servers by sending an SSL client “Hello” packet and then verify the contents of the server’s “Hello” response. check that the newsgroup name specified in content is accessible on the server. ftp For FTP services. Note: If the content is not specified. the health check will revert back to TCP on the port that is being load balanced. the user and server exchange security certificates. January 2006 427 . check that the user specified in content is accessible on the server. pop3 For user mail service. use HTTP 1. nntp For newsgroup services. check that the filename specified in content is accessible on the server through anonymous login. negotiate an encryption and compression method.0. You can use this command to test the validity and access to the hypertext links or to look for any recent modification to the URL.2 Command Reference Table 7-8 SLB Health Check Types (/cfg/slb/group/health) Option and Description http For HTTP service. dns For Domain Name Service. and establish a session ID for each session. httphead Allows the switch to declare if the server is up or not just by locating the URL header and not wait until all the URL contents are received. Otherwise.1 GETS when a HOST: header is required to check that the URL content is specified in content command. an HTTP/1. imap For user mail service. check that the domain name specified in content can be resolved by the server. During the handshake.

0. snmp <n> Enables the use of SNMP-based health checks. wtp Enables connection-oriented WTP + WSP content health checks for WAP gateways. <n> denotes the health script number (1-64). script <n> Enables the use of script-based health checks in send/expect format to check for application and content availability. At regular intervals. To perform application health checking to a RADIUS server. and an unbind request. If the server is up. This health check consists of three LDAP messages over one TCP connection: a bind request.2 Command Reference Table 7-8 SLB Health Check Types (/cfg/slb/group/health) Option and Description radius-auth. The health check is successful if the server responds to the RRQ. This protocol enables the user to request a file from the server. the network administrator must also configure the /cfg/slb/ secrt parameter. The content under /cfg/ slb/adv/waphc (see page 486) must also be configured. The secrt value is a field of up to 32 alphanumeric characters that is used by the switch to encrypt a password during the RSA Message Digest Algorithm (MD5) and by the RADIUS server to decrypt the password during verification. The switch administrator can choose LDAP version 2 or 3 as both the versions are compatible with Nortel Application Switch Operating System 23. ldap Sets the health check type to LDAP.0. wsp Enables connectionless WSP content health checks for WAP gateways. the switch transmits TFTP read requests (RRQ) to all servers in the group. The LDAP health checks enable the switch to determine if the LDAP server is alive. January 2006 . The content under /cfg/slb/adv/waphc (see page 486) must also be configured wtls Provides Wireless Transport Layer Security (WTLS) Hello-based health check for encrypted and connection-oriented WTLS traffic on port 9203. 428 Chapter 7: The SLB Configuration Menu 320506-A.2. a bind result. tftp Sets the health check type to TFTP. radius-acc For RADIUS remote access server authentication. udpdns Allows the user to perform health checking using UDP DNS queries. The switch must send an unbind request so that the server does not hold resources indefinitely. <n> denotes the health script number (1-5).Nortel Application Switch Operating System 23. The health check fails if the switch receives an error packet from the real server. The switch sends an anonymous bind request to the server. it will send the bind result message and the switch will mark the server as alive. check that the user:password value specified in content exists on the Nortel Application Switch and the server.

Nortel Application Switch Operating System 23. >> Real Server Group 1# metric Current metric: leastconns Enter metric: The metrics are described in the following table: Table 7-9 Real Server Group Metrics (/cfg/slb/group/metric) Option and Description minmisses Minimum misses. Server Load Balancing Metrics Using the metric command.2 Command Reference Table 7-8 SLB Health Check Types (/cfg/slb/group/health) Option and Description rtsp Sets the health check type to RTSP. You can perform the SIP (Session Initiation Protocol) health check by using SIP PING request. When specified for a real server group performing Server Load Balancing. January 2006 429 . wts Sets the health check type to wts. The RTSP health check can operate with or without content. If this is not the response. all requests from a specific client will be sent to the same server. all requests for a specific IP destination address will be sent to the same server. This metric is optimized for Application Redirection. If there is no content configured the switch will issue an RTSP OPTIONS method. helping to maximize successful cache hits. If the response to either method is RTSP/200 then the health check passes. If content is supplied the switch will issue the RTSP DESCRIBE method. the health check will fail. sipoptions Sets the health check type to sipoptions.0. Server load with this metric becomes most evenly balanced as the number of active clients increases. When minmisses is specified for a real server group performing Application Redirection. you can set a number of metrics for selecting which real server in a group gets the next client request. This is particularly useful in caching applications. You must enable UDP to perform SIP load balancing. sip Sets the health check type to sip. Chapter 7: The SLB Configuration Menu 320506-A. This is useful for applications where client information must be retained on the server between sessions. Minmisses can also be used for Server Load Balancing. Best statistical load balancing is achieved when the IP address destinations of load balanced frames are spread across a broad range of IP subnets.

roundrobin Round robin. followed by the third real server. new connections are issued to each server in turn: the first real server in this group gets the first connection. bandwidth Bandwidth Metric. leastconns Least connections. With this option.Nortel Application Switch Operating System 23. the smaller is the weight assigned to that server. and so on. If the Load Balancing statistics indicate that one server is processing significantly more requests over time than other servers. all requests for a specific IP destination address will be sent to the same server. 430 Chapter 7: The SLB Configuration Menu 320506-A. the hash metric uses IP address information in the client request to select a server.2 Command Reference Table 7-9 Real Server Group Metrics (/cfg/slb/group/metric) Option and Description hash Like minmisses. With this option. the number of connections currently open on each real server is measured in real time. consider using the hash metric. and shut down connections faster than slower servers. process. the real server weights are adjusted so they are inversely proportional to the number of octets that the real server processes during a given interval. For Application Redirection.0. With this option. response Real server response time. all requests from a specific client will be sent to the same server. Although the hash metric can provide more even load balancing at any given instance. This is particularly useful for maximizing successful cache hits. January 2006 . When all the real servers in this group have received at least one connection. with the fastest servers typically getting the most connections over time. The response time is used to adjust the real server weights. With this option. The higher the bandwidth used. due to their ability to accept. The weights are adjusted so they are inversely proportional to a moving average of response time. the switch monitors and records the amount of time that each real server takes to reply to a health check. it is not as effective as minmisses when servers leave and reenter service. For Server Load Balancing. This is useful for applications where client information must be retained between sessions. The hash metric should be used if the statistical load balancing achieved using minmisses is not as optimal as desired. This option is the most self-regulating. the second real server gets the next connection. the issuing process starts over with the first real server. The server with the fewest current connections is considered to be the best choice for the next client connection request.

when real servers are configured with weights (see the weight option on page 415).0. Configuring a virtual server requires the following parameters: Chapter 7: The SLB Configuration Menu 320506-A. With the phash metric. /cfg/slb/virt <virtual server number> Virtual Server SLB Configuration [Virtual Server service ipver vip vname dname cont weight avail addrule remrule layr3 creset ena dis del cur 1 Menu] Virtual Service Menu Set IP version Set IP addr of virtual server Set name of virtual server Set domain name of virtual server Set BW Contract Set Global SLB weight for virtual server Set Global SLB availability for virtual server Add Global SLB rule to domain Remove Global SLB rule from domain Enable/disable layer 3 only balancing Enable/disable client connection reset invalid VPORT Enable virtual server Disable virtual server Delete virtual server Display current virtual configuration This menu is used for configuring the virtual servers which will be the target for client requests for Server Load Balancing. This can improve load balancing among servers of different performance levels. the first hash will always be the same even if a real server is down. hash. it will rehash for that request based on the actual number of servers that are up. Weights are not applied when using the minmisses metrics.Nortel Application Switch Operating System 23. If the first hash hits a dead server. the switch supports an even load distribution (hash) and stable server assignment (minmiss) even when a server in the group goes down. With phash enabled. and phash metrics. a higher proportion of connections are given to servers with higher weights. This results in a request always being sent to a server that is up. January 2006 431 . roundrobin.2 Command Reference Table 7-9 Real Server Group Metrics (/cfg/slb/group/metric) Option and Description phash The phash metric utilizes the best features of the hash and minmiss metrics. NOTE – Under the leastconns.

The domain name typically includes the name of the company or organization.org. such as http. dname <64 character domain name>|none Sets the domain name for this virtual server. www2. and so forth).com.Nortel Application Switch Operating System 23. All the frames that match this virtual server services are assigned this BW contract if the previously assigned contract for the frame has lower or equal precedence of the virtual server contract. To view the services menu options. To clear the dname. cont <BWM contract (1-1024)> Enter a new Bandwidth Management Contract for this virtual service. To get more information about well-known ports. By default. However. Remote site response times are divided by the real server weight before selection occurs. The allowable port range is from 9 to 65534. . see hname below. ipver <IP version (v4 or v6)> Set the IP version. the service number. and the Internet group code (. It does not include the hostname portion (www. The default is 1.com. The virtual port name can be a well-known port name. To define the hostname. and so forth). .0. weight Sets the Global server weight for the virtual server.2 Command Reference Creating a virtual server IP address Adding TCP/UDP port and real server group Enabling the virtual server (disabled by default) Table 7-10 Virtual Server Configuration Menu Options (/cfg/slb/virt) Command Syntax and Usage service <virtual port or name> Displays the Virtual Services Menu. the more connections that will be directed to the local site. the BW contract can be changed for a selected virtual server with /cfg/slb/virt <number>/service <number>/cont. see page 434. The default number of contracts is set at 1024 for Nortel Application Switch Operating System. see the sport command on page 447. and so on. vname <32 character virtual server name>|none Set name of virtual server. ftp.edu. The response time of this site is divided by this weight before the best site is assigned to a client. The maximum number of characters that can be used in a domain name is 64. all services under this virtual server are assigned this BW contract. An example would be foocorp. The virtual server created within the switch will respond to ARPs and PINGs from network ports as if it was a normal server. The higher the weight value.gov. specify the name as none. ftp. Client requests directed to the virtual server’s IP address will be balanced among the real servers available to it through real server group assignments. January 2006 . vip <virtual server IP address for IPv4 or IPv6> Sets the IP address of the virtual server using dotted-decimal notation. 432 Chapter 7: The SLB Configuration Menu 320506-A. .

layr3 disable|enable Normally. Use this command with caution. 1-64> Adds Global SLB rule to domain. This option is necessary for some server applications where state information about the client system is divided across different simultaneous connections. This option activates the virtual server within the switch so that it can service client requests sent to its defined IP address. ena Enables this virtual server. the switch uses only the client IP address as the session identifier. the Layer 4 software will allow the client to connect to a different server. Rule allows the server selected for GSLB to use different metric preference based on time of the day. remrule <rule. Chapter 7: The SLB Configuration Menu 320506-A. addrule <rule. creset enable|disable Enable/disable client connection reset invalid VPORT. If the real server to which the client is assigned becomes unavailable. Each rule has metric preference list. It associates all the connections from the same client with the same real server while any connection exists between them. as it will delete the options that have been set for this virtual server. 1-64> Removes Global SLB rule from domain. the client IP address is used with the client Layer 4 port number to produce a session identifier. cur Displays the current configuration of the specified virtual server. January 2006 433 . and also in applications where TCP fragments are generated. The server selected for GSLB selects the first rule that matches the domain and starts with the first metric in the preference list of the rule.Nortel Application Switch Operating System 23. dis This option disables the virtual server so that it no longer services client requests. When the layr3 option is enabled (disabled by default).0. Each domain has one or more rules.2 Command Reference Table 7-10 Virtual Server Configuration Menu Options (/cfg/slb/virt) Command Syntax and Usage avail Sets the Global SLB availability for the virtual server. The default is rule 1. del This command removes this virtual server from operation within the switch and deletes it from the Layer 4 switching software configuration.

Nortel Application Switch Operating System 23. January 2006 .2 Command Reference /cfg/slb/virt <server number>/service <virtual port or name> Virtual Server Service Configuration This menu is used for configuring services assigned to a virtual server. NOTE – Select virtual service port 554 to configure RTSP traffic.0. See page 444 to view the menu options for configuring virtual services on port 554 for RTSP. The following example shows a menu for http (port 80) services. [Virtual Server wts http sip rtsp group rport hname cont pbind thash tmout dbind udp frag nonat dnsslb direct mirror epip del cur 1 14 Service Menu] WTS Load Balancing Menu HTTP Load Balancing Menu SIP Load Balancing Menu RTSP Load Balancing Menu Set real server group number Set real port Set hostname Set BW contract for this virtual service Set persistent binding type Set hash parameter Set minutes inactive connection remains open Enable/disable delayed binding Enable/disable UDP balancing Enable/disable remapping UDP server fragments Enable/disable only substituting MAC addresses Enable/disable DNS query load balancing Enable/disable direct access mode Enable/disable session mirroring Enable/disable pip selection based egress port/vlan Delete virtual service Display current virtual service configuration 434 Chapter 7: The SLB Configuration Menu 320506-A.

To view the menu options. You can use only minmiss as the load balancing metric since the load balancing is performed based on the Call-ID. you can load balance Nortel’s MCS (Multimedia Communication Server) proxy servers. By default. To view the menu options. you can scan and hash calls based on a SIP Call-ID header to an MCS server. January 2006 435 . you can configure SIP service on the service port 5060 for a virtual server. see page 442. Nortel Networks’ MCS is a SIP enabled application Server. You will be prompted to enter the number (1 to 1024) of the real server group to add to this service. see page 443. To view the menu options. To view the menu options. The SIP processing occurs at application level in order to parse out messages coming from client side as well as the server side. modifying and terminating sessions with one or more participants (documented in RFC3261). Chapter 7: The SLB Configuration Menu 320506-A. the switch will map the virtual port to this real port. SIP is a UDP-based application-level control protocol for creating. Using SIP on your switch. You need to turn Direct Access Mode (DAM) on to perform SIP load balancing. If rport is configured to be different than the virtual port defined in /cfg/slb/virt <number>/service <virtual port>. When SIP is enabled.Nortel Application Switch Operating System 23. see page 441. group <real server group number (1-1024)> Sets a real server group for this service. sip Enables or disables Session Initiation Protocol (SIP) server load balancing on the Nortel Application Switch Operating System. Disabling HTTP Redirection causes GSLB to use proxy IP address for HTTP. http Enables or disables HTTP Redirection for Global server load balancing on a per VIP basis. rtsp Go to the RTSP Load Balancing Menu. see page 440.0. this is the same as the virtual port (service virtual port). rport <real server port (0-65534)> Defines the real server TCP or UDP port assigned to this service. When enabled.2 Command Reference Table 7-11 Virtual Server Service Configuration Options (/cfg/slb/virt/service) Command Syntax and Usage wts Go to the WTS Load Balancing Menu. The default is set at 1.

you could specify www as the hostname. enable/disable checking for cookie in URI browser: Enable or disable SLB. January 2006 .Nortel Application Switch Operating System 23. use the command: # hname none httpslb urlslb|host|cookie|browser|urlhash|headerhash|others Load balances on the following applications: urlslb: Enable or disable URL SLB host: Enable or disable for virtual hosting cookie: Enable or disable cookie-based SLB for cookie-based preferential load balancing. Only use this command when a string is shared by multiple virtual services and each service requires a separate bandwidth. To clear the hostname for a service. The format for this command is: # hname <hostname> For example. others: Requires inputs for a particular header field You may choose to combine or select applications to load balance using the commands and and/or or. 436 Chapter 7: The SLB Configuration Menu 320506-A. it will carry the value entered for the Virtual Server IP (vip) contract.0. to add a hostname for Web services. For example: httpslb <application> httpslb <application> and|or <application> cont <BWM Contract (0-1024). You will be prompted for the following: Cookie name. This is used in conjunction with dname (above) to create a full host/domain name for individual services. based on browser type urlhash: Enable or disable URL hashing based on URI headerhash: Hashes on any HTTP header value.com” would be the full host/ domain name for the service. The default is set at 1024. “www. The default number of contracts is set at 1024 for Nortel Application Switch Operating System. If a dname of “foocorp.foocorp. urlcont <URL path ID> <BW contract> Sets the Bandwidth Management contract of a string specific to this virtual service. 0 for VIP default> Sets a Bandwidth Management contract for this virtual service. number of bytes to be extracted. starting point of the cookie value. Note: If you enter 0 for the service contract.com” was defined (above).2 Command Reference Table 7-11 Virtual Server Service Configuration Options (/cfg/slb/virt/service) Command Syntax and Usage hname <hostname>|none Sets the hostname for a service added.

or until the maximum count is reached. and minmisses SLB metrics. or multi-page Web forms. they will be connected to the most appropriate real server based on the load balancing metric.2. For example. which is a set of protocols built on top of TCP/IP that allow an application server and user to communicate over an encrypted HTTP session. The default number is 1. with clientip command enabled.0. For detailed information on Cookie-Based Persistence. and associates all connections from the same client with the same real server until the client becomes inactive and the connection is aged out of the binding table. When the client resumes activity after their connection has been aged out. The session ID is a value comprising 32 random bytes chosen by the SSL server that gets stored in a session hash table. The disable option allows you to disable presistent binding. or both source IP address and source port. rcount <response count number (1–16)> Sets the maximum response counter for cookie-based persistence. if it has previously been enabled for a particular application. the switch will use default hash parameter.2 Application Guide. By enabling the sslid option. since the services are related. SSL provides authentication. and security. Whereas. The clientip option uses the client IP address as an identifier. all subsequent SSL sessions which present the same session ID will be directed to the same real server. For more information on cookie option. HTTPS).2 Command Reference Table 7-11 Virtual Server Service Configuration Options (/cfg/slb/virt/service) Command Syntax and Usage pbind clientip|cookie<p|r|i>|sslid|disable Enables or disables persistent bindings for a real server (disabled by default). thash sip|sip+sport Defines hash parameter. different services from the same client may not map to the same server. January 2006 437 . If the user does not select any. In Nortel Application Switch Operating System 23. phash. non-repudiation. see the Persistence chapter in the Nortel Application Switch Operating System 23.0. which is sip. An alternative approach may be to use the real server group metrics minmisses or hash (see Server Load Balancing Metrics). HTTP and HTTPs traffic from the same client will map to the same server irrespective of the load balancing metric used. The Nortel Application Switch will examine each server response until the cookie is found. The cookie option uses a cookie defined in the HTTP header or placed in the URI for hashing.Nortel Application Switch Operating System 23. The connection timeout value (set in the Real Server Menu) is used to control how long these inactive but persistent connections remain associated with their real servers. Web site search results. Chapter 7: The SLB Configuration Menu 320506-A. This may be necessary for some server applications where state information about the client system is retained on the server over a series of sequential connections. Tunable hash feature allows the user to select different parameters for computing the hash value used by the hash. such as with SSL (Secure Socket Layer. The sslid option is for Secure Sockets Layer (SSL). see “Cookie-Based Persistence” on page 444. the source IP address.0.

This feature is applicable only on HTTP protocol. xforward disable|enable Enables or disables inserting the X-Forward-For header into the client HTTP request to preserve the client IP information. This option is used for Direct Server Return (DSR) in an one-armed load balancing setup. 438 Chapter 7: The SLB Configuration Menu 320506-A. Since no session is created. X-Forward-For is a special header that stores and identifies the client IP information. In those environments.2 Command Reference Table 7-11 Virtual Server Service Configuration Options (/cfg/slb/virt/service) Command Syntax and Usage dbind disable|enable Enables or disables Layer 4 Delayed Binding for TCP service and ports. mirror disable|enable Enables or disables session mirroring on the selected virtual service. you have to bind to a new server every time. dnsslb disable|enable Enables or disables DNS-based Layer 7 content load balancing. For example. Note: If applying a filter to the same virtual server IP address on which UDP load balancing is enabled.0. You can configure this option if the service(s) to be load balanced include UDP and TCP. direct disable|enable Enables or disables Direct Access Mode (DAM) on the selected virtual service. DNS uses UDP and TCP. frag disable|enable Enables or disables remapping server fragments for virtual port. nonat disable|enable Enables or disables substituting only the MAC address of the real server (disabled by default). udp disable|enable|stateless Enables or disables UDP load balancing for a virtual port (disabled by default). This option is enabled by default.Nortel Application Switch Operating System 23. Enabling this command protects the server from Denial of Service (DoS) attacks. no session table entry is created. This option is disabled by default. disable caching on that filter for optimal performance. January 2006 . For more information. see the cache command in Table 7-18 on page 452. When stateless is enabled. so that frames returning from server to the client do not have to pass through the switch. This option does not substitute IP addresses. This command takes precedence over the command to globally enable or disable Direct Access Mode on the switch. you must activate UDP balancing for the particular virtual servers that clients will communicate with using UDP.

you can configure the SP to select proxy IP address based on the egress port or VLAN. Chapter 7: The SLB Configuration Menu 320506-A.Nortel Application Switch Operating System 23. as it will delete the options that have been set for this virtual service. January 2006 439 . Using the epip command.0.2 Command Reference Table 7-11 Virtual Server Service Configuration Options (/cfg/slb/virt/service) Command Syntax and Usage epip disable|enable Enables or disables proxy IP selection based on egress port or VLAN. cur Displays the current configuration of services on the specified virtual server. the SP selects the proxy IP address based on ingress port or VLAN. Use this command with caution. del This command removes this virtual service from operation within the switch and deletes it from the Layer 4 switching software configuration. By default.

Enable userhash when there is no Session Dir.Disable WTS loadbalancing and persistence cur . January 2006 .2 Command Reference /cfg/slb/virt/service/wts WTS Load Balancing Menu [WTS Load Balancing Menu] userhash .0.Display current WTS configuration Table 7-12 WTS Load Balancing Menu Options Command Syntax and Usage userhash Enables the userhash if there is no session director server in the server platform. ena [true|false] Enable WTS load balancing.Enable WTS loadbalancing and persistence dis . dis cur Display the current WTS configuration. Server ena . 440 Chapter 7: The SLB Configuration Menu 320506-A.Nortel Application Switch Operating System 23. [true|false] Disable WTS load balancing.

http Enable/disable HTTP redirects for Global SLB.Set BW cont of an SLB string specific to this service rcount . urlcont Set BW cont of an SLB string specific to this service.0. xforward Enable/disable X-Forwarded-For for proxy mode.Display current HTTP configuration Table 7-13 HTTP Load Balancing Menu Options Command Syntax and Usage httpslb Set HTTP SLB processing.Nortel Application Switch Operating System 23. cur Display current HTTP configuration. rcount Set multi response count.Enable/disable HTTP redirects for Global SLB xforward . January 2006 441 .Set HTTP SLB processing urlcont .Set multi response count http .2 Command Reference /cfg/slb/virt/service/http HTTP Load Balancing Menu [HTTP Load Balancing Menu] httpslb . Chapter 7: The SLB Configuration Menu 320506-A.Enable/disable X-Forwarded-For for proxy mode pooling . pooling Enable/disable connection pooling for HTTP traffic.Enable/disable connection pooling for HTTP traffic cur .

2 Command Reference /cfg/slb/virt/service/sip SIP Load Balancing Menu [SIP Load Balancing Menu] sip .Enable/disable SIP SDP Media Portal NAT cur . January 2006 .Display current SIP configuration Table 7-14 SIP Load Balancing Menu Options Command Syntax and Usage sip Enable SIP load balancing.0. sdpnat Enable SIP SDP Media Portal NAT.Enable/disable SIP load balancing sdpnat . 442 Chapter 7: The SLB Configuration Menu 320506-A.Nortel Application Switch Operating System 23. cur Display the current SIP configuration.

either hash or patternMatch. To clear the hostname for a service. If a dname of “foocorp. the switch will use default hash parameter.Nortel Application Switch Operating System 23.com” was defined (above). the source IP address. thash sip|sip+sport Defines hash parameter. For example.Set hostname rtspslb . RTSP will parse the URL and will hash the URL to select a server to load balance. January 2006 443 . hname <hostname>|none Sets the hostname for a service added.Set real server group number hname . phash. This is used in conjunction with dname (above) to create a full host/domain name for individual services. l4hash: The l4hash option configures Server Load Balancing to be based on the Layer 4 hash metric.Enable/disable SoftGrid load balancing del . or both source IP address and source port. use the command: # hname none rtspslb hash|patternMatch|l4hash|none This Layer 7 load balancing option sets the type of rtspslb. Chapter 7: The SLB Configuration Menu 320506-A. and minmisses SLB metrics. patternMatch: If you select this option. softgrid enable|disable Enable or disable softgrid load balancing.Display current virtual service configuration Table 7-15 RTSP Load Balancing Menu Options Command Syntax and Usage group <real server group number (1-1024)> Sets real server group number. the destination IP address. The format for this command is: # hname <hostname> For example. If the user does not select any.Set hash parameter softgrid . you could specify www as the hostname. “www. RTSP will use Layer 4 metrics to select a server to load balance. The default is hash.Delete virtual service cur .0. none: If set at none.Set RTSP URL load balancing type thash .2 Command Reference /cfg/slb/virt/service/rtsp RTSP Load Balancing Menu [RTSP Load Balancing Menu] group . thereby enabling the service. to add a hostname for Web services. Tunable hash feature allows the user to select different parameters for computing the hash value used by the hash.com” would be the full host/ domain name for the service.foocorp. which is sip. hash: If you use hash. the switch will match the string or pattern within the URL to select a server based on the string configured on the real server.

Option <mode> Description Specify the mode for cookie-based persistence. r: Rewrite mode.2 Command Reference Table 7-15 RTSP Load Balancing Menu Options Command Syntax and Usage del Deletes this virtual service. In this mode.. Look for cookie in the URI. Enter the starting point of the cookie value (1-64) Enter number of bytes to extract (1-64). In active cookie mode (or cookie rewrite mode). When a client sends a request without a cookie. and the switch inserts a persistence cookie into the data packet..g. January 2006 . For cookie rewrite.Nortel Application Switch Operating System 23. If you want to look for cookie name or value in the URI. 12/31/01@23:59) . the extracting length must be 8 or 16. the server responds with the data. Cookie-Based Persistence The cookie option is used to establish cookie-based persistence. The switch uses this cookie to bind to the appropriate server. enter e to enable this option.. The switch intercepts this persistence cookie and rewrites the value to include server-specific information before sending it to the client.. a duration <days[:hours[:minutes]]> (e. cur Displays the current virtual service configuration. and not the network administrator. i: Insert mode.0.g.. The following three modes are available: p: Passive mode. the switch. 45:30:90) . a date <MM/dd/yy[@hh:mm]> (e. and has the following command syntax and usage: pbind cookie <mode> <name> <offset> <length> <URI> Each parameter is explained in the following table. Insert cookie mode expiration parameters are as follows: Enter insert-cookie expiration as either: . generates the cookie value on behalf of the server. To look for cookie in the HTTP header. or none <return> <name> <offset> <length> <URI> Enter the name of the cookie. enter d to disable this option. the network administrator configures the Web server to embed a cookie in the server response that the switch looks for in subsequent requests from the same client.. 444 Chapter 7: The SLB Configuration Menu 320506-A.

Set filter name smac .Set source MAC address dmac .Set source IP address smask .Display current filter configuration The switch supports up to 2048 traffic filters.Set destination TCP/UDP port or range action . January 2006 445 .Enable/disable filter inversion ena . /cfg/slb/filt <filter number> SLB Filter Configuration [Filter 1 Menu] adv .Set source TCP/UDP port or range dport . deny. There are several options available in the Filter Advanced Menu (/cfg/slb/filt/adv. This command is disabled by default.Set IP protocol sport .2 Command Reference For more information on Cookie-Based Persistence.2 Application Guide.Set vlan id invert .Set destination MAC address ipver . Each filter can be configured to allow. page 450) that can be used to provide more information through syslog.0.Set real server port for redirection nat . and each physical switch port can be configured to use any combination of filters.0.Enable filter dis .Disable filter del .Nortel Application Switch Operating System 23. redirect or perform Network Address Translation on traffic according to a variety of address and protocol specifications.Set destination IP address dmask . The types of information include: IP protocol TCP/UDP ports Chapter 7: The SLB Configuration Menu 320506-A.Filter Advanced Menu name .Set which addresses are network address translated vlan .Delete filter cur .Set source subnet mask/prefix len dip .Set Filter IP version sip .Set destination subnet mask/prefix len proto . see the Nortel Application Switch Operating System 23.Set real server group for redirection rport .Set action group .

nat) Enable the filter Add the filter to a switch port Enable filtering on the Nortel Application Switch port Table 7-16 Filter Configuration Menu Options (/cfg/slb/filt) Command Syntax and Usage adv Displays the Filter Advanced Menu. 3001:0:0:0:0:0:abcd:1234 or 3001::abcd:1234)> If defined.255.2 Command Reference TCP flags ICMP message type The following parameters are required for filtering: Set the address. deny.4. January 2006 . sip sip <IP4 address (eg. and/or protocol that will be affected by the filter Set the filter action (allow. ipver v4 | v6 Sets the IP version that the filter will use. dmac any|<MAC address (such as. 00:60:cf:40:56:00)> Sets the source MAC address. The default is any if the source MAC address is any. Filtering using IPv6 is only supported in bridge mode.Nortel Application Switch Operating System 23. 00:60:cf:40:56:00)> Sets the destination MAC address. traffic with this source IP address will be affected by this filter.0.101)> | <IP6 address (eg. 255. 446 Chapter 7: The SLB Configuration Menu 320506-A.0> | <IP6 prefix length (eg. or any. The default is any. redirect. smask <IP4 subnet mask (such as. see page 450. Specify an IP address in dotted decimal notation for IPv4 or colon notation for IPv6. 64)> This IP address mask is used with the sip to select traffic which this filter will affect. To view menu options. The default is any.255. name <31 character name>|none Allows the user to assign a name to a filter.17. A range of IP addresses is produced when used with the smask below. For more information. smac any|<MAC address (such as. masks. see “Defining IP Address Ranges for Filters” on page 449. 192. See details below for more information on producing address ranges.

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 7-16 Filter Configuration Menu Options (/cfg/slb/filt)
Command Syntax and Usage dip <IP4 address (eg, 192.4.17.101)> | <IP6 address (eg, 3001:0:0:0:0:0:abcd:1234 or 3001::abcd:1234)> If defined, traffic with this destination IP address will be affected by this filter. Specify an IP address in dotted decimal notation for IPv4 or colon notation for IPv6, or any. A range of IP addresses is produced when used with the dmask below. The default is any if the destination MAC address is any. For more information, see “Defining IP Address Ranges for Filters” on page 449. dmask <IP4 subnet mask (such as, 255.255.255.0)> | <IP6 prefix length (eg, 64)> This IP address mask is used with the dip to select traffic which this filter will affect. proto any|<number>|<name> If defined, traffic from the specified protocol is affected by this filter. Specify the protocol number, name, or “any”. The default is any. Listed below are some of the well-known protocols. Number 1 2 6 17 58 89 112 Name icmp igmp tcp udp icmp6 ospf vrrp

sport any|<name>|<port>|<port>-<port> If defined, traffic with the specified TCP or UDP source port will be affected by this filter. Specify the port number, range, name, or “any”. The default is any. Listed below are some of the well-known ports: Number 20 21 22 23 25 37 42 43 53 69 70 79 80 109 110 Name ftp-data ftp ssh telnet smtp time name whois domain tftp gopher finger http pop2 pop3

Chapter 7: The SLB Configuration Menu
320506-A, January 2006

447

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 7-16 Filter Configuration Menu Options (/cfg/slb/filt)
Command Syntax and Usage dport any|<name>|<port>|<port>-<port> If defined, traffic with the specified real server TCP or UDP destination port will be affected by this filter. Specify the port number, range, name, or “any”, just as with sport above. The default is set at any. action allow|deny|redir|nat|goto Specifies the action this filter takes: allow deny redir Allow the frame to pass (by default). Discard frames that fit this filter’s profile. This can be used for building basic security profiles. Redirect frames that fit this filter’s profile, such as for web cache redirection. In addition, Layer 4 processing must be activated (see the /cfg/slb/on command on page 412). Perform generic Network Address Translation (NAT). This can be used to map the source or destination IP address and port information of a private network scheme to/from the advertised network IP address and ports. This is used in conjunction with the nat option (mentioned in this table) and can also be combined with proxies. Allows the user to specify a target filter ID that the filter search should jump to when a match occurs. The goto action causes filter processing to jump to a designated filter, effectively skipping over a block of filter IDs. Filter searching action will then continue from the designated filter ID. To specify the new filter to goto, use the /cfg.slb/filt/adv/goto command. group <real server group number (1-1024)> This option applies only when redir is specified at the filter action. Define a real server group (1 to 16) to which redirected traffic will be sent. The default is group 1 rport <real server port (0-65535)> This option applies only when redir is specified at the filter action. This defines the real server TCP or UDP port to which redirected traffic will be sent. For valid Layer 4 health checks, this must be configured whenever TCP protocol traffic is redirected. Also, if transparent proxies are used for Network Address Translation (NAT) on the Nortel Application Switch (see the pip option in Table 7-28 on page 463), rport must be configured for all Application Redirection filters. The default is set at 0. nat source|dest When nat is set as the filter action (see above), this command specifies whether Network Address Translation (NAT) is performed on the source or the destination information. Destination (dest) is set as the default filter. If source is specified, the frame’s source IP address (sip) and port number (sport) are replaced with the dip and dport values. If dest is specified, the frame’s destination IP address (dip) and port number (dport) are replaced with the sip and sport values.

nat

goto

448

Chapter 7: The SLB Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 7-16 Filter Configuration Menu Options (/cfg/slb/filt)
Command Syntax and Usage vlan any|<VLAN ID (1 - 4090)> Sets the ID of the VLAN that is to be filtered. This option allows you to match the VLAN ID of the switch against the VLAN ID of the incoming packet. The default is any, which means the switch will match any VLAN ID of the incoming packet This command allows filters to be configured on per VLAN basis, and applies a filter to a VLAN that already has been configured. A VLAN has a set of member ports. But by applying this filter to a VLAN, the filter does not get applied to all the member ports of this VLAN. You have to manually add the filter to the port. invert disable|enable Inverts the filter logic. If the conditions of the filter are met, don’t act. If the conditions for the filter are not met, perform the assigned action. This option is disabled by default. When using filter inversion for IPv6, be aware the Neighbor Solicitations (NSol) are filtered out if no appropriate NSol filter was set up before inversion. ena Enables this filter. dis Disables this filter. del Deletes this filter. cur Displays the current configuration of the filter.

Defining IP Address Ranges for Filters
You can specify a range of IP address for filtering both the source and/or destination IP address for traffic. When a range of IP addresses is needed, the sip (source) or dip (destination) defines the base IP address in the desired range, and the smask (source) or dmask (destination) is the mask which is applied to produce the range. For example, to determine if a client request’s destination IP address should be redirected to the cache servers attached to a particular switch, the destination IP address is masked (bitwise AND) with the dmask and then compared to the dip.

Chapter 7: The SLB Configuration Menu
320506-A, January 2006

449

Nortel Application Switch Operating System 23.0.2 Command Reference

As another example, you could configure the switch with two filters so that each would handle traffic filtering for one half of the Internet. To do this, you could define the following parameters: Table 7-17 Filtering IP Address Ranges
Filter #1 #2 Internet Address Range dip dmask 128.0.0.0

0.0.0.0 - 127.255.255.255 0.0.0.0 128.0.0.0 255.255.255.255

128.0.0.0 128.0.0.0

/cfg/slb/filt <filter number>/adv
Advanced Filter Configuration
[itr1Avne Mn] Fle dacd eu 82p 01 -821 Avne Mn 0.p dacd eu tp c -TPAvne Mn C dacd eu -I Avne Mn P dacd eu i p lyr ae7 -Lyr7Avne Mn ae dacd eu poyd -PoyAvne Mn rxav rx dacd eu rdr ei -RdrcinAvne Mn eieto dacd eu scrt -Scrt Mn euiy euiy eu im cp -StIM msaetp e CP esg ye cn ot -StB cnrc e W otat rvot -StB cnrc frtervressin ecn e W otat o h ees eso -StNTo L lou ssintmot e A r 7 okp eso ieu tot mu isr dgp -StISsre gopfrituindtcinSB e D evr ru o nrso eeto L isah -Sths prmtrfrituindtcinSB dhs e ah aaee o nrso eeto L tah hs -Sths prmtrfrFle e ah aaee o itr gt oo -StGT fle I e OO itr D rvre -Eal/ial cetn ssinrvresd tafc ees nbedsbe raig eso ees ie rfi cce ah -Eal/ial ccigssin ta mthfle nbedsbe ahn esos ht ac itr lg o -Eal/ial lgig nbedsbe ogn mro irr -Eal/ial ssinmroig nbedsbe eso irrn cr u -Dslycretavne fle cniuain ipa urn dacd itr ofgrto

450

Chapter 7: The SLB Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 7-18 Advanced Filter Menu (/cfg/slb/filt/adv)
Command Syntax and Usage 8021p Displays 8021p Advanced Menu. IEEE 802.1p is the specification for prioritizing the net-

work traffic at the Layer 2 level in your switch. Using this command you can preserve 802.1p bits in all the frames that pass through the switch.

To view menu options, see page 453. tcp Displays the TCP Flags advanced menu. To view menu options, see page 453. ip Sets IP advanced menu. To view menu options, see page 454. layer7 Displays Layer7 advanced menu. To view menu options, see page 457. proxyadv Displays the Proxy Advanced Menu. To view menu options, see page 460. icmp any|<number>|<type; "icmp list" for list> Sets the ICMP message type. The default is set at any. For a list of ICMP message types, see Table 7-22 on page 455. For a detailed description of filtering and ICMP, see the Nortel Application Switch Operating System 23.0.2 Application Guide. cont <BWM Contract (1-1024)> Sets the Bandwidth Management Contract. By default, the contract number is set at 1024. revcont <BW Contract (1-1024)> Sets the Bandwidth Management contract for the reverse traffic session. This command helps you assign a different Bandwidth management contract from the one configured on the ingress filter. tmout <even number of minutes (4-32768)> Sets the session timeout in an even number of minutes. The default is set at 4 minutes. idsgrp <real server group number (1-1024)>|none Sets the IDS server group for intrusion detection server load balancing. When filtering is used for IDSLB, each filter added to an IDSLB-enabled port can be assigned a unique IDS real server group. idshash sip|dip|both Sets the hash metric parameter for Intrusion Detection System Server Load Balancing: source IP (sip), destination IP (dip), or both.

Chapter 7: The SLB Configuration Menu
320506-A, January 2006

451

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 7-18 Advanced Filter Menu (/cfg/slb/filt/adv)
Command Syntax and Usage thash auto|sip|dip|both|sip+sport Allows you to choose hash parameter to use for filter redirection. The Default is auto. The sip option allows you to perform tunable hash on source IP address for this filter. The option dip allows you to perform tunable hash on destination IP address for this filter. The option both allows you to perform tunable hash on both source IP address and the destination IP address at the same time. The option sip+sport allows you to perform tunable hash on both source IP address and source port at the same time. goto <filter ID> Allows the user to specify a target filter ID that the filter search should jump to when a match occurs. Filter searching will then continue from the designated filter ID. Use this command to specify the new filter to go to. In order to use this feature, the action on this filter must be set to goto. reverse disable|enable Enables or disables the creation of a session for traffic coming from the reverse side. This command allows for the creation of a session entry for reverse traffic to avoid inspecting traffic in both directions. cache disable|enable Enables or disables caching sessions that match the filter. Exercise caution while applying cacheenabled and cache-disabled filters to the same switch port. A cache-enabled filter creates a session entry in the switch, so that the switch can bypass checking for subsequent frames that match the same criteria. Cache is enabled by default. Note: Cache should be disabled if applying a filter to virtual server IP address while performing UDP load balancing (see “udp disable|enable|stateless” on page 438). log disable|enable Enables or disables generating of syslog messages when a filter is hit. This option is disabled by default. mirror disable|enable Enables or disables session mirroring. cur Displays the current advanced filter configuration.

452

Chapter 7: The SLB Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/slb/filt <filter number>/adv/8021p
802.1p Advanced Menu
This feature provides the Nortel Application Switch Operating System the capability to filter IP packets based on the 802.1p bits in the packet's VLAN header. The 802.1p bits specify the priority that you should give to the packets while forwarding them. The packets with a higher (non-zero) priority bits are given forwarding preference over packets with numerically lower priority bits value.
[802.1p Advanced Menu] value - Set 802.1p value match - Enable/disable 802.1p value matching cur - Display current 802.1p configuration

Table 7-19 8021p Advanced Menu Options (/cfg/slb/filt/adv/8021p)
Command Syntax and Usage value <0-7> Defines 802.1p value. The value is the priority bits information in the packet structure. match disable|enable Enables or disables matching of 802.1p value. When the Management Processor needs to reuse the packet to send to the destination, the switch matches the original priority bits information with the priority bits information after the frame processing is complete. cur Displays current 802.1p configuration.

/cfg/slb/filt <filter number>/adv/tcp
Advanced Filter TCP Configuration
[TCP Advanced urg ack psh rst syn fin ackrst cur Menu] - Enable/disable TCP URG matching - Enable/disable TCP ACK matching - Enable/disable TCP PSH matching - Enable/disable TCP RST matching - Enable/disable TCP SYN matching - Enable/disable TCP FIN matching - Enable/disable TCP ACK or RST matching - Display current TCP configuration

Chapter 7: The SLB Configuration Menu
320506-A, January 2006

453

Nortel Application Switch Operating System 23.0.2 Command Reference

These commands can be used to configure packet filtering for specific TCP flags. Table 7-20 Advanced Filter TCP Menu (/cfg/slb/filt/adv/tcp)
Command Syntax and Usage urg disable|enable Enables or disables TCP URG (urgent) flag matching. By default, this option is disabled. ack disable|enable Enables or disables TCP ACK (acknowledgement) flag matching. By default, this option is disabled. psh disable|enable Enables or disables TCP PSH (push) flag matching. By default, this option is disabled. rst disable|enable Enables or disables TCP RST (reset) flag matching. By default, this option is disabled. syn disable|enable Enables or disables TCP SYN (synchronize) flag matching. By default, this option is disabled. fin disable|enable Enables or disables TCP FIN (finish) flag matching. By default, this option is disabled. ackrst disable|enable Enables or disables TCP acknowledgement or reset flag matching. By default, this option is disabled. cur Displays the current Access Control List TCP filter configuration.

/cfg/slb/filt <filter number> /adv/ip
IP Advanced Menu
[IP Advanced Menu] tos - Set IP Type of Service tmask - Set IP TOS mask newtos - Set new IP TOS length - Set IP maximum packet length option - Enable/disable IP option matching cur - Display current IP configuration

454

Chapter 7: The SLB Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 7-21 IP Advanced Menu Options (/cfg/slb/filt #/adv/ip)
Command Syntax and Usage tos <0-255> Sets IP type of service (ToS) and the value of the type of service. For more information on ToS, refer to RFC 1340 and 1349. tmask <0-255> Sets IP type of service mask. newtos <0-255> Sets new IP type of service. length <IP packet length (in bytes), 64-65535>|any Defines the limit of the IP packet’s length, including the IPv4 or IPv6 IP header. Any packet equal or exceeding the specified length will not match the filter. This option supports both IPv4 and IPv6 packets. option disable|enable Enables or disables IP option matching. cur Displays the current advanced IP settings for the selected filter.

ICMP Message Types
The following ICMP message types are used with the /cfg/slb/filt/adv/icmp command. You can list all ICMP message types with the /cfg/slb/filt/adv/icmp list command. Table 7-22 ICMP Message Types
Type # Message Type 0 3 4 5 8 9 10 11 echorep destun quench redir echoreq rtradv rtrsol timex Description ICMP echo reply ICMP destination unreachable ICMP source quench ICMP redirect ICMP echo request ICMP router advertisement ICMP router solicitation ICMP time exceeded

Chapter 7: The SLB Configuration Menu
320506-A, January 2006

455

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 7-22 ICMP Message Types
Type # Message Type 12 13 14 15 16 17 18 param timereq timerep inforeq inforep maskreq maskrep Description ICMP parameter problem ICMP timestamp request ICMP timestamp reply ICMP information request ICMP information reply ICMP address mask request ICMP address mask reply

456

Chapter 7: The SLB Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/slb/filt <filter number> /adv/layer7
Layer 7 Advanced Filter Configuration Menu
[Layer 7 Advanced Menu] sip - Layer 7 SIP Menu urlcont - Set BW cont of an URL path specific to this filter addrd - Add HTTP redirection mapping remrd - Remove HTTP redirection mapping addstr - Add string for layer 7 filtering remstr - Remove string for layer 7 filtering rdsnp - Enable/disable WAP RADIUS Snooping rdswap - Enable/disable RADIUS/WAP Persistence ftpa - Enable/disable active FTP NAT l7lkup - Enable/disable layer 7 content lookup parseall - Enable/disable layer 7 lookup (parsing) of all packets cur - Display current layer 7 configuration

Table 7-23 Layer 7 Advanced Filter Menu Options (/cfg/slb/filt/adv/layer7)
Command Syntax and Usage sip Go to the Layer 7 SIP menu. To view the menu options, see page 459. urlcont <URL path ID> <BW contract> Sets the URL path BW contract for this filter. Only use this command when a string is shared by multiple filters and each filter requires a separate bandwidth. addrd [1>2] Adds an HTTP redirection mapping. Strings are defined under: /cfg/slb/layer7/slb/add. This command tells the filter that if it matches on the first string id, then send back an HTTP redirection message back to the client that contains information in the second string ID. remrd <string id to redirect from (1-1024)> <string id to redirect to (2-1024)> Removes an HTTP redirection mapping that was added using the addrd command described above. addstr <string id (1-1024)> Adds the string ID to this filter for L7 filtering. The string is defined under: /cfg/slb/ layer7/slb/add. remstr <string id (1-1024)> Removes the string ID for Layer 7 filtering. The string is defined under: /cfg/slb/layer7/ slb/add.

Chapter 7: The SLB Configuration Menu
320506-A, January 2006

457

Nortel Application Switch Operating System 23.0.2 Command Reference

Table 7-23 Layer 7 Advanced Filter Menu Options (/cfg/slb/filt/adv/layer7)
Command Syntax and Usage rdsnp disable|enable Enables or disables WAP RADIUS snooping on this filter.

Radius snooping allows the Nortel Application Switch Operating System to examine RADIUS accounting packets for client information. This information is needed to add to or delete static session entries in the switch’s session table so that it can perform the required persistency for load balancing. For more details, please refer to your Application Guide.
rdswap enable|disable Enables or disables WAP RADIUS persistence on this filter. This feature allows for RADIUS and WAP persistence by binding both (RADIUS accounting and WAP) sessions to the same server. A WAP client is first authenticated by the RADIUS server on UDP port 1812. The server replies with a Radius Accept or Reject frame. The switch forwards this reply to the RAS. After the RAS receives the Radius accept packet, it sends a RADIUS accounting start packet on UDP port 1813 to the bound server. The application switch snoops on the RADIUS accounting start packet for the “framed IP address” attribute. The “framed IP address” attribute is used to rebind the RADIUS accounting session to a new server. For more details, please refer to your Application Guide. ftpa disable|enable Enables or disables active FTP Client Network Address Translation (NAT). When a client in active FTP mode sends a PORT command to a remote FTP server, the switch will look into the data part of the frame and replace the client 's private IP address with a proxy IP (PIP) address. The real server port (RPORT) will be replaced with a proxy port (PPORT), that is PIP:PPORT. By default, this option is disabled. l7lkup disable|enable Enables or disables layer 7 lookup on this filter. This command replaces the urlp and l7deny commands found in earlier releases of Nortel Application Switch Operating System. When enabled, the filter performs a lookup on layer 7 content such as HTTP strings or headers. When combined with a filter action (for example, deny, redir), this feature enables content-intelligent redirection or content-intelligent deny filtering. parseall disable|enable Enables or disables parsing of all packets in a session where layer 7 lookup is being performed. This command is enabled by default, and normally all data packets in a session are examined by the filter. However, some sessions may contain only one packet containing the layer 7 content. Once this packet is found, subsequent packets can be ignored. When parseall is disabled, layer 7 lookup is turned off for the remaining packets in the session. cur Displays the current advanced Layer 7 configuration of the filter including the Radius/Wap persistence settings.

458

Chapter 7: The SLB Configuration Menu
320506-A, January 2006

Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/slb/filt <num> /adv/layer7/sip
Layer 7 SIP Menu
[Layer 7 SIP Menu] rtpcont - Set BW contract for the SIP RTP sessions sipp - Enable/disable SIP parsing cur - Display current SIP configuration

Table 7-24 Layer 7 SIP Menu Options (/cfg/slb/filt/adv/layer7/sip)
Command Syntax and Usage rtpcont <BW contract> Set BW contract for the SIP RTP sessions. sipp enable|disable Enable or disable SIP parsing. cur Displays the current advanced SIP configuration.

Chapter 7: The SLB Configuration Menu
320506-A, January 2006

459

0.Display current Security configuration 460 Chapter 7: The SLB Configuration Menu 320506-A.Add pattern match group for layer 7 filtering remgrp .2 Command Reference /cfg/slb/filt/adv/proxyadv Proxy Advanced Menu [Proxy Advanced proxyip epip proxy cur Menu] Set client proxy IP address Enable/disable pip selection based egress port/vlan Enable/disable client proxy Display current proxy configuration Table 7-25 Proxy Advanced Menu Options Command Syntax and Usage proxyip <IP_address> Set the client proxy IP_address. epip enable|disable Enable or diable PIP selection based on the outgoing port or VLAN. cur Shows all Proxy statistics.Enable/disable pattern string lookup (parsing) of all packets cur . /cfg/slb/filt <filter number> /adv/security SLB Filter Advanced Security Menu [Security Menu] ratelim . January 2006 .Enable/disable chained pgroup match criteria for l7 filtering parseall .Nortel Application Switch Operating System 23. proxy enable|disable Enable or disable client proxy.Enable/disable pattern matching matchall .Enable/disable match-all criteria for layer 7 filtering parsechn .Remove pattern match group for layer 7 filtering pmatch .Rate Limiting Menu addgrp .

parsechn enable|disable Enable/disable chained pgroup match criteria for l7 filtering. the switch allows rate limiting to be enabled on TCP. Pattern groups are added using the /cfg/security/ pgroup/add command.0. remgrp <pattern match group id> Removes a pattern group from this filter. parseall disable|enable Enables or disables pattern string lookup (parsing) of all packets in a session where pattern matching is being performed. matchall disable|enable Enables or disables matching of all configured patterns before the filter can perform the deny action. To view menu options see page 462. Chapter 7: The SLB Configuration Menu 320506-A. cur Displays the current configuration. subsequent packets can be ignored. Currently. When parseall is disabled. pmatch disable|enable Enables or disables pattern matching on this filter. January 2006 461 . and normally all data packets in a session are examined by the filter. and ICMP protocols. addgrp <pattern match group id> Adds a pattern group to this filter. some sessions may contain only one packet containing the layer 7 content.2 Command Reference Table 7-26 Layer 7 Advanced Filter Menu Options (/cfg/slb/filt/adv/security) Command Syntax and Usage ratelim Displays the Rate Limiting Menu. The protocol-based rate limiting limits the traffic coming from specific clients based on the IP address of the client. This feature enables the switch to detect and block UDP or ICMP-based DOS attacks that slow down or decapitate the servers. This command is enabled by default. pattern matching is turned off for the remaining packets in the session.Nortel Application Switch Operating System 23. However. UDP. Once this packet is found.

The client is held down for a specified number of minutes. holddur <minutes. any new TCP connection requests or UDP/ICMP packets from the client are blocked. A time window is a configured period of time (in seconds) during which packets are allowed to be received. 2-65535> Defines hold down duration for rate limiting. UDP. after which new TCP connection requests or packets from the client are allowed once again to pass through. ena Enables the protocol for rate limiting. or ICMP rate limiting Disable TCP. UDP. January 2006 . The time window can be configured per filter and not globally on all the filters.2 Command Reference /cfg/slb/filt <filter number> /adv/security/ ratelim Advanced Security Rate Limiting Configuration Menu [Rate Limiting maxconn timewin holddur ena dis cur Menu] Set maximum connections for rate limiting Set time window for rate limiting Set hold down duration for rate limiting Enable TCP. or ICMP rate limiting. dis Disables TCP. and ICMP. UDP. 462 Chapter 7: The SLB Configuration Menu 320506-A.Nortel Application Switch Operating System 23. UDP. or ICMP rate limiting Display current rate limiting configuration Table 7-27 Rate Limiting Advanced Menu Options (/cfg/slb/filt/adv/security/ ratelim) Command Syntax and Usage maxconn <# of connections in units of 10 (0-255)> Defines maximum connections for rate limiting. The hold-down duration can be configured per filter and not globally on all the filters.0. 1-65535> Defines time window for rate limiting. When blocking occurs. Rate limiting is applied to the protocol configured on the filter. the client is said to be held down. The supported protocols are: TCP. When the number of new connections or packets exceeds the configured limit. timewin <seconds. cur Displays the current rate limiting configuration.

the port can be enabled or disabled to process client Layer 4 traffic. This option is disabled by default.0. Traffic not associated with virtual servers is switched normally. the switch port re-maps real server IP addresses and Layer 4 port values to virtual server IP addresses and Layer 4 ports. clear the session binding table for the port (see the clear command in Table 8-3 on page 502).Enable/disable inter-switch processing proxy .2 Command Reference /cfg/slb/port <port number> Port SLB Configuration [SLB port 1 Menu] client . router. Traffic not associated with virtual servers is switched normally.Enable/disable server processing rts . Ports configured to process client request traffic bind servers to clients and provide address translation from the virtual server IP address to the real server IP address. it may take some time before the port session information is updated so that the filter changes take effect.Display current port configuration Nortel Application Switch Operating System switch software allows you to enable or disable processing independently for each type of Layer 4 traffic (client and server) on a per port basis.Enable/disable intrusion detection server load balancing cur . Maximizing the number of these ports on the Layer 4 switch will improve the switch’s potential for effective Server Load Balancing.Enable/disable RTS processing hotstan .Enable/disable hot-standby processing intersw . server disable|enable Ports configured to provide real server responses to client requests require real servers to be connected to the Layer 4 switch.Enable/disable filtering add .Enable/disable use of PIP for ingress traffic filt . or another switch.Enable/disable client processing server . Chapter 7: The SLB Configuration Menu 320506-A. NOTE – When changing the filters on a given port. When server processing is enabled. directly or through a hub.Add filter to port rem . expanding your topology options.Remove filter from port idslb . January 2006 463 . re-mapping virtual server IP addresses and port values to real server IP addresses and ports. Table 7-28 Port Configuration Menu Options (/cfg/slb/port) Command Syntax and Usage client disable|enable For Server Load Balancing. This option is disabled by default. To make port filter changes take effect immediately.Nortel Application Switch Operating System 23.

0. January 2006 . rem <filter ID (1 to 2048)|block of IDs (first-last)> Removes a filter or a block of filters from use on this port.0.0. IDSLB is enabled on a port and a real server group is designated for IDSLB.2. This option is disabled by default. This option is used for firewall load balancing or VPN load balancing applications. This option is enabled for ports connected to a peer switch and is disabled by default. proxy disable|enable Enables or disables a proxy for traffic that ingresses this port. Enter filter ID (1 to 2048) or a contiguous block of filter IDs. 464 Chapter 7: The SLB Configuration Menu 320506-A.2 Application Guide. When the PIP is defined. see the “Firewall Load Balancing” and “VPN Load Balancing” chapters in the Nortel Application Switch Operating System 23. cur Displays the current system parameters. each filter’s rport parameter must also be defined (see rport on page 446).Nortel Application Switch Operating System 23. This option is disabled by default. Enter filter ID (1 to 2048) or a contiguous block of filter IDs. Proxies are also useful for Application Redirection and Network Address Translation (NAT).2 Command Reference Table 7-28 Port Configuration Menu Options (/cfg/slb/port) rts disable|enable Enables or disables Return to Sender (RTS) load balancing on this port. In Server Load Balancing applications. client address information in Layer 4 requests is replaced with this proxy IP address. For more information on using rts. When pip is used with Application Redirection filters. filt disable|enable Enables or disables filtering on this port. this forces response traffic to return through the switch. intersw disable|enable Enables or disables inter-switch processing.This option is disabled by default. rather than around it. as is possible in complex routing environments. Enable rts on all client-side ports to ensure that traffic ingresses and egresses through the same port. This option is disabled by default. add <filter ID (1 to 2048)|block of IDs (first-last)> Adds a filter or a block of filters for use on this port. IDSLB is done at the end of filter processing or at the end of client processing where filtering is not enabled. This option is disabled by default. idslb disable|enable Enables or disables Intrusion Detection System Server Load Balancing on this port. Enabling the filter sets up the Real Server to look into the VPN session table. hotstan disable|enable Enables or disables hot-standby processing. In the case of client processing. 1-100. In Nortel Application Switch Operating System 23. For example. Use this option and the intersw option in conjunction with VRRP hot-standby failover. For example. 1-100.

s [Global SLB Menu] site . In addition. The switch performs this periodically on every remote site using Distributed Site State Protocol (DSSP).Enable/disable authoritative DNS direct based GSLB hostlk .Set TCP port number for DSSPv2 remote site updates sinter . To view menu options.Nortel Application Switch Operating System 23.Enable/disable virtual service hostname matching http . For more information.Set timeout in minutes for DNS persistence cache mincon . see page 469.Rule Menu version . see page 467.Set sessions utilization capacity threshold (DSSPv2) cpucap .Set source IP subnet mask for DNS persistence cache timeout .Enable/disable HTTP redirect based GSLB usern . network <network (1-128)> Displays Network Preference Menu. To view menu options.Set sessions available capacity threshold noresp .Globally turn Global SLB OFF cur .Display current Global SLB configuration Table 7-29 Global SLB Menu Options (/cfg/slb/gslb) Command Syntax and Usage site <remote site (1-64)> Displays the menu for a remote site.Enable/disable HTTP redirect to remote real server name norem . please refer to your Application Guide. GSLB uses the health and response time to select the server in the GSLB selection engine. Chapter 7: The SLB Configuration Menu 320506-A.Set DNS response code when no server is returned dns . DSSP is a proprietary protocol that resides above TCP.2 Command Reference /cfg/slb/gslb Global SLB Configuration Global Server Load Balancing (GSLB) at any given site performs periodic SLB health checks to determine the health and response time of the remote real server corresponding to the virtual server at the remote site.Set DSSP version 1 or 2 to send out remote site updates port .Enable/disable encrypting remote site updates on .Network Preference Menu rule .Set CPU utilization capacity threshold (DSSPv2) smask .Globally turn Global SLB ON off .0.Set interval in seconds for remote site updates sesscap . January 2006 465 .Enable/disable no remote real SLB encrypt . GSLB sends the health and response time together with the local session and CPU utilization information that are collectively known as remote site updates.Remote Site Menu network .

The default TCP port is 80. The range is between 10 and 7200 seconds. in addition to the domain name. the hostname specified in the Virtual Service configuration. 1-1440> Set timeout in minutes for DNS persistence cache. the switch will not perform HTTP Redirects. timeout <timeout in minutes. version <DSSP version 1 or 2> Defines the version of Distributed Site State Protocol (DSSP) that is used to send out the remote site updates. January 2006 . When enabled. this switch will redirect client requests to peer sites if its own real servers fail or have reached their maximum connection limits. http disable|enable Enables or disables HTTP redirects to peer sites by this switch. When enabled (default). 255. 64)> Set source IP subnet mask for DNS persistence cache. see page 470. port <TCP port number> Sets the TCP port number for remote site updates for Global server load balancing.Nortel Application Switch Operating System 23.0. If disabled. mincon <available sessions threshold. The default configuration is 90%. dns disable|enable Enables or disables DNS direct-based GSLB.255.255. but will instead drop requests for new connections and cause the client’s browser to eventually issue a new DNS request. The default configuration is 90%. To view menu options. only the domain name will be used to match. sinter <remote site updates interval in seconds. 10-7200> Sets the time interval in seconds for remote site updates.2 Command Reference Table 7-29 Global SLB Menu Options (/cfg/slb/gslb) Command Syntax and Usage rule <rule (1-128)> Displays the Rule Menu.0)> OR smask <set IP6 prefix len (eg. hostlk disable|enable Enables or disables lookups based on host or domain name in a GSLB configuration. will be used to resolve the IP address for the domain. This option is enabled by default. sesscap <Session utilization capacity threshold (1-100)> Sets the threshold for session utilization capacity. When disabled. 466 Chapter 7: The SLB Configuration Menu 320506-A. cpucap <CPU utilization capacity threshold (1-100)> Sets the threshold for the CPU utilization capacity. 0-65535> Defines the capacity threshold for the sessions available on the real server for GSLB. smask <set IP4 subnet mask (eg.

the switch will not do remote real server load balancing for non-http protocols. By default. Each virtual service has a group of real servers. if you want to do no-remote-real-server load balancing. /cfg/slb/gslb/site <site number> GSLB Remote Site Configuration The switch initiates a global server selection to direct client traffic to the best server for a given domain. When a site redirects a client to another site using an HTTP redirect. Each site has a virtual server for the domain.Nortel Application Switch Operating System 23. you need to disable the http parameter in the same menu. off Turns GSLB off for this switch. the switch will not encrypt the DSSP messages going out of the switch.2 Command Reference Table 7-29 Global SLB Menu Options (/cfg/slb/gslb) Command Syntax and Usage usern disable|enable Enables or disables an HTTP redirect to a real server name. January 2006 467 . The combination of a virtual server and a virtual service is called a domain. If disabled. but will not hand off requests to this switch. Any active remote sites will still perform GSLB services with each other. This option can be performed only once the optional GSLB software is activated (refer to “Activating Optional Software” on page 509). Chapter 7: The SLB Configuration Menu 320506-A. This option allows the GSLB feature to work with older versions of Web OS that do not encrypt DSSP messages on Activates Global Server Load Balancing (GSLB) for this switch. the client will be redirected to the domain name specified by the remote real server name plus virtual server domain name: <remote real server name> <virtual server domain name> norem This command enables or disables no-remote real server load balancing. For HTTP protocols.0. encrypt This command enables or disables encrypting of DSSP updates. This option is disabled by default. If usern is enabled. If enabled. GSLB is turned off. cur Displays the current Global SLB configuration. Each domain has one or more sites. the client is redirected to the new site's IP address. Each virtual server has a domain name. Each virtual server has a number of virtual services. Each virtual service has a host name.

[Remote site 1 Menu] prima .Set secondary switch IP address of remote site name . there is a local virtual server but no remote virtual server.Set primary switch IP address of remote site secon . configure the Nortel Application Switch Operating System Browser-Based Interface (BBI) to use a different service port (see the /cfg/sys/access/wport option on page 288). If the remote site primary switch fails.Set remote site name update . If disabled.Enable/disable remote site updates ena . the switch will not send state updates. If your local firewall does not permit this traffic. disable the updates. name <31 character name>|none Sets the name of the remote site. the local switch will address the remote site secondary switch instead. The local virtual server has a number of local virtual services Each local virtual service has a group of local or remote real servers. The default is set at none.Disable remote site del .2 Command Reference At a local site for a domain.0. Use dotted decimal notation.Enable remote site dis . ena Enables this remote site for use with Global Server Load Balancing.Display current remote site configuration Up to 64 remote sites can be configured. 468 Chapter 7: The SLB Configuration Menu 320506-A. January 2006 . By default. enter the IP address of the IP interface for the remote secondary switch here. secon <server IP address> If the remote site is configured with a redundant switch. The remote real servers are the virtual servers at the remote sites. Note: When update is enabled. the Nortel Application Switch Operating System Webbased interface also uses port 80. If enabled (default). Global Server Load Balancing uses service port 80 on the IP interface for DSSP updates. If both are enabled.Delete remote site cur . update disable|enable Enables or disables remote site updates. Both services cannot use the same port. this switch will send regular Distributed Site State Protocol (DSSP) updates to its remote peers using HTTP port 80.Nortel Application Switch Operating System 23. Table 7-30 GSLB Remote Site Menu Options (/cfg/slb/gslb/site) Command Syntax and Usage prima <server IP address> Defines the IP interface IP address of the primary switch at the remote site used for Global Server Load Balancing.

Enable network dis .Disable network del . del Removes this remote site from operation and deletes its configuration.Delete network cur . [Network 1 Menu] sip . Up to 128 network preference numbers can be set. A range of IP addresses is produced when used with the mask option.Set source IP and network netmask addvirt .Add remote real server to network remreal . Chapter 7: The SLB Configuration Menu 320506-A. mask <IP subnet mask (such as.255.2 Command Reference Table 7-30 GSLB Remote Site Menu Options (/cfg/slb/gslb/site) Command Syntax and Usage dis Disables this remote site. The switch will no longer use this remote site for Global Server Load Balancing.0)> This IP address mask is used with the source IP (SIP) address to find a correct virtual server IP address to respond to a DNS request. Specify an IP address in dotted decimal notation. cur Displays the current remote site configuration. January 2006 469 .Remove virtual server from network addreal .Set source IP address mask .Remove remote real server from network ena .Add virtual server to network remvirt .Nortel Application Switch Operating System 23. 255.0. The preferred network contains a subset of the servers for the domain.255.Display current network configuration Table 7-31 GSLB Network Menu Options (/cfg/slb/gslb/network) Command Syntax and Usage sip <IP address> Defines the source (client) IP address. /cfg/slb/gslb/network <network number> GSLB Network Preference Configuration Menu Network preference selects a server based on the preferred network of the source IP address for a given domain.

remvirt <virtual server number (1-1024)> Removes a virtual server from the network. [Rule 1 Menu] metric start end ttl rr dname ena dis del cur 470 - Metric Menu Set start time for rule Set end time for rule Set Time To Live in seconds of DNS resource records Set DNS resource records in DNS response Set network preference domain name for rule Enable rule Disable rule Delete rule Display current rule configuration Chapter 7: The SLB Configuration Menu 320506-A.0. January 2006 . cur Displays the current Internet network entry configuration. Each rule has a metric preference list. /cfg/slb/gslb/rule GSLB Rule Configuration Menu Rules allow the GSLB selection to use different metric preferences based on time-of-day. remreal <real server number (1-1023)> Removes a real server from the network. del Deletes the network entry. addreal <real server number (1-1023)> Adds a real server to the network. The GSLB selection selects the first rule that matches the domain and starts with the first metric in the metric preference list of the rule. ena Enables the network. You can configure one or more rules on each domain. dis Disables the network.Nortel Application Switch Operating System 23. No virtual server is added by default.2 Command Reference Table 7-31 GSLB Network Menu Options (/cfg/slb/gslb/network) Command Syntax and Usage addvirt <virtual server number (1-1024)> Adds a virtual server to the network.

dname <34 character (wildcard "*" allowed) domain name> | none Defines the domain name for the rule for network preference. You can use wildcard “*” while creating the domain name. ena Enables the rule. end <hour (0-23)> <minutes (0-59)> Defines the end time for the rule. A lower value may increase the ability of the GSLB system to adjust to sudden changes in traffic load. To view menu options. Chapter 7: The SLB Configuration Menu 320506-A. January 2006 471 . see page 472. The default is zero. The maximum length for the domain name can be 34 characters. rr <rr (1-10)> Sets the DNS resource records that how many DNS resource records will be returned in the DNS response. start <hour (0-23)> <minutes (0-59)> Defines the start time for the rule.Nortel Application Switch Operating System 23. cur Displays the current rule configuration. The default is zero. Higher numbers may reduce the amount of DNS traffic. del Deletes the rule. dis Disables the rule. Default is none. The default is 2 records. with default at 60) that the DNS response from the switch (indicating site of best service) will remain in the cache of DNS servers.0. ttl <time to live in seconds (0-65535)> Specifies the duration (from 0 to 65535 seconds. but will generate more DNS traffic.2 Command Reference Table 7-32 GSLB Rule Configuration Menu Options (/cfg/slb/gslb/rule) Command Syntax and Usage metric <metric (1-16)> Displays Metric Preference Menu. but may slow GSLB’s response to sudden traffic changes.

Display current metric configuration Table 7-33 Global SLB Rule Metric Menu Options (/cfg/slb/gslb/rule/metric) Command Syntax and Usage gmetric leastconns|roundrobin|response|geographical|network|random|availability|qos|minmisses|hash|local|always|remote|none Defines the metric to select the next real server for GSLB.2 Command Reference /cfg/slb/gslb/rule/metric Global SLB Rule Metric Menu [Rule 1 Metric 1 Menu] gmetric .SIP SDP Menu dbindtm .Server Load Balancing Menu sdp . see page 473. The default is none. This command applies only if you select network as the metric.Add network to gmetric=network remnet . /cfg/slb/layer7 Layer 7 SLB Resource Definition Menu [Layer 7 Resource Definition Menu] redir . To view menu options.Remove network from gmetric=network cur .Nortel Application Switch Operating System 23. addnet Allows you to add a network to the selected metric.Web Cache Redirection Menu slb .Set timeout for incomplete delayed binding connections cur .0. January 2006 .Display current Layer 7 configuration Table 7-34 Layer 7 Resource Definition Menu Options (/cfg/slb/layer7) Command Syntax and Usage redir Displays the Web Cache Redirection Menu.Set metric to use to select next server addnet . cur Displays the current configuration of the metric. 472 Chapter 7: The SLB Configuration Menu 320506-A. remnet <1-128> Allows you to delete a network that was added to the selected metric.

the switch will compare the URI against the expression table to determine whether all non-GET requests should be redirected to a cache server or origin server. cur Displays the current Layer 7 configuration.Enable/disable auto-ALLOW for non-GETs to origin servers cookie .Enable/disable no-cache control header to origin servers hash . If this command is disabled. see page 477. January 2006 473 .Display current WCR configuration Table 7-35 Web Cache Redirection Menu Options (/cfg/slb/layer7/redir) Command Syntax and Usage urlal disable|enable Enables or disables auto-ALLOW for non-GETs to origin servers.Nortel Application Switch Operating System 23.Enable/disable URL hashing based on URI header . To view menu options. If this command is enabled. sdp Displays the SIP SDP Menu. /cfg/slb/layer7/redir Web Cache Redirection Configuration [Web Cache Redirection Menu] urlal . Chapter 7: The SLB Configuration Menu 320506-A. see page 475. To view menu options.Enable/disable server loadbalance based on HTTP header cur .0. This option is enabled by default. dbindtm <10-60 seconds> Sets the timeout for incomplete delayed binding connections.Enable/disable auto-ALLOW for Cookie to origin servers nocache .2 Command Reference Table 7-34 Layer 7 Resource Definition Menu Options (/cfg/slb/layer7) Command Syntax and Usage slb Displays the Server Load Balancing Menu. the switch will redirect all non-GET requests to the origin server.

the switch will compare the URI against the expression table to determine whether it should redirect all requests that contain Cookie: in the HTTP header to a cache server or origin server. the switch will only use the host header field to calculate the hash key. If this command is enabled.1 header. hash disable|enable <number (1-255)> Enables or disables URL hashing based on the URI. the switch will redirect all requests that contain Cache-Control: nocache in HTTP/1. This option is enabled by default. If this command is disabled. cur Displays the current URL expression table.1 header. or Pragma: no-cache in HTTP/1.0 header to a cache server or origin server. header disable|enable host|useragent|others Enables or disables server load balancing based on HTTP header. If this command is enabled. January 2006 . the switch will redirect all requests that contain Cookie: in the HTTP header to the origin server.Nortel Application Switch Operating System 23. you can set the length of URI that will be used to hash into the cache server by specifying a number from 1-255. 474 Chapter 7: The SLB Configuration Menu 320506-A. This option is disabled by default.0 header to the origin server. This option is disabled by default. This option is disabled by default. If this command is disabled. If hashing is disabled. or Pragma: no-cache in HTTP/1. If hashing is enabled. the switch will compare the URI against the expression table to determine whether it should redirect requests that contain Cache-Control: no-cache in HTTP/ 1.2 Command Reference Table 7-35 Web Cache Redirection Menu Options (/cfg/slb/layer7/redir) Command Syntax and Usage cookie disable|enable Enables or disables auto-ALLOW for cookie to origin servers. nocache disable|enable Enables or disables no-cache control header to origin servers.0.

January 2006 475 . HTTP allows an open-ended set of methods to be used to indicate the purpose of a request. The software supports both HTTP 1. Nortel Application Switch Operating System 23.1 to perform HTTP request methods.Set HTTP error message addstr . The methods GET and HEAD must be supported by all general-purpose servers. addmeth <Method. If you choose pattern string.0 and HTTP 1. If you choose l7lkup string. You can see a list of supported default methods by using the command cur in this menu. Chapter 7: The SLB Configuration Menu 320506-A.Enable/disable case sensitive for string matching cont . remstr <SLB string ID> Removes this SLB string from the real server.Add SLB string for load balance remstr . you can define a string for server load balancing or a string for Layer 7 lookup. you will have the option to choose between ascii or binary strings on a specific offset of the IP frame.Set BW contract for the SLB string cur . All other methods are optional. A method is case-sensitive.Remove HTTP method type case . rename <SLB string ID> <SLB string> Renames the SLB string for load balancing.2 Command Reference /cfg/slb/layer7/slb Server Load Balance Resource Configuration Menu [Server Loadbalance Resource Menu] message .” addstr <l7lkup|pattern> Allows the user to define a string that can be used for server load balancing or filtering by selecting either a Layer 7 look up string or a pattern match.2 supports 22 request methods by default.Rename SLB string for load balance addmeth .0.Display current configuration Table 7-36 Server Load Balance Resource Menu Options (/cfg/slb/layer7/slb) Command Syntax and Usage message <64 byte error message> Sets the message that will be displayed when an error occurs. These strings will only be used for filtering string pattern matching.Remove SLB string for load balance rename . The default message is “No available server to handle this request.0.Nortel Application Switch Operating System 23.Add HTTP method type remmeth . 1-32> Allows you to add HTTP request methods of maximum 32 characters to your switch software.

January 2006 . case disable|enable Enables or disables case sensitivity for string matching. Using this command you can do either case sensitive or case insensitive string comparison.0. cur Displays the currently configured SLB strings and their associated string IDs (index numbers) and the supported HTTP request methods. cont <SLB string ID [1-1024]> <BW contract number [1-1024]> Sets the Bandwidth Management contract for a specified string for the SLB string ID.Nortel Application Switch Operating System 23. all load balancing strings and all the request strings arriving on the switch will have to be converted to lower case before doing any string comparison. 476 Chapter 7: The SLB Configuration Menu 320506-A. If you disable case sensitive.2 Command Reference Table 7-36 Server Load Balance Resource Menu Options (/cfg/slb/layer7/slb) Command Syntax and Usage remmeth <Method ID> Allows you to remove HTTP methods from your switch software.

Add SDP mapping rem .WAP debug level cur . /cfg/slb/wap WAP Configuration [WAP Options Menu] tpcp .0. debug <wap debug level (0-10)> Sets the debug level for tracing the WAP related messages. This option is disabled by default. The default is set at 0. cur Displays the current WAP configuration Chapter 7: The SLB Configuration Menu 320506-A.Display current SDP mapping configuration Table 7-37 SDP Mapping Menu Options Command Syntax and Usage add <private IP> <public IP> Add SDP mapping.Remove SDP mapping cur .2 Command Reference /cfg/slb/layer7/sdp SDP Mapping Menu [SDP Mapping Menu] add .Enable/disable WAP TPCP external notification debug .Display current WAP configuration Table 7-38 WAP Configuration Menu Options (/cfg/slb/wap) Command Syntax and Usage tpcp disable|enable Enables or disables the TPCP external notification for Add/Delete session requests. rem <private IP> Remove SDP mapping.Nortel Application Switch Operating System 23. cur Display current SDP mapping configuration. January 2006 477 .

Enable/disable syncing persistent session state update . FILT.Display current Layer 4 sync configuration To synchronize the configuration between two switches.Synch Peer Switch Menu filt . prios disable|enable Enables or disables syncing VRRP priorities. This option is enabled by default. This option is enabled by default. pips disable|enable Enables or disables synchronizing proxy IP addresses. January 2006 . and VRRP configuration updates using /oper/slb/ synch.2 Command Reference /cfg/slb/sync Synchronize Peer Switch Configuration [Config Synchronization Menu] peer .Enable/disable syncing peer proxy IP addresses bwm .Nortel Application Switch Operating System 23.Enable/disable syncing filter configuration ports . Peers are sent SLB.Set stateful failover update period cur . ports disable|enable Enables or disables synchronizing Layer 4 port configuration. To view menu options. This option is enabled by default.Enable/disable syncing proxy IP addresses peerpips . filt disable|enable Enables or disables synchronizing filter configuration. a peer must be configured and enabled on each switch.Enable/disable syncing port configuration prios . Switches being synchronized must use the same administrator password.0. This option is disabled by default. This option is disabled by default. Peer proxy IP addresses are used in VRRP Active/Active configuration. This option is disabled by default. Table 7-39 Synchronization Menu Options (/cfg/slb/sync) Command Syntax and Usage peer <peer switch number (1-2)> Displays the Sync Peer Switch Menu. see page 479.Enable/disable syncing BWM configuration state .Enable/disable syncing VRRP priorities pips . 478 Chapter 7: The SLB Configuration Menu 320506-A. peerpips disable|enable Enables or disables synchronizing the peer proxy IP addresses.

The default is 0. By default.0. Chapter 7: The SLB Configuration Menu 320506-A. a peer must be configured and enabled on each switch. 1–60> Sets the stateful failover update interval. January 2006 479 . state disable|enable Enables or disables stateful failover for synchronizing the persistent session state. Table 7-40 Peer Switch Configuration Menu Options (/cfg/slb/sync/peer) Command Syntax and Usage addr <IP address> Sets the peer switch IP address.0 ena Enables the peer for this switch.Disable peer switch del .Enable peer switch dis . dis Disables the peer for this switch. this option is disabled.Display current peer switch configuration To synchronize the configuration between two switches. This option is enabled by default.Set peer switch IP address ena .0.0. if any. This option is disabled by default. Switches being synchronized must use the same administrator password. The default value is 30 seconds.Delete peer switch cur . update <seconds. /cfg/slb/sync/peer <peer switch number> Peer Switch Configuration [Peer Switch 1 Menu] addr . cur Displays the current Layer 4 synchronization configuration. The active switch sends update packets of new persistent binding entries.Nortel Application Switch Operating System 23. to the backup switch at the specified update interval.2 Command Reference Table 7-39 Synchronization Menu Options (/cfg/slb/sync) Command Syntax and Usage bwm disable|enable Enables or disables synchronizing Bandwidth Management configuration between Master and backup switches.

Enable/disable using VLAN info for real server lookup pvlantag . /cfg/slb/adv Advanced Layer 4 Configuration [Layer 4 Advanced Menu] synatk . 480 Chapter 7: The SLB Configuration Menu 320506-A. To view menu options.Set management subnet mask pmask .SYN Attack Detection Menu smtport .Enable/disable Virtual Matrix Architecture vmasport .Enable/disable Source MAC address substitution direct .Set SLB session attack inspection interval allowlim .Enable/disable Ingress Port For Session Table Binding fastage .Enable/disable preserving vlan tag during packet forwarding portbind .Session table fast-age (1 sec) period bit shift slowage .Enable/disable Virtual Service Statistics rtsvlan .Display current Layer 4 advanced configuration Table 7-41 Layer 4 Advanced Menu Options (/cfg/slb/adv) Command Syntax and Usage synatk Displays SYN Attack Detection Menu.Enable/disable graceful real server failure matrix .Nortel Application Switch Operating System 23.Set SLB session attack alert allowable limit submac .Service Mapping Table Real Port Menu imask .Set persistent mask intrval .0.Set management network mmask .2 Command Reference Table 7-40 Peer Switch Configuration Menu Options (/cfg/slb/sync/peer) Command Syntax and Usage del Deletes the peer for this switch cur Displays the current peer switch configuration.Session table slow-age (2 min) period bit shift cur . see page 483.Enable/disable VMA with source port tpcp .Enable/disable Direct Access Mode grace . January 2006 .Enable/disable Transparent Proxy Cache Protocol vstat .Set virtual and real IP address mask mnet .

Specify an IP address in dotted decimal notation.255. A range of IP addresses is produced when used with the mmask option.255.255.0)> This IP address mask is used with the mnet to select management traffic which is allowed direct access to real servers.255. Typically. submac disable|enable Enables or disables Source MAC address substitution. In other words. The default is 255. pmask <IP subnet mask (such as 255.255.255. this service port’s client request will not be processed by the server processor. Chapter 7: The SLB Configuration Menu 320506-A. see page 483. management traffic with this source IP address will be allowed direct (non-Layer 4) access to the real servers.Nortel Application Switch Operating System 23. But if you enable this command.255. direct disable|enable Enable/disables Direct Access Mode to real servers/services. mmask <IP subnet mask (such as 255. The default is 255.255. To view menu options.255. January 2006 481 .255. allowlim <allowable limit (1-2097104)> This command allows you to specify the maximum number of sessions the switch can receive at any given period of time. imask <IP subnet mask (such as 255. At the configured interval of time the switch will check if the number of sessions is within the configured limits.0)> Sets persistent mask. intrval <time window for collecting sessions (0-3600)> This command allows you to configure the time interval (from one second to one hour) to specify how frequently you want to check the SLB sessions (attacks) the switch received. Using this command you can add or remove a number of real server service port(s) that will process client traffic by-passing the server.255. mnet <IP address> If defined. this option is disabled.0)> Configures the real and virtual server IP address mask using dotted decimal notation. You can set this limit by using the next command in this menu: allowlim.255.0.2 Command Reference Table 7-41 Layer 4 Advanced Menu Options (/cfg/slb/adv) Command Syntax and Usage smtport Displays Service Mapping Table (SMT) Real Server Port Menu. This option also allows any virtual server to load balance any real server.255. the switch will generate a syslog and an SNMP trap to alert the administrator that the switch is under SLB attack.255. The default is 255.255. the switch will substitute the source MAC address (for the packets going to the server) with the MAC address of the switch. If the number of sessions exceeds this limit. By default. the source MAC is not modified for the packets going to the servers in an SLB environment.

this option is disabled. The default interval is two minutes. matrix disable|enable Enables or disables the use of Virtual Matrix Architecture on the Nortel Application Switch. 482 Chapter 7: The SLB Configuration Menu 320506-A. If a large value of slowage is used. By default. By default.0. Each incremental increase of the value doubles the length of the interval. The default interval is two seconds. slowage <shift the slow-age (2min) period 0-14 bits> Controls how frequently a slowage scan is performed. a session can remain in the session table for months. pvlantag Enable/disable preserving vlan tag during packet forwarding. The slowage scan is used to remove idle or non-TCP sessions from the session at the specified intervals. rtsvlan disable|enable Enables or disables the use of VLAN for Return to Sender information on the real server. which causes the time to double per increment). tpcp disable|enable Enables or disables the TPCP (Transparent Proxy Cache Protocol). The fastage scan is used to remove TCP sessions that have been closed with a FIN and sessions that have been identified by the slowage scan as idle for the maximum allowed period. This command is used for security reasons—the UDP port can be closed. this option is enabled.2 Application Guide). If a large value of fastage is used.2 Command Reference Table 7-41 Layer 4 Advanced Menu Options (/cfg/slb/adv) Command Syntax and Usage grace disable|enable Enables or disables graceful real server failure. Allows existing sessions to remain bound to a server after the server has been placed in the service failed state (for more information. this option is disabled.Nortel Application Switch Operating System 23. The default is 0. Each incremental increase of the value doubles the length of the interval. fastage <shift the fast-age (1sec) period 0-7 bits> Controls how frequently a fastage scan is performed. (Value is set in bits rather than seconds. The default is 0.0. January 2006 . By default. vmasport enable|disable Enable/disable VMA with source port. see “Service Failure” in the Nortel Application Switch Operating System 23. portbind disable|enable Enables or disables the inclusion of the ingress port number in the session table look up. a session can remain in the session table for a few minutes. vstat disable|enable Enables or disables reporting of virtual service statistics.

Set SYN attack alarm threshold cur . thrshld <SYN attack alarm threshold (new half-open sessions/second) (1-100000)> Sets the threshold of SYN attack alarm.0.2 Command Reference Table 7-41 Layer 4 Advanced Menu Options (/cfg/slb/adv) Command Syntax and Usage cur Displays the current Layer 4 advanced configuration. January 2006 483 . /cfg/slb/adv/smtport Advanced SMT Real Server Port Configuration Menu [SMT Real Port Menu] add .Display current SYN attack detection configuration Table 7-42 SYN Attack Detection Menu Options (/cfg/slb/adv/synatk) Command Syntax and Usage intrval <SYN attack check interval in seconds (2-3600)> Sets the interval of SYN attack inspection.Remove real port cur . cur Displays the current SYN attack detection configuration. Chapter 7: The SLB Configuration Menu 320506-A.Set SYN attack detection interval thrshld .Nortel Application Switch Operating System 23. /cfg/slb/adv/synatk SYN Attack Detection Configuration Menu [SYN Attack Detection Menu] intrval .Display real port configuration Table 7-43 Advanced SMT Real Server Port Menu Options (/cfg/slb/adv/smtport) Command Syntax and Usage add <real server port (2-65534)> This command allows you to add a service port to the real server that is configured to process client traffic by-passing the server processor.Add real port remove .

To view menu options. /cfg/slb/linklb Inbound Link Load Balancing configuration Menu [Inbound Linklb drecord group ttl ena dis cur Menu] Domain Record Menu Set real server group Set Time to Live of DNS resource records Enable Inbound Linklb Disable Inbound Linklb Display current Inbound Linklb configuration Table 7-44 Inbound Link Load Balancing Configuration Menu Options (/cfg/slb/ linklb) Command Syntax and Usage drecord <domain record number (1-64)> Displays domain record menu. cur Displays current inbound link load configuration. ena Enables inbound link load balancing. dis Disables inbound link load balancing. January 2006 .2 Command Reference Table 7-43 Advanced SMT Real Server Port Menu Options (/cfg/slb/adv/smtport) Command Syntax and Usage remove <real server port (2-65534)> This command allows you to remove a service port from the real server that is configured to process client traffic by-passing the server processor. group <real server group number (1-1023)> Sets the real server ISP group number. see page 485.Nortel Application Switch Operating System 23. cur Displays real port configuration. ttl <time to live in seconds (0-65535)> Sets the time-to-live for DNS resource records.0. 484 Chapter 7: The SLB Configuration Menu 320506-A.

January 2006 485 . domain <64 character domain name>|none Allows you to configure the domain name.Disable Domain Record del . Default is none. ena Enables the domain records.Nortel Application Switch Operating System 23.Enable Domain Record dis .Delete Domain Record cur . Chapter 7: The SLB Configuration Menu 320506-A. dis Disables the domain records.Display current Domain Record configuration Table 7-45 Inbound Link Load Balancing Domain Record Menu Options (/cfg/slb/ linklb/drecord) Command Syntax and Usage entry <linklb entry number (1-8)> Displays the link load balancer’s mapping menu for the virtual and real servers. cur Displays the current domain records. See page 452 to view menu options.Virt Real Mapping Menu domain .0.2 Command Reference /cfg/slb/linklb/drecord Inbound Link Load Balancing Domain Record Menu [Domain Record <domain_number> Menu] entry .Set Domain Name ena . del Deletes the domain records.

del Deletes the entry for drecords.Set interval of response and bandwidth metric updates cur .LDAP version secret . cur Displays the current real and virtual server mappings for drecords entries. dis Disables the entry for drecords.Set Virtual Server Number real .Set Real Server Number ena .Enable Entry dis .Nortel Application Switch Operating System 23.SNMP Health Check Menu waphc .Set RADIUS secret minter . /cfg/slb/advhc Advanced Health Check Configuration Menu [Layer 4 Advanced Health Check Menu] script .0.Scriptable Health Check Menu snmphc .Enable/disable Allow HTTP Health Check on any port ldapver . ena Enables the entry for drecords. January 2006 .2 Command Reference /cfg/slb/linklb/drecord/entry Inbound Link Load Balancing Mapping Menu [Virt Real Mapping 1 Menu] virt .WAP Health Check Menu aphttp .Display current Entry configuration Table 7-46 Command Syntax & Usage virt <virtual server number.Delete Entry cur .Disable Entry del . 1-1024> Defines the virtual server number for mapping. real Defines the real server number for mapping.Display current Layer 4 advanced health check configuration 486 Chapter 7: The SLB Configuration Menu 320506-A.

this option is disabled. secret <1-32 character secret> To perform application health checking to a RADIUS server. The default is 2. like HTTPs. see page 490. The secret value is a field of up to 32 alphanumeric characters that is used by the switch to encrypt a password during the RSA Message Digest Algorithm (MD5) and by the RADIUS server to decrypt the password during verification. see page 488. you can use HTTP health checks only for HTTP service. cur Displays the current Layer 4 advanced health check configuration. the network administrator must configure two parameters in the switch: the /cfg/slb/secret value and the cntnt parameter with a username:password value.0. ldapver <LDAP version> Sets the LDAP version to 2 or 3. see page 492. To view menu options. To view menu options.2 Command Reference Table 7-47 Advanced Health Check Menu Options (/cfg/slb/advhc) Command Syntax and Usage script <health script number (1-64)> Displays the Scriptable Health Check Menu. minter <number of seconds between updates (1-256)> This command sets the interval of response and bandwidth metric updates. aphttp disable|enable Enables or disables HTTP health checks on any port. To view menu options. By default. waphc Displays the WAP Health Check Menu.Nortel Application Switch Operating System 23. January 2006 487 . When disabled. Chapter 7: The SLB Configuration Menu 320506-A. The default is none. Enabling it will allow you to use it on any port. The default is set at 10. snmphc <SNMP health check number (1-5)> Displays the SNMP Health Check Menu.

Add binary expect command to end of script nexpect .Add wait command to end of script close . [Health Script 1 Menu] open .Add additional expect binary string to end of script offset . 488 Chapter 7: The SLB Configuration Menu 320506-A. and the port number.Nortel Application Switch Operating System 23.Display current script configuration Table 7-48 Scriptable Health Check Menu Options (/cfg/slb/adv/script) Command Syntax and Usage open <real port or name (such as: http)> <tcp|udp> Opens a TCP connection or specifies a UDP port for the health check.Add close command to end of script (TCP only) rem .Delete script cur .Add send command to end of script bsend .0.2 Command Reference /cfg/slb/advhc/script <health script number> Scriptable Health Checks Configuration Scriptable health checks provide a robust and extensible way to health check a group of real servers.Remove last command from script del .Add binary send command to end of script nsend . The Health Script menu provides commands that can be used to define the health “script. So both TCP and UDP services can be health-checked. send <text string (TCP). The ASCII and binary-based scripts control how a group of real servers are healthchecked. You need to specify the protocol (TCP or UDP). January 2006 .Add open command to end of script send .Add depth command to end of script wait . With these health checks.Add offset command to end of script depth . hex string (UDP)> Sends an ASCII request string through an open TCP or UDP port to the server.” The total number of characters cannot exceed 6144 bytes. the users can define their own health checks of varied complexity.Add expect command to end of script bexpect . Up to 64 scripts can be configured. bsend <hex string> Sends a binary request string in hexadecimal format for the request packet through an open TCP or UDP port to the server.Add additional send binary string to end of script expect .

2 allows a maximum of 256 bytes to be entered. 1-1464> Allows you to specify the offset from the beginning of the UDP data area to start matching the content specified in the expect command. If you need to specify offset. If you do not see this string in any response packet before the health check interval or the configured wait window expires. bexpect <hex string> Allows you to configure binary content request string (in hexadecimal format) that you can search in each server response packet for successful health check on an open TCP port. The wait window starts when the request is sent from the switch.0. the health check passes. expect <text string (TCP). you must do it after executing the bexpect command. rem Removes the last entered line from the script. January 2006 489 . If the expected response is received within the wait window. The wait command should follow the offset and depth commands in the script. Using one or more nsend commands allows you to generate a binary content of more than 256 bytes in length. offset <offset. or beginning from offset if offset was specified. to search for the bexpect content. 1-1464> Allows you to specify the depth (the window) in bytes beginning from the start of the UDP data area. close Closes TCP connection. Chapter 7: The SLB Configuration Menu 320506-A. hex string (UDP)> Allows you to configure an ASCII request string that you can search in each server response packet for successful health check on an open TCP port. The wait window is set in the units of milli-seconds. otherwise the health check fails. wait <wait window in milliseconds (1-65535)> Allows the user to configure a wait window for the expected response.2 Command Reference Table 7-48 Scriptable Health Check Menu Options (/cfg/slb/adv/script) Command Syntax and Usage nsend <additional hex string (UDP)> Allows you to append additional content to the packet generated by the bsend command. The Nortel Application Switch Operating System 23.0. nexpect <additional hex string (UDP)> Allows you to append additional content to the original content of the response packet specified by the bexpect command.Nortel Application Switch Operating System 23. the server does not pass the expect step and the health check fails. del Deletes the current script. depth <depth.

2 Command Reference Table 7-48 Scriptable Health Check Menu Options (/cfg/slb/adv/script) Command Syntax and Usage cur Lists the current script configuration.OID to be sent in the SNMP request packet comm .1. for example.4. comm <community string.0 max 30 sub-identifiers> Specify the Object Identifier (OID) to be sent in the SNMP GET request packet.1. the real server weights are dynamically adjusted based on SNMP health check response. rcvcnt <expected content an integer value or a string> Enter the content the switch expects to receive from the SNMP agent on the real server. invert disable|enable Enables or disables the inversion of the expected value.11. The format of the OID depends on the MIB file. such as.0.Display current SNMP health check configuration Table 7-49 SNMP Health Check Menu Options (/cfg/slb/adv/snmphc) Command Syntax and Usage oid <object identifier. 1.Delete SNMP health check cur .Enable/disable inversion of expected value weight .Expected value in the SNMP response packet invert .3. January 2006 .1.Enable/disable readjusting of weights based on response del . The default community string is public. weight disable|enable When enabled.1. an OID is of the form 1.7.1872. maximum 32 characters> Enter the community string used in the SNMP get request packet.Community string used in the SNMP request packet rcvcnt .1.1.5.2.Nortel Application Switch Operating System 23. 490 Chapter 7: The SLB Configuration Menu 320506-A. /cfg/slb/advhc/snmphc SNMP Health Check Configuration [SNMP Health Check 1 Menu] oid .6. the health check fails if the response packet contains the value specified in the receive content (rcvnt) field.2.3.6. When the invert option is enabled. del Deletes the current SNMP health check.

0. Chapter 7: The SLB Configuration Menu 320506-A.Nortel Application Switch Operating System 23. January 2006 491 .2 Command Reference Table 7-49 SNMP Health Check Menu Options (/cfg/slb/adv/snmphc) Command Syntax and Usage cur Displays the current SNMP Health Check configuration.

Display current WAP health check configuration Table 7-50 WAP Health Check Menu Options (/cfg/slb/adv/waphc) Command Syntax and Usage wspcnt Displays WSP Health Check Content Menu. The default port number is 9201. [WAP Health Check Menu] wspcnt . WTP+WSP. The Nortel Application Switch Operating System provides a content-based health check mechanism where customized WSP packets are sent to the WAP gateways. To view menu options.Nortel Application Switch Operating System 23. wtpport <wtp port number to health check (0-65534)> Defines the WTP port number to health check.WSP port number to health check wtpport . Connectionless WSP runs on UDP/IP protocol.0. deployed on WAP gateways/servers. refer to the Application Guide.WTLS+WSP port number to health check wtlsprt .WSP Health Check Content Menu wtpcnt . WTLS+WSP.WTLS port number to health check couple . The default port number is 9200.WTP+WSP Health Check Content Menu wspport . see page 495. 492 Chapter 7: The SLB Configuration Menu 320506-A. WSP content health checks can be configured in two modes: connectionless and connectionoriented. wtpcnt Displays WTP and WSP Health Check Content Menu. ports 9200 and 9202 and connectionoriented (WTP) traffic runs on ports 9201 and 9203. and the switch verifies the expected response. wspport <wsp port number to health check (0-65534)> Enter the port number on which WSP health checks will be performed. WTLS+WTP+WSP). To view menu options. January 2006 . For further details.WTP port number to health check wtlswsp . in a manner similar to scriptable health checks. Application switches can be used to load balance the gateways in both modes of operation.2 Command Reference /cfg/slb/advhc/waphc WAP Health Check Configuration Wireless Session Protocol (WSP) is used within the Wireless Application Protocol (WAP) suite to manage sessions between wireless devices and WAP content servers or WAP gateways.Enable/disable coupling with RADIUS Accounting Service cur . see page 494. The Nortel Application Switch Operating System allows you to configure three WAP gateway health check types for all four WAP services (WSP.

couple disable|enable Enables or disables coupling together of all the four WAP services (WSP.0.2 Command Reference Table 7-50 WAP Health Check Menu Options (/cfg/slb/adv/waphc) Command Syntax and Usage wtlswsp <wtls+wsp port number to health check (0-65534)> Defines the WTLS (Wireless Transport Layer Security) and WSP port number to health check. January 2006 493 . WTLS+WTP+WSP) with Radius Accounting Service. wtlsprt <port number (0-65534)> Enter the port number on which WTLS health checks will be performed. cur Displays the current WAP Health Check configuration. The connection-oriented WTLS traffic uses default port 9203. WTP+WSP. then all of the four WAP services and Radius Accounting Service are disabled.Nortel Application Switch Operating System 23. If the health check to any one of the four WAP services or Radius Accounting Service fails. Chapter 7: The SLB Configuration Menu 320506-A. The connectionless encrypted WTLS traffic uses default port 9202. WTLS+WSP.

Offset in received WSP packet sndcnt . This string will be delivered to the WSP gateway.2 Command Reference /cfg/slb/advhc/waphc/wspcnt WSP Content Health Check [WSP Health Check Content Menu] offset .Display current WSP health check content configuration Table 7-51 WSP Content Health Check Options (/cfg/slb/advhc/waphc/wspcnt) Command Syntax and Usage offset <Offset in the received WSP packet (0-512)> Enter the offset value content of the received WSP packages.Content to be received from the WAP gateway cur . cur Displays the current WAP Health Check configuration. 494 Chapter 7: The SLB Configuration Menu 320506-A. rcvcnt <receive content as hexadecimal string> Enter a hexadecimal string that represents the content that the switch expects to receive from the WSP gateway.Content to be sent to the WAP gateway rcvcnt .0. An offset value of 0 (default) sets the switch to start comparisons from the beginning of the content of the received packet. January 2006 . sndcnt <send content as hexadecimal string> Enter a hexadecimal string that represents a connectionless WSP request to a WSP gateway.Nortel Application Switch Operating System 23.

The offset value is the number of bytes from the beginning of the WSP PDU.REPLY PDU to be received from cur .Nortel Application Switch Operating System 23. January 2006 495 .2 Command Reference /cfg/slb/advhc/waphc/wtpcnt WTP and WSP Content Health Check Menu This menu is used for configuring the health check for connection-oriented unencrypted WAP traffic.Offset in received WSP PDU connect .CONNECT PDU to be sent to the sndcnt . at which the comparison begins to match with the expected receive content. [WTP+WSP Health Check Content Menu] offset .GET PDU to be sent to the WAP rcvcnt . cur Displays current WTP+WSP health check content configuration. rcvcnt <receive content as a hexadecimal string> Enter a hexadecimal string that represents the content that the switch expects to receive from the WSP gateway.Display current WTP+WSP health WAP gateway gateway the WAP gateway check content configuration Table 7-52 WTP and WSP Content Health Check Menu Options (/cfg/slb/advhc/ waphc/wtpcnt) Command Syntax and Usage offset <offset in the received WSP PDU> Enter the offset value content of the received WSP packets.0. This string will be delivered to the WSP gateway. This command allows you to customize the headers in the connect message. connect <connect content as hexstring> Enter the content for the first switch-generated WSP session packet. sndcnt <send content as hexadecimal string> Enter a hexadecimal string that represents a WSP request to a WSP gateway. Chapter 7: The SLB Configuration Menu 320506-A. An offset value of 0 (default) sets the switch to start comparisons from the beginning of WSP PDU of the received packet.

add <IP address> <port number|vlan number>|<port number-port number|vlan number-vlan number> Allows you to add either a port or a VLAN to a proxy IP address.0. You can configure multiple proxy IP addresses based on either port or VLAN.2 Command Reference /cfg/slb/pip Proxy IP Address Configuration Menu You need to enable proxy IP address processing on the port to use this command.Add port or VLAN to Proxy IP address rem . This command also allows you to remove all ports or VLANs assigned to any proxy IP address.Nortel Application Switch Operating System 23. cur Displays the current Proxy IP address configuration. whether it is port-based or VLAN-based. January 2006 .Set base type of Proxy IP address add . [Proxy IP Address Menu] type . You can configure up to 1024 proxy IP addresses on a per switch basis. rem <<PIP ID> <port#|vlan#>|<port#-port#|vlan#-vlan#>> Allows you to remove a port or a VLAN from a proxy IP address.Display current Proxy IP address configuration Table 7-53 Proxy IP Address Configuration Menu Options (/cfg/slb/pip) Command Syntax and Usage type <port|vlan> Defines the base type of the proxy IP address. 496 Chapter 7: The SLB Configuration Menu 320506-A.Remove port or VLAN from Proxy IP address cur .

0. This prevents the dropping of a packet or being sent to the backup switch in the absence of the proxy IP address of the peer switch.Display current peer Proxy IP address configuration Table 7-54 Peer Proxy IP Address Menu Options (/cfg/slb/peerpip) Command Syntax and Usage add <IP address> Allows you to add a proxy IP address to the server load balancing peer. January 2006 497 . without performing server processing on the packets of the other switch. Chapter 7: The SLB Configuration Menu 320506-A. the switch is able to forward traffic from the other switch. This happens because the peer switches are aware of each other’s proxy IP addresses. rem <IP address> Allows you to remove a proxy IP address from the server load balancing peer.2 Command Reference /cfg/slb/peerpip SLB Peer Proxy IP Address Menu When this command is enabled. cur Displays the current proxy address configuration of the peer. [Peer Proxy IP Address Menu] add .Add peer Proxy IP address rem .Nortel Application Switch Operating System 23. using Layer 2.Rem peer Proxy IP address cur .

0.0. For example: Current Workload Manager 1: IP address Port 0.Delete Workload Manager cur .Set IP address for Workload Manager port . cur Shows all Workload Manager statistics.Set port for Workload Manager del .Nortel Application Switch Operating System 23. del Delete the Workload Manager.Display current Workload Manager configuration Table 7-55 Workload Manager Menu Options Command Syntax and Usage addr <IP_address> Set the IP address for the Workload Manager.2 Command Reference /cfg/slb/wlm WorkLoad Management Menu [Workload Manager 1 Menu] addr .0 0 498 Chapter 7: The SLB Configuration Menu 320506-A.0. January 2006 . port <TCP_port> Set the port number for the Workload Manager.

Enter key to enable software feature rmkey . with the understanding that when the switch is reset.CHAPTER 8 The Operations Menu The Operations Menu is generally used for commands that affect switch performance immediately.Clear syslog messages displog . January 2006 .Enter software feature to be removed passwd .Operational Bandwidth Management Menu security .Operational Server Load Balancing Menu vrrp .Change current user password clrlog . you can use the Operations Menu to immediately disable a port (without the need to apply or save the change).Turn on/off display syslog msgs to telnet/ssh sessions defalias . /oper Operations Menu [Operations Menu] port . Port Mirroring menu options are accessible only to the Nortel Application Switch AD4 and Nortel Application Switch 184 Web Switches.Operational Security Menu ip .Operational IP Menu swkey . the port returns to its normally configured operation.Send NTP request The commands of the Operations Menu enable you to alter switch operational characteristics without affecting switch configuration.Set default port alias ntpreq . 499 320506-A.Operational Virtual Router Redundancy Menu bwm . For example. but do not alter permanent switch configurations.Operational Port Menu slb .

slb Displays the Operational Layer 4 Menu. To view menu options. You need to enter the current password in use for validation.2 Command Reference Table 8-1 Operations Menu Options (/oper) Command Syntax and Usage port <port number> Displays the Operational Port Menu. January 2006 . To view menu options.0. To view menu options. vrrp Displays the Operational Virtual Router Redundancy Menu.Nortel Application Switch Operating System 23. To view menu options. which has one sub-menu/option. security Go to the Operational Security menu. see page 505. swkey <16-hexadecimal digit key to enable software feature> Sets key to enable software feature. passwd <15 char max> Allows the user to change the password. For details. see page 505. ip Displays the IP Operations Menu. clrlog Clears all syslog messages. bwm Operational Bandwidth Management Menu. rmkey <software feature to be removed (GSL|BWM|Security)> Defines software feature to be removed. 500 Chapter 8: The Operations Menu 320506-A. see page 510. see page 509. see page 501. the Operational Border Gateway Protocol Menu. displog on|off Turn on/off display syslog msgs to telnet/ssh sessions defalias Set the default port alias. see page 506. To view menu options. see page 505. For details. ntpreq Allows the user to send requests to the NTP server. see page 502. To view menu options.

dis Temporarily disables the port. Table 8-2 Operations-Level Port Menu Options (/oper/port) Command Syntax and Usage rmon disable|enable Temporarily enables/disables Remote Monitoring on the port.Nortel Application Switch Operating System 23.0. The port will be returned to its configured operation mode when the switch is reset. The port will be returned to its configured operation mode when the switch is reset. The port will be returned to its configured operation mode when the switch is reset. January 2006 501 . cur Displays the current settings for the port.Disable port cur . ena Temporarily enables the port.2 Command Reference /oper/port <port number> Operations-Level Port Options [Operations Port 1 Menu] rmon . Chapter 8: The Operations Menu 320506-A.Enable/Disable RMON for port ena .Enable port dis .Current port state Operations-level port options are used for temporarily disabling or enabling a port. and for changing Remote Monitoring (RMON) status on a port.

VRRP and other configurations on peers ena . Bandwidth Management configuration. 502 Chapter 8: The Operations Menu 320506-A. see page 504.Delete session table entry clear .Real Server Group Menu gslb .Synchronize SLB.Current layer 4 operational state When the optional Layer 4 software is enabled. filter. and VR priorities on a peer switch (a switch that owns the IP address). VRRP. The real server will be returned to its configured operation mode when the switch is reset.2 Command Reference /oper/slb Operations-Level SLB Options [Server Load Balancing Operations Menu] group . sync Synchronizes the SLB.0.Nortel Application Switch Operating System 23.Clear session table cur . peers must be configured on the Nortel Application Switch and the administrator password on the switch must be identical.Disable real server sessdel . January 2006 .Global SLB Operations Menu sync . To view menu options. To view menu options. ena <real server number (1-1023)> Temporarily enables a real server. see page 503. gslb Displays Global SLB Operations Menu. the operations-level Server Load Balancing options are used for temporarily disabling or enabling real servers and synchronizing the configuration between the active/active switches. port.Enable real server dis . To take effect. Table 8-3 Server Load Balancing Operations Menu Options (/oper/slb) Command Syntax and Usage group <real server group number (1-1024)> Displays the Real Server Group Menu.

sessdel Delete session table entry. 1-1023> [P .Enable real server in this group dis . NOTE – This command disrupts current SLB and Application Redirection sessions.2 Application Guide.0 sessions] p|n The disable command is used to temporarily disable real servers as follows: Using the p (persistent) option—immediately suspends assignment of connections to the specified real server (except for persistent http 1.Nortel Application Switch Operating System 23.2 Command Reference Table 8-3 Server Load Balancing Operations Menu Options (/oper/slb) Command Syntax and Usage dis <real server number.0. /oper/slb/group Real Server Group Operations [Real server group 1 Menu] ena .0.0 sessions) by removing the real server from operation within its real server group and virtual server Using the n (none) option—immediately suspends assignment of connections to the specified real server by removing the real server from operation within its real server group and virtual server The real server will be returned to its configured state after a switch reset. Chapter 8: The Operations Menu 320506-A.Disable real server in this group cur . see “Disabling and Enabling Real Servers” in the Nortel Application Switch Operating System 23. NOTE – This command provides for orderly server shutdown to allow maintenance on a server. January 2006 503 . clear Clears all session tables and allows port filter changes to take effect immediately. cur Displays the current SLB operational state.Current server group operational state Table 8-4 Real Server Group Operations Options (oper/slb/group) Command Syntax and Usage ena <real server number (1-1023)> Enables real server in this group.allow persistent http 1. For more information.

Add entry to Global SLB DNS persistence cache arem .Remove all entries Global SLB DNS persistence cache Table 8-5 Global SLB Operations Menu Options (/oper/slb/gslb) Command Syntax and Usage query Allows you to query the Global site selection.0.Nortel Application Switch Operating System 23.Query Global SLB selection add . arem Remove all entries Global SLB DNS persistence cache. 504 Chapter 8: The Operations Menu 320506-A. cur Displays current operational state of the server group.2 Command Reference Table 8-4 Real Server Group Operations Options (oper/slb/group) Command Syntax and Usage dis <real server number (1-1023)> Disables real server in this group. add Add an entry to the Global SLB DNS persistence cache. /oper/slb/gslb Global SLB Operations Menu [Global SLB Operations Menu] query . January 2006 .

Set virtual router to backup Table 8-6 Virtual Router Redundancy Operations Menu Options (/oper/vrrp) Command Syntax and Usage back <virtual router number (1-1024)> Forces the specified master virtual router on this switch into backup mode. the virtual router forced into backup mode by this command will resume master control in the following cases: This switch owns the virtual router (the IP addresses of the virtual router and its IP interface are the same) This switch’s virtual router has a higher priority and preemption is enabled. /oper/bwm Operations-Level Bandwidth Management Options [Bandwidth Management Operations Menu] sndhist .0. January 2006 505 . clear Clear the BWM IP user entry table. This is generally used for passing master control back to a preferred switch once the preferred switch has been returned to service after a failure.2 Command Reference /oper/vrrp Operations-Level VRRP Options. the current master gives up control and initiates a new election by temporarily advertising its own priority level as 0 (lowest).Send BW History to SMTP server clear .Clear BWM IP user entry table Table 8-7 Bandwidth Operations Menu Options (/oper/bwm/sndhist) Command Syntax and Usage sndhist Sends the bandwidth history to a system administrator specified under /cfg/bwm/user (see page 316). After the new election. Chapter 8: The Operations Menu 320506-A. There are no other virtual routers available to take master control. [VRRP Operations Menu] back .Nortel Application Switch Operating System 23. When this command is executed.

arem Remove all operations source IP addresses and Masks.Remove operations destination IP Address/Mask darem .IP ACL Operations Menu Table 8-8 Security Menu Options Command Syntax and Usage ipacl Go to the IP ACL Operation menu. 1-10080> Add the operations source IP mask.2 Command Reference /oper/security Security Menu [Security Menu] ipacl .Remove all operations destination IP Address/Mask cfg . see page 506 /oper/security/ipacl IP ACL Operations Menu [IP ACL Operations Menu] add .Add operations source IP Address/Mask rem . 1-10080> Add an operations destination IP address and Mask. drem <IP address> <IP subnet mask> Remove an operations destination IP address and Mask. 506 Chapter 8: The Operations Menu 320506-A. dadd <IP address> <IP subnet mask> <timeout in minutes.Display all IP Address/Mask Table 8-9 IP ACL Operations Menu Options Command Syntax and Usage add <IP address> <IP subnet mask> <timeout in minutes.Display operations IP Address/Mask cur . rem <IP address> <IP subnet mask> Remove the operations source IP mask. To view menu options.Remove operations source IP Address/Mask arem .Add operations destination IP Address/Mask drem .0. January 2006 .Display bogon IP Address/Mask oper .Remove all operations source IP Address/Mask dadd .Display configuration IP Address/Mask bogon .Nortel Application Switch Operating System 23.

0 total destination IP ACL. Chapter 8: The Operations Menu 320506-A. cur Display all IP addresses and Masks. For example: Current configuration IP ACL settings: 0 configuration source IP ACL.2 Command Reference Table 8-9 IP ACL Operations Menu Options Command Syntax and Usage darem Remove all of the operations destination IP addresses and Masks. cfg Display all configuration IP addresses and Masks. Use "bogon" command to display. Current bogon IP ACL settings: 0 bogon source IP ACL. For example: Current total IP ACL settings: 0 total source IP ACL. Current operations IP ACL settings: 0 operations source IP ACL. Current configuration IP ACL settings: 0 configuration source IP ACL.0. For example: >> IP ACL Operations# bogon Current bogon IP ACL settings: 0 bogon source IP ACL. 0 configuration destination IP ACL.Nortel Application Switch Operating System 23. January 2006 507 . 0 configuration destination IP ACL. For example: Current operations IP ACL settings: 0 operations source IP ACL. bogon Display bogon IP address and Mask. 0 operations destination IP ACL. 0 operations destination IP ACL. oper Display operations IP addresses and Masks.

cur Displays the current BGP operational state.Operational Border Gateway Protocol Menu garp . /oper/ip/bgp Operations-Level BGP Options [Border Gateway start stop cur Protocol Operations Menu] Start peer session Stop peer session Current BGP operational state Table 8-11 IP Operations Menu Options (/oper/ip) Command Syntax and Usage start <peer number (1-16)> Starts the peer session. To view the menu options see page 508. 508 Chapter 8: The Operations Menu 320506-A. stop <peer number (1-16)> Stops the peer session.Send gratuitous arp Table 8-10 IP Operations Menu Options (/oper/ip) Command Syntax and Usage bgp Displays the Border Gateway Protocol Operations Menu.2 Command Reference /oper/ip Operations-Level IP Options [IP Operations Menu] bgp .0. garp <IP address> <Vlan number> Send gratuitous arp.Nortel Application Switch Operating System 23. January 2006 .

Connect to the switch’s command line interface and log in as the administrator (see Chapter 1. Nortel Networks will then provide a License Password. January 2006 509 . enter: Main# oper 3. Currently the following software packages are available for purchase and installation: Security Pack Bandwidth Management Global Server Load Balancing To obtain a software key. You will receive a Licence Certificate for each software license purchased.Nortel Application Switch Operating System 23. NOTE – Each License Password will work only on the specific switch which has the MAC address you provided when registering your Licence Certificate. enter: Operations# swkey Chapter 8: The Operations Menu 320506-A.2 Command Reference /oper/swkey Activating Optional Software The swkey option is used for activating any optional software you have purchased for your switch. One software license is needed for each switch where the optional software is to be used. Once you have your License Password. perform the following actions: 1. you must obtain a software license from your Nortel Networks representative or authorized reseller. At the Main# prompt. At the Operations# prompt. 2.0. Before you can activate optional software. you must register each License Certificate with Nortel Networks and provide the MAC address of the Nortel Application Switch Operating System switch that will run the optional software. “The Command Line Interface”).

you will see the following message: Valid software key entered. /oper/rmkey Removing Optional Software The rmkey option is used for deactivating any optional software.Nortel Application Switch Operating System 23. enter the following at the Operations Menu: >> Operations# ? rmk Usage: rmkey <software feature to be removed (GSLB||BWM|Security|Linklb|ITM)> To deactivate optional software. enter the code for software to be removed. enter your 16-digit software key code. To review the deactivation options. Deactivated software is still present in switch memory and can be reactivated at any later time. For example: Enter Software Feature to be removed:[GSLB]|BWM|Security: GSLB 510 Chapter 8: The Operations Menu 320506-A. For example: Enter Software Key: <16 hexadecimal-digit key to enable software feature (such as. January 2006 .0.2 Command Reference 4. When prompted. enter the following at the Operations Menu: Operations# rmkey When prompted. 123456789ABCDEF)> If the correct code is entered. Software feature enabled.

The Boot Options Menu provides options for: Selecting a switch software image to be used when the switch is next reset Selecting a configuration block to be used when the switch is next reset Downloading or uploading a new software image to the switch via TFTP /boot Boot Menu [Boot Options sched image conf gtimg ptimg reset cur Menu] .Select software image to use on next boot .Display current boot options Each of these options is discussed in greater detail in the following sections. January 2006 .Scheduled Switch Reset Menu . 511 320506-A.Select config block to use on next boot .CHAPTER 9 The Boot Options Menu To use the Boot Options Menu.Upload selected software image via TFTP . you must be logged in to the switch as the administrator.Download new software image via TFTP .Reset switch [WARNING: Restarts Spanning Tree] .

Set switch reset time cancel .0. and comes pre-installed on the device.2 Command Reference Scheduled Reboot of the Switch This feature allows the switch administrator to schedule a reboot to occur at a particular time in future.Display current switch reset schedule The cur option displays the current scheduled reboot time. Upgrading the software image on your switch requires the following: Loading the new image onto a TFTP server on your network Downloading the new image from the TFTP server to your switch Selecting the new software image to be loaded into switch memory the next time the switch is reset 512 Chapter 9: The Boot Options Menu 320506-A. For example: >> Boot Schedule# cur Currently scheduled reboot time: none Updating the Switch Software Image The switch software image is the executable code running on the Nortel Application Switch. you can upgrade the software running on your switch. January 2006 . You can set the reboot time. and check the time of the currently set reboot schedule with the help of the following sub-menu: /boot/sched Scheduled Reboot Menu [Boot Schedule Menu] set . A version of the image ships with the switch. This feature is particularly helpful if the user needs to perform switch upgrades during off-peak hours. cancel a previously scheduled reboot.Nortel Application Switch Operating System 23. As new versions of the image are released.Cancel pending switch reset cur .

When the above requirements are met.Nortel Application Switch Operating System 23.0. use the following procedure to download the new software to your switch. When you download new software. Enter the name of the switch software to be replaced: Enter name of switch software image to be replaced ["image1"/"image2"/"boot"]: <image> 3. note that you can override this setting with the option provided to these operational commands. if your active image is currently loaded into image1. 1. January 2006 513 . called image1 and image2. you must specify where it should be placed: either into image1. This lets you test the new software and reload the original active image (stored in image1). called boot. Enter the hostname or IP address of the TFTP server. To download a new software to your switch. if needed. However. enter: Boot Options# gtimg 2. you will need the following: The image or boot software loaded on a TFTP server on your network The hostname or IP address of the TFTP server The name of the new software image or boot file Setup the TFTP option (/cfg/sys/mgmt/tftp) for the TFTP connection. as well as boot software. NOTE – The DNS parameters must be configured if specifying hostnames. image2. See “Domain Name System Configuration Menu” on page 379). or boot.2 Command Reference Downloading New Software to Your Switch The switch can store up to two different software images. This sets the default option for the gtimg and ptimg commands. At the Boot Options# prompt. you would probably load the new image software into image2. Enter hostname or IP address of TFTP server: <server name or IP address> Chapter 9: The Boot Options Menu 320506-A. For example.

January 2006 . Specify new image to use on next reset ["image1"/"image2"]: Uploading a Software Image from Your Switch You can upload a software image from the switch to a TFTP server. as described below.0. the file location is normally relative to the TFTP directory (usually /tftpboot). At the Boot Options# prompt. enter: Boot Options# ptimg 2. Enter the name of the new software file on the server. 1.2 Command Reference 4. Selecting a Software Image to Run You can select which software image (image1 or image2) you want to run in switch memory for the next reboot. Enter the desired image: Enter name of switch software image to be uploaded ["image1"|"image2"|"boot"]: <image> <hostname or server-IP-addr> <server-file- name> 514 Chapter 9: The Boot Options Menu 320506-A. The system prompts you to confirm your request. The system informs you of which image is currently set to be loaded at the next reset. At the Boot Options# prompt. The system prompts you for information. 1. enter: Boot Options# image 2. and prompts you to enter a new choice: Currently set to use switch software "image1" on next reset. Enter the name of the image you want the switch to use upon the next boot.Nortel Application Switch Operating System 23. Enter name of file on TFTP server: <filename> The exact form of the name will vary by TFTP server. 5. You should next select a software image to run. However.

enter Y.Nortel Application Switch Operating System 23.1.2. January 2006 515 . enter: Boot Options# conf 2. your new configuration changes are placed in the active configuration block.2 Command Reference 3. Enter the name of the file into which the image will be uploaded on the TFTP server: Enter name of file on TFTP server: <filename> 5. it may be desirable to reset the switch configuration to the default. The previous configuration is copied into the backup configuration block. When you perform the save command. Confirm upload operation [y/n]: y Selecting a Configuration Block When you make configuration changes to the Nortel Application Switch.7 Upload will transfer image2 (1889411 bytes) to file "test" on TFTP server 192. To have the file uploaded.0.1.1. At the Boot Options# prompt. image2 currently contains Software Version 20. Use the following procedure to set which configuration block you want the switch to load the next time it is reset: 1.0. you must save the changes so that they are retained beyond the next time the switch is reset. This holds the default configuration set by the factory when your Nortel Application Switch was manufactured. The system then requests confirmation of what you have entered. This can be useful when a custom-configured Nortel Application Switch is moved to a network environment where it will be re configured for a different purpose. Enter the name of the configuration block you want the switch to use: Chapter 9: The Boot Options Menu 320506-A. There is also a factory configuration block. Under certain circumstances. Enter the name or the IP address of the TFTP server: Enter hostname or IP address of TFTP server: <server name or IP address> 4.

0. and prompts you to enter a new choice: Currently set to use active configuration block on next reset.2 Command Reference The system informs you of which configuration block is currently set to be loaded at the next reset. Specify new block to use ["active"/"backup"/"factory"]: 516 Chapter 9: The Boot Options Menu 320506-A.Nortel Application Switch Operating System 23. January 2006 .

This process can be lengthy.0. depending on the topology of your network.Nortel Application Switch Operating System 23. at the Boot Options# prompt.2 Command Reference Resetting the Switch You can reset the switch to make your software image file and configuration block changes occur. January 2006 517 . enter: >> Boot Options# reset You are prompted to confirm your request. Chapter 9: The Boot Options Menu 320506-A. To reset the switch. NOTE – Resetting the switch causes the Spanning Tree Protocol to restart.

2 Command Reference 518 Chapter 9: The Boot Options Menu 320506-A. January 2006 .0.Nortel Application Switch Operating System 23.

The panic option.Reset SSL card Dump information contains internal switch state data that is written to flash memory on the Nortel Application Switch after any one of the following occurs: The switch administrator forces a switch panic. 519 320506-A. It also includes a debugging menu to help with troubleshooting. found in the Maintenance Menu. January 2006 .Debugging Menu uudmp . /maint Maintenance Menu NOTE – To use the Maintenance Menu.Uuencode FLASH dump ptdmp .System Maintenance Menu fdb .Clear FLASH dump lsdmp .List FLASH dump panic . and then causes the switch to reboot. [Maintenance Menu] sys .IP6 Manipulation Menu debug . you must be logged in to the switch as the administrator.Upload FLASH dump via FTP/TFTP cldmp .Dump state information to FLASH and reboot tsdmp .Upload tech support dump via FTP/TFTP sslrst .ARP Cache Manipulation Menu route .Forwarding Database Manipulation Menu arp .CHAPTER 10 The Maintenance Menu The Maintenance Menu is used to manage dump information and forward database information.IP Route Manipulation Menu ip6 .Tech support dump pttsdmp . causes the switch to dump state information to flash memory.

2 Command Reference The switch administrator enters the switch reset key combination on a device that is attached to the console port. For details. To view menu options. To view menu options. route Displays the IP Route Manipulation Menu. see page 530. debug Displays the Debugging Menu. The switch reset key combination is <Shift><Ctrl><->. see page 526. see page 527. The switch detects a hardware or software problem that requires a reboot. lsdmp Displays list flash dump. see page 523. ip6 Displays the IPv6 Manipulation Menu. see page 522. uudmp Displays dump information in uuencoded format. arp Displays the ARP Cache Manipulation Menu. For details. Table 10-1 Maintenance Menu Options (/maint) Command Syntax and Usage sys Displays the System Maintenance Menu. and send it to Nortel Networks Tech Support for debugging purposes. To view menu options. The watchdog timer forces a switch reset. For details. see page 528.Nortel Application Switch Operating System 23. The purpose of the watchdog timer is to reboot the switch if the switch software freezes. see page 525. ptdmp hostname filename [-mgmt| -data] Saves the system dump information using TFTP. To view menu options. see page 531. cldmp Clears dump information from flash memory. To view menu options. For details. see page 529. To view menu options. For details. panic Dumps MP information to FLASH and reboots. fdb Displays the Forwarding Database Manipulation Menu. see page 529. tsdmp Dumps all Nortel Application Switch information. January 2006 . see page 530.0. and configuration. see page 522. 520 Chapter 10: The Maintenance Menu 320506-A. For details. statistics.You can log the tsdump output into a file.

For details.0. For details. Chapter 10: The Maintenance Menu 320506-A. see page 531. sslrst Reset the SSL card. see page 531.Nortel Application Switch Operating System 23.2 Command Reference Table 10-1 Maintenance Menu Options (/maint) Command Syntax and Usage pttsdmp <hostname> <filename> <-tftp|username password> [-mgmt|-data] Upload tech support dump using FTP/TFTP. January 2006 521 .

For example: >> System Maintenance# sfpinfo 1 Probing SFP on port 1 .Show FDB entries for a single VLAN refpt .2 Command Reference /maint/sys System Maintenance Options This menu is reserved for use by Nortel Networks Customer Support group. [System Maintenance Menu] flags . sfpinfo <port_number> Show the SFP information. This is helpful in identifying problems associated with MAC address learning and packet forwarding decisions.Show a single FDB entry by MAC address port .Show all FDB entries del .please wait Invalid: Port 1 does not support SFP's /maint/fdb Forwarding Database Options [FDB Manipulation Menu] find .Show SFP information Table 10-2 System Maintenance Menu Options (/maint/sys) Command Syntax and Usage flags <new NVRAM flags word as 0xXXXXXXXX> This command sets the flags that are used for debugging purposes by Tech support group.Show FDB entries for a single port trunk .Set NVRAM flag word sfpinfo . January 2006 .Delete an FDB entry clear . The options are used to perform system debugging. 522 Chapter 10: The Maintenance Menu 320506-A.Nortel Application Switch Operating System 23.Show FDB entries on a single trunk vlan .0.Clear entire FDB The Forwarding Database Manipulation Menu can be used to view information and to delete a MAC address from the forwarding database or clear the entire forwarding database.Show FDB entries referenced by a single port dump .

/maint/arp ARP Cache Options [Address Resolution Protocol Menu] find .0. trunk <trunk number (1-12)> Displays all FDB entries for the specified trunk group. dump Displays all entries in the Forwarding Database. January 2006 523 . clear Clears the entire Forwarding Database from switch memory. Enter the MAC address using the xx:xx:xx:xx:xx:xx format (such as 08:00:20:12:34:56) or xxxxxxxxxxxx format (such as 080020123456).Clear ARP cache addr . 0 for unknown>> Displays all FDB entries for a particular port.Show ARP entries on a single port vlan . del <MAC address> [<VLAN number>] Removes a single FDB entry.2 Command Reference Table 10-3 FDB Manipulation Menu Options (/maint/fdb) Command Syntax and Usage find <MAC address> [<VLAN>] Displays a single database entry by its MAC address. Use “0” for unknown port number. vlan <VLAN number (1-4090)> Displays all FDB entries on a single VLAN.Show a single ARP entry by IP address port . see page 90.Show ARP address list Chapter 10: The Maintenance Menu 320506-A. For details. port <port number.Show ARP entries on a single VLAN refpt .Nortel Application Switch Operating System 23. refpt <SP number (1-4)> Displays all FDB entries reference by a single port. You are prompted to enter the MAC address of the device.Show all ARP entries clear .Show ARP entries referenced by a single SP dump .

169 00:04:75:db:1c:1a 1 1 empty NOTE – To display all ARP entries currently held in the switch. dump Shows all ARP entries. clear Clears the entire ARP list from switch memory.0.17.4. port <port number> Displays ARP entries on a single port.16.--------------47.16.80. addr Shows the list of IP addresses which the switch will respond to for ARP requests. January 2006 . or a portion according to one of the options listed on the menu above (find. 524 Chapter 10: The Maintenance Menu 320506-A.80. vlan. dump). /maint/arp/port <port number> ARP Entries on a Single Port IP address Flags MAC address VLAN Port Referenced SPs --------------. See page 524 for a sample output. 192.Nortel Application Switch Operating System 23.101)> Shows a single ARP entry by IP address.----.----------------. refpt <SP number (1-4)> Shows all ARP entries referenced by a single port.----.80. you can also refer to “ARP Information” on page 112.17. refpt.81 00:e0:81:24:ef:3c 1 1 empty 47. port.2 Command Reference Table 10-4 Address Resolution Protocol Menu Options (/maint/arp) Command Syntax and Usage find <IP address (such as. vlan <VLAN number (1-4090)> Shows ARP entries on a single VLAN.1 00:e0:16:7c:28:82 1 1 empty 47.---.

For a description of IP routing types. you can also refer to “IP Routing Information” on page 108. 3001:0:0:0:0:0:abcd:1234) Shows routes to a default gateway. January 2006 525 .0.Show routes of a single type tag .17. 3001:0:0:0:0:0:abcd:1234)> Shows a single route by destination IP address.Clear route table Table 10-5 IP Route Manipulation Menu Options (/maint/route) Command Syntax and Usage find <IP4 address (eg. gw <default gateway IP4 address (eg. Chapter 10: The Maintenance Menu 320506-A. clear Clears the route table from switch memory.4. type indirect|direct|local|broadcast|martian|multicast Shows routes of a single type.101)> | <IP6 address (eg.2 Command Reference /maint/route IP Route Manipulation [IP Routing Menu] find . 192. 192. dump Shows all routes. see Table 4-19 on page 109 tag fixed|static|addr|rip|ospf|bgp|broadcast|martian|vip Shows routes of a single tag. see Table 4-20 on page 109 if <interface number (1-255)> Shows routes on a single interface.Show routes to a single gateway type .Show all routes clear .Show routes of a single tag if .17.Show a single route by destination IP address gw .4. For a description of IP routing tags.Nortel Application Switch Operating System 23.Show routes on a single interface dump .44)> <default gateway IP6 address (eg. NOTE – To display all routes.

Nortel Application Switch Operating System 23. 526 Chapter 10: The Maintenance Menu 320506-A.0. This command is used to clear the IPv6 Neighbor Cache table. January 2006 .Neighbor Cache Manipulation Menu Table 10-6 IPv6 Manipulation Menu Options Command Syntax and Usage nbrcache Opens the Neighbor Cache menu whose only option is the clear command.2 Command Reference /maint/ip6 IPv6 Manipulation Menu [IP6 Menu] nbrcache .

mask: 0x00800008.Clear all flash configs portmap . the MP trace buffer and SP trace buffers are saved into the snap trace buffer area. The output from these commands can be interpreted by the Nortel Networks Customer Support division.Show designated SP for IP address vmasp6 . Table 10-7 Miscellaneous Debug Menu Options (/maint/debug) Command Syntax and Usage tbuf Displays the Management Processor trace buffer. mask: 0x2ffdf748 The buffer information is displayed after the header.Show All SPs trace buffers clrcfg .Nortel Application Switch Operating System 23. 2002. sptb <port number (1-4)> Displays the Switch Processor trace buffer.Show designated SP for IP6 address The Miscellaneous Debug Menu displays trace buffer information about events that can be helpful in understanding switch operation.2 Command Reference /maint/debug Debugging Options [Miscellaneous Debug Menu] tbuf .0. mask: 0x00800008 The buffer information is displayed after the header. You can view the following information using the debug menu: Events traced by the Management Processor (MP) Events traced by the Switch Processor (SP) Events traced to a buffer area when a reset occurs If the switch resets for any reason. 2002. Chapter 10: The Maintenance Menu 320506-A. Header information similar to the following is shown: MP trace buffer at 13:28:15 Fri May 25.Show SP trace buffer spall . Displays all SP trace buffers. 2001.Show MP trace buffer sptb . January 2006 527 .Show port-SP-MAC mapping vmasp . clrcfg Deletes all flash configuration blocks. Header information similar to the following is shown: SP 1 trace buffer at 10:56:35 Tue Jul 30. Header information similar to the following is shown: SP 1 trace buffer at 10:56:35 Tue Jul 30. The buffer information is displayed after the header. spall Displays the Switch Processor trace buffer.

January 2006 . For more information on clearing the dump region.2 Command Reference Table 10-7 Miscellaneous Debug Menu Options (/maint/debug) Command Syntax and Usage portmap Show port to SP to MAC mapping. If there is a dump available. the system prompts as follows: >> Maintenance# uu Enter region to dump [main/bkp]: main Dumping main region: Use 'ptdmp' to extract panic dumps. If you want to capture dump information to a file. You can then contact Nortel Networks Customer Support for help analyzing the information. vmasp <IP address> Displays the assigned SP (Switch Processor) for this IP address. The command does not cause the information to be updated or cleared from flash memory. the uudmp command will cause approximately 23.300 lines of data to be displayed on your screen and copied into the file. you must manually clear the dump region. To access dump information. This format makes it easy to capture the dump information as a file or a string of characters. Confirm proceed with large dump (15000 lines) [y/n]: 528 Chapter 10: The Maintenance Menu 320506-A. NOTE – Dump information is not cleared automatically. captured to a file. see page 529.0. Using the uudmp command. This will ensure that you do not lose any information. vmasp6 <IP_address> Show designated SP for IP6 address. Once entered. /maint/uudmp Uuencode Flash Dump Using this command. dump information can be read multiple times. enter: Maintenance# uudmp The dump information is displayed on your screen and.Nortel Application Switch Operating System 23. set your communication software on your workstation to capture session data prior to issuing the uudmp command. dump information is presented in uuencoded format. In order for any subsequent dump information to be written to flash memory. at the Maintenance# prompt. if you have configured your communication software to do so.

the switch displays the following message: FLASH dump region is already clear. To save dump information via TFTP or FTP. enter: Maintenance# cldmp The switch clears the dump region of flash memory and displays the following message: FLASH dump region cleared. and filename is the target dump file.2 Command Reference If the dump region is empty. and must be writable (set with proper permission. at the Maintenance# prompt. Chapter 10: The Maintenance Menu 320506-A. /maint/cldmp Clearing Dump Information To clear dump information from flash memory. The contents of the specified file will be replaced with the current dump data. If the flash dump region is already clear. and not locked by any application).0. the following message appears: No FLASH dump available. at the Maintenance# prompt. January 2006 529 . enter: Maintenance# ptdmp <hostname> <filename> <-tftp|username password> [-mgmt|-data] Where server is the TFTP or FTP server IP address or hostname. the specified ptdmp file must exist prior to executing the ptdmp command. NOTE – If the TFTP or FTP server is running SunOS or the Solaris operating system. /maint/ptdmp <server> <filename> System Dump Put Use this command to put (save) the system dump to a TFTP or FTP server.Nortel Application Switch Operating System 23.

2005. active config block. A backup dump was saved at 14:47:31 Mon Jun 20.. Confirm replacing existing dump and reboot [y/n]: Enter y to confirm the command: Confirm dump and reboot [y/n]: y The following messages are displayed: Loading Image:. Booting complete 19:15:23 Thu Jan 9. To select panic..0. enter: >> Maintenance# panic A FLASH dump already exists. Alteon Application Switch 2424 Rebooted because of Software PANIC.. /maint/panic Panic Command The panic command causes the switch to immediately dump state information to flash memory and automatically reboot.. Jan 9 19:15:32 NOTICE system: link up on port 25 Enter password: 530 Chapter 10: The Maintenance Menu 320506-A.Nortel Application Switch Operating System 23.. at the Maintenance# prompt.2. For example: >> Maintenance# lsdmp The main dump was saved at 8:12:58 Fri Jun 3. 2003: Version 20.7 from FLASH image1....2 Command Reference /maint/lsdmp Use the /maint/lsdmp command to view dump statistics.. 2005. January 2006 .

0 Enter name of file on FTP/TFTP server: dump.txt Enter username for FTP server or hit return for TFTP server: username Enter password for username on FTP server: Connecting to 0. Unscheduled System Dumps If there is an unscheduled system dump to flash memory. statistics. The dump was saved at 19:15:23 Thu Jan 9. The dump was performed earlier using the /maint/tsdmp command. .0.0. For example: >> Maintenance# ? pttsdmp Usage: pttsdmp <hostname> <filename> <-tftp|username password> [mgmt|-data] >> Maintenance# pttsdmp Enter hostname or IP address of FTP/TFTP server: 0. the following message is displayed when you log on to the switch: Note: A system dump exists in FLASH. .2 Command Reference /maint/tsdmp Use the /maint/tsdmp command to dump all dump information that can be used for technical support.Nortel Application Switch Operating System 23. Chapter 10: The Maintenance Menu 320506-A. For example: >> Maintenance# tsdmp Confirm dumping all information.0. Use /maint/uudmp to extract the dump for analysis and /maint/cldmp to clear the FLASH region.0. and configuration [y/n]: /maint/pttsdmp Use the /maint/pttsdmp command to upload a technical support dump using an FTP or TFTP connection. /maint/sslrst Use the maint/sslrst command to reset the switch SSL card. January 2006 531 .. 2003..0.0. The region must be cleared before another dump can be saved.

0.Nortel Application Switch Operating System 23.2 Command Reference 532 Chapter 10: The Maintenance Menu 320506-A. January 2006 .

Revert pending or applied changes [global command] exit . always available] >> Main# ssl 533 320506-A. Login to the SSL processor Log into the SSL Processor as described in the following paragraphs.Exit [global command.Boot Options Menu maint .CHAPTER 11 The SSL Processor Menu The SSL Menu is used to connect to the SSL processor.Information Menu stats .Statistics Menu cfg . NOTE – To use the SSL Processor Menu. Go to the main menu and enter the SSL processor level.Operations Command Menu boot .Maintenance Menu ssl .Configuration Menu oper . January 2006 . you must be logged in to the processor as the administrator.Show pending config changes [global command] apply .SSL Accelerator Menu diff .Save updated config to FLASH [global command] revert .Apply pending config changes [global command] save . # cd / -----------------------------------------------------------[Main Menu] info .

Show command help [global command] exit . For example. and not the “?” symbol used at other directory levels.Apply pending config changes [global command] revert .Maintenance menu diff . Type "exit" to quit.34 -----------------------------------------------------------[Main Menu] info .Boot menu maint .Nortel Application Switch Operating System 23. always available] SSL >> Main# NOTE – Help information on specific commands uses the command “help”.Show pending config changes [global command] apply .0. 534 Chapter 11: The SSL Processor Menu 320506-A.Statistics menu cfg .2 Command Reference Enter the appropriate account information to logon to the processor. login: admin Password: Alteon iSD SSL Hardware platform: 2424S Software version: 5.Restore saved config with key [global command] help . The command must also be spelled-out in full. to request help on the “apply” command enter: SSL >> Main# help diff Show any pending configuration changes.0.Configuration menu boot .Revert pending config changes [global command] paste . >> Main# ssl Connected to SSL Processor.0.Information menu stats . January 2006 .Exit [global command.

For details. always [global command] [global command] [global command] [global command] [global command] available] Table 11-1 FDB Manipulation Menu Options (/maint/fdb) Command Syntax and Usage info Go to the Information level of the SSL Processor menu. see page 652. cfg Go to the Configuration level of the SSL Processor menu. For details.Nortel Application Switch Operating System 23. For details. revert Remove pending configuration changes.0. boot Go to the Boot level of the SSL Processor menu. For details. diff Shows any pending configuration changes. maint Go to the Maintenance level of the SSL Processor menu. Use this command to undo configuration parameters set since last apply command. see page 536. see page 649. stats Go to the Statistics level of the SSL Processor menu.2 Command Reference /ssl SSL Processor Menu [Main Menu] info stats cfg boot maint diff apply revert paste help exit Information menu Statistics menu Configuration menu Boot menu Maintenance menu Show pending config changes Apply pending config changes Revert pending config changes Restore saved config with key Show command help Exit [global command. see page 540. see page 545. For details. For example: SSL >> Main# diff Configuration/ Certificate menu: new child "1" created apply Applies pending configuration changes. January 2006 535 . For example: Chapter 11: The SSL Processor Menu 320506-A.

help Displays a summary of the global commands.Nortel Application Switch Operating System 23. you need to provide the password phrase you specified when selecting to include the private keys in the configuration dump. January 2006 . /ssl/info SSL Performance information menu [Information Menu] servers certs hsm sslvpn users ipsec ippool ip sys licenses access kick isdlist local ethernet ports events Show configured SSL servers Show configured certificates Show local HSM information Show configured VPNs Show logged in SSL VPN portal users Show logged in IPSEC users Show ip pool allocations Find information about an IP address Show system configuration Show SSL VPN portal license usage Print the access rules of an SSL VPN portal user Kick an SSL VPN portal user Show all iSDs and their operational status Show local iSD information Show local ethernet status information Show local port(s) information Inspect Events menu 536 Chapter 11: The SSL Processor Menu 320506-A. exit Leave the SSL Processor menu. Before pasting the configuration.0.2 Command Reference Table 11-1 FDB Manipulation Menu Options (/maint/fdb) Command Syntax and Usage paste Lets you restore a saved configuration that includes private keys.

and key size for each installed certificate..----Source IP Access Group:Profile.2 Command Reference Table 11-2 Address Resolution Protocol Menu Options (/maint/arp) Command Syntax and Usage servers Displays the current SSL server settings. HSM information is only displayed when you are using the iSD310-SSL FIPS model. No key has been defined. No key has been defined. Revocation: Automatic CRL: URL to retrieve CRL from = LDAP DN used for bind/authentication = Password to use when to authenticate = Refresh interval = 1d List of accepted signers of CRLs = Enable automatic retrieval = disabled hsm Displays information related to the HSM card(s) on the iSD310-SSL FIPS device to which you are currently connected.. For example: Certificate 1: Certificate name = No certificate information. including SSL specific settings for each configured virtual SSL server. sslvpn Show the configured VPNs.Nortel Application Switch Operating System 23. Information related to the subject of the certificate is also displayed.. -------------. Validate: key or certificate not defined.---.Variables. as well as user login information (SO or USER) for each HSM card on the iSD310-SSL FIPS device. Chapter 11: The SSL Processor Menu 320506-A. For example: Number of currently logged in users: 0 VPN Id User Login -----. users Shows all logged in VPN portal users. serial number. January 2006 537 . expiration date.---------------- ipsec [<vpnid> [<prefix>]] Show number of IPSEC users logged-in..0. certs Displays the certificate name. For example: Number of active ipsec sessions for all VPNs: 0 ippool [<vpnid>] Displays the IP pool allocations. Information about the current security mode (Extended Security mode or FIPS mode) in the iSD310-SSL FIPS cluster is displayed.

10. 538 Chapter 11: The SSL Processor Menu 320506-A.10.0 VLAN tag id = 0 Mode = failover Host Interface Routes: No items configured Interface Ports: 1 .0 Default gateway address = 0.Nortel Application Switch Operating System 23.10.0.72 iSD Host 1: Type of the iSD = master IP address = 10.10.255.0.0.10.255.0.69 Ports = 1 Hardware platform = 2424S Host Routes: No items configured Host Interface 1: IP address = 10. licenses [<vpn_ID>] Show the SSL VPN port licenses.0 IP 0. .10.0. For example: SSL >> Information# ip Enter IP to search for: 0.71 License = IPSEC user sessions: 10 TPS: 300 SSL user sessions: 10 Default gateway address = 10. For example (in part): System: Management IP (MIP) address = 10. For example: Global License Pools VPN Used Size -----------------------------------------------------SSL 0 10 IPSEC 0 10 access <vpnid> <username> Display the access rules for an SSL Portal user.0 not allocated from IP pool sys Shows the system configuration. kick <vpnid> <username> Kick an SSL VPN user.10.71 Network mask = 255.0.10. .0.2 Command Reference Table 11-2 Address Resolution Protocol Menu Options (/maint/arp) Command Syntax and Usage ip <IP_address> Display information about a specific IP address. January 2006 .

10. up time (since last boot). An asterisk (*) in the MIP column indicates which iSD in the cluster is currently is control of the Management IP. master/slave assignments. January 2006 539 . and operational status for all the iSDs in the cluster. memory usage. RX packets: the total number of received packets TX packets: the total number of transmitted packets errors: packets lost due to error dropped: error due to lack of resources overruns: error due to lack of resources frame: error due to malformed packets carrier: error due to lack of carrier collisions: number of packet collisions Note: A non-zero collision value may indicate an incorrect configuration of the Ethernet autonegotiation.9 Kb) TX bytes:205486 (200.2 Command Reference Table 11-2 Address Resolution Protocol Menu Options (/maint/arp) Command Syntax and Usage isdlist Displays the IP addresses. If you have connected to the MIP address.10. If you have connected to the MIP address. CPU usage. For example: I/f 1: RX packets:3438 errors:0 dropped:0 overruns:0 frame:0 I/f 1: TX packets:2738 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 I/f 1: RX bytes:220060 (214.34 Up time: 11 days 1 hour 52 minutes IP address: 10. the information displayed relates to the iSD host in the cluster that currently is in control of the MIP. For example: SSL >> Information# isdlist IP addr type MIP Local cpu(%) mem(%) 10.0.0.71 MAC address: 00:01:81:2e:bc:6f ethernet Displays statistics for the Ethernet network interface card (NIC) on the particular iSD host to which you have connected.Nortel Application Switch Operating System 23. and Ethernet MAC address for the particular iSD host to which you have connected.71 master * * 2 52 op up local Displays the current software version. iSD hardware platform. ethernet statistics for the respective network is displayed. For example: SSL >> Information# local Alteon iSD SSL Hardware platform: 2424S Software version: 5. An asterisk (*) in the Local column indicates the particular iSD to which you have connected.10.6 Kb) Chapter 11: The SSL Processor Menu 320506-A.0.10. the information displayed relates to the iSD host in the cluster that currently is in control of the MIP. IP address. If more than one network is configured in the cluster.

January 2006 . date and time when triggered. If the link is up. as well as a file name. alarm ID number. 540 Chapter 11: The SSL Processor Menu 320506-A. current values for speed (10/100/1000) and duplex mode (half/full) are also shown. For example: SSL >> Information# ports Port 1: link = up. and cause. see page 540. link status (up/down) and Ethernet autonegotiation setting (on/off) is shown. the configured values for speed and duplex mode are shown instead.0.2 Command Reference Table 11-2 Address Resolution Protocol Menu Options (/maint/arp) Command Syntax and Usage ports Displays the status of the local Ethernet interface (NIC) ports on the particular iSD host to which you have connected. If the link is down and autonegotiation is set to off.Nortel Application Switch Operating System 23. /ssl/info/events SSL Performance Menu [Events Menu] alarms . Specify the IP address or host name of the TFTP server. For each port. sender.Dump the event log file to a TFTP/FTP/SFTP server Table 11-3 SSL Performance Menu Options Command Syntax and Usage alarms Displays all alarms in the active alarm list by their main attributes: severity level. If you have connected to the MIP address. alarm name. autoneg = on. For details. mode = full events Go to the Inspect events menu. the information displayed relates to the iSD host in the cluster that currently is in control of the MIP. speed = 1000.List all pending alarms download . download <protocol> <IP_address | hostname> <filename> Transmits the event log file from the iSD cluster to a file on a TFTP server.

To view menu options. see page 548.2 Command Reference /ssl/stats SSL Performance Statistics menu [Statistics Menu] sslstats ipsec aaa dump SSL stats IPSEC stats AAA specific statistics Dump all information Table 11-4 IP Route Manipulation Menu Options (/maint/route) Command Syntax and Usage sslstats Go to the SSL statistics menu. as well as the number of active request sessions. Histograms. aaa Go to the AAA specific statistics. are not included in the output Chapter 11: The SSL Processor Menu 320506-A. however. see page 542. dump Displays cluster-wide SSL statistics for each virtual SSL server in the cluster. see page 545. January 2006 541 .Nortel Application Switch Operating System 23. and the total number of established SSL client connections as accumulated values for all virtual SSL servers in the cluster are also displayed. ipsec Go to the IPSEC statistics menu. To view menu options.0. To view menu options. The total number of initiated SSL client connections. and the total number of completed request sessions.

For example: active_sessions : 0 totalsess Display the total number of completed request sessions.cluster wide client data histograms for all servers srvhisto . sslaccept Display the total number of completed SSL request sessions.cluster wide server data histograms for all servers Table 11-5 SSL Performance Menu Options Command Syntax and Usage vpn <VPN_number> Displays the cluster-wide statistics for SSL VPN. local Go to the Local SSL Statistics Menu. clihisto Display the total number of cluster-wide client data histograms for all servers.Total completed request sessions sslaccept . To view menu options. 542 Chapter 11: The SSL Processor Menu 320506-A.Clear all statistics for all IPs activesess .Total completed SSL connect tpshisto .Total completed SSL accept sslconnect . server <srever_number> Displays the cluster-wide statistics for SSL servers.Number of currently active request sessions totalsess . sslconnect Display the total number of successful SSL connections.Cluster SSL VPN statistics server .Local statistics for each isdhost clear .0. see page 543. January 2006 . activesess Display the number of currently active requests.Cluster-wide TPS histograms for all servers clihisto .Nortel Application Switch Operating System 23. tpshisto Display the total number of cluster-wide TPS histograms for all servers.Cluster SSL Server statistics local .2 Command Reference /ssl/stats/sslstats SSL Performance Menu [SSL stats Menu] vpn . clear Erase all statistics for all IPs.

Nortel Application Switch Operating System 23. tpshisto Display ISD local TPS histograms for all servers/ISDs.2 Command Reference Table 11-5 SSL Performance Menu Options Command Syntax and Usage srvhisto Display the total number of cluster-wide server data histograms for all servers. srvhisto Display ISD local server data histograms for all servers and ISDs.ISD local client byte/s histos for all servers/ISDs . license Display local ISD license statistics. For example: **** License stats at ISD number '1' License Limit reached times tps {ok. /ssl/stats/sslstats/local SSL Performance SSL Local Statistics Menu [Local SSL isdhost overview tpshisto clihisto srvhisto license dump Statistics Menu] . clihisto Display ISD local client data histograms for all servers and ISDs.ISD local server data byte/s histos for all servers/ISDs . see page 544.Dump all information Table 11-6 SSL Perfomance: SSL Local Statistics Menu Options Command Syntax and Usage isdhost <host_number> Go to the ISD local SSL Statistics Menu.ISD local license statistics . **** Chapter 11: The SSL Processor Menu 320506-A. January 2006 543 . To view menu options. overview Display the overall of the isdhost local statistics.ISD local TPS histograms for all servers/ISDs .0.ISD local SSL server statistics menu .0} dump Display all local statistical information.Overview of isdhost local statistics .

clihisto Displays ISD local client data histograms for all servers.0. January 2006 . 544 Chapter 11: The SSL Processor Menu 320506-A.ISD local TPS histograms for all servers clihisto .ISD local client byte/s histograms for all servers srvhisto .2 Command Reference /ssl/stats/sslstats/local/isdhost SSL Performance: Single ISD SSL Statistics Menu [Single ISD SSL Stats 1 Menu] server . tpshisto Displays ISD local TPS histograms for all servers. dump Displays all statistical information.ISD local server byte/s histograms for all servers dump .Dump all information Table 11-7 SSL Perfomance: Single ISD SSL Statistics Menu Options Command Syntax and Usage server Displays statistics for the local ISD SSL server.ISD local SSL server stats tpshisto . srvhosto Displays ISD local server histograms for all servers.Nortel Application Switch Operating System 23.

clear Clear all IPSEC statistics.Encoded kB/sec last minute dectot . activesess Display the number of currently active IPSEC sessions.Cluster-wide ipsec session histograms for all servers enchisto .Total encoded kBytes enc . totalsess Display the number of completed IPSEC sessions.2 Command Reference /ssl/stats/ipsec IPSEC Statistics menu [IPSEC stats Menu] vpn . dec Display the total number of decoded kBytes in the last 60 seconds. failedsess Display the number of failed IPSEC sessions.Clear all ipsec statistics for all IPs activesess .Cluster IPSEC Server statistics local .Cluster-wide ipsec decrypt histograms for all servers Table 11-8 IPSEC Statistics Menu Options Command Syntax and Usage vpn <VPN_number> Displays cluster IPSEC server statistics. To view menu options.0.Total decoded kBytes dec .Total completed ipsec sessions failedsess . dectot Display the total number of decoded kBytes. enctot Display the total number of encoded kBytes.Local statistics for each isdhost clear .Cluster-wide ipsec encrypt histograms for all servers dechisto .Decoded kB/sec last minute sesshisto .Number of currently active ipsec sessions totalsess . enc Display the total number of encoded kBytes in the last 60 seconds.Nortel Application Switch Operating System 23. local Go to the local statistics menu. Chapter 11: The SSL Processor Menu 320506-A. see page 546. January 2006 545 .Total failed ipsec sessions enctot .

January 2006 .Nortel Application Switch Operating System 23.ISD local ipsec decrypt . /ssl/stats/ipsec/local SSL Performance: Local IPSEC Statistics Menu [Local IPSEC isdhost sesshisto enchisto dechisto dump Statistics Menu] .2 Command Reference Table 11-8 IPSEC Statistics Menu Options Command Syntax and Usage sesshisto Display the Cluster-wide ipsec session histograms for all servers. dechisto Display the Cluster-wide ipsec decrypt histograms for all servers. dump Display all IPSEC statistical information. see page 547.Dump all information statistics histograms histograms histograms menu for all VPNs/ISDs for all VPNs/ISDs for all VPNs/ISDs Table 11-9 SSL Perfomance: Local IPSEC Statistics Menu Options Command Syntax and Usage isdhost Go to the ISD Local IPSEC server statistics menu.ISD local ipsec encrypt . dechisto Displays the local IPSEC decryption histograms for all VPNs and ISDs. To view menu options. enchisto Display the Cluster-wide ipsec encrypt histograms for all servers. sesshisto Displays the local IPSEC session histograms for all VPNs and ISDs. enchisto Displays the local IPSEC encryption histograms for all VPNs and ISDs.0.ISD local ipsec session . 546 Chapter 11: The SSL Processor Menu 320506-A.ISD local IPSEC server .

ISD local ipsec sess histograms for all VPNs enchisto .Locally ipsec decoded kB/sec last minute all VPNs sesshisto . enchisto Display the ISD local IPSEC encrypted histograms for all VPNs. activesess Display the locally active IPSEC sessions for all VPNs.Locally failed ipsec sessions.Nortel Application Switch Operating System 23.Dump all information Table 11-10 SSL Perfomance: Single IPSEC ISD Statistics Menu Options Command Syntax and Usage vpn <VPN_number> Display the ISD local IPSEC server statistics.Locally total ipsec encoded kBytes all VPNs enc . failedsess Display the failed IPSEC sessions for all VPNs. sesshisto Display the ISD local IPSEC session histograms for all VPNs.ISD local IPSEC server stats activesess .ISD local ipsec encrypt histograms for all VPNs dechisto . dectot Display the total kBytes decoded for all VPNs. January 2006 547 . enctot Display the total kBytes encoded for all VPNs.ISD local ipsec decrypt histograms for all VPNs dump . all VPNs enctot .0.Locally total ipsec sessions all VPNs failedsess . Chapter 11: The SSL Processor Menu 320506-A.2 Command Reference /ssl/stats/ipsec/local/isdhost SSL Performance: Single IPSEC ISD Statistics Menu [Single ISD IPSEC Stats 1 Menu] vpn .Locally ipsec encoded kB/sec last minute all VPNs dectot . dec Display the locally decoded kBytes for all VPNs.Locally total ipsec decoded kBytes all VPNs dec .Locally active ipsec sessions all VPNs totalsess . enc Display the locally encoded kBytes for all VPNs. totalsess Display the total of locally active IPSEC sessions for all VPNs.

System-wide parameter menu lang .Language support ptcfg .Dump all information Table 11-11 AAA Statistics Menu Options Command Syntax and Usage total <VPN_ID> Display the Cluster-wide authentication statistics for each VPN.Nortel Application Switch Operating System 23. /ssl/cfg SSL Performance Configuration Menu [Configuration Menu] ssl .Cluster-wide authentication statistics (per VPN) isdhost . dump Display all ISD statistics. portal and certificate quick .Backup configuration to TFTP/FTP/SCP/SFTP server gtcfg .Create test vpn.VPN menu test .Certificate menu vpn .Restore configuration from TFTP/FTP/SCP/SFTP server dump . dump Display all AA statistics.SSL offload menu cert .ISD local authentication statistics (per VPN) dump .Quick vpn setup wizard sys .Dump configuration on screen for copy-and-paste 548 Chapter 11: The SSL Processor Menu 320506-A. isdhost </cfg/sys/host number> Display the ISD local authentication statistics for each VPN.0. January 2006 . /ssl/stats/aaa AAA Statistics Menu [AAA Statistics Menu] total .2 Command Reference Table 11-10 SSL Perfomance: Single IPSEC ISD Statistics Menu Options Command Syntax and Usage dechisto Display the ISD local ipsec decrypt histograms for all VPNs.

sys Go to the System-wide parameter menu.Nortel Application Switch Operating System 23.2 Command Reference Table 11-12 SSL Perfomance Configuration Menu Options Command Syntax and Usage ssl Go to the SSL offload menu. lang Go to the Language Support menu. cert Go to the Certificate menu. To view menu options.0 VPN user name: Test_vpn VPN password: smith Do you want to configure IPsec? (yes/no) [no]: n Do you want to configure Netdirect? (yes/no) [no]: n Creating VPN 1 Creating Linkset 1 Name: base-links Creating Authentication 1 Calling /cfg/vpn 1/aaa/auth 1/local/add Test_vpn smith test Creating Group 1 Name: test Creating Access rule 1 Added base-links to linkset Created /cfg/cert 2 Use 'apply' to activate. To view menu options. quick Create a VPN configuration using command prompts. Chapter 11: The SSL Processor Menu 320506-A. see page 573. To view menu options. see page 554. see page 551. test Create a test VPN. see page 649.0. portal and certificate. see page 649. To view menu options. January 2006 549 .0. vpn Go to the VPN menu. To view menu options.0. For example: SSL >> Configuration# test Enter virtual IP address of test portal: 0.

NOTE – Note: If you have fully separated the Administrator user role from the Certificate Administrator user role (by removing the admin user from the certadmin group).transparently to the user. NOTE – Note 2: When using the ptcfg command on an iSD310-SSL FIPS. including private keys and certificates. private keys are encrypted using the wrap key that was generated when the first HSM card in the cluster was initialized. the export passphrase defined by the certificate administrator is used to protect the private keys in the configuration . including private keys and certificates. you will be prompted for the password phrase you have specified. NOTE – Note 1: If you have fully separated the Administrator user role from the Certificate Administrator user role. the certificate administrator must enter the correct passphrase. the certificate administrator must enter the passphrase that was defined by him or her using the /cfg/sys/user/caphrase command. The password phrase is used to protect the private keys in the configuration. January 2006 . You are required to specify a password phrase before the information is sent to the TFTP server. dump Display the configuration on-screen for a copy and paste operation.0. The configuration can later be restored by using the gtcfg command. If you restore the configuration by using the gtcfg command.2 Command Reference Table 11-12 SSL Perfomance Configuration Menu Options Command Syntax and Usage ptcfg Saves the current configuration. You need to provide the password phrase you specified when saving the configuration to the TFTP server.Nortel Application Switch Operating System 23. from a TFTP server. 550 Chapter 11: The SSL Processor Menu 320506-A. to a TFTP server. gtcfg Restores a configuration. When a configuration backup is restored by using the gtcfg command.

2 Command Reference /ssl/cfg/ssl SSL Configuration Server Menu [SSL Menu] server test quick .Create test server and certificate .Quick server setup wizard Table 11-13 SSL Configuration Server Menu Options Command Syntax and Usage server Go to the SSl Server menu. Chapter 11: The SSL Processor Menu 320506-A.Nortel Application Switch Operating System 23. test Create a test VPN.0. see page 552. quick Create a VPN configuration using command prompts.0.SSL server menu . portal and certificate.0 VPN user name: Test_vpn VPN password: smith Do you want to configure IPsec? (yes/no) [no]: n Do you want to configure Netdirect? (yes/no) [no]: n Creating VPN 1 Creating Linkset 1 Name: base-links Creating Authentication 1 Calling /cfg/vpn 1/aaa/auth 1/local/add Test_vpn smith test Creating Group 1 Name: test Creating Access rule 1 Added base-links to linkset Created /cfg/cert 2 Use 'apply' to activate. For example: SSL >> Configuration# test Enter virtual IP address of test portal: 0.0. January 2006 551 . To view menu options.

552 Chapter 11: The SSL Processor Menu 320506-A. see page 554.Nortel Application Switch Operating System 23. port <integer> Set the listen port for the server. January 2006 . type <generic/http/socks> Set the port type.To view menu options. vips <IP_address> Enter the virtual IP address for the server. trace Go to the Trace menu. rport <integer> Set the actual server port number. standalone on|off Set the standalone mode.2 Command Reference /ssl/cfg/ssl/server SSL Configuration Server-specific Menu [Server 1 Menu] name vips standalone port rip rport type proxy trace ssl tcp adv del ena dis Set server name Set IP addr(s) of server Set standalone mode Set listen port of server Set real server IP addr Set real server port Set type (generic/http/socks) Set transparent proxy mode (on/off) Traffic trace menu SSL settings menu TCP endpoint settings menu Advanced settings menu Remove virtual server Enable virtual server Disable virtual server Table 11-14 SSL Configuration Server-specific Menu Options Command Syntax and Usage name <string> Enter the name of the server. proxy on|off Set the proxy mode. rip <IP_address> Set the actual server IP address.0.

Chapter 11: The SSL Processor Menu 320506-A. January 2006 553 . dis enabled|diabled Disable the virtual server.0. tcp Go to the TCP endpoints menu. To view menu options. del Remove the virtual server. see page 557. To view menu options.2 Command Reference Table 11-14 SSL Configuration Server-specific Menu Options Command Syntax and Usage ssl Go to the SSL Settings menu. see page 556. adv Go to the Advanced settings menu. see page 555. ena enabled|disabled Enable the virtual server. To view menu options.Nortel Application Switch Operating System 23.

traceroute <hostname> Use this command to identify the route used for station-to-station connectivity across the network. 554 Chapter 11: The SSL Processor Menu 320506-A.Nortel Application Switch Operating System 23.html. tcpdump Create a traffic dump.tcpdump.2 Command Reference /ssl/cfg/ssl/server/trace SSL Configuration Server-specific Trace Menu [Trace Menu] ssldump tcpdump ping dnslookup traceroute Create traffic dump Create traffic dump Ping through backend interface Lookup a name in DNS through backend interface traceroute through backend interface Table 11-15 SSL Configuration Server-specific Trace Menu Options Command Syntax and Usage ssldump Create a traffic dump.html. Information on creating dump patterns can be found at http://www. January 2006 . Information on creating dump patterns can be found at http://www.tcpdump. ping <hostname> Use this command to verify station-to-station connectivity across the network.org/tcpdump_man. dnslookup <hostname> Lookup a hostname in DNS.0.org/tcpdump_man.

or +. Separate the list using commas. Additionally the cipher string @STRENGTH sorts the current cipher list in order of encryption algorithm key length. Chapter 11: The SSL Processor Menu 320506-A. ! permanently deletes the ciphers from the list (e. cacerts <integerlist> Set the list of authorized signers of client certificates. cachettl <integer> Set the SSL cache timeout (in seconds). SSLv3:TLSv1).g. cachain <integerlist> Set the list of CA chain certificates.Set server certificate cachesize .Enable SSL dis .Set SSL cache timeout cacerts . protocol <issl2/ssl3/ssl23/tls1> Set the protocol version.Disable SSL Table 11-16 SSL Configuration Server-specific SSL Menu Options Command Syntax and Usage cert unset|set Create a server certificate.Set cipher list ena .Set certificate verification level ciphers . January 2006 555 .Nortel Application Switch Operating System 23. cachesize <integer> Set the SSL cache size. Lists of cipher suites can be combined using a logical and operation (+) (e. + moves the ciphers to the end of the list. . This option doesn't add any new ciphers it just moves matching existing ones. SHA1+DES represents all cipher suites containing the SHA1 and the DES algorithms).Set protocol version verify . ciphers Set the cipher list.0. Each cipher string can be optionally preceded by the characters !.g.g. but the ciphers can be added again by later options. verify none|optional|require Set the verification level of the certificate. The cipher list consists of one or more cipher strings separated by colons (e. Separate the signer list using commas.Set list of accepted signers of client certificates cachain .2 Command Reference /ssl/cfg/ssl/server/ssl SSL Configuration Server-specific SSL Menu [SSL Settings Menu] cert . !RSA).deletes the ciphers from the list.Set SSL cache size cachettl . .Set list of CA chain certificates protocol .

Set ssendbuf . January 2006 . 556 Chapter 11: The SSL Processor Menu 320506-A. swrite <integer> Set the server TCP write timeout (in seconds. csendbuf auto|<2000 to 100000> Set the client TCP send buffer size (in bytes).Set swrite . ssendbuf <generic/http/socks> Set the server TCP send buffer size (in bytes).Set srecbuf .Nortel Application Switch Operating System 23. sconnect <integer> Set the server TCP connect timeout (in seconds. 1-2147483647).Set client client server server client client server server TCP TCP TCP TCP TCP TCP TCP TCP write timeout keep alive timeout write timeout connect timeout send buffer size receive buffer size send buffer size receive buffer size Table 11-17 SSL Configuration Server-specific TCP Menu Options Command Syntax and Usage cwrite <integer> Set the client TCP write timeout (in seconds.Set ckeep . 1-2147483647).Set csendbuf . /ssl/cfg/ssl/server/tcp SSL Configuration Server-specific TCP Menu [TCP Settings Menu] cwrite . dis yes|no Disable SSL.0. srecbuf on|off Set the server TCP receive buffer size (in bytes).Set sconnect .Set crecbuf .2 Command Reference Table 11-16 SSL Configuration Server-specific SSL Menu Options Command Syntax and Usage ena yes|no Enable SSL. ckeep <integer> Set the client TCP keep alive timeout (in seconds. 1-2147483647). crecbuf auto|<2000 to 100000> Set the client TCP receive buffer size (in bytes). 1-2147483647).

0. To view the menu options.2 Command Reference /ssl/cfg/ssl/server/adv SSL Configuration Server-specific Advanced Menu [Advanced Settings string blockstrin loadbalanc sslconnect Menu] String menu Set strings to block Load balancing menu SSL connect menu Table 11-18 SSL Configuration Server-specific Menu Options Command Syntax and Usage string Go to the String menu. To view the menu options. Chapter 11: The SSL Processor Menu 320506-A. loadbalanc Go to the Load Balancing menu. January 2006 557 . see page 560. To view the menu options. see page 559.Nortel Application Switch Operating System 23. see page 558. blockstrin <string> Set the strings to block. sslconnect Go to the SSL Connect menu. separated by commas.

x-ssl icase on|off Set the string match as case respective yes (on) or no (off). connect Special query. cookie-override Headers accept. accept-language. if-range. date. content-range. transfer-encoding. trace. For example: SSL >> LB String 1# match Current value: <not set> Enter match string (may contain *): location <locationlist> Set the match string locations. content-language. set-cookie. via. vary. del string<string_number> Delete the string. content-location. if-modified-since. etag. content-encoding. content-md5. referer. content-base. useragent. server. accept-encoding. 558 Chapter 11: The SSL Processor Menu 320506-A. age. The current strings are excluded (on) or included (off). accept-ranges. proxy-authorization. authorization. pragma.Nortel Application Switch Operating System 23. warning. params. max-forwards. location. keep-alive. content-type. cookie2. proxy-authenticate. delete. head. accept-charset. allow. retry-after. expires. content-length. if-none-match. if-match. if-unmodified-since. public. Possible values are: Macros url. cookie. connection. header Methods options.0. upgrade. x-forwarded-for. range. cache-control. January 2006 . post. proxyconnection. host. unknown.2 Command Reference /ssl/cfg/ssl/server/adv/string SSL Configuration Server Advanced String Menu [LB String 1 Menu] match location icase negate del Set string to match Set locations to perform the match in Set ignore case in to match Set negate the result of the match Remove string Table 11-19 SSL Configuration Server-specific Menu Options Command Syntax and Usage match <string>|* Enter the string to match. last-modified. put. www-authenticate. other. from. separated by commas. negate on|off Set a negative match scheme. get.

Set persistence strategy cookie .Nortel Application Switch Operating System 23. cookie Go to the Cookie settings menu. To view the menu options. January 2006 559 . To view the menu options. script Go to the heath check script menu.Set health check interval (s) remotessl .Set health check type script . health none|tcp|ssl|auto|script Set the health check type. see page 565.Cookie settings menu metric .Set load balancing type persistenc . Note that this menu is accessible only when persistenc is set to “cookie”. To view the menu options. metric hash|roundrobin|leastconn Set the load balancing metric. To view the menu options. see page 560.Disable load balancing Table 11-20 SSL Configuration Server Advanced Load Balancing Menu Options Command Syntax and Usage type all|<string> Set the load balancing type. persistenc none|cookie|session Set the persistence strategy. interval <integer> Set the health check interval. see page 563.Enable load balancing dis . see page 562.Remote SSL connect menu backend . backend Go to the Backend Servers menu.Backend servers menu ena .Set load balancing metric health .Health check script menu interval . Chapter 11: The SSL Processor Menu 320506-A. remotessl Go to the Remote SSL connection menu.2 Command Reference /ssl/cfg/ssl/server/adv/loadbalanc SSL Configuration Server Advanced Load Balancing Menu [Load Balancing Settings Menu] type .0.

560 Chapter 11: The SSL Processor Menu 320506-A.Configure other local VIPs .Nortel Application Switch Operating System 23.Set cookie name . January 2006 . expires <date_time> Sets the cookie expiration date and time.Set cookie mode . dis enable|disable Disable load balancing.2 Command Reference Table 11-20 SSL Configuration Server Advanced Load Balancing Menu Options Command Syntax and Usage ena enable|disable Enable load balancing. name <cookie_name> Sets the cookie name. For more information on this menu refer to page 562. expiresdel <0(session)-2147483647> Sets the cookie expiration delta value.Set cookie expires . domain <domain_name> Sets the cookie domain name.Set cookie value length Table 11-21 SSL Configuration Server Advanced Load Balancing Cookie Menu Options Command Syntax and Usage mode insert | passive | rewrite Sets the cookie load balancing mode.Set cookie domain .0.Set cookie value offset . /ssl/cfg/ssl/server/adv/loadbalanc/ cookie SSL Configuration Server Advanced Load Balancing Cookie Menu [Cookie Settings mode name domain expires expiresdel localvips offset length Menu] . localvips Opens the Local VIPs menu.Set cookie expires delta .

0.2 Command Reference Table 11-21 SSL Configuration Server Advanced Load Balancing Cookie Menu Options (Continued) Command Syntax and Usage offset <1-64> Sets the cookie value offset. January 2006 561 .Nortel Application Switch Operating System 23. length <0-64> Sets the cookie length Chapter 11: The SSL Processor Menu 320506-A.

insert <entry_index.List all values del . /ssl/cfg/ssl/server/adv/loadbalanc/ script SSL Configuration Server Advanced Load Balancing Health Script Menu [Health Check Script Menu] list .Delete a value by number add .0. add <ip_address> Adds an entry by IP address. destination_index> Moves an entry from the source index to the destination index. del <entry_index> Deletes the entry indicated by the index value. ip_address> Adds an entry at a specific point by index and IP address.Nortel Application Switch Operating System 23.Add a new value insert .Move a value by number 562 Chapter 11: The SSL Processor Menu 320506-A.Insert a new value move . move <source_index. January 2006 .2 Command Reference /ssl/cfg/ssl/server/adv/loadbalanc/ cookie/localvips Local VIP Configuration Menu [Local VIPs Menu] list del add insert move List all values Delete a value by number Add a new value Insert a new value Move a value by number Table 11-22 Local VIP Configuration Menu Command Syntax and Usage list Lists all configured values.

/ssl/cfg/ssl/server/adv/loadbalanc/ remotessl SSL Configuration Server Advanced Load Balancing Remote SSL Menu [Remote SSL Connect Settings Menu] protocol .Set protocol version cert .Set accepted ciphers for ssl connect verify . 1 to 1500> Set the certificate number. cert <integer. del <index> Delete a specific value.2 Command Reference Table 11-23 SSL Configuration Server Advanced Load Balancing Health Script Menu Options Command Syntax and Usage list Display all values.Nortel Application Switch Operating System 23. January 2006 563 . move <value> <value> Exchange one value for another.0.Set client certificate ciphers . Chapter 11: The SSL Processor Menu 320506-A. add <command> <timeout> <argument> Add a new health script.Verify server menu Table 11-24 SSL Configuration Server Advanced Load Balancing Remote SSL Menu Options Command Syntax and Usage protocol aissl2|ssl3|ssl23|tls1 Set the protocol version. insert <position> <command> <timeout> <argument> Insert a new value.

see page 564. SHA1+DES represents all cipher suites containing the SHA1 and the DES algorithms). /ssl/cfg/ssl/server/adv/loadbalanc/ remotessl/verify SSL Configuration Server Advanced Load Balancing Remote SSL Verification Menu [Remote SSL Connect Verify Settings Menu] verify . commonname <name> Set the server common name.0. Each cipher string can be optionally preceded by the characters !.Set list of accepted signers of server's certificate Table 11-25 SSL Configuration Server Advanced Load Balancing Remote SSL Verification Menu Options Command Syntax and Usage verify none|require Set the ertification verification level.or +. The cipher list consists of one or more cipher strings separated by colons (e. but the ciphers can be added again by later options. January 2006 . SSLv3:TLSv1).Set certificate verification level commonname .Set server common name cacerts . .2 Command Reference Table 11-24 SSL Configuration Server Advanced Load Balancing Remote SSL Menu Options Command Syntax and Usage ciphers <string> Set the accepted ciphers for SSL connection. .g.g.g. + moves the ciphers to the end of the list. This option doesn't add any new ciphers it just moves matching existing ones.deletes the ciphers from the list.Nortel Application Switch Operating System 23. To view the menu options. Additionally the cipher string @STRENGTH sorts the current cipher list in order of encryption algorithm key length verify Go to the Verify Server menu. !RSA). For example: SSL >> Remote SSL Connect Verify Settings# commonname Current value: [old_server_name] Give common name of server: <new_server_name> 564 Chapter 11: The SSL Processor Menu 320506-A. Lists of cipher suites can be combined using a logical and operation (+) (e. ! permanently delets the ciphers from the list (e.

Set backend server port sslconnect . port <port_number> Set the backend server port number.Set host name of remote server remotessl .Set load balancing strings lbop .2 Command Reference Table 11-25 SSL Configuration Server Advanced Load Balancing Remote SSL Verification Menu Options Command Syntax and Usage cacerts <integer_list> Enter the certificate numbers.Enable backend server dis . rname <hostname> Set hostname of the remote server.Disable backend server Table 11-26 SSL Configuration Server Advanced Load Balancing Backend Server Menu Options Command Syntax and Usage ip <IP_address> Set theIP address of the backend server.Set remote site is ssl lbstrings . as required. sslconnect on|off Set the SSL connection option. /ssl/cfg/ssl/server/adv/loadbalanc/ backend SSL Configuration Server Advanced Load Balancing Backend Server Menu [Backend Server 1 Menu] ip . Chapter 11: The SSL Processor Menu 320506-A. separated by commas.Remove backend server ena . January 2006 565 . remote true|false Set the server as remote.Nortel Application Switch Operating System 23.Set string load balancing operation del .Set IP addr of backend server port .Set perform SSL connect if enabled for server remote .0.Set server is remote rname .

Set private key revoke .Export certificate and key with TFTP/FTP/SCP/SFTP display . separated by a comma. ena enable|disable Enable the backend server.Show certificate short information subject .Set certificate name cert .Generate signed client/server certificate request . lbop any|all|one|none Set the string load balancing operation.0.Check if key and certificate match keysize .Sign a certificate request test . del Remove the backend server.Revocation menu genkey .Set certificate key . January 2006 .Display certificate and key show .Show key size keyinfo .Import key and certificate with TFTP/FTP/SCP/SFTP export .Generate private key gensigned . lbstrings <integers> Set the load balance strings.Show certificate subject information validate . /ssl/cfg/cert SSL Configuration Certificate Menu [Certificate 1 Menu] name .2 Command Reference Table 11-26 SSL Configuration Server Advanced Load Balancing Backend Server Menu Options Command Syntax and Usage remotessl true|false Set the remote site as SSL.Show certificate information info . dis enable|disable Disable the backend server.Nortel Application Switch Operating System 23.Generate certificate request sign .Remove certificate 566 Chapter 11: The SSL Processor Menu 320506-A.Generate test certificate and key import .Show how key is stored del .

press Enter to create a new line.. > key <pasted_key_content> Paste the copied key.2 Command Reference Table 11-27 SSL Configuration Certificate Menu Options Command Syntax and Usage name <string> Enter the name of the certificate.. January 2006 567 . To view the menu options. Chapter 11: The SSL Processor Menu 320506-A." (without the quotation marks) to terminate. press Enter to create a new line.. and then type ". genkey 512|1024|2048|4096 Generate a private key.Nortel Application Switch Operating System 23." (without the quotation marks) to terminate. > revoke Go to the Revoke menu. For example: Paste the key. gensigned <key> <certificate_number> Generate a certificate.0.. see page 571. cert <pasted_certificate_content> Paste the content of a copied certificate. and then type ". For example: Paste the certificate.

0. Country Name (2 letter code): CA State or Province Name (full name): Ontario Locality Name (eg. 568 Chapter 11: The SSL Processor Menu 320506-A.Nortel Application Switch Operating System 23.ca Key size (512/1024/2048/4096) [1024]: 1024 Request a CA certificate (y/n) [n]: y Specify challenge password (y/n) [n]: n -----BEGIN CERTIFICATE REQUEST----MIIBvjCCAScCAQAwfjELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQH EwdPdHRhd2VhMQ4wDAYDVQQKEwVOb1RlbDEOMAwGA1UECxMFTWFpbnQxETAPBgNV BAMTCE5vVGVsLTEyMR0wGwYJKoZIhvcNAQkBFg5tYWludEBub3RlbC5jYTCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2LJNQnjDxHXm1bunZF39o/1CJ7egEupd gXaIiDt1xQ5kWNlCcIhXrsksrpAOss/NMy2DNLmNd/31BO8XSvuZWs6LJxznZyBC 6WcSmOa6r96CnsvPPi/jIqAZQMbklwclH5Qa/JjSWuaoVdlVOAuhe58PqyQketXm 58w8n+Iy+a0CAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBAMMhwai0XLkL+YT3qBBo tmtTL7DgH/7czR97lgXsDawZOWaiYq4tAEBSr+Ap1qxAqgS4VJxrjBZIYT6xQW6z MvHE20s+Reaf9cX9OePTvaSH9SUSKz8QNhPLUdBo7LOURUaF7aN5IWPBezGQwgjp Rxxf+chfXa7M8i7VdY9YyAHA -----END CERTIFICATE REQUEST----Use 'apply' to store the private key in the iSD until the signed certificate is entered. sign <key> <certificate_number> Sign a certificate. SSL >> Certificate 1# request The combined length of the following parameters may not exceed 225 bytes. section): MaintCommon Name (eg. company): NoTel Organizational Unit Name (eg. January 2006 .2 Command Reference Table 11-27 SSL Configuration Certificate Menu Options Command Syntax and Usage request Generate a certicate request. your name or your server's hostname): NoTel-12 Email Address: maint@notel. The private key will be lost unless you 'apply' or save it elsewhere using 'export'. city): Ottawa Organization Name (eg.

For example: SSL >> Certificate 1# test The combined length of the following parameters may not exceed 225 bytes.0. company): NoTel Organizational Unit Name (eg. Chapter 11: The SSL Processor Menu 320506-A. export <proto> <server> <certfile> Export a key and certificate to a remote host. For example: SSL >> Certificate 1# export Select protocol (tftp/ftp/scp/sftp) [tftp]: ftp Enter hostname or IP address of server: NoTel-10 Enter export format (pem/der/net/pkcs12): pem Enter export pass phrase: <hidden_text> Reconfirm export pass phrase: <hidden_text> Enter name of combined key and certificate file on remote host: key_cert_from_NoTel-12 Error: Host not found. or connection rejected. FTP server not found. city): Ottawa Organization Name (eg.ca Valid for days [365]: 200 Valid for days [365]: 200 Key size (512/1024/2048/4096) [1024]: 1024 Test key and certificate added. your name or your server's hostname): NoTel-12 Email Address: maint@notel. section): Maint Common Name (eg.2 Command Reference Table 11-27 SSL Configuration Certificate Menu Options Command Syntax and Usage test Create a test certificate and key. For example: SSL >> Certificate 1# import Select protocol (tftp/ftp/scp/sftp) [tftp]: ftp Enter hostname or IP address of server: NoTel-10 Enter filename on server: key_certificate2389 Retrieving key_certificate2389 from NoTel-10 Error: Host not found. FTP server not found. Country Name (2 letter code): CA State or Province Name (full name): Ontario Locality Name (eg. import <proto> <server> <certfile> Import a remote certificate and key. or connection rejected. January 2006 569 . Use 'apply' to activate.Nortel Application Switch Operating System 23.

show Show certificate information. . . . For example: SSL >> Certificate 1# info Serial number: 0 (0x0) Expire: Jan 19 14:49:18 2006 GMT Certificate subject: C=CA ST=Ontario L=Ottawa O=NoTel OU=Maint CN=NoTel-12/emailAddress=maint@notel. For example: SSL >> Certificate 1# display Encrypt private key (yes/no) [yes]: yes Enter export pass phrase: <hidden_text> Reconfirm export pass phrase: <hidden_text> Proc-Type: 4.Nortel Application Switch Operating System 23.2 Command Reference Table 11-27 SSL Configuration Certificate Menu Options Command Syntax and Usage display Display a certificate and key.0.ca 570 Chapter 11: The SSL Processor Menu 320506-A. info Show short-form certificate information. A9xlBRMYzppbzQVjjFK0maFRtuhIiEbexLJwTCEwfyVMk8juHvBWIQ== -----END RSA PRIVATE KEY---------BEGIN CERTIFICATE----MIID3jCCA0egAwIBAgIBADANBgkqhkiG9w0BAQQFADCBgjELMAkGA1UEBhMCQ0Ex EDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90dGF3YTEOMAwGA1UEChMFTm9U .8E1E1EB54398437B 1NngBGmeIGxhndoR3+F4DNmYNCtH6tbVMZmmTCAu0ee9Ss9vjy6N3jXgMUy8RnfV 1dRLixDPlpAB5CwsSUBLROtvq6rhyZnwKbofz4UBon1tE33eX86uNrXGjdvPkfzD x8TrCXdcewY0W1xuPA6mnb0mHCn768fqoNd5YlXPMRbPrK/nTfvCHlfvVmHkzpw3 BrvNfqVpdijQkdv+X53gn7DbYBsFYKSLsjyZ1Dst1JFDS5W594by1P7WseRYi4Lq XPcmgZA7BtC5JV9d6Fwmd66Cois3WUxBtTeLJDFet6fr/9e3nXfa+pPyIgGGWAYE . January 2006 .ENCRYPTED DEK-Info: DES-EDE3-CBC.

= = = = = = = CA Ontario Ottawa NoTel Maint NoTel-12 maint@notel.4.5.9. January 2006 571 .3) emailAddress/emailAddress (1. del Delete the certificate and key.4.4.Nortel Application Switch Operating System 23.5.5. For example: SSL >> Certificate 1# del Certificate 1 will be deleted when changes are applied.6) ST/stateOrProvinceName (2.2 Command Reference Table 11-27 SSL Configuration Certificate Menu Options Command Syntax and Usage subject Show certificate subject information.ca /ssl/cfg/cert/revoke SSL Configuration Revoke Certificate Menu [Revocation Menu] add addx del list rev import automatic Add decimal serial number to revocation list Add hex serial number to revocation list Cancel revocation for a serial number List revoked certificates Enter revocation list Import revocation list with TFTP/FTP/SCP/SFTP Automatic CRL retrieval menu Table 11-28 SSL Configuration Revoke Certificate Menu Options Command Syntax and Usage add <integer> Add a decimal serial number to the revocation list. keyinfo Displays how the key is stored.113549.4.4.8) L/localityName (2.5.1) validate <matched_key> <matched_certificate> Check if certificate and key are matched. For example: SSL >> Certificate 1# subject Certificate subject: C/countryName (2.1.840.11) CN/commonName (2.2.7) O/organizationName (2. keysize Display key size (in bytes).5.0.10) OU/organizationalUnitName (2. Chapter 11: The SSL Processor Menu 320506-A.5.4.

0.Set list of accepted signers of CRLs ena . passwd <string> Set the authentication password. interval <time> Set the refresh interval.2 Command Reference Table 11-28 SSL Configuration Revoke Certificate Menu Options Command Syntax and Usage addx <hexidecimal_number> Add a hexidecimal number to the revocation list.Disable automatic retrieval Table 11-29 SSL Configuration Revoke Certificate Automatic Menu Options Command Syntax and Usage url <URL> Set the URL value to retrieve the CRL. automatic Go to the automatic retrieval menu.Set password to use when to authenticate interval . /ssl/cfg/cert/revoke/automatic SSL Configuration Revoke Certificate Automatic Menu [Automatic CRL Menu] url .Set refresh interval cacerts .Nortel Application Switch Operating System 23.Set URL to retrieve CRL from authDN . import <proto> <server> <file> Import a remote revocation list. rev Paste a revocation list into another revocation list.Enable automatic retrieval dis .Set LDAP DN used for bind/authentication passwd . January 2006 . list List the revoked certificates. authDN <LDAP-Distinguished-Name> Set the LDAP DN to be used for bind and authentication. del <serial_number> Cancel the revocation of a serial number. 572 Chapter 11: The SSL Processor Menu 320506-A.

see page 578. To view the menu options. dis enabled|disabled Disable automatic retrieval.2 Command Reference Table 11-29 SSL Configuration Revoke Certificate Automatic Menu Options Command Syntax and Usage cacerts <certificate_numbers> Create a list of accepted signers of CRLs. Chapter 11: The SSL Processor Menu 320506-A. see page 573. see page 602. aaa Go to the AAA menu. To view the menu options.Nortel Application Switch Operating System 23. ipsec Go to the IPsec server menu. /ssl/cfg/vpn SSL VPN Configuration Menu [VPN 1 Menu] ips standalone aaa server ipsec ippool portal linkset sslclient adv del Set IP addr(s) of the VPN Set standalone mode (no switch) AAA menu SSL server menu IPsec server menu IP address pool menu Portal look and feel menu Portal linkset menu SSL VPN client menu Advanced settings menu Remove VPN Table 11-30 SSL VPN Configuration Menu Options Command Syntax and Usage ips <IP_address> Set the IP address of the VPN. January 2006 573 . To view the menu options.0. Separate the lsit elements by commas ena enabled|disabled Enable automatic retrieval. server Go to the SSL server menu. standalone on|off Set the standalone mode.

portal Go to the Portal look and feel menu. see page 619. 574 Chapter 11: The SSL Processor Menu 320506-A.To view the menu options. see page 615. see page 625. To view the menu options. To view the menu options. sslclient Go to the SSL VPN client menu. see page 621.0.To view the menu options.2 Command Reference Table 11-30 SSL VPN Configuration Menu Options Command Syntax and Usage ippool Go to the IP POOL menu.Nortel Application Switch Operating System 23. adv Go to the Advanced Settings menu. see page 627. To view the menu options. January 2006 . /ssl/cfg/vpn/aaa SSL VPN Configuration Menu [AAA Menu] quick tg ttl auth authorder network service appspec filter group defgroup ssodomains ssoheaders radacct AAA setup wizard TunnelGuard menu Set login session TTL Authentication menu Set authentication server fallback order Network access menu Service access menu Application specific menu Client filter menu Group menu Set default group Single-Sign on enabled domains menu Single-Sign on headers menu RADIUS accounting menu Table 11-31 SSL VPN Configuration AAA Menu Options Command Syntax and Usage quick <IP_address> AAA setup wizard. linkset Go to the Portal lonkset menu. del Remove the VPN.

auth Go to the Authentication menu. filter Go to the Client Filter menu. January 2006 575 . To view the menu options. see page 588.0.To view the menu options. To view the menu options. To view the menu options.Nortel Application Switch Operating System 23. To view the menu options. authorder <list_of_servers> Set the authetication server fallback order. see page 582.To view the menu options. see page 578. see page 584. network Go to the Network Access menu. Use a comma to separate entries. see page 576. see page 597. service Go to the Service Access menu. see page 599. To view the menu options. min 2m)> Set the login session TTL. To view the menu options. To view the menu options. ttl <TTL for idle sessions (max 31d. radacct Go to the Radius Accounting menu. defgroup <name_of_group> Set the default group. see page 589. see page 597. appsec Go to the Application Specific menu.2 Command Reference Table 11-31 SSL VPN Configuration AAA Menu Options Command Syntax and Usage tg Go to the TunnelGuard menu. see page 585. ssoheaders Go to the Single Sugn-on Headers menu. ssodomains Go to the Single sign-on enabled domains menu. group Go to the Group menu. To view the menu options. Chapter 11: The SSL Processor Menu 320506-A.

0. 576 Chapter 11: The SSL Processor Menu 320506-A. dis enable|disable Disable TunnelGuard.2 Command Reference /ssl/cfg/vpn/aaa/tg SSL VPN Configuration TunnelGuard Menu [TG Menu] ena dis quick recheck action retry list loglevel Enable TunnelGuard Disable TunnelGuard Quick TunnelGuard setup wizard Set recheck interval Set fail action Set UDP retry interval List SRS rules Set TunnelGuard applet loglevel Table 11-32 SSL VPN Configuration AAA TunnelGuard Menu Options Command Syntax and Usage ena enable|disable Enable TunnelGuard. January 2006 .Nortel Application Switch Operating System 23.

Chapter 11: The SSL Processor Menu 320506-A. list List the SRS rules. For example: SSL >> TG# quick In the event that the TunnelGuard checks fails on a client. Which action do you want to use for TunnelGuard failure? (teardown/restricted) [restricted]: restricted Do you want to create a tunnelguard test user? (yes/no) [yes]: yes Enabling TunnelGuard Creating Linkset 1 Name: tg_passed This Linkset just prints the TG result Creating Linkset 2 Name: tg_failed This Linkset just prints the TG result Adding test SRS rule srs-rule-test This rule check for the presence of the file C:\tunnelguard\tg. min 2m)> Use the Quick TunnelGuard setup wizard.Nortel Application Switch Operating System 23. loglevel <string> Set the TunnelGuard applet log level.2 Command Reference Table 11-32 SSL VPN Configuration AAA TunnelGuard Menu Options Command Syntax and Usage quick <TTL for idle sessions (max 31d. January 2006 577 . retry <seconds. 1-65535> Set the UDP retry interval.txt Creating Group 1 Name: tunnelguard Creating Extended Profile 1 Giving full access when tg passed Creating Access rule 1 Creating Extended Profile 2 Giving no access when tg failed Using SRS rule: srs-rule-test Creating Authentication 1 Adding user 'tg' with password 'tg' Use 'diff' to view pending changes.0. action teardown|restricted Set the Fail action. the session can be teardown. or left in restricted mode with limited access. and 'apply' to commit recheck <seconds> Set the recheck interval.

siteminder. 578 Chapter 11: The SSL Processor Menu 320506-A.0 Port (default is 1812): 1812 Enter shared secret: shared Leaving: RADIUS servers menu Enter vendor id [alteon]: alteon Enter vendor type [1]: 1 Leaving: RADIUS settings menu -----------------------------------------------------------[Authentication 1 Menu] type . you are prompted to create an authentication if one does not already exist.Set authentication mechanism name .Nortel Application Switch Operating System 23. The menu is available only if the type is Radius (# type radius). cert. ntlm. Creating Authentication 1 Select one of radius. To view the menu options.0. display <string> Set the authentication display name.RADIUS settings menu adv .2 Command Reference /ssl/cfg/vpn/aaa/auth SSL VPN Configuration Authentication Menu To enter the /ssl/cfg/vpn/aaa/auth menu level.Set auth display name domain .Set auth name display . ldap. name <string> Set the authentication name. domain <string> Set the current windows domain for backend single sign-on.Remove Authentication Table 11-33 SSL VPN Configuration AAA Authentication Menu Options Command Syntax and Usage type radius|ldap|ntlm|siteminder|cert|rsa|local Set the authentication scheme.Set windows domain for backend single sign-on radius . January 2006 .Advanced settings menu del .0. see page 579. radius <list_of_servers> Go to the Radius menu. rsa or local: radius Auth name: Authentication_1 Entering: RADIUS settings menu Entering: RADIUS servers menu IP Address to add: 0. The default is local.0.

January 2006 579 .2 Command Reference Table 11-33 SSL VPN Configuration AAA Authentication Menu Options Command Syntax and Usage adv Go to the Advanced menu. del Remove the authentication. sessiontim Go to the Sessiontim menu. Chapter 11: The SSL Processor Menu 320506-A. timeout <integer. see page 581. see page 582.0. To view the menu options. the authentication type must be set to radius. To view the menu options. [RADIUS Menu] servers vendorid vendortype timeout sessiontim macro RADIUS servers menu Set vendor id for group attribute Set vendor type for group attribute Set RADIUS server timeout Session Timeout menu User-defined Macro menu Table 11-34 SSL VPN Configuration AAA Authentication Radius Menu Options Command Syntax and Usage servers Go to the Radius servers menu. To view the menu options.Nortel Application Switch Operating System 23. vendortype <vendortype> Set the vendor type. /ssl/vpn/aaa/auth/type radius. see page 580. vendorid <string> Set the switch vendor ID. 1 to 1000 seconds> Set the Radius server timeout. see page 580. For example. macro Go to the Macro menu. /ssl/cfg/vpn/aaa/auth/radius SSL VPN Configuration Authentication Radius Menu To enter the /ssl/cfg/vpn/aaa/auth/radius menu level. To view the menu options.

Add a new value insert .Insert a new value move .0.Nortel Application Switch Operating System 23. del <index_number> Delete a server value by name.Delete a value by number add .Disable Session-Timeout 580 Chapter 11: The SSL Processor Menu 320506-A. move <value> <value> Move a value position in the list.Set vendor type for session timeout attribute ena .List all values del .Enable Session-Timeout dis . January 2006 .2 Command Reference /ssl/cfg/vpn/aaa/auth/radius/servers SSL VPN Configuration Authentication Radius Servers Menu [RADIUS Servers Menu] list . default=1812> <secret> Add a new value (server). add <ip> <port. insert <position> <ip> <port> <secret> Insert a value into the list.Set vendor id for session timeout attribute vendortype .Move a value by number Table 11-35 SSL VPN Configuration AAA Authentication Radius Menu Options Command Syntax and Usage list List all values (servers). /ssl/cfg/vpn/aaa/auth/radius/ sessiontm SSL VPN Configuration Authentication Radius Session Timeout Menu [SessionTimeout Menu] vendorid .

dis enable|disable Disable session timeout. Chapter 11: The SSL Processor Menu 320506-A. del <value> Delete a value using its number.2 Command Reference Table 11-36 SSL VPN Configuration AAA Authentication Radius Session Timeout Menu Options Command Syntax and Usage vendorid <vendorid> Set the vendor ID number. vendortype <value> Set the Vendor Type number. <string> <integer>)> Add a value.0. insert <index_position> <vendorid> <vendortype> <attribute_type_string> Insert a value. /ssl/cfg/vpn/aaa/auth/radius/macro SSL VPN Configuration Authentication Radius Macro Menu [Macro Menu] list del add insert move List all values Delete a value by number Add a new value Insert a new value Move a value by number Table 11-37 SSL VPN Configuration AAA Authentication Radius Macro Menu Options Command Syntax and Usage list List all values. move <value> <value> Move a value’s position in the list. January 2006 581 . ena enable|disable Enable session timeout. add <vendorid> <vendortype> <attribute_type (IP.Nortel Application Switch Operating System 23.

January 2006 . secondauth <hostname> Set the secondary authentication server.2 Command Reference /ssl/cfg/vpn/aaa/auth/adv SSL VPN Configuration Authentication Advanced Menu [Advanced Menu] groupauth .Nortel Application Switch Operating System 23. Separate values using a comma. /ssl/cfg/vpn/aaa/network SSL VPN Configuration Network Menu To enter the /ssl/cfg/vpn/aaa/network menu level. 582 Chapter 11: The SSL Processor Menu 320506-A. To view the menu options.Set Authentication server list of group information secondauth . see page 583. you are prompted to create a network if one does not already exist. subnet Go to the Subnet menu.Set comment del .0.Set Secondary authentication server Table 11-38 SSL VPN Configuration AAA Authentication Advamced Menu Options Command Syntax and Usage groupauth <hostnames> Set the list of authentication servers.Set network name subnet . SSL >> AAA# network Enter network number or name: (1-1023) 1 Creating Network 1 Network name: Network_1 -----------------------------------------------------------[Network 1 Menu] name .Remove network Table 11-39 SSL VPN Configuration AAA Network Menu Options Command Syntax and Usage name <string> Set the network name.Subnet menu comment .

/ssl/cfg/vpn/aaa/network/subnet SSL VPN Configuration Network Subnet Menu To enter the /ssl/cfg/vpn/aaa/networksubnet menu level.Set network address mask . net <IP_address> Set the subnet address. Chapter 11: The SSL Processor Menu 320506-A. del Remove the network.Nortel Application Switch Operating System 23. January 2006 583 .Set Host Name net . The network will be removed when the global /apply command is entered. del Remove the Subnet. SSL >> Network 1# sub Enter subnet number: (1-1023) 1 Creating Network Subnet 1 Enter host name: Subnet_1 Enter network address: 0.Remove subnet Table 11-40 SSL VPN Configuration AAA Network Subnet Menu Options Command Syntax and Usage host <hostname> Set the hostname for the subnet. mask <IP_address> Set the Network mask.0.0.0. you are prompted to create a subnet if one does not already exist.Set network mask del .0 Enter network netmask: netmask -----------------------------------------------------------[Network Subnet 1 Menu] host .2 Command Reference Table 11-39 SSL VPN Configuration AAA Network Menu Options Command Syntax and Usage comment <text_string> Create a text description (comment) about the network.

If nore than one.Set allowed port comment .Set comment del .0.udp): tcp Enter service ports: 1. del Delete the service. ports <integers> Set the allowed ports.Set service name protocol . SSL >> AAA# service Enter service number or name: (1-1023) 1 Creating Service 1 Service name: Service_1 Enter service protocol (list of tcp. 584 Chapter 11: The SSL Processor Menu 320506-A. protocol tcp|udp Set the protocols that are allowed.2. you are prompted to create a service if one does not already exist.Remove Service Table 11-41 SSL VPN Configuration AAA Service Menu Options Command Syntax and Usage name <service_name> Set the service name.2 Command Reference /ssl/cfg/vpn/aaa/service SSL VPN Configuration Service Menu To enter the /ssl/cfg/vpn/aaa/service menu level.Set allowed protocols ports .Nortel Application Switch Operating System 23. January 2006 . use commas to separate.3 -----------------------------------------------------------[Service 1 Menu] name . comment <string> Create a description (comment) about the service.

see page 571.2 Command Reference /ssl/cfg/vpn/aaa/appspec SSL VPN Configuration Application specific Menu To enter the /ssl/cfg/vpn/aaa/appspec menu level. For smb you write the path as /<WORKGROUP>/<FILESHARE>/<FILE PATH>.Nortel Application Switch Operating System 23. January 2006 585 .Set comment del . ---------------------------------------------[AppSpecific 1 Menu] name . To view the menu options.Set appspec name paths .Remove AppSpec Table 11-42 SSL VPN Configuration AAA Application specific Menu Options Command Syntax and Usage name <appsec_name> Create an application name. SSL >> AAA# appspec Enter appspec number or name: (1-1023) 1 Creating AppSpecific 1 AppSpec name: AppSpec_1 Entering: Paths menu Path format: The paths are formated differently for different applications.Paths menu comment . For ftp you write the path as <ABSOLUTE FILE PATH>. for example /NORTEL/homes/public This will give access to the public directory in the homes share in the NORTEL workgroup/domain. Enter path: /path Leaving: Paths menu.0. for example /intranet This will give access to the /intranet path on the web server. for example /home/share/public/ This will give access to the /home/share/public. you are prompted to create a network if one does not already exist. paths Go to the Paths menu. Note that all paths are absolute from the root. For web servers you write the path <SERVER PATH>. Chapter 11: The SSL Processor Menu 320506-A.

0.Nortel Application Switch Operating System 23. del Delete the application. 586 Chapter 11: The SSL Processor Menu 320506-A. January 2006 .2 Command Reference Table 11-42 SSL VPN Configuration AAA Application specific Menu Options Command Syntax and Usage comment <string> Create a description (comment) about the Application.

del <path_value> Delete a path by its number. For smb you write the path as /<WORKGROUP>/<FILESHARE>/<FILE PATH>. for example /NORTEL/homes/public This will give access to the public directory in the homes share in the NORTEL workgroup/domain. Enter path: /home/storage insert <index> Insert a path into the path list. add Add a new path. for example /intranet This will give access to the /intranet path on the web server. January 2006 587 .2 Command Reference /ssl/cfg/vpn/aaa/appspec/paths SSL VPN Configuration Application specific Paths Menu [Paths Menu] list del add insert move List all values Delete a value by number Add a new value Insert a new value Move a value by number Table 11-43 SSL VPN Configuration AAA Application specific Paths Menu Options Command Syntax and Usage list List all paths. For example: SSL >> Paths# list Old: Pending: 1: /info SSL >> Paths# add Path format: The paths are formated differently for different applications.0. Note that all paths are absolute from the root. For ftp you write the path as <ABSOLUTE FILE PATH>.Nortel Application Switch Operating System 23. Chapter 11: The SSL Processor Menu 320506-A. For web servers you write the path <SERVER PATH>. for example /home/share/public/ This will give access to the /home/share/public.

0. tg true|false|ignore Set the state of the TunnelGuard checks passed. January 2006 . /ssl/cfg/vpn/aaa/filter SSL VPN Configuration AAA Filter Menu To enter the /ssl/cfg/vpn/aaa/filter menu level.Set access methods authserver .Set filter name cert .Nortel Application Switch Operating System 23.Remove client filter Table 11-44 SSL VPN Configuration AAA Filter Menu Options Command Syntax and Usage name <filter_name> Set the filter name. cert true|false|ignore Enter teh applicability of a certificate. 588 Chapter 11: The SSL Processor Menu 320506-A.2 Command Reference Table 11-43 SSL VPN Configuration AAA Application specific Paths Menu Options Command Syntax and Usage del Delete the path. iewiper true|false|ignore Set the prescence of the IE cache wiper.Set client network reference comment .Set authentication servers clientnet . you are prompted to create a service if one does not already exist.IE cache wiper present tg .Set comment del .Client certificate present iewiper .TunnelGuard checks passed methods . SSL >> AAA# filter Enter client filter number or name: (1-63) 1 Creating Client Filter 1 Filter name: Filter_1 -----------------------------------------------------------[Client Filter 1 Menu] name .

Access rule menu print . SSL >> AAA# group Enter group number or name: (1-1023) 1 Creating Group 1 Group name: Group_1 Enter number of sessions (0 is unlimited): 0 Enter user type (advanced/medium/novice): novice -----------------------------------------------------------[Group 1 Menu] name .Set group name access .Print access rules restrict . authserver <hostnames> Set authentication server names. If more than one.Nortel Application Switch Operating System 23. January 2006 589 .0. del Remove the client filter.Set number of login sessions usertype . you are prompted to create a service if one does not already exist. separate the names using a comma. clientnet <clientnet_hostname> Set client network reference.Extended profiles menu tgsrs . comment Create a description (comment) of the filter. /ssl/cfg/vpn/aaa/group SSL VPN Configuration AAA Group Menu To enter the /ssl/cfg/vpn/aaa/group menu level.2 Command Reference Table 11-44 SSL VPN Configuration AAA Filter Menu Options Command Syntax and Usage methods ssl|ipsec|netdirect Set the access methods.Remove group Chapter 11: The SSL Processor Menu 320506-A.Set TunnelGuard SRS Rule ipsec .Linkset menu extend .IPsec menu comment .Set comment del .Set portal user type linkset .

For example: SSL >> Group 1# print Network Ports ----------Proto Path ----. ipsec Go to the IPSEC menu. To view the menu options. linkset Go to the Linkset menu.0. The default is 0 (unlimited) usertype advanced|medium|novice Set the user level. tgsrs <string> Set the TunnelGuard SRS rule. see page 591. access Go to the Access rule menu. extend Go to the Extended Profiles menu. see page 595. see page 592. January 2006 .---Action ------ restrict <integer> Restrict the number of login sessions.2 Command Reference Table 11-45 SSL VPN Configuration AAA Group Menu Options Command Syntax and Usage name <string> Set tthe group name. del Delete the group.Nortel Application Switch Operating System 23. To view the menu options. comment Create a decription (comment) of the Group. see page 593. print Display the Access rules.To view the menu options. 590 Chapter 11: The SSL Processor Menu 320506-A. To view the menu options.

action accept|reject Accept or reject the creation of this Access rule.2 Command Reference /ssl/cfg/vpn/aaa/group/access SSL VPN Configuration AAA Group Access Menu To enter the /ssl/cfg/vpn/aaa/group/access menu level.0. service <service_name> Set the Service name reference.Set action comment .Set service reference appspec .Set network reference service . appspec <application_name> Set the application specific name reference. comment Create a description (comment) of this Access rule. Chapter 11: The SSL Processor Menu 320506-A.Set access rule comment del . del Delete the Access rule. January 2006 591 .Remove access rule Table 11-46 SSL VPN Configuration AAA Group Access Menu Options Command Syntax and Usage network <network_name> Enter the network name reference. you are prompted to create a service if one does not already exist. SSL >> Group 1# access Enter access rule number: (1-1023) 1 Creating Access rule 1 Enter network name: Network_1 Enter service name: Service_1 Enter application specific name: Application_1 Enter action (accept/reject): accept -----------------------------------------------------------[Access rule 1 Menu] network .Nortel Application Switch Operating System 23.Set application specific reference action .

move <value> <value> Move the linkset from one position to another in the linkset list.2 Command Reference /ssl/cfg/vpn/aaa/group/linkset SSL VPN Configuration AAA Group Linkset Menu [Linksets Menu] list del add insert move List all values Delete a value by number Add a new value Insert a new value Move a value by number Table 11-47 SSL VPN Configuration AAA Group Linkset Menu Options Command Syntax and Usage list List all of the configured linksets. add <linkset_name> Add a linkset name. 592 Chapter 11: The SSL Processor Menu 320506-A. January 2006 . insert <position> <name> Insert a linkset into the linkset list.Nortel Application Switch Operating System 23.0.

Remove profile Table 11-48 SSL VPN Configuration AAA Group Extend Profiles Menu Options Command Syntax and Usage filter <client_filter_name> Set the client filter name reference.Linkset menu del . see page 594. access Go to the Access Rule menu. linkset Go to the Linkset menu.Access rule menu print .0. del Delete the Extended Profile. Chapter 11: The SSL Processor Menu 320506-A.2 Command Reference /ssl/cfg/vpn/aaa/group/extend SSL VPN Configuration AAA Group Extend Profiles Menu To enter the /ssl/cfg/vpn/aaa/group/extend menu level. you are prompted to create an extended service profile if one does not already exist. print Display the extended profile information.Print access rules usertype . To view the menu options.Set portal user type linkset . see page 595. January 2006 593 . To view the menu options.Set client filter reference access . SSL >> Group 1# extend Enter profile number or name (1-63): 1 Creating Extended Profile 1 Enter client filter name: Filter_1 Enter user type (advanced/medium/novice): novice -----------------------------------------------------------[Extended Profile 1 Menu] filter . usertype advanced|medium|novice Set the portal user level.Nortel Application Switch Operating System 23.

Nortel Application Switch Operating System 23. service <service_name> Set the Service name reference.2 Command Reference /ssl/cfg/vpn/aaa/group/extend/access SSL VPN Configuration AAA Group Extend Profiles Access Menu [Access rule 1 Menu] network .Set application specific reference action .Set access rule comment del .. January 2006 . appspec <application_name> Set the Application name reference.Set network reference service .Set service reference appspec .Remove access rule Table 11-49 SSL VPN Configuration AAA Group Extend Profiles Access Menu Options Command Syntax and Usage network <network_name> Set the network name reference. del Delete the Extended Profile Access rule.Set action comment . 594 Chapter 11: The SSL Processor Menu 320506-A. comment Create a description (comment) of the Access rule.0. action accept|reject Accept or reject the Access rule change.

Nortel Application Switch Operating System 23. January 2006 595 . add <extended_profile_linkset_name> Add an Extended Profile linkset name. del <extended_profile_linkset_name> Delete the Extended Profile Linkset. /ssl/cfg/vpn/aaa/group/ipsec SSL VPN Configuration AAA Group IPsec Menu [IPsec Menu] secret utunnel .Set shared secret .2 Command Reference /ssl/cfg/vpn/aaa/group/extend/ linkset SSL VPN Configuration AAA Group Extend Profiles Linkset Menu [Linksets Menu] list del add insert move List all values Delete a value by number Add a new value Insert a new value Move a value by number Table 11-50 SSL VPN Configuration AAA Group Extend Profiles Linkset Menu Options Command Syntax and Usage list List all of the configured Extended Profile linksets. insert <position> <name> Insert an Extended Profile linkset into the linkset list. move <value> <value> Move the Extended Profile linkset from one position to another in the linkset list.0.Set user tunnel profile Table 11-51 SSL VPN Configuration AAA Group IPsec Menu Options Command Syntax and Usage secret <string> Set the group Secret value. Chapter 11: The SSL Processor Menu 320506-A.

Nortel Application Switch Operating System 23.2 Command Reference Table 11-51 SSL VPN Configuration AAA Group IPsec Menu Options Command Syntax and Usage utunnel <string> Set the user tunnel profile name. January 2006 . 596 Chapter 11: The SSL Processor Menu 320506-A.0.

del <index> Delete an SSO domain.List all values del .Move a value by number Table 11-53 SSL VPN Configuration AAA Single-sign on Headers Menu Options Command Syntax and Usage list List all of the configured SSO Headers.List all values del .Insert a new value move .Delete a value by number add .Add a new value insert .0. add <domain_name> <mode.Delete a value by number add . January 2006 597 .2 Command Reference /ssl/cfg/vpn/aaa/ssodomains SSL VPN Configuration AAA Single-sign on Enabled Domains Menu [SSO Domain menu Menu] list . Chapter 11: The SSL Processor Menu 320506-A. del <SSO Headers_name> Delete the SSO Header. normal|add_domain> Add an SSO domain.Nortel Application Switch Operating System 23.Add a new value Table 11-52 SSL VPN Configuration AAA Single-sign on enabled Domains Menu Options Command Syntax and Usage list List all of the SSO domains. /ssl/cfg/vpn/aaa/ssoheaders SSL VPN Configuration AAA Single-sign on Headers Menu [SSO headers menu Menu] list .

January 2006 .Nortel Application Switch Operating System 23. insert <position> <domain> <header_name> Insert a SSO Header into the headers list.2 Command Reference Table 11-53 SSL VPN Configuration AAA Single-sign on Headers Menu Options Command Syntax and Usage add <domain> <header_pattern> Add an SSO Header.0. move <value> <value> Move the SSO Headers from one position to another in the SSO Headers list. 598 Chapter 11: The SSL Processor Menu 320506-A.

ssl/cfg/vpn/aaa/radacct/servers SSL VPN Configuration AAA Radius Accounting Servers Menu [RADIUS Accounting list del add insert move Servers Menu] List all values Delete a value by number Add a new value Insert a new value Move a value by number Table 11-55 SSL VPN Configuration AAA Radius Accounting Menu Options Command Syntax and Usage list List all of the configured Radius Accounting servers. see page 599.2 Command Reference /ssl/cfg/vpn/aaa/radacct SSL VPN Configuration AAA Radius Accounting Menu [RADIUS Accounting servers vpnattribu ena dis Menu] RADIUS accounting servers menu VPN attribute menu Enable RADIUS accounting Disable RADIUS accounting Table 11-54 SSL VPN Configuration AAA Radius Accounting Menu Options Command Syntax and Usage servers Go to the Radius servers menu. Chapter 11: The SSL Processor Menu 320506-A. del <Radius_Accounting_server_name> Delete the SSO Header. see page 601. To view the menu options.Nortel Application Switch Operating System 23. January 2006 599 . ena enable|disable Enable AAA radius accounting. dis enable|disable Disable AAA radius accounting.0. To view the menu options. vpnattribu Go to the VPN attribute menu.

0. January 2006 .2 Command Reference Table 11-55 SSL VPN Configuration AAA Radius Accounting Menu Options Command Syntax and Usage add <ip_address> <port> <secret> Add a Radius Account. 600 Chapter 11: The SSL Processor Menu 320506-A. move <value> <value> Move the Radius account from one position to another in the account list.Nortel Application Switch Operating System 23. insert <position> <ip_address> <port> <secret> Insert a Radius account into the account list.

Nortel Application Switch Operating System 23. /ssl/cfg/vpn/server SSL VPN Configuration Server Menu [Server Menu] port dnsname trace ssl tcp http proxymap portal adv ena dis Set listen port of server Set DNS name of server Traffic trace menu SSL settings menu TCP endpoint settings menu HTTP settings menu Intranet proxy configuration menu Portal settings menu Advanced settings menu Enable virtual server Disable virtual server Table 11-57 SSL VPN Configuration Server Menu Options Command Syntax and Usage port <integer. Chapter 11: The SSL Processor Menu 320506-A.Set vendor type for the VPN attribute Table 11-56 SSL VPN Configuration AAA Radius Accounting VPN attributes Menu Options Command Syntax and Usage vendorid <vendorID> Set the vendor name.Set vendor id for the VPN attribute vendortype .2 Command Reference ssl/cfg/vpn/aaa/radacct/vpnattribu SSL VPN Configuration AAA Radius Accounting VPN attributes Menu [VPN Attribute Menu] vendorid .0. dnsname <fully_qualified_DNS_name> Set the DNS name of the server. January 2006 601 . vendortype <integer> Set the vendor type. 1-65534> Set the listen port of the server.

adv Go to the Advanced settings menu. /ssl/cfg/vpn/server/trace SSL VPN Configuration Server Traffic Trace Menu [Trace Menu] ssldump tcpdump ping dnslookup traceroute Create traffic dump Create traffic dump Ping through backend interface Lookup a name in DNS through backend interface traceroute through backend interface Table 11-58 SSL VPN Configuration Server Traffic Trace Menu Options Command Syntax and Usage ssldump Create an SSL traffic dump. To view the menu options. tcp Go to the TCP endpoint settings menu. see page 605.2 Command Reference Table 11-57 SSL VPN Configuration Server Menu Options Command Syntax and Usage trace Go to the Trace menu. To view the menu options. ena enable|disable Enable the VPN server. see page 606. see page 609. http Go to the HTTP settings menu.org/tcpdump_man. see page 602. To view the menu options. proxymap Go to the Intranet Proxy configuration menu. To view the menu options. see page 609. To view the menu options. see page 608. To view the menu options. dis enable|disable Disable the VPN server. January 2006 . portal Go to the Portal menu.0. See the tcpdump documentation for a desription of the patterns that are allowed. ssl Go to the SSL settings menu.html). 602 Chapter 11: The SSL Processor Menu 320506-A.Nortel Application Switch Operating System 23. (http://www.To view the menu options.tcpdump. see page 603.

(http://www.tcpdump.Set SSL cache size cachettl .Nortel Application Switch Operating System 23.2 Command Reference Table 11-58 SSL VPN Configuration Server Traffic Trace Menu Options Command Syntax and Usage standalone on|off Create a TCP traffic dump.0.Set list of CA chain certificates protocol . cachesize <integer.Set list of accepted signers of client certificates cachain . cachettl <integer> Set the SSL cache timeout (in minutes).Set certificate verification level ena . Use this command to identify the route used for station-tostation connectivity across the network. /ssl/cfg/vpn/server/ssl SSL VPN Configuration Server SSL Settings Menu [SSL Settings Menu] cert .html) traceroute .Enable SSL dis . traceroute Traceroute through backend interface.Set cipher list verify .traceroute through backend interface ping <hostname> Ping through the backend interface.org/tcpdump_man.Set server certificate cachesize . Chapter 11: The SSL Processor Menu 320506-A.Set protocol version ciphers . 0 to 10000> Set the SSL cache size (kBytes). See the tcpdump documentation for a desription of the patterns that are allowed.Set SSL cache timeout cacerts . January 2006 603 . 1 to 1500> Set the IP address of the VPN. dnslookup <hostname> Lookup a name in DNS through the backend interface.Disable SSL Table 11-59 SSL VPN Configuration Server SSL Settings Menu Options Command Syntax and Usage cert <certicate_nuber.

This option does not add any new ciphers. . ciphers Set the cipher list. the cipher string @STRENGTH sorts the current cipher list in order of encryption algorithm key length. use a comma to separate the entries. but the ciphers can be added again by later options. If more than one. SSLv3:TLSv1).g.0. ena enable|disable Enable SSL. + moves the ciphers to the end of the list. Lists of cipher suites can be combined using a logical and operation (+) (e. protocol ssl2|ssl3|ssl23|tls1 Set the protocol version. use a comma to separate the entries. cachain <certificate_numbers> Set the list of CA chain certificates.g. The cipher list consists of one or more cipher strings separated by colons (e. verify none|optional Set the certificate verification level. SHA1+DES represents all cipher suites containing the SHA1 and the DES algorithms).2 Command Reference Table 11-59 SSL VPN Configuration Server SSL Settings Menu Options Command Syntax and Usage cacerts <certificate_numbers> Set the list of accepted signers of client certificates.g. If more than one. Additionally.deletes the ciphers from the list. January 2006 . . !RSA). 604 Chapter 11: The SSL Processor Menu 320506-A.Nortel Application Switch Operating System 23. Each cipher string can be optionally preceded by the characters !.or +: ! permanently delets the ciphers from the list (e. dis enable|disable Disable SSL.

Chapter 11: The SSL Processor Menu 320506-A. srecbuf auto|<integer. in seconds. 2000 to 100000> Set the client TCP send buffer size (Bytes). January 2006 605 . 1 to 2147483647s> Set the server TCP connect timeout.0.Set skeep . 2000 to 100000> Set the server TCP send buffer size (Bytes).Set srecbuf . 2000 to 100000> Set server TCP receive buffer size (Bytes).Set crecbuf .Set swrite .Set ckeep .2 Command Reference /ssl/cfg/vpn/server/tcp SSL VPN Configuration Server TCP endpoint Settings Menu [TCP Settings Menu] cwrite .Set csendbuf . crecbuf auto|<integer. swrite <integer. ssendbuf auto|<integer.Set ssendbuf .Set client TCP receive buffer size ssendbuf . 2000 to 100000> Set the client TCP receive buffer size (Bytes). 1 to 2147483647s> Set client TCP write timeout. 1 to 2147483647s> Set the SOCKS client TCP keep alive heartbeat timeout.Nortel Application Switch Operating System 23. crecbuf .Set sconnect .Set server TCP send buffer size srecbuf . 1 to 2147483647s> Set client TCP keep alive timeout. sconnect <integer.Set server TCP receive buffer size ckeep <integer. 1 to 2147483647s> Set the server TCP write timeout. csendbuf auto|<integer.Set client TCP write timeout client TCP keep alive timeout socks client TCP keep alive heartbeat timeout server TCP write timeout server TCP connect timeout client TCP send buffer size client TCP receive buffer size server TCP send buffer size server TCP receive buffer size Table 11-60 SSL VPN Configuration Server TCP endpoint settings Menu Options Command Syntax and Usage ips <integer. skeep <integer.

Add SSL header with serial in hex sslsidhead .Set allow script caching allowica .2 Command Reference /ssl/cfg/vpn/server/http SSL VPN Configuration Server HTTP Settings Menu [HTTP Settings Menu] downstatus .Nortel Application Switch Operating System 23.SSL triggered rewrite menu securecook . To view the menu options.Add X-Forwarded-For header addvia .Set server down reply status rewrite . rewrite on|off Go to the SSl triggered Rewrite menu.Set MSIE session termination bug workaround maxrcount . securecook on|off Set the “add secure” option for the session cookie. sslheader on|off Add an SSL session ID header.0.Set max number of persistant client requests maxline . sslxheader on|off Add an SSL header with serial number in hexadecimal. addxfor on|off|anonymous|remove Add X-Forwarded-For header.Add SSL header sslxheader .Add no-cache/no-store HTTP header allowimage .Set add secure option to session cookie sslheader . 606 Chapter 11: The SSL Processor Menu 320506-A.Add Via header addxisd .Add HTTP-X-ISD debug header addclicert . January 2006 .Add Client-Cert as a HTTP header addnostore .Allow document caching allowscrip . see page 607.Allow ICA file caching cmsie . sslsidhead on|off Add an SSL SID header.Allow image caching allowdoc .Set max line length Table 11-61 SSL VPN Configuration Server HTTP settings Menu Options Command Syntax and Usage downstatus unavailable|redirect|reset Set the server down reply status.Add SSL SID header addxfor .

/ssl/cfg/vpn/server/http/rewrite SSL VPN Configuration Server SSL triggered rewrite Menu [Rewrite Menu] rewrite ciphers response URI Set Set Set Set SSL triggered rewrite accepted ciphers source of response URI with the weak cipher alert Chapter 11: The SSL Processor Menu 320506-A. January 2006 607 . allowdoc on|off Set document caching allowscrip on|off Set allow script caching. cmsie on|off Set MSIE session termination bug workaround. maxrcount <integer> Set max number of persistant client requests.Nortel Application Switch Operating System 23. allowica on|off Set ICA file caching.0. allowimage on|off Set image caching. maxline <integer> Set the maximum line length. addclicert on|off Set Client-Cert as a HTTP header.2 Command Reference Table 11-61 SSL VPN Configuration Server HTTP settings Menu Options Command Syntax and Usage addvia on|off|anonymous|remove Set VIA header addxisd on|off Set HTTP-X-ISD debug header. adddnostore on|off Set no-cache/no-store HTTP header.

/ssl/cfg/vpn/server/proxymap SSL VPN Configuration Server Intranet Proxy settings Menu The PROXY menu is not available for type portal and socks servers.Delete a value by number add . Lists of cipher suites can be combined using a logical and operation (+) (e. Additionally the cipher string @STRENGTH sorts the current cipher list in order of encryption algorithm key length. SSLv3:TLSv1).Nortel Application Switch Operating System 23.Add a new value insert .2 Command Reference Table 11-62 SSL VPN Configuration Server SSL triggered rewrite Menu Options Command Syntax and Usage rewrite on|off Set SSL triggered rewrite. + moves the ciphers to the end of the list. response iSD|WebServer Set the source of response. For example. .List all values del . January 2006 . For step-up certificates we recommend ALL:-RC2:SHA1:@STRENGTH ciphers <string> Set the accepted ciphers.g. /cgi-bin/weakcipher. SHA1+DES represents all cipher suites containing the SHA1 and the DES algorithms). Each cipher string can be optionally preceded by the characters !.deletes the ciphers from the list. The cipher list consists of one or more cipher strings separated by colons (e.Insert a new value move . 608 Chapter 11: The SSL Processor Menu 320506-A.Move a value by number Table 11-63 SSL VPN Configuration Server Intranet Proxy settings Menu Options Command Syntax and Usage list List all of the server Intranet Proxy settings.0.g. but the ciphers can be added again by later options.or +: ! permanently delets the ciphers from the list (e. URI <WebServer response only> Set the URI with the weak cipher alert. This option doesn't add any new ciphers it just moves matching existing ones.g. . !RSA). [Proxy Mapping Menu] list .

persistent on|off Set the use of persistent session cookies. domain <domain_name> Set the cookie domain name for the portal. ssl/cfg/vpn/server/adv SSL VPN Configuration Server Advanced Menu [Advanced Settings Menu] traflog .SSL connect menu Chapter 11: The SSL Processor Menu 320506-A.Nortel Application Switch Operating System 23. move <value> <value> Move the Intranet Proxy server from one position to another in the server list.2 Command Reference Table 11-63 SSL VPN Configuration Server Intranet Proxy settings Menu Options Command Syntax and Usage del <Proxy_server_name> Delete the Intranet Proxy server. January 2006 609 . insert <position> <ip_address> <port> Insert a Intranet Proxy server into the Proxy server list.Set Re-Set session cookie in each request . add <ip_address> <port> Add an Intranet Proxy server. ssl/cfg/vpn/server/portal SSL VPN Configuration Server Portal settings Menu [Portal Settings resetcooki domain persistent Menu] .Set use persistent session cookies Table 11-64 SSL VPN Configuration Server Portal settings Menu Options Command Syntax and Usage resetcoolki on|off Set the Reset session cookie in each request.Set cookie domain .0.UDP syslog Traffic Log menu sslconnect .

Set syslog host IP udpport . facility <string> Set the syslog facility.2 Command Reference Table 11-65 SSL VPN Configuration Server Advanced Menu Options Command Syntax and Usage traflog <IP_address> Go to the UDP syslog Traffic Log menu.Disable traffic UDP syslog logging Table 11-66 SSL VPN Configuration Server UDP Syslog Traffic Log Menu Options Command Syntax and Usage sysloghost <IP_address> Set the IP address of the VPN. To view the menu options.Enable traffic UDP syslog logging dis .Set syslog priority facility .0.Nortel Application Switch Operating System 23. sslconnect on|off Go to the SSL Connect menu. To view the menu options. priority <syslog_name> Set the syslog priority. January 2006 . dis Disable traffic UDP syslog messaging. 610 Chapter 11: The SSL Processor Menu 320506-A. see page 610.Set syslog portnumber priority . ssl/cfg/vpn/server/adv/traflog SSL VPN Configuration Server UDP Syslog Traffic Log Menu [Traffic Log Settings Menu] sysloghost . ena enable|disable Enable traffic UDP syslog messaging. see page 611.Set syslog facility ena . udpport <UDP_port_number> Set the standalone mode.

cert <certicate_number. Chapter 11: The SSL Processor Menu 320506-A.Verify server menu Table 11-67 SSL VPN Configuration Server UDP Syslog Traffic Log Menu Options Command Syntax and Usage protocol ssl2|ssl3|ssl23|tls1 Set the Protocol version.0.Set protocol version cert . 1 to 1500> Set the client certificate. SSLv3:TLSv1). Additionally the cipher string @STRENGTH sorts the current cipher list in order of encryption algorithm key length.g.Set accepted ciphers for ssl connect verify . verify Go to the Verify server menu.or +. but the ciphers can be added again by later options. ciphers Set the accepted ciphers for SSL connection. SHA1+DES represents all cipher suites containing the SHA1 and the DES algorithms). + moves the ciphers to the end of the list. Lists of cipher suites can be combined using a logical and operation (+) (e.g.g.Set client certificate ciphers .deletes the ciphers from the list.2 Command Reference ssl/cfg/vpn/server/adv/sslconnect SSL VPN Configuration Server SSL Connect Menu [SSL Connect Settings Menu] protocol . !RSA). ! permanently delets the ciphers from the list (e. The cipher list consists of one or more cipher strings separated by colons (e. see page 612.Nortel Application Switch Operating System 23. . Each cipher string can be optionally preceded by the characters !. January 2006 611 . . To view the menu options.

Set list of accepted signers of clients certificate . If more than one. use a comma to separate each entry.IKE profile . 612 Chapter 11: The SSL Processor Menu 320506-A.Enable IPsec .Quick IPsec setup wizard . cacerts <certicate_numbers> Set the list of accepted signers for each server certificate.Set certificate verification level commonname .Set server common name cacerts . commonname <string> Set the server common name.User tunnel profile .Nortel Application Switch Operating System 23.Set server certificate Table 11-69 SSL VPN Configuration IPSEC Server Menu Options Command Syntax and Usage ena [enable|disable] Enable IPsec. January 2006 .Disable IPsec .Set list of accepted signers server's certificate Table 11-68 SSL VPN Configuration Server SSL Connect Verify Server Menu Options Command Syntax and Usage verify none|verify Set the Certicate Verication level.0. /ssl/cfg/vpn/ipsec SSL VPN Configuration IPsec Server Menu [IPsec Menu] ena dis quick ikeprof utunprof cacerts cert .2 Command Reference ssl/cfg/vpn/server/adv/sslconnect/ verify SSL VPN Configuration Server SSL Connect verify Server Menu [SSL Connect Verify Settings Menu] verify .

0. cert Set the server certicate.Nortel Application Switch Operating System 23. January 2006 613 . cacerts Set the list of accepted signers of clients certificate.0.0. For example: SSL >> IPsec# quick Do you want to use IPsec Group login? (yes/no) [no]: n Lower IP address in pool range: 0.0 Upper IP address in pool range: 1.1 Enabled IPsec Creating IKE Profile 1 Name: vpn_1_1 Creating User Tunnel Profile 1 Name: vpn_1_1 You should create a AAA group for the user tunnel profile Enabled Pool Use apply to activate the changes ikeprof Go to the IKE profile menu. quick Use the Quick IPsec setup wizard.2 Command Reference Table 11-69 SSL VPN Configuration IPSEC Server Menu Options Command Syntax and Usage dis [enable|disable] Disable IPsec.1.1. utunprof Set the User tunnel profile. Chapter 11: The SSL Processor Menu 320506-A.

614 Chapter 11: The SSL Processor Menu 320506-A. in seconds. see page 615. To view the menu options.Set ISAKMP max attempts retransmits replaywins . enc Go to the Encryption mask menu. del <IKE_profile_name> Disable IPsec.Set ISAKMP retransmit interval maxretrans . in seconds.Dead peer menu Table 11-70 SSL VPN Configuration IPSEC Server IKE Profile Menu Options Command Syntax and Usage name <string> Set the IKE profile name. see page 616.Set replay window size nat .Enable Perfect Forward Secrecy initcontac .To view the menu options.Nortel Application Switch Operating System 23.Encryption mask menu dh .Set rekey time limit rekeytraf . pfs on|off Enable Perfect Forward Secrecy.Diffie-Hellman group mask menu pfs .NAT menu deadpeer . January 2006 .Accept ISAKMP initial contact payload rekeytime .2 Command Reference /ssl/cfg/vpn/ipsec/ikeprof SSL VPN Configuration IPsec Server IKE Profile Menu [IKE Profile 1 Menu] name . retransmit <integer> Set ISAKMP retransmit limit.Set IKE profile name del . initcontac on|off Accept ISAKMP intitial contact payload. in KBytes.Remove IKE Profile enc . rekeytime <integer> Set the rekey time limit.0.Set rekey traffic limit retransmit . dh Go to the Diffie_Hellman group mask menu. rekeytraf <integer> Set rekey traffic limit.

hmac_sha on|off Set HMAC with SHA. null_sha on|off Set NULL with SHA. see page 617.0. Chapter 11: The SSL Processor Menu 320506-A.Nortel Application Switch Operating System 23.To view the menu options. replaywins <integer> Set replay window size. null_md5 on|off Set NULL with MD5. January 2006 615 . see page 617. /ssl/cfg/vpn/ipsec/ikeprof/enc SSL VPN Configuration IPsec Server IKE Profile Encryption Menu [Encryption Menu] hmac_md5 hmac_sha null_md5 null_sha des_md5 des_sha 3des_md5 3des_sha aes_128_sh Set Set Set Set Set Set Set Set Set HMAC with MD5 HMAC with SHA NULL with MD5 NULL with SHA DES with MD5 DES with SHA 3DES with MD5 3DES with SHA 128 bits AES with SHA Table 11-71 SSL VPN Configuration IPSEC Server IKE Profile Encryption Menu Options Command Syntax and Usage hmac_md5 on|off Set HMAC with MD5.To view the menu options.2 Command Reference Table 11-70 SSL VPN Configuration IPSEC Server IKE Profile Menu Options Command Syntax and Usage maxretrans <integer> Set the maximum ISAKMP attempts to retransmit. nat Go to the NAT menu. deadpeer Go to the Dead Peer menu.

January 2006 .Set Diffie-Hellman group 2 dh5 .Set Diffie-Hellman group 1 dh2 . 3des_sha on|off Set 3DES with SHA.Nortel Application Switch Operating System 23. dh2 on|off Set Diffie_Hellman group 2. dh5 on|off Set Diffie_Hellman group 5. des_sha on|off Set DES with SHA. 616 Chapter 11: The SSL Processor Menu 320506-A. aes_128_sh on|off Set 128 bits AES with SHA.Set Diffie-Hellman group 5 Table 11-72 SSL VPN Configuration IPSEC Server IKE Profile Diffie-Hellman Group Mask Menu Options Command Syntax and Usage dh1 on|off Set Diffie_Hellman group 1. 3des_md5 on|off Set 3DES with MD5. /ssl/cfg/vpn/ipsec/ikeprof/dh SSL VPN Configuration IPsec Server IKE Profile DiffieHellman Group Mask Menu [Diffie-Hellman Group Menu] dh1 .0.2 Command Reference Table 11-71 SSL VPN Configuration IPSEC Server IKE Profile Encryption Menu Options Command Syntax and Usage des_md5 on|off Set DES with MD5.

0. Chapter 11: The SSL Processor Menu 320506-A.Set detect timeout .Set ESP UDP NAT detect . January 2006 617 . in seconds.Set keepalive timeout Table 11-73 SSL VPN Configuration IPSEC Server IKE Profile NAT Menu Options Command Syntax and Usage natdetect disabled|auto|ipsec_capable|use_udp_encap Set ESP UDP detection. in seconds. keepalive <integer> Set the keepalive timeout.Nortel Application Switch Operating System 23. timeout <integer> Set the detection timeout. /ssl/cfg/vpn/ipsec/ikeprof/deadpeer SSL VPN Configuration IPsec Server IKE Profile Dead Peer Menu [Dead Peer Menu] ena dis interval retransmit Enable dead peer detection Disable dead peer detection Set detect interval Set max retransmissions Table 11-74 SSL VPN Configuration IPSEC Server IKE Profile Dead Peer Menu Options Command Syntax and Usage ena [enable|disable] Enable dead peer detection.2 Command Reference /ssl/cfg/vpn/ipsec/ikeprof/NAT SSL VPN Configuration IPsec Server IKE Profile NAT Menu [NAT Menu] natdetect timeout keepalive . dis [enable|disable] Disable dead peer detection.

/ssl/cfg/vpn/ippool SSL VPN Configuration IP Pool Menu [Pool Menu] ena dis lowerip upperip proxyarp info Enable pool Disable pool Set lower IP in pool range Set upper IP in pool range Set proxy arp on clean side interfaces Print alloc info for this VPN Table 11-75 SSL VPN Configuration IP IPool Menu Options Command Syntax and Usage ena enable|disable Enable the IP Pool. dis enable|disable Disable the IP Pool. info Display all of the IP Pool configuration information. upperip <upper_IP_address> Set the upper IP address in the pool range. January 2006 . retransmit <integer> Set the maximum number retransmissions.0. proxyarp on|off|all Set proxy ARP on clean side interfaces. lowerip <lower_IP_address> Set the lower IP address in the pool range.2 Command Reference Table 11-74 SSL VPN Configuration IPSEC Server IKE Profile Dead Peer Menu Options Command Syntax and Usage interval <integer> Set the detection interval.Nortel Application Switch Operating System 23. 618 Chapter 11: The SSL Processor Menu 320506-A. in seconds.

Chapter 11: The SSL Processor Menu 320506-A. logintext Set static text on login page..0.. For example: SSL >> Portal# import Select protocol (tftp/ftp/scp/sftp) [tftp]: ftp Enter hostname or IP address of server: 0.0. and then type ". press Enter to create a new line. Write or paste the text to show up in the Login window.gif restore Restores default Nortel banner.2 Command Reference /ssl/cfg/vpn/portal SSL VPN Configuration Portal Menu [Portal Menu] import restore banner redirect logintext iconmode linktext linkurl linkcols linkwidth companynam colors faccess lang wiper ieclear whitelist citrix Import banner image gif Restores default Nortel banner Show installed banner file Set redirect URL Set static text on login page Set Home tab icon mode Set static text on link page Set url input field on link page Set number of columns on home tab Set width of link columns on home tab Set company name used on portal pages Portal colors menu Full Access menu Portal language menu Set use ActiveX component for clearing cache Set use IE ClearAuthCache White-list settings menu Set Citrix support Table 11-76 SSL VPN Configuration Portal Menu Options Command Syntax and Usage import [<protocol> <hostname> <bannerfilename>] Import banner image gif. redirect <URL> Set redirect URL.0 Enter filename on server: nortel_banner." (without the quotation marks) to terminate.0. iconmode clean|fancy Set Home tab icon mode. January 2006 619 . banner Show installed banner file.Nortel Application Switch Operating System 23.

620 Chapter 11: The SSL Processor Menu 320506-A.. Four can be considered a practical maximum. linkurl on|off Set URL input field on link page. linkwidth [auto|0 to 100%] Set width of link columns on home tab. Write or paste the text. see page 622. To view the menu options. linkcols [<integer>] Set number of columns on home tab. companynam [<string>] Set company name used on portal pages.0. colors Go to the Portal Colors menu. wiper [on|off] Set use ActiveX component for clearing cache.Nortel Application Switch Operating System 23." (without the quotation marks) to terminate. citrix [on|off] Set Citrix support. and then type ".2 Command Reference Table 11-76 SSL VPN Configuration Portal Menu Options Command Syntax and Usage linktext [<string>] Set static text on link page. see page 623. see page 621.To view the menu options. lang Go to the Portal language menu. To view the menu options. To view the menu options. faccess Go to the Full Access menu.. whitelist Go to the White-list settings menu. press Enter to create a new line. ieclear [on|off] Set use IE ClearAuthCache. see page 621. January 2006 .

Nortel Application Switch Operating System 23.Enable 'Full Access' tab dis .Set portal color color4 .Set text in 'Full Access' portal tab appletmsg .Set portal color color3 . theme [default|aqua|apple|jeans|cinnamon|candy] Set the color theme.Set Contivity IP address contid .Set Contivity group ID contpass . /ssl/cfg/vpn/portal/faccess SSL VPN Configuration Portal Full Access Menu [Full Access Menu] ena .0.Set Contivity group password portalmsg .Color theme 1 2 3 4 Table 11-77 SSL VPN Configuration Portal Colors Menu Options Command Syntax and Usage color1 [<HTML_color_syntax>] Set Portal color 1.Set portal color theme .Disable 'Full Access' tab ipsecmode .Set text in 'Full Access' Applet window Chapter 11: The SSL Processor Menu 320506-A. color2 [<HTML_color_syntax>] Set Portal color 2.Set portal color color2 . color4 [<HTML_color_syntax>] Set Portal color 4. #003399 for blue. For example.Set IPSEC Mode contip .2 Command Reference /ssl/cfg/vpn/portal/colors SSL VPN Configuration Portal Colors Menu [Portal Colors Menu] color1 . color3 [<HTML_color_syntax>] Set Portal color 3. January 2006 621 .

appletmsg Set text in 'Full Access' Applet window." (without the quotation marks) to terminate. press Enter to create a new line... and then type ". If you *only* enter ". dis [enable|disable] Disable 'Full Access' tab.0. January 2006 . /ssl/cfg/vpn/portal/lang SSL VPN Configuration Portal Language Menu [Portal Language setlang charset list Menu] . and then type ". ipsecmode [contivity|native] Set the IPSEC Mode.. For English. Write or paste text to show up in the Full Access Applet window.. press Enter to create a new line. Write or paste the text to show up in the Full Access Portal window.Set the language to be used in the portal . contip [<IP_address>] Set Contivity IP address.Print charset in use ." (without the quotation marks) to terminate." a default text will be generated.List supported languages Table 11-79 SSL VPN Configuration Portal Language Menu Options Command Syntax and Usage ips [<ISO 639 Language Code>] Set the language to be used in the portal. contpass [<string>] Set a Contivity group password.2 Command Reference Table 11-78 SSL VPN Configuration Portal Full Access Menu Options Command Syntax and Usage ena [enable|disable] Enable 'Full Access' tab.. portalmsg Set text in 'Full Access' portal tab. 622 Chapter 11: The SSL Processor Menu 320506-A.. contid [<string>] Set the Contivity group ID. enter en.Nortel Application Switch Operating System 23.

Disable URL rewrite white-list Table 11-80 SSL VPN Configuration Portal Whitelist settings Menu Options Command Syntax and Usage domains Go to the Domains menu. To view the menu options.Nortel Application Switch Operating System 23.Delete a value by number add .Add a new value Chapter 11: The SSL Processor Menu 320506-A. /ssl/cfg/vpn/portal/whitelist SSL VPN Configuration Portal Whitelist settings Menu [White-list Settings Menu] domains .2 Command Reference Table 11-79 SSL VPN Configuration Portal Language Menu Options Command Syntax and Usage charset on|off Display the current character set. see page 623.List all values del .Enable URL rewrite white-list dis .Configure white-list domains ena . /ssl/cfg/vpn/portal/whitelist/ domains SSL VPN Configuration Portal Whitelist settings Domains Menu [White-list menu Menu] list . ena [enable|disable] Enable URL re-write whitelist. dis [enable|disable] Disable URL re-write whitelist. For example: Charset = iso-8859-1 list Display all of the pre-defined languages. January 2006 623 .0.

Set autorun support link .Nortel Application Switch Operating System 23. 624 Chapter 11: The SSL Processor Menu 320506-A. SSL >> VPN 1# linkset Enter Linkset number or name (1-1023): 1 Creating Linkset 1 Linkset name: Linkset_1 Linkset text (HTML syntax.2 Command Reference Table 11-81 SSL VPN Configuration Portal Whitelist settings Domains Menu Options Command Syntax and Usage list Go to the Domains menu.Set linkset text autorun . /ssl/cfg/vpn/linkset SSL VPN Configuration Linkset Menu To enter the /ssl/cfg/vpn/linkset menu level. you are prompted to create a linkset if one does not already exist. text [<text_type>] Set the text type. only HTML is available (default). add [<domain_name>] Add a domain.0.Link menu del .Remove tunnel Table 11-82 SSL VPN Configuration Linkset Menu Options Command Syntax and Usage name <string> Set the linkset name. autorun [true|false>] Set the autorun linkset option. To view the menu options.Set linkset name text . del [<index>] Delete a value. In the current release. eg <b>A heading</b>): html Autorun Linkset (true/false) [false]: false -----------------------------------------------------------[Linkset 1 Menu] name . see page 621. January 2006 .

To view the menu options. SSL >> Linkset 1# link Enter Link number or name (1-1023): 1 Creating Link 1 Enter link text: Link_1 Enter type of link (hit TAB to see possible values) [internal]: <tab> smb ftp proxy custom mail telnet netdrive wts outlook netdirect terminal external internal eauto iauto Enter type of link (hit TAB to see possible values) [internal]: internal Entering: Internal settings menu Enter method (http/https): http Enter host (eg inside.Set link type internal .Set link text type . /ssl/cfg/vpn/linkset/link SSL VPN Configuration Linkset Link Menu To enter the /ssl/cfg/vpn/linkset/link menu level.Remove link Table 11-83 SSL VPN Configuration Linkset Link Menu Options Command Syntax and Usage move [<link_number>] Move the link.ca Enter path (eg /): /info Leaving: Internal settings menu -----------------------------------------------------------[Link 1 Menu] move .company.Move link text . del [<linkset_number>] Remove the linkset.Nortel Application Switch Operating System 23.0. you are prompted to create a link if one does not already exist. see page 625. Chapter 11: The SSL Processor Menu 320506-A.com): NoTel. January 2006 625 .Internal settings menu del .2 Command Reference Table 11-82 SSL VPN Configuration Linkset Menu Options Command Syntax and Usage link Go to the Link menu.

internal Go to the Internal link menu. January 2006 . See the list of link types on page 625.Nortel Application Switch Operating System 23. /ssl/cfg/vpn/linkset/link/internal SSL VPN Configuration Linkset Link Internal Setting Menu [Internal menu Menu] quick . del [<link_number>] Remove the link. see page 626. For example: SSL >> Internal menu# quick Enter method (http/https): http Enter host (eg inside.company. To view the menu options.Quick internal link wizard Table 11-84 SSL VPN Configuration Linkset Link Internal Settings Menu Options Command Syntax and Usage quick Configure the link using the internal link wizard.Set XML client configuration 626 Chapter 11: The SSL Processor Menu 320506-A.com): NoTel. type [link_type>] Set the link type.0.ca Enter path (eg /): / /ssl/cfg/vpn/sslclient SSL VPN Configuration SSL Client Menu [SSL VPN Client Menu] netdirect .2 Command Reference Table 11-83 SSL VPN Configuration Linkset Link Menu Options Command Syntax and Usage text [<link_name>] Set the name of the link.Allow Netdirect client xmlconfig .

/ssl/cfg/vpn/adv/dns SSL VPN Configuration Advanced DNS settings Menu [DNS Settings Menu] search ."(without the quotation marks) to terminate.Set backend interface used by VPN . To view the menu options. xmlconfig Set the XML client configuration.0. log [all|login|http|portal|reject|socks] Set the log option.DNS settings menu . see page 627. /ssl/cfg/vpn/adv SSL VPN Configuration Advanced Menu [Advanced Menu] interface dns log .. and then type ". Chapter 11: The SSL Processor Menu 320506-A.Set log settings Table 11-86 SSL VPN Configuration Advanced Menu Options Command Syntax and Usage interface [<backend_interface_number>] Set the backend interface. January 2006 627 .Nortel Application Switch Operating System 23. press Enter to create a new line..Set DNS search list Table 11-87 SSL VPN Configuration Advanced DN S settings Menu Options Command Syntax and Usage search [<domain_names>] Set the domain search list.2 Command Reference Table 11-85 SSL VPN Configuration SSL Client Menu Options Command Syntax and Usage netdirect [on|off] Allow a Netdirect VPN client. dns Go to the DNS settings menu. If more than one domain. Write or paste the text. use a comma to separate each entry.

rsa Go to the RSA server menu. see page 636.To view menu options. see page 638. To view menu options. see page 636. To view menu options.0. routes Go to the Routes menu. To view menu options. adm Go to the Administrative Applcations menu.To view menu options. see page 629.2 Command Reference /ssl/cfg/sys SSL Configuration System Menu [System Menu] mip host routes time dns rsa syslog accesslist adm user distrace Set management IP (MIP) address iSD host menu Routes menu Date and time menu DNS settings RSA Servers Syslog servers menu Access list menu Administrative applications menu User Access Control menu Disable tracing with tcpdump/ssldump Table 11-88 SSL Configuration System Menu Options Command Syntax and Usage mip [<IP_address>] Set the management IP (MIP) address. accesslist Go to the Access List menu. To view menu options. see page 647.Nortel Application Switch Operating System 23. host Go to the Host menu. 628 Chapter 11: The SSL Processor Menu 320506-A. see page 634. see page 630. user Go to the Administrative Applcations menu. syslog Go to the RSA server menu. To view menu options. To view menu options. see page 637. dns Go to the Time menu. time Go to the Time menu. January 2006 . To view menu options. see page 634.

. press Enter to create a new line. To view menu options. license [<string>] Enter or paste the host license information. see page 631. port Go to the iSD port configuration menu.. Paste the license. interface Go to the iSD host interface menu. see page 632. January 2006 629 ..2 Command Reference Table 11-88 SSL Configuration System Menu Options Command Syntax and Usage distrace [yes|no] Deactivate trace. /ssl/cfg/sys/host SSL Configuration System Host Menu [iSD Host 1 Menu] type ip license gateway routes interface port ports hwplatform halt reboot delete Set type of the iSD Set IP address Set License Set default gateway address Routes menu iSD host interface menu iSD port configuration menu Display physical ports Display hardware platform Halt the iSD Reboot the iSD Remove iSD Host Table 11-89 SSL Configuration System Host Menu Options Command Syntax and Usage type [master|slave] Set the iSD type.Nortel Application Switch Operating System 23. Trace cannot be reactivated during the session. To view menu options. Chapter 11: The SSL Processor Menu 320506-A. To view menu options. see page 633." (without the quotation marks) to terminate. routes Go to the Routes menu.0. and then type ". ip [<IP_address>] Set the IP address of the host. gateway [<IP_address>] Set default gateway address.

630 Chapter 11: The SSL Processor Menu 320506-A. delete [<hostname>] Remove iSD Host. add [<destination> <netmask> <gateway>] Add a route. del [<route_number>] Delete a route by its number. /ssl/cfg/sys/host/routes SSL Configuration System Host Routes Menu [Host Routes Menu] list .Nortel Application Switch Operating System 23. halt [yes|no] Halt the iSD platform. hwplatform Display hardware platform.List all values del .0.2 Command Reference Table 11-89 SSL Configuration System Host Menu Options Command Syntax and Usage ports Display the number of physical ports.Add a new value Table 11-90 SSL Configuration System Host Routes Menu Options Command Syntax and Usage list List all host routes. reboot [yes|no] Reboot the iSD. January 2006 .Delete a value by number add .

Set network mask gateway .Set IP address netmask .Routes menu vlanid . see page 633. primary [<port_number>] Set the Primary port. Chapter 11: The SSL Processor Menu 320506-A.2 Command Reference /ssl/cfg/sys/host/interface SSL Configuration System Host Menu [Host Interface 1 Menu] ip .Interface ports menu primary .Remove Host Interface Table 11-91 SSL Configuration System Host Interface Menu Options Command Syntax and Usage ip [<IP_address>] Set the host inteface IP address. January 2006 631 . To view menu options.Set default gateway address routes . vlanid [<integer>] Set the VLAN tag ID.Nortel Application Switch Operating System 23.Set primary port delete .0. routes Go to the Routes menu. ports Go to the Ports menu.Set mode ports . To view menu options.Set VLAN tag id mode . netmask [<IP_address>] Set the inteface netmask. delete [<interafce_hostname>] Delete the interface. gateway [<IP_address>] Set the Gateway IP address. mode [failover|trunking] Set the interface mode. see page 632.

Add a new value Table 11-92 SSL Configuration System Host Interface Menu Options Command Syntax and Usage list List all of the configured interface routes. When autonegotiation is not in use the default mode is full.Set autonegotiation speed . speed <10 | 100 | 1000> Sets the port speed in Mbits per second when autonegotiation is not in use. The default is on. /ssl/cfg/sys/host/port SSL Configuration System Host Port Menu [Host Port 1 Menu] autoneg .2 Command Reference /ssl/cfg/sys/host/interface/routes SSL Configuration System Host Interface Routes Menu [Host Interface Routes Menu] list . mode <full | half> Sets the duplex mode of the port when autonegotiation is not in use.0.Delete a value by number add . del [<route_number>] Delete an interface route. add [<destination> <netmask> <gateway>] Add an interface route.Set Speed mode .List all values del .Nortel Application Switch Operating System 23. 632 Chapter 11: The SSL Processor Menu 320506-A. January 2006 .Set full or half duplex mode Table 11-93 SSL Configuration System Host Port Menu Options Command Syntax and Usage autoneg <on | off> Enables or disables autonegotiation on the port.

Set Timezone ntp .Configure NTP servers Table 11-95 SSL Configuration System Time Menu Options Command Syntax and Usage date [YYYY-MM-DD] Enter the date. ntp Configure NTP servers.Nortel Application Switch Operating System 23.Set system date time .2 Command Reference /ssl/cfg/sys/routes SSL Configuration System Menu [Routes Menu] list del add .0. tzone [<continent_number> <country_number> <region_number>] Set the time zone. This command removes the specified static route from the system configuration. Use the list command to display the index numbers of all added static routes.List all values . Chapter 11: The SSL Processor Menu 320506-A. /ssl/cfg/sys/time SSL Configuration System Time Menu [Date and Time Menu] date .Add a new value Table 11-94 SSL Configuration System Menu Options Command Syntax and Usage list List all of the configured routes. see page 634.Delete a value by number . del [<route_number>] Delete a route. To view menu options. time [HH:MM:SS] Set the time. January 2006 633 . using a 24-hour clock scheme.Set system time tzone . add [<destination> <netmask> <gateway>] Add a static route.

To view menu options. see page 635. The NTP server you add is used by the NTP client on the iSD to synchronize its clock.Nortel Application Switch Operating System 23. Adds an NTP server to the system configuration. Use the list command to display the index numbers of all added NTP servers.0.Set ttl . add [<IP_address>] Add an NTP server. /ssl/cfg/sys/dns SSL Configuration System DNS settings Menu [DNS Settings Menu] servers .Set count .Add a new value Table 11-96 SSL Configuration System Time NTP Servers Menu Options Command Syntax and Usage list List the configured NTP servers.List all values del .Set retransmit .Set health .DNS cachesize ..Set hup .Set hdown . 634 Chapter 11: The SSL Processor Menu 320506-A.2 Command Reference /ssl/cfg/sys/time/ntp SSL Configuration System Time NTP servers Menu [NTP Servers Menu] list . del [<NTP_server>] Delete the NTP server.Set servers menu Local DNS cache size DNS Retransmit interval timer DNS Retransmit counter Max TTL Health check interval Health check down counter Health check up counter Table 11-97 SSL Configuration System DNS Settings Menu Options Command Syntax and Usage servers Go to the DNS Servers menu.Delete a value by number add . Removes the specified NTP server from the system configuration. NTP should have access to a number of servers (at least three) in order to compensate for any discrepancies in the servers. cachesize [<integer>] Set the DNS cache size in kBytes. January 2006 .

health [<integer>] Set Health check interval.Add a new value insert .0. ttl [<integer>] Set the maximum TTL. del <DNS_server_name> Delete the DNS server. January 2006 635 . add <ip_address> Add a DNS server.Nortel Application Switch Operating System 23.Insert a new value move . hdown [<integer>] Set Health check down counter hup [<integer>] Set Health check up counter sl/cfg/sys/dns/servers SSL Configuration System DNS Servers settings Menu [DNS Servers Menu] list .2 Command Reference Table 11-97 SSL Configuration System DNS Settings Menu Options Command Syntax and Usage retransmit [<integer>] Set the DNS retransmit interval timer value. count [<integer>] Set the DNS Retransmit counter value. Chapter 11: The SSL Processor Menu 320506-A. in seconds.Move a value by number Table 11-98 SSL Configuration System DNS Servers Menu Options Command Syntax and Usage list List all of the DNS server settings.List all values del . move <value> <value> Move the DNS server from one position to another in the server list.Delete a value by number add . insert <position> <ip_address> Insert a DNS server into the DNS server list. in seconds.

Nortel Application Switch Operating System 23.rec file. /ssl/cfg/sys/syslog SSL Configuration System SysLog Servers Menu [Syslog Servers Menu] list .Add a new value insert .rec file rmnodesecr . SSL >> System# rsa Enter RSA Server number or name: (1-255) 1 Creating RSA Servers 1 RSA server symbolic name: RSA_1 -----------------------------------------------------------[RSA Servers 1 Menu] rsaname .Move a value by number 636 Chapter 11: The SSL Processor Menu 320506-A.Remove RSA server Table 11-99 SSL Configuration System RSA servers Menu Options Command Syntax and Usage rsname <string>] Set the RSA server symbolic name.0. you are prompted to create an RSA server if one does not already exist. import [<protocol> <host> <file>] Import a sdconf.List all values del .Delete a value by number add . del Remove an RSA server.Insert a new value move . January 2006 .Set RSA server symbolic name import .Remove Node Secret del .Import sdconf. rmnodesecr [<node_secret_name>] Remove a Node Secret.2 Command Reference /ssl/cfg/sys/rsa SSL Configuration System RSA servers Menu To enter the /ssl/cfg/sys/rsa menu level.

or a range of machines on a specific network. Chapter 11: The SSL Processor Menu 320506-A. to the access list. To view all syslog servers currently added to the system configuration. del [<acces_list_number>] Delete an accesslist. January 2006 637 .Delete a value by number add . are enabled). use the list command.2 Command Reference Table 11-100 SSL Configuration System SysLog Servers Menu Options Command Syntax and Usage list List all of the Syslog server settings.List all values del . The index numbers you specify must be in use. Adds a single machine. /ssl/cfg/sys/accesslist SSL Configuration System Access List Menu [Access List Menu] list . add <ip_address> Add a Syslog server.Add a new value Table 11-101 SSL Configuration System Menu Options Command Syntax and Usage list List the accesslist values. del <Syslog_server_name> Delete the Syslog server.Nortel Application Switch Operating System 23. insert [<position> <ip_address> <local_facility>] Insert a Syslog server into the Syslog server list. move <value> <value> Move the Syslog server from one position to another in the server list. add Add a new value to the accesslist. Moves a syslog server up or down in the list of configured servers. Only those machines listed will be allowed to access the iSD host via a Telnet or SSH connection (assuming that Telnet or SSH connections.0. or both.

see page 639. Enables or disables SSH access. ssh Set the SSH CLI access.Set telnet CLI access ssh . To view menu options.SNMP menu clitimeout . see page 643. When set to off. in seconds. 638 Chapter 11: The SSL Processor Menu 320506-A. To view menu options.2 Command Reference /ssl/cfg/sys/adm SSL Configuration System Administrative applications Menu [Administrative Applications Menu] snmp .0.Nortel Application Switch Operating System 23. When set to off. all SSH connections are allowed.Set CLI idle timeout audit .HTTPS access menu sshkeys . January 2006 . Enables or disables Telnet access. including connections from machine(s) added to the access list. The default Telnet setting is off.Audit Settings Menu auth . When set to on and having added machine(s) to the access list. clitimeout [<integer>] Set the CLI idle timeout value. only the specified machine(s) are allowed SSH access. The default SSH setting is off. all SSH connections are rejected.SSH host keys menu Table 11-102 SSL Configuration System Administrative applications Menu Options Command Syntax and Usage snmp Go to the SNMP menu. only the specified machine(s) are allowed Telnet access.Set SSH CLI access http .Authentication menu telnet .HTTP access menu https . including connections from machine(s) added to the access list. When set to on and not having added machine(s) to the access list. all Telnet connections are rejected. When set to on and having added machine(s) to the access list. all Telnet connections are allowed. When set to on and not having added machine(s) to the access list. telnet Set the telnet CLI access. audit Go to the Audit menu.

versions [<SNMP_version_number>] Set the SNMP version.2 Command Reference Table 11-102 SSL Configuration System Administrative applications Menu Options Command Syntax and Usage http Go to the HTTP access menu. snmpv2-mib Go to the SNMPv2-MIB menu. To view menu options. Chapter 11: The SSL Processor Menu 320506-A. see page 641. To view menu options.0. dis [true|false] Disable SNMP. such as v1. see page 644. community Go to the SNMP community menu. /ssl/cfg/sys/adm/snmp SSL Configuration System Administrative applications SNMP Menu [SNMP Menu] ena dis versions snmpv2-mib community users target Enable SNMP Disable SNMP Set SNMP versions supported SNMPv2-MIB menu SNMP community menu SNMP USM Users Menu Notification target menu Table 11-103 SSL Configuration System Administrative applications SNMP Menu Options Command Syntax and Usage ena [true|false] Enable SNMP.Nortel Application Switch Operating System 23. To view menu options. see page 646. users Go to the SNMP USM Users community menu. January 2006 639 . see page 645. see page 640.To view menu options. see page 640. sshkeys Go to the HTTP access menu. To view menu options. https Go to the HTTP access menu. To view menu options.

iSD_cluster_name>] Assign a name to the managed iSD cluster. January 2006 . snmpEnable [<SNMP_trap_value>] Set the snmpEnableAuthenTraps value. /ssl/cfg/sys/adm/snmp/community SSL Configuration System Administrative applications SNMP Community Menu [SNMP Community Menu] read .Nortel Application Switch Operating System 23. /ssl/cfg/sys/adm/snmp/snmpv2-mib SSL Configuration System Administrative applications SNMPv2 MIB SNMP Menu [SNMPv2-MIB Menu] sysContact sysName sysLocatio snmpEnable Set Set Set Set sysContact sysName sysLocation snmpEnableAuthenTraps Table 11-104 SSL Configuration System Administrative applications SNMPv2MIB Menu Options Command Syntax and Usage sysContact [<name_of_a_person>] Set a system contact name.2 Command Reference Table 11-103 SSL Configuration System Administrative applications SNMP Menu Options Command Syntax and Usage target Go to the Notification target menu.Set Write Community String trap .Set Read Community String write . Designates a contact person for the managed iSD cluster. together with information on how to contact this person. see page 642.0. To view menu options. sysLocatio [<string>] Set the system location.Set Trap Community String 640 Chapter 11: The SSL Processor Menu 320506-A. sysName [<string.

Set user name seclevel .2 Command Reference Table 11-105 SSL Configuration System Administrative applications SNMP Community Menu Options Command Syntax and Usage read [<string>] Set the Read Community String.Set Encryption Password del . Enter user number or name: (1-1023) 1 Creating SNMP User 1 User name: Maint_Chief Enter security level (none/auth/priv) [priv]: priv Enter permission (list of get. If no control community name is specified.trap): get Enter auth password: <password> Enter priv password: <password> -----------------------------------------------------------[SNMP User 1 Menu] name . you are prompted to create a userID if one does not already exist. Specifies the control community name that grants read and write access to the Management Information Base (MIB). trap [<string>] Set the Trap Community String.set. If no trap community name is specified. Specifies the trap community name that accompanies trap messages sent to the SNMP manager.Set Security level permission . the sending of trap messages is disabled.Set Authentication Password privpasswd .Remove SNMP User Chapter 11: The SSL Processor Menu 320506-A. If no monitor community name is specified. The default monitor community name is public write [<string>] Set the Write Community String. Specifies the monitor community name that grants read access to the Management Information Base (MIB). January 2006 641 .Set Permission authpasswd .Nortel Application Switch Operating System 23. read access is not granted. neither write nor read access is granted.0. The default trap community name is trap /ssl/cfg/sys/adm/snmp/users SSL Configuration System Administrative applications SNMP Users Menu To enter the /ssl/cfg/sys/adm/snmp/users menu level.

seclevel [none|auth|priv] Set the user Security level. authpasswd [<string>] Set the Authentication Password. del [<SNMP_user_ID>] Remove the SNMP User. SSL >> SNMP# target Enter Notification Target number: (1-) 1 Creating Notification Target 1 Enter target ip: 0.Set target port version .Nortel Application Switch Operating System 23.0. privpasswd [<string>] Set the Encryption Password.Set target IP address port .2 Command Reference Table 11-106 SSL Configuration System Administrative applications SNMP Users Menu Options Command Syntax and Usage name [<string>] Set the user name.0. /ssl/cfg/sys/adm/snmp/target SSL Configuration System Administrative applications SNMP Target Menu To enter the /ssl/cfg/sys/adm/snmp/target menu level.Remove Notification Target 642 Chapter 11: The SSL Processor Menu 320506-A. permission [get|set|trap] Set user Permission. you are prompted to create a target if one does not already exist. January 2006 .0.Set SNMP version del .0 Enter snmp version (v1/v2c/v3): v1 -----------------------------------------------------------[Notification Target 1 Menu] ip .

port [<port_number] Disable SNMP. /ssl/cfg/sys/adm/audit SSL Configuration System Administrative applications Audit Menu [Audit Menu] servers vendorid vendortype ena dis RADIUS Servers Menu Set vendor id for audit attribute Set vendor type for audit attribute Enable Audit Disable Audit Table 11-108 SSL Configuration System Administrative applications Audit Menu Options Command Syntax and Usage servers Go to the Servers menu. del Delete the SNMP target. dis[<true|false>] Disable audit. vendorid [<string>] Set the vendor ID. version [v1|v2|v3] Set the SNMP version.0. January 2006 643 . ena [<true|false>] Enable Audit.Nortel Application Switch Operating System 23. To view menu options. see page 644.2 Command Reference Table 11-107 SSL Configuration System Administrative applications SNMP Target Menu Options Command Syntax and Usage ip [<IP_address] Set the target IP address. vendortype [<integer>] Set the vendor type. Chapter 11: The SSL Processor Menu 320506-A.

/ssl/cfg/sys/adm/http SSL Configuration System Administrative applications HTTP Menu [HTTP Menu] port ena dis . del <Audit_server_name> Delete the Audit server.0.Insert a new value move .Set HTTP Server port .Enable server .List all values del . move <value> <value> Move the Audit server from one position to another in the server list. insert [<position> <IP_address> <port> <secret>] Insert a Audit server into the Audit server list.Nortel Application Switch Operating System 23.Move a value by number Table 11-109 SSL Configuration System Administrative applications Audit Servers Menu Options Command Syntax and Usage list List all of the Audit server settings.2 Command Reference /ssl/cfg/sys/adm/audit/servers SSL Configuration System Administrative applications Audit Servers Menu [RADIUS Audit Servers Menu] list .Delete a value by number add .Add a new value insert . January 2006 . add [<IP_address> <port> <secret>] Add an Audit server.Disable server 644 Chapter 11: The SSL Processor Menu 320506-A.

ena [true|false] Enable the HTTP server.Set HTTPS Server port .Enable server .Disable server Table 11-111 SSL Configuration System Administrative applications HTTPS Menu Options Command Syntax and Usage port [<integer>] Set the HTTPS server port. Chapter 11: The SSL Processor Menu 320506-A. January 2006 645 .2 Command Reference Table 11-110 SSL Configuration System Administrative applications HTTP Menu Options Command Syntax and Usage port [<integer>] Set the HTTP server port.0. dis [true|false] Disable the HTTPS server. /ssl/cfg/sys/adm/https SSL Configuration System Administrative applications HTTPS Menu [HTTPS Menu] port ena dis . ena [true|false] Enable the HTTPS server.Nortel Application Switch Operating System 23. dis [true|false] Disable the HTTP server.

Nortel Application Switch Operating System 23.Add a new SSH host key import . January 2006 . knownhosts Go to the Known Host Keys menu.SSH known host keys menu Table 11-112 SSL Configuration System Administrative applications SSH Host keys Menu Options Command Syntax and Usage generate [yes|no] Generate new SSH host keys for the server cluster.Retrieve SSH key from remote host Table 11-113 SSL Configuration System Administrative applications Known SSH Host keys Menu Options Command Syntax and Usage list [yes|no] Display the known SSH keys of remote hosts. 646 Chapter 11: The SSL Processor Menu 320506-A.List known SSH keys of remote hosts del .2 Command Reference /ssl/cfg/sys/adm/sshkeys SSL Configuration System Administrative applications SSH Host keys Menu [SSH Host Keys generate show knownhosts Menu] .0. del [<hostkey_name>] Delete a host key. /ssl/cfg/sys/adm/sshkeys/knownhosts SSL Configuration System Administrative applications SSH Known Host keys Menu [SSH Known Host Keys Menu] list .Show current SSH host keys for the cluster . show Show the SSH host keys for the server cluster.Delete known SSH host key by index add . To view menu options.Generate new SSH host keys for the cluster . see page 644.

Paste the key. Only users with Administrator rights can delete user accounts. and then type ". To view menu options. add [<string>] Add a new user ID. you must also assign the user account to a group. Of the three built-in users (admin.0. and root) only the oper user can be deleted. oper. The password can contain spaces and is case respective. expire [DDdHHhMMmSS] Set the password expiry time and date. press Enter to create a new line. January 2006 647 . Only users with Administrator rights can add user accounts. /ssl/cfg/sys/user SSL Configuration System Menu [User Menu] passwd expire list del add edit caphrase Change own password Set password expire time interval List all users Delete a user Add a new user Edit a user menu Certadmin export passphrase Table 11-114 SSL Configuration System Menu Options Command Syntax and Usage passwd Change your current login password. del Delete a user ID. Removes the specified user account from the system.Nortel Application Switch Operating System 23. edit Go to the Edit a user menu. After a user account is added.2 Command Reference Table 11-113 SSL Configuration System Administrative applications Known SSH Host keys Menu Options Command Syntax and Usage add Add a new SSH host key. see page 648.." (without the quotation marks) to terminate import [<hostname_or_IP_address>] Retrieve an SSH key from a remote host. Chapter 11: The SSL Processor Menu 320506-A. list List all user accounts..

Add a new value Table 11-116 SSL Configuration System User Edit Groups Menu Options Command Syntax and Usage list List all of the user groups information.Nortel Application Switch Operating System 23.Groups menu cur . cur Display the user configurations. see page 551.0. January 2006 .List all values .Display current setting Table 11-115 SSL Configuration System User Edit Menu Options Command Syntax and Usage groups Go to theGroups menu. /ssl/cfg/sys/user/edit/groups SSL Configuration System User Edit Menu [Groups Menu] list del add . add [<string. 648 Chapter 11: The SSL Processor Menu 320506-A. user_group_name>] Add a user group. del [<user_group_name>] Delete a user group.Delete a value by number . /ssl/cfg/sys/user/edit SSL Configuration System User Edit Menu [User User_1 Menu] groups .2 Command Reference Table 11-114 SSL Configuration System Menu Options Command Syntax and Usage caphrase [<string>] Set the Certadmin export passphrase. To view menu options.

Chapter 11: The SSL Processor Menu 320506-A.0.List ISO 639 language codes del . del [<language_deinition_filename>] Delete a language definition. see page 651. /ssl/boot SSL Boot Menu [Boot Menu] software halt reboot delete Software management menu Halt the iSD Reboot the iSD Delete the iSD Table 11-118 SSL Configuration Boot Menu Options Command Syntax and Usage software Go to Software Management menu. January 2006 649 . en for English).Export language definition template list .2 Command Reference /ssl/cfg/lang SSL Configuration Language Support Menu [Language Support Menu] import .. export[<protocol> <host> <filename>] Export a language definition file. To view menu options. all of the codes that contain the argument characters are listed. vlist [<language_shortform>] List the ISO 639 language codes.Nortel Application Switch Operating System 23.List the loaded languages vlist .Import language definition file export . If a language_shortform argument is used (e. list [<language_number>] List the pre-defined languages that have been loaded.g.Delete (custom) language definition Table 11-117 SSL Configuration System Language Support Menu Options Command Syntax and Usage import [<protocol> <host> <filename> <ISO_language_code>] Import a language definition file from another host.

The command reboots the particular iSD host to which you have connected by Telnet.2 Command Reference Table 11-118 SSL Configuration Boot Menu Options Command Syntax and Usage halt Halt the iSD. Under these circumstances. Resets the particular iSD host to which you have connected via Telnet. Always use this command before turning off the device. January 2006 . use the halt command in the iSD Host menu (/cfg/sys/cluster/host #) instead. to its factory default configuration (all IP configuration is lost). you must use the /boot/delete command to present the Setup menu. delete Delete an iSD host. If you are connected by Telnet or SSH to the Management IP address (MIP). or has been physically removed from the cluster without first performing the delete command from the iSD Host menu. The /boot/delete command is primarily intended for situations when you want to delete an iSD host that has either become isolated from the cluster. use the reboot command in the iSD Host menu (/cfg/sys/cluster/host #) instead. NOTE – Note: If you receive a warning that the iSD you are trying to delete has no contact with any (other) master iSD in the cluster. If you are connected by Telnet or SSH to the Management IP address (MIP). or a console connection. you can only access the device via a console connection. from which you can perform the new and join commands. The software itself will remain intact.Nortel Application Switch Operating System 23. Log in as the admin user with the admin password to enter the Setup menu. reboot Reboot the iSD. After having performed a delete. or a console connection. connect to the MIP address by Telnet or SSH and delete the iSD from the cluster by using the delete command in the iSD Host menu (/cfg/sys/cluster/host #). SSH. SSH or a console connection. SSH. 650 Chapter 11: The SSL Processor Menu 320506-A.0. The command stops the particular iSD host to which you have connected by Telnet.

Remove unpacked/old releases Table 11-119 SSL Perfomance Software Menu Options Command Syntax and Usage cur Display the current software status. download [<protocol> <host> <filename>] Download a new software package.0.Download new software pkg. del [<software_version>] Remove old software releases.11 SSL 5.Select software version to run download . January 2006 651 . in case you do not want to activate the unpacked software upgrade package.0.Nortel Application Switch Operating System 23.34 SSL activate [<software_version>] Select the software version to run.2 Command Reference /ssl/boot/software SSL Performance Menu [Software Management Menu] cur . Only software versions whose status is indicated as unpacked (using the cur command) can be removed.0.Display current software status activate . via TFTP/FTP/SCP/SFTP del . For example: SSL >> Software Management# cur Version Name ---------4.1. Removes a software upgrade package that has been downloaded by using the tftp or ftp command. Status -----old permanent Chapter 11: The SSL Processor Menu 320506-A.1.

stoptrace Stop the Trace. Valid tags are all.Check applied configuration starttrace . ipsec. and so on. dumplogs Dump the log files. The information can then be used for technical support purposes. chkcfg [all-isds | one-isd] [item. netdirect. upref. ike.Start Trace stoptrace .Nortel Application Switch Operating System 23. The file sent to the TFTP server does not contain any sensitive information related to the system configuration. private keys. To view menu options. all iSD hosts in the cluster) and sends the information to a file in the gzip compressed tar format on the TFTP server you have specified.Tech suppt dump curr. aaa. starttrace [<tags>] [<VPN>] Start trace. System log file information is collected from the iSD host you are connected to (or optionally. January 2006 . ssl. all iSD hosts in the cluster) and sends the information to a file in the gzip compressed tar format on the TFTP server you have specified. dumpstat Dump the current status.. tg.Stop Trace Table 11-120 SSL Perfomance Maintenance Menu Options Command Syntax and Usage hsm Go to the HSM menu..Tech suppt dump log files to TFTP/FTP/SFTP server dumpstat . such as certificates.] Check the applied configuration.2 Command Reference /ssl/maint SSL Performance Maintenance Menu [Maintenance Menu] hsm . The information can then be used for technical support purposes.HSM menu dumplogs . 652 Chapter 11: The SSL Processor Menu 320506-A. status to TFTP/FTP/SFTP server chkcfg . pptp. see page 653.0. dns. net and direct_packet. ippool. Th current system internal status is collected from the iSD host you are connected to (or optionally.

changepass <card number [0 | 1]> <iKey [HSM-SO | HSM-USER]> <current password for the selected iKey> <new password for the selected iKey> Sets the password for a HSM-SO or a HSM-USER iKey.0. [HSM Menu] login .Split a wrap key onto CODE iKeys changepass .Change iKey password Table 11-121 SSL Perfomance Maintenance HSM Menu Options Command Syntax and Usage login <HSM-USER password for the currently inserted HSM-USER iKey> Lets you log in to a HSM card. using the HSM-USER iKey and the correct password. splitkey Splits the wrap key used by the hardware security module onto the two black CODE iKeys. Chapter 11: The SSL Processor Menu 320506-A. January 2006 653 .2 Command Reference /ssl/maint/hsm SSL Performance HSM Menu The /ssl/maint/hsm menu is only available to HSM enabled iSDs.Nortel Application Switch Operating System 23.Login to HSM cards on local iSD splitkey .

2 Command Reference 654 Chapter 11: The SSL Processor Menu 320506-A. January 2006 .0.Nortel Application Switch Operating System 23.

January 2006 . web server. vrrp. one of the following may be shown: console. only <Thread ID> and <Message> are shown. system. <source IP address> -> <destination IP address>. [<ICMP type>]. ip. and bgp <Message>: The log message Following is a list of potential syslog messages. web server. LOG_WARNING. or ssh. ssh. slb. To keep this list as short as possible. LOG_CRIT. [<layer-4 ports>]. [<TCP f1ags>]” ntp: ntp cannot contact primary NTP server <ip_address> cannot contact secondary NTP server <ip_address> 655 320506-A. telnet. LOG_INFO. telnet. For example: Aug 19 14:20:30 <Log Label> The following types of log messages are recorded: LOG_EMERG. [<IP protocol>]. The following thread IDs are recorded: stp. and LOG_DEBUG <Thread ID> This is the software thread that reports the log message. console. LOG_ERR.APPENDIX A Nortel Application Switch Operating System Syslog Messages The following syntax is used when outputting syslog messages: <Time stamp><Log Label>Web OS<Thread ID>:<Message> where <Timestamp> The time of the message event is displayed in month day hour:minute:second format. Where the <Thread ID> is listed as mgmt. LOG_ALERT. LOG_WARNING FILTER “filter <filter number> fired on port <port number>. The messages are sorted by <Log Label>. LOG_NOTICE.

Nortel Application Switch Operating System 23.2 Command Reference LOG_ALERT stp: IP vrrp: vrrp: vrrp: vrrp: slb: slb: gslb: gslb: gslb: gslb: slb: slb: slb: slb: bgp: bgp: vrrp: vrrp: dps: dps: syn_atk tcplim own BPDU received from port <port_id> cannot contact default gateway <ip_address> received errored advertisement from <ip_address> received incorrect password from <ip_address> received incorrect addresses from <ip_address> received incorrect advertisement interval <seconds> from <ip_address> cannot contact real server <ip_address> real server <ip_address> has reached maximum connections received update from <ip_address> for unknown remote server <ip_address> received update from <ip_address> for unknown virtual service received update for unknown remote server <ip_address> from <ip_address> received update for unknown service <ip_address:service> cannot contact real service <ip_address:real_port> real server failure threshold (<threshold>) has been reach for group <group_id> real server <ip_address> disabled through configuration Virtual Service Pool full. gSvcPool=MAX_SERVICES notification (<reason>) received from <BGP peer ip_address> session with <BGP peer ip_address> failed (<reason>) Synchronization from non-configured peer <ip_address> Synchronization from non-configured peer <ip_address> was blocked hold down triggered: <ip_address> for <min> minutes manual hold down: <ip_address> SYN attack detected: <count> new half-open sessions per second hold down triggered: <ip_address> for <min> minutes 656 Appendix A: Nortel Application Switch Operating System Syslog Messages 320506-A.0. January 2006 .

Try later” Error: Error writing %s config to FLASH New Path Cost for Port <port_id> is invalid PVID <vlan_id> for port <port_id> is not created RADIUS secret must be 1-32 characters long Please configure primary RADIUS server address STP changes can't be applied since STP is OFF Switch reset is required to turn STP on/off Trunk group <trunk_id> contains ports with different PVIDs Trunk group <trunk_id> has more than <max_trunk_ports> ports 320506-A.Nortel Application Switch Operating System 23. January 2006 Appendix A: Nortel Application Switch Operating System Syslog Messages 657 .0.2 Command Reference LOG_CRIT SYSTEM: temperature at sensor <sensor_id> exceeded threshold SYSTEM: internal power supply failed SYSTEM: redundant power supply failed SYSTEM: fan failure detected SSH can't allocate memory in load_MP_INT LOG_ERR mgmt: mgmt: mgmt: ntp: isd: stp: stp: mgmt: mgmt: mgmt: cli: cli: cli: cli: cli: cli: cli: cli: cli: PANIC at <file>:<line> in thread <thread id> VERIFY at <file>:<line> in thread <thread id> ASSERT at <file>:<line> in thread <thread id> unable to listen to NTP port unable to listen to BOOTP_SERVER_PORT port Error: Error writing STG config to FLASH Error: Error writing config to FLASH Apply not done Save not done “<““apply””|““save””> is issued by another user.

2 Command Reference LOG_ERR (Continued) cli: cli: cli: Trunk group <trunk_id> contains no ports but is enabled Not all ports in trunk group <trunk_id> are in VLAN <vlan_id> Trunk groups <trunk_id> and <trunk_id> can not share the same port port_mirr: Port Mirroring changes are not applied cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: Broadcast address for IP interface <interface_id> is invalid IP Interfaces <interface_id> and <interface_id> are on the same subnet Multiple static routes have same destination Virtual router <vr_id> must have sharing disabled when hotstandby is enabled Virtual router group must be enabled when hotstandby is enabled At least one virtual router must be enabled when group is enabled Virtual router group must have sharing disabled when hotstandby is enabled Virtual router group must have preemption enabled when hotstandby is enabled Virtual router <vr_id> must have an IP address Virtual router <vr_id> cannot have same VRID and VLAN as <vlan_id> Virtual router <vr_id> cannot have same IP address as <ip_address> Virtual router <vr_id> corresponding virtual server <server_id> is not enabled Hot-standby must be enabled when a virtual router has a PIP address Virtual router <vr_id> IP interface should be <interface_id> Enabled real server <server_id> has no IP address Real server <server_id> has same IP address as IP interface <interface_id> Real server <server_id> has same IP address as switch Real server <server_id> (Backup for <server_id>) is not enabled Real server <server_id> has same IP address as virtual server <server_id> Real server <server_id> has same IP address as real server <server_id> Real server group <group_id> cannot backup itself Real server <server_id> cannot be added to same group Enabled virtual server <server_id> has no IP address 658 Appendix A: Nortel Application Switch Operating System Syslog Messages 320506-A. January 2006 .0.Nortel Application Switch Operating System 23.

January 2006 Appendix A: Nortel Application Switch Operating System Syslog Messages 659 .Nortel Application Switch Operating System 23. ports 1-8 must all have a PIP if any one does” Client bindings are not supported with proxy IP addresses DAM must be turned on or a PIP must be enabled for port <port_id> in order for virtual server to support FTP parsing Real server <server_id> and group %u cannot both have backups configured Virtual server <server_id> : port mapping but layer3 bindings Extracting length has to set to 8 or 16 for cookie rewrite mode DAM must be turned on or a PIP must be enabled for port <port_id> in order for virtural server <server_id> to support URL parsing Port filtering must be disabled on port <port_id> in order to support cookie based persistence for virtual server <server_id> Virtual server <server_id>: port mapping but Direct Access Mode Virtual server %lu: support nonat IP but not layer 3 bindings Virtual servers: all that support IP must use same group Virtual servers <server_id> and <server_id> that include the same real server <server_id> cannot map the same real port or balance UDP Virtual server <server_id>: UDP service <virtual_port> with out-of-range port number 320506-A.0.2 Command Reference LOG_ERR (Continued) cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: Virtual server <server_id> has same IP address as IP interface <interface_id> Virtual server <server_id> has same IP address as switch Virtual servers <server_id> and <server_id> with same IP address must support same layr3 configuration Real server <server_id> cannot be backup server for both real server <server_id> and group <group_id> Virtual server <server_id> has same IP address and vport as virtual server <server_id> RS <server_id> can't exist for VS <server_id> vport <virtual_port> Switch port <port_id> has same proxy IP address as port <port_id> Switch port <port_id> has same IP address as IP interface <interface_id> A hot-standby port cannot also be an inter-switch port There must be at least one inter-switch port if any hot-standby port exist “With VMA.

January 2006 .<domain_name>” Direct access mode is not supported with default gateway load balancing SLB Radius secret must be 16 characters long Dynamic NAT filter <filter_id> must be cached NAT filter <filter_id> must have same smask and dmask NAT filter <filter_id> cannot have port ranges NAT filter <filter_id> must be cached NAT filter <filter_id> dest range includes VIP <server_id> NAT filter <filter_id> dest range includes RIP <server_id> Redirection filter <filter_id> must be cached Filter with L4 ports configured <port_id> must have IP protocol configured “For Global SLB. Web server must be moved from TCP port 80” Remote site <site_id> does not have a primary IP address Primary and secondary remote site <site_id> switches must differ Remote sites <site_id> and <site_id> must use different addresses Remote site <site_id> and real server <server_id> must use different addresses Remote site <site_id> and virtual server <server_id> must use different addresses Only <MAX_SLB_SITES> remote servers are allowed per group Only <MAX_SLB_SERVICES> remote services are supported Enabled external lookup IP address has no IP address domain name must be configured 660 Appendix A: Nortel Application Switch Operating System Syslog Messages 320506-A. <host_name>.2 Command Reference LOG_ERR (Continued) cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: Switch cannot support more than <MAX_VIRT_SERVICES> virtual services Switch cannot support more than <MAX_SMT> real services Trunk group (<trunk_id>) ports must have same L4 config Trunk group (<trunk_id>) ports must all have a PIP DAM must be turned on or a PIP must be enabled for ports <port_id> in order to do URL based redirection “Two services have same hostname.Nortel Application Switch Operating System 23.0.

January 2006 Appendix A: Nortel Application Switch Operating System Syslog Messages 661 .Nortel Application Switch Operating System 23.2 Command Reference LOG_ERR (Continued) cli: cli: cli: cli: cli: cli: cli: cli: cli: cli: mgmt: mgmt: mgmt: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: Network <static_network_id> has no VIP address duplicate default entry BGP peer <bgp_peer_id> must have an IP address BGP peers <bgp_peer_id> and <bgp_peer_id> have same address BGP peer <bgp_peer_id> have same address as IP interface <ip_interface_id> BGP peer <bgp_peer_id> IP interface <ip_interface_id> is not enabled Filter with ICMP types configured (<icmp_type>) must have IP protocol configure to ICMP “Two services have same hostname. <host_name>.0.<domain_name>” Loadbalance string must be added to real server <server_id> in order to enable exclusionary string matching intrval input value must be in the range [0-24] unapplied changes reverted unsaved changes reverted Attempting to redirect a previously redirected output Attempting to redirect a previously redirected output cfg_sync_tx_putsn: ABORTED Synchronization TX Error Synchronization TX connection RESET Synchronization TX connection TIMEOUT Synchronization TX connection UNREACEABLE Synchronization TX connection UNKNOWN CLOSE Synchronization RX connection RESET Synchronization RX connection TIMEOUT Synchronization RX connection UNREACEABLE Synchronization RX connection UNKNOWN CLOSE Synchronization connection RCLOSE by peer Synchronization connection RCLOSE before RX 320506-A.

Resuming Console thread “<""apply""|""save""> is issued by another user.peer:%s config:%s Sync Password Failed-Bad Password Sync receive already in progress … cannot start Sync receive Sync transmit in progress … cannot start Sync receive 662 Appendix A: Nortel Application Switch Operating System Syslog Messages 320506-A.2 Command Reference LOG_ERR (Continued) vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: Synchronization connection early RCLOSE in RX Synchronization connection Wait-For-Close Timeout Synchronization connection Transmit Timeout Synchronization Receive Timeout Synchronization Receive UNKNOWN Timeout Sync transmit in progress … cannot start Sync Sync receive in progress … cannot start Sync Sync already in progress … cannot start Sync Config Sync route find error Config Sync tcp_open error Config Synchronization Timeout . Try later” new configuration did not validate (rc = ) new configuration did not apply (rc = ) new configuration did not save (rc = ) Sync config apply error Restoring Current Config Sync rx tcp open error Sync Version/Password Failed-No Version/Password Line Sync Version Failed .0.Nortel Application Switch Operating System 23. January 2006 .

Nortel Application Switch Operating System 23.0. January 2006 Appendix A: Nortel Application Switch Operating System Syslog Messages 663 .2 Command Reference LOG_NOTICE system: system: system: system: system: system: mgmt: mgmt: mgmt: mgmt: mgmt: mgmt: mgmt: mgmt: mgmt: mgmt: mgmt: mgmt: mgmt: mgmt: mgmt: ssh: ssh: mgmt: mgmt: mgmt: mgmt: internal power supply ok redundant power supply present and ok temperature ok fan ok rebooted <last_reset_information> rebooted <last_reset_information> administrator logged in boot config block changed boot image changed switch reset from CLI syslog host changed to <ip_address> syslog host changed to this host second syslog host changed to <ip_address> second syslog host changed to this host Next boot will use active config block user password changed SLB operator password changed L4 operator password changed operator password changed SLB administrator password changed L4 administrator password changed administrator password changed scp <login_level> login “scp <login_level> <""connection closed""|""idle timeout""|""logout"">” RADIUS server timeouts Failed login attempt via TELNET from host %s PASSWORD FIX-UP MODE IN USE <login_level> login on Console 320506-A.

0.Nortel Application Switch Operating System 23.2 Command Reference LOG_NOTICE (Continued) mgmt: mgmt: “<login_level> <""idle timeout""|""logout""> from Console” PANIC command from CLI port_mirr: “port mirroring is <""enabled""|""disabled"">” vlan: mgmt: mgmt: IP IP vrrp: vrrp: slb: slb: slb: slb: slb: slb: slb: slb: slb: slb: bgp: Default VLAN can not be deleted <login_level> login from host <ip_address> “<login_level> <""connection closed""|""idle timeout""|""logout""> from” “default gateway <ip_address> <""enabled""|""disabled"">” default gateway <ip_address> operational virtual router <ip_address> is now master virtual router <ip_address> is now backup “backup server <ip_address> <""enabled""|""diabled""> for real server <server_id>” “backup server <ip_address> <""enabled""|""disabled""> for real server group <group_id>” “backup group server <ip_address> <""enabled""|""disabled""> for real server group group_id>” “overflow server <ip_address> <""enabled""|""disabled""> for real server <server_id>” “overflow server <ip_address> <""enabled""|""disabled""> for real server group <group_id>” “overflow group server <ip_address> <""enabled""|""disabled""> for real server group <group_id>” real server <ip_address> operational real service <ip_address:real_port> operational No services are available for Virtual Server <virtual_server> Services are available for Virtual Server <virtual_server> session established with <BGP_peer_ip_address> 664 Appendix A: Nortel Application Switch Operating System Syslog Messages 320506-A. January 2006 .

" server key autogen starts server key autogen completes server key autogen timer timeouts new synch configuration applied new synch configuration saved Synchronizing from <host_name> Synchronizing to <host_name> Config Synchronization Transmit Successful Config Synchronization Receive Successful new configuration VALIDATED 320506-A. file <file_name> <software_version>" serial EEPROM downloaded from host <ip_address> file <file_name> scp <login_level> login "scp <login_level> <""connection closed""|""idle timeout""|""logout"">" <login_level> login on Console "<login_level> <""idle timeout""|""logout""> from Console" <login_level> login from host <ip_address> "<login_level> <""connection closed""|""idle timeout""|""logout""> from Telnet/SSH.0.Nortel Application Switch Operating System 23. January 2006 Appendix A: Nortel Application Switch Operating System Syslog Messages 665 .2 Command Reference LOG_INFO SYSTEM: mgmt: mgmt: mgmt: mgmt: mgmt: mgmt: ssh: ssh: mgmt: mgmt: mgmt: mgmt: ssh: ssh: ssh: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: vrrp: bootp response from <ip_address> new configuration applied new configuration saved unsaved changes reverted Could not revert unsaved changes "<image1|image2> downloaded from host <ip_address>.

Nortel Application Switch Operating System 23.0. January 2006 .2 Command Reference 666 Appendix A: Nortel Application Switch Operating System Syslog Messages 320506-A.

and Version 3. Version 2.mib -. January 2006 .mib In addition. SNMP Groups) RFC 1573 .mib aosSwitch.Textual Convention MIB s5emt104.MIB II (System. the following SynOptics MIBS are also supported: synro193. Nortel Application Switch Operating System SNMP agent supports the following standard MIBs: RFC 1213 .APPENDIX B Nortel Application Switch Operating System SNMP Agent The Nortel Application Switch Operating System SNMP agent supports SNMP Version 1.mib aosLayer4.mib aosNetwork. Version 3 supports two authentication protocols: MD5 and SHA.SynOptics Root MIB s5roo117. TCP. Up to 16 IP addresses can be configured in targetAddr table. IP.mib -.Ethernet Multi segment Autotopology MIB SNMPv1|v2|v3 traps can be sent to the hosts configured in targetAddr table.mib aosPhysical. Address Translation.mib -. UDP.mib aosLayer7.mib aosBwm.mib aosTrap.SynOptics Registration MIB s5tcs112. Interface. Nortel MIBs are registered as Vendor 1872. Detailed SNMP MIBs and trap definitions of the Nortel Application Switch Operating System SNMP agent can be found in the following enterprise MIB documents: altroot. ICMP.mib -.MIB II Extension (IFX table) 667 320506-A.

EtherLike MIB RFC 1493 .0. Alarm.RMON MIB (Statistics.3ad MIB for LACP The following SNMPv3 MIBs are supported: RFC 2571 .2 Command Reference RFC 1643 .Bridge MIB RFC 1757 . Signifies that the default gateway is up and in service 668 Appendix B: Nortel Application Switch Operating System SNMP Agent 320506-A.Nortel Application Switch Operating System 23. History.SNMP Frame work RFC 2572 .USM MIB RFC 2575 . January 2006 .MPD MIB RFC 2573 .Target MIB RFC 2574 . Event Groups) RFC 1850 for OSPF RFC 1657 for BGP IEEE 802.VACM MIB RFC 2576 . Signifies that the default gateway is down.Community MIB Nortel Application Switch Operating System SNMP agent supports the following generic traps as defined in RFC 1215: ColdStart WarmStart LinkDown LinkUp AuthenticationFailure The SNMP agent also supports two Spanning Tree traps as defined in RFC 1493: NewRoot TopologyChange The following are the enterprise SNMP traps supported in Nortel Application Switch Operating System: Table 11-122 Nortel Application Switch Operating System-Supported Enterprise SNMP Traps Trap Name Description altSwDefGwUp altSwDefGwDown altSwDefGwInService Signifies that the default gateway is alive.

The newBackup trap indicates that the sending agent has transitioned to 'Backup' state. Implementation of this trap is optional.2 Command Reference Table 11-122 Nortel Application Switch Operating System-Supported Enterprise SNMP Traps Trap Name Description altSwDefGwNotInService altSwSlbRealServerUp altSwSlbRealServerDown altSwSlbRealServerMaxConnReached altSwSlbBkupRealServerAct altSwSlbBkupRealServerDeact altSwSlbBkupRealServerActOverflow altSwSlbBkupRealServerDeactOverflow altSwfltFilterFired altSwSlbRealServerServiceUp altSwSlbRealServerServiceDown altSwVrrpNewMaster altSwVrrpNewBackup Signifies that the default gateway is alive but not in service Signifies that the real server is up and operational Signifies that the real server is down and out of service Signifies that the real server has reached maximum connections Signifies that the backup real server is activated due to availablity of the primary real server Signifies that the backup real server is deactivated due to the primary real server is available Signifies that the backup real server is deactivated due to the primary real server is overflowed Signifies that the backup real server is deactivated due to the primary real server is out from overflow situation Signifies that the packet received on a switch port matches the filter rule Signifies that the service port of the real server is up and operational Signifies that the service port of the real server is down and out of service The newMaster trap indicates that the sending agent has transitioned to 'Master' state. A vrrpAuthFailure trap signifies that a packet has been received from a router whose authentication key or authentication type conflicts with this router's authentication key or authentication type. January 2006 669 . altSwVrrpAuthFailure altSwLoginFailure Appendix B: Nortel Application Switch Operating System SNMP Agent 320506-A.0. An altSwLoginFailure trap signifies that someone failed to enter a valid username/password combination.Nortel Application Switch Operating System 23.

altSwTempExceedThreshold altSwSlbSessAttack altSwFanFailure 670 Appendix B: Nortel Application Switch Operating System SNMP Agent 320506-A.2 Command Reference Table 11-122 Nortel Application Switch Operating System-Supported Enterprise SNMP Traps Trap Name Description altSwSlbSynAttack altSwTcpHoldDown An altSwSlbSynAttack trap signifies that a SYN attack has been detected.0. An altSwTempExceedThreshold trap signifies that the switch temperature has exceeded maximum safety limits. An altSwFanFailure trap signifies that a fan failure has occured. An altSwSlbSessAttack trap signifies that an SLB attack has been detected. An altSwTcpHoldDown trap signifies that new TCP connection requests from a particular client will be blocked for a pre-determined amount of time since the rate of new TCP connections from that client has reached a pre-determined threshold. January 2006 .Nortel Application Switch Operating System 23.

4. January 2006 . connect the Console port of an Nortel Application Switch to the serial port of your PC that supports XModem/1K XModem. 1. Power on the switch.PPCBoot 2. Using the serial cable. Hold the <Shift> key down and hit D repeatedly until the following message appears: Nortel Application Switch . This procedure requires the following: A computer running terminal emulation software A standard serial cable with a male DB9 connector (see your switch hardware installation guide for specifics) A binary switch firmware image (not the tftp file used for TFTP download) Use the following procedure to perform a serial upgrade. To download a serial image use 1K Xmodem at 115200 671 320506-A.APPENDIX C Performing a Serial Download You can perform a serial download of the new Nortel Application Switch software if you are upgrading Nortel Application Switch Operating System directly from any image. Start hyper terminal (part of Microsoft Windows) and set the following parameters: Parameter Baud Rate Data Bits Parity Stop Bits Flow Control Value 9600 8 None 1 None 3.2. 2.

. Do *NOT* power cycle the switch Updating flash.0_Serial. Press <Enter> on the key board of the PC that is connected to the console port of the switch.2. 6.img" (Or the file previously downloaded to the computer) 7.. Make sure that the new binary firmware file is available on the computer.2 Command Reference 5. the switch will be inoperable. ################################################################# Change your baudrate to 9600 bps and power cycle the switch ! 672 Appendix C: Performing a Serial Download 320506-A. The switch will boot with the new software load..0. Reconfigure your terminal emulation software with the following parameters (only after you see the message displayed in step 4): Parameter Baud Rate Data Bits Parity Stop Bits Flow Control Value 115200 8 None 1 None NOTE – You can perform serial downloads at 57600 baud rate by pressing Shift f or at 115200 baud rate by pressing Shift d.PPCBoot 2. XMODEM will work too if you choose not to use 1K MODEM. otherwise. protocol: 1K XMODEM It will take about 15 minutes for the transfer to complete.0. wait for a few seconds and power the switch on.Nortel Application Switch Operating System 23. January 2006 ... NOTE – Although slower. you will see: CCCC. "21. CAUTION—Do not power off the switch until you see the message: “Change your baud rate to 9600 bps and power cycle switch”. Select <Transfer-Send File> and choose the following: file: For example. 8. 9. When the Console Port is successfully communicating with the PC..0. This file can be downloaded from the CD that is shipped with the switch. Power off the switch. To download a serial image use 1K Xmodem at 115200 CCCCCCCCCCCCCCCCCCCCCCCCCCCCC Total bytes transferred: 0x4ff400 Extracting images. You should see the following sample log on your screen: Nortel Application Switch .

The protocol of a frame.Glossary DIP (Destination IP Address) Dport (Destination Port) NAT (Network Address Translation) The destination IP address of a frame. A higher number will win out for master designation. http-80/https-443/DNS-53) Any time an IP address is changed from one source IP or destination IP address to another address. the value given to a Virtual Router to determine its ranking with its peer(s). or a filter. and so on. In VRRP. half NAT is when the destination IP or source IP address is changed from one address to another. Preemption Priority Proto (Protocol) Real Server Group 673 320506-A. January 2006 . The destination port (application socket: for example. Default is 100. UDP.) A group of real servers that are associated with a Virtual Server IP address. Virtual server-based load balancing uses half NAT by design. preemption will cause a Virtual Router that has a lower priority to go into backup should a peer Virtual Router start advertising with a higher priority. Full NAT is when both addresses are changed from one address to another. because it translates the destination IP address from the Virtual Server IP address. network address translation can be said to have taken place. TCP. No NAT is when neither source nor destination IP addresses are translated. OSPF. Minimum value is 1 and maximum value is 254. In general. Can be any value represented by a 8-bit value in the IP header adherent to the IP specification (for example. In VRRP. ICMP. to that of one of the real servers.

requests are transparently intercepted and “redirected” to a server group. You can track the following: Vrs: Virtual Routers in Master Mode (increments priority by 2 for each) Ifs: Active IP interfaces on the Nortel Application Switch (increments priority by 2 for each) Ports: Active ports on the same VLAN (increments priority by 2 for each) l4pts: Active Layer 4 Ports. In VRRP. “Transparently” means that requests are not specifically destined for a Virtual Server IP address that the switch owns.Nortel Application Switch Operating System 23. The action on a filter can be Allow. Deny. Real Server IP Address. or NAT (translation of either the source IP or destination IP address). spam filter. An IP addresses that the switch load balances to when requests are made to a Virtual Server IP address (VIP).0. January 2006 . redirection-based load balancing is designed to load balance devices that normally operate transparently in your network—such as a firewall. This filter intercepts traffic based on certain IP header criteria and load balances it. Tracking can be very valuable in an active/active configuration. the destination IP address is not translated to that of one of the real servers. a filter is configured in the switch. a method to increase the priority of a virtual router and thus master designation (with preemption enabled). or transparent Web cache. In redirection-based load balancing. DIP/Range (via netmask). A VRRP address that is an IP interface address shared between two or more virtual routers.2 Command Reference Redirection or Filter-Based Load Balancing A type of load balancing that operates differently from virtual server-based load balancing. Therefore. VIP (Virtual Server IP Address) VIR (Virtual Interface Router) 674 Glossary 320506-A. RIP (Real Server) SIP (Source IP Address) SPort (Source Port) Tracking The source port (application socket: for example. Protocol. HTTP-80/HTTPS-443/DNS-53). client or server designation (increments priority by 2 for each reals: healthy real servers (increments by 2 for each healthy real server) hsrp: HSRP announcements heard on a client designated port (increments by 10 for each) An IP address that the switch owns and uses to load balance particular service requests (like HTTP) to other servers. Instead. Filters can be configured to filter on the SIP/Range (via netmask). With this type of load balancing. The source IP address of a frame. Redirect to a Server Group. SPort/Range or DPort/Range.

2 Command Reference Virtual Router A shared address between two devices utilizing VRRP. One virtual router is associated with an IP interface. Requests destined for a Virtual Server IP address (VIP). This process of replacing the destination IP (VIP) with one of the real server addresses is called half NAT. If the backup switch didn't do the Gratuitous ARP the Layer 2 devices attached to the switch would not know that the MAC address had moved in the network. refer to RFC 2338. and the ARP tables in the devices around them would have two ARP entries with the same IP address but different MAC addresses. All IP interfaces on the Nortel Application Switch must be in a VLAN. In VRRP. A protocol that acts very similarly to Cisco's proprietary HSRP address sharing protocol. the two switches would fight for ownership of the Virtual Server IP address. Frames come to the switch destined for the VIP. as defined in RFC 2338. then the VRID number needs to be identical on both switches so each virtual router on each switch knows whom to share with.0. by the switch. a server would receive the frame that was destined for it's MAC address.18. These advertisements are sent via a broadcast message to an address such as 224. Two or more devices sharing an IP interface are either advertising or listening for advertisements. January 2006 675 . a value between 1 and 255 that is used by each virtual router to create its MAC address and identify its peer for which it is sharing this VRRP address. The reason for both of these protocols is so devices have a next hop or default gateway that is always available. The VRRP MAC address as defined in the RFC is 00-00-5E-00-01-{VRID}.Nortel Application Switch Operating System 23. as well as IP interfaces. If the frames were not half NAT'ed to the address of one of the RIPs. For a more detailed description. If there is more than one VLAN defined on the Nortel Application Switch. If they didn’t. If you have a VRRP address that two switches are sharing. The backup switch is always listening for the broadcasts. one switch is considered the master and the other the backup. With VRRP. updates the relevant checksums. A VRRP address that is a shared Virtual Server IP address. Should the master stop advertising. the backup will take over ownership of the VRRP IP and MAC addresses as defined by the specification. are load balanced to a real server contained in the group associated with the VIP.0. then the VRRP broadcasts will only be sent out on the VLAN of which the associated IP interface is a member. The master is always advertising via the broadcasts. VSR is a Nortel proprietary extension to the VRRP specification. which is owned by the switch. and advertisements. since the packet would have the DIP of the VIP and not that of the server (RIP). Virtual Server Load Balancing VRID (Virtual Router Identifier) VRRP (Virtual Router Redundancy Protocol) VSR (Virtual Server Router) Glossary 320506-A. Classic load balancing. The switches must be able to share Virtual Server IP addresses.0. as requests come and go. and forwards the frame to the server for which it is now destined. The server would then drop the frame. The switch then replaces the VIP and with one of the real server IP addresses (RIP's). forcing the packet up to Layer 3. This is one of the IP interfaces that the switch is assigned. Network address translation is done back and forth. The switch announces this change in ownership to the devices around it by way of a Gratuitous ARP.

2 Command Reference 676 Glossary 320506-A. January 2006 .Nortel Application Switch Operating System 23.0.

....................................................................................... 317 bandwidth management contract precedence value .......................... 259 applying configuration changes .. 39... 424 backup configuration block ............................................................................................................. 39 auto-negotiation ....................................................................................... 133 filters .... 423 apply (global command) ...... 39 enable/disable on port ................. 221 active IP interface ............. 424 / command .................................. 99 application redirection ........ 448 activating optional software ................................................................................ 319 677 320506-A. 515 active FTP SLB parsing statistics ............ 293 advertisement of virtual IP addresses ............................... 309......... 356 aspath ................................................................................. 393 active switch configuration gtcfg .................................................... 524 IP route tag . 39........... 60 access control system ....... 40 port speed......................................................................................................Index Symbols (MD5) ............... 671 3000 series....................................... 408 active switch.................. 260.............. 23 admpw (system option) .. 393 active port VLAN ...................... 306 A abbreviating commands (CLI) ........................................... 264................... 33 B backup SLB real server group option ... 356 as ..... 319 bandwidth management contract configuration ......................................... 448 filter states..................... 56 [ ].................................................... 509 active configuration block ..... 464 addr ARP entries............... saving and loading configuration ............................. 305.................................................................................... 260........... 311..................................... 332 STP information ......... 408 ptcfg ................................ January 2006 ....................................................... 358 aging STP bridge option ........... 313 setup......................... 228 bandwidth management configuration ............. 487 (SLB real server group option) content ...................................................................................................................................... 109 Address Resolution Protocol (ARP) address list ............................................................... 316 contracts ....................... 408 add SLB port option ............................... 205........................................ 26 autoconfiguration duplex mode ........................... 39 link...... 356 autonomous system filter path action ................ 515 backup server activations (SLB statistics) ............................................................ 524 administrator account30..................................... 415.................................................................................................. 393 active Layer 4 processing ....................................................... 40 autonomous system filter action ......... 414 within real server groups ... 288 action (SLB filtering option) ................................................... 259 ASCII terminal ........................................ 408 restoring ..... 356 Numerics 1K XModem ...................................................

.................................................................................................... 60 tab completion .....................322 bandwidth management statistics .............................................................. border router ... 25 BWM contract rate statistics........................................................................330 bridge priority ..................................... 339 broadcast IP address .671......................Nortel Application Switch Operating System 23......................505 bandwidth management policy configuration ...................109 keep-alive time .....................................................................204............................................................................................373 IP route tag ..................................................... 60 stacking ...............................................25 BGP configuration. 60 678 Index 320506-A...508 BPDU...............................................................331 broadcast IP route tag .........374 binary ..............672 binding failure ......................................... 109 IP route type ............................................................. 524 dump information ........................................... 672 BBI ........... 33..375 remote autonomous system ..........................373 redistribution configuration ...........................................322 underlimit TOS .................... 23 global commands ......... 523 routing table .................................................371 eBGP ...............................................262 baud rate console connection ..511 BOOTP ...................371 Border Gateway Protocol (BGP) operations-level options ... 56 shortcuts .......................................99 boot options menu ....322 hard bandwidth limit .....322 buffer limit .................................. See Bridge Protocol Data Unit............322 reserve limit ..........................322 soft bandwidth limit ............... 233 C capture dump information to a file............................................ 234 history statistics .....................373 peer .................. 525 clearing SLB statistics ....... for STP ................................................... 463 command (help) .................................... 233 switch processor contract statistics ...374 IP address......................... 43 Browser-Based Interface .......................................................................437 BLOCKING (port state)............................371 iBGP.............. 233 switch processor rate contract statistics ........... 529 FDB entry ............................................ 53 commands abbreviations ............0......371 peer configuration ..........109 configuration.................99 Bridge Protocol Data Unit (BPDU) ........................................371 in route ............. 334 clear ARP entries ...................................................................... 231 client traffic processing ................................................................. 528 Cisco Ether Channel .....37 system option .................................................. 235 contract statistics............................2 Command Reference Bandwidth Management options operations-level options ...331 Bridge Spanning-Tree parameters ....380 Border Gateway Protocol ................................................................. 237 port ................. January 2006 ..... bridge parameter menu............................ 228 binding table . 109 broadcast domains ...26 serial download ................................................................232 banner (system option)........................................................................................262 bootstrap protocol ................ 230...................... 60 conventions used in this manual ................................................................................................................................................................................................................................. 25 to 31.....373 router hops............................................................................................99 STP transmission frequency .....................................27 setup (enable/disable) ...............322 over the limit TOS ...................671 binary firmware image ....................................................................................................................................................................... 56 Command-Line Interface (CLI) .......................................................................................

.. 523 deny (filtering) ................... 672 content SLB real server group option .......................... 381 configuration block active .............. 254 cur (system option) ........ 269.......... 515 selection ............................ 107 interval............................ for health checks.................................. 307.......................2 Command Reference configuration administrator password ...... 27 connection timeout (Real Server Menu option) ............................ 39 link status ....... 305........ 519 default gateway information ........... 308....... 427 downloading software ....... 530 duplex mode.................. 308........ 303.... 109 directed broadcasts........................................ 350 DISABLED (port state) .................................................... 259 default gateway interval....................................................... 396 round robin............... 311........... 307 cost STP information ................................ 228 CPU statistics ..................................... 344 TACACS+ ..... ............................................. 259 VLAN default (PVID) .............................................. 309.............Nortel Application Switch Operating System 23.......................................................................................................... 99 disconnect idle timeout .............................................................................. 99 STP port option................................................ 396 default password ................................................................................................................................................................ 228 dump configuration command ........................... 449 DNS statistics ................ 254 CPU utilization ............. 227 D date setup..................... 37 system option ... 515 backup.......... 252........... 309............................................................................................................... 30 delete FDB entry ... 333 route cache............................ 466 dmask destination mask for filtering .................................................................................................. 307................... 350 save changes ............. 114 diff (global) command.................................. 304......... 403 switch IP address ......... 260 setup ......................... 357 connecting via console ...................... bandwidth management ................... 437 console port communication settings .............................................................. 344 VLAN tagging ...................... No Server Available (dropped frames) ........... 313 port link speed ... 257 configuring routing information protocol ........ 303................................. 333 counters.............. load balancing for .................................................................................................................. 315 port trunking ............................................. 252........................................................................................ 292 view changes.......... 515 configuration menu ........................................... 228 designated port.................... 309 IP static route ................................ 346 default gateway IP address ...................................................................... 317 copper ports ....................................................... 272 current bindings . 259 dip (destination IP address for filtering) .................................................... 26 connecting ................. 39 320506-A......... 26 via Telnet.. 313 Gigabit Ethernet ..................... 26 serial download settings ............... 262 debugging ....... 407 effect on Spanning-Tree Protocol .... 406 setup command .................... 313 port mirroring ........ 515 factory .............................. 671. viewing changes ................... 346 dump command . 31 Distributed Site State Protocol (DSSP) setting update interval .............. 205...... 293 apply changes .............................................................. 305........................... 348 Layer 4 administrator password .. 192 Domain Name System (DNS) health checks ... 424 contracts............ 307................................................. 312 VRRP ............ 204............... 519 state information ....... 346 metrics ............ for health checks ....... 259 Fast Ethernet ................ 310...................................................................................... 147 setup.................0...... 407 maintenance ............................. 303 flow control ................ 62...... 292 operating mode .... 270 user password .......... 305............. 449 direct (IP route type) ....... 205............................................................................................ 513 dropped frames (No Server Available) counter .... January Index 679 ..................... 312 VLAN IP interface ...... 78........................................................................................................

................................................................... 358 Hot Standby Router on VLAN (HSRV) use with VLAN-tagged environment . 272 Greenwich Mean Time (GMT) ............. 206 grace graceful real server failure .... bridge port ................................................................... 99.............. 426 layer information ........................................................ 490 WAP .....................................31................ 39 hash metric ........................................................ 430 health check types............ 535 forwarding state (FWD) ... 395 Hot Standby Router VLAN (HSRV) use with VRRP ...................0..305...............................................................482 FDB statistics .............. 482 Greenwich ...........303. 33 to 50 fixed IP route tag ............................ 466 system option .............................................................................. See Hot Standby Router Protocol.... number of failed health checks ........ configuring ports for ..........................303......................................................................525 Gigabit Ethernet Physical Link .............................................................. 33.. 102 FTP server health checks .................................................. 34 Fast Ethernet Physical Link ..................... 272 group ....................114 flow control .............449 Final Steps.... 40 forwarding configuration IP forwarding configuration ...............303 Fast Ethernet................................................ 417 default gateway interval... 31............. 309 Gigabit Ethernet configuration........................................ 56 global SLB maintenance statistics ......................... 303.....................................................................................213 filtered (denied) frames ............... 346 script .....................................99 H half-duplex .............................................. HTTP application health checks .519 delete entry ......................... 492 hello STP information ..... 346 IDSLB.......................... 393 hot-standby failover ....62.............................334 F factory configuration block ...............39.........................................427 FTP SLB maintenance statistics.....220 filter statistics .....................................................Alteon EMS .............................. 386 VRRP priority increment value ..................................... 212 gtcfg (TFTP load command) .................................................................................... 99 help ........................................................................................ SLB ..........222 FTP SLB statistics dump ................................................ 427 redirection (rport) .................................. 408 E EMS..................Nortel Application Switch Operating System 23..671 EtherChannel as used with port trunking ...... 309.................................331 FwdDel (forward delay)..................... 307... 386............................ 262 HSRP...................... 307.........................................222 full-duplex ..... 488 SNMP ...............515 factory default configuration ...................... 307.................................................................. 426 health checks........ 147 configuring ......... 56 host routes ...........................90 Forwarding Database Menu. January 2006 ......................................................................................309 File Transfer Protocol ................................ HSRV...523 Forwarding Database Information Menu ....45 first-time configuration ........ See Hot Standby Router Protocol....................................... 395 use with VRRP ............... 427 redirects (Global SLB option) ..............171 fiber optic ports ............. 396 Hot Standby Router Protocol (HSRP) priority incr