You are on page 1of 160

AOS

Operation Guide
Important Notice
Allot Communications Ltd. ("Allot") is not a party to the purchase agreement under which NetEnforcer was purchased, and
will not be liable for any damages of any kind whatsoever caused to the end users using this manual, regardless of the form of
action, whether in contract, tort (including negligence), strict liability or otherwise.
SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FOR
INFORMATIONAL USE ONLY, AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE, AND
SHOULD NOT BE CONSTRUED AS A COMMITMENT BY ALLOT OR ANY OF ITS SUBSIDIARIES. ALLOT
ASSUMES NO RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR IN
THIS MANUAL, INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT.
Please read the End User License Agreement and Warranty Certificate provided with this product before using the product.
Please note that using the products indicates that you accept the terms of the End User License Agreement and Warranty
Certificate.
WITHOUT DEROGATING IN ANY WAY FROM THE AFORESAID, ALLOT WILL NOT BE LIABLE FOR ANY
SPECIAL, EXEMPLARY, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND,
REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE),
STRICT LIABILITY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUE OR
ANTICIPATED PROFITS, OR LOST BUSINESS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Copyright
Copyright © 1997-2016 Allot Communications. All rights reserved. No part of this document may
be reproduced, photocopied, stored on a retrieval system, transmitted, or translated into any other
language without a written permission and specific authorization from Allot Communications Ltd.

Trademarks
Products and corporate names appearing in this manual may or may not be registered trademarks or
copyrights of their respective companies, and are used only for identification or explanation and to
the owners' benefit, without intent to infringe.
Allot and the Allot Communications logo are registered trademarks of Allot Communications Ltd.

AOS Operation Guide i


Version History
Each document has a version and a build number. You can tell the exact version and build
of this document by checking the top row of the table below.
Document updates are released in electronic form from time to time and the most up to date
version of this document will always be found on Allot’s online Knowledge Base. To check
for more recent versions, login to the support area www.allot.com/support.html and from
the knowledgebase tab, enter the title of this document into the search field.

Doc Internal Product Published Summary of Changes


Revision Build Version

3 r3b4 AOS14.1 04/02/16 go config xml commands for enabling ToR and
Psiphon identification and voideo/voice call
separation, go config view output updated

3 r3b3 AOS14.1 24/01/16 go config xml -node


dp_qos_override_dpi_buffering_decision added, go
config xml -node urlf_unsol_mode_is_on added, go
config view network behavior updated

3 r3b2 AOS14.1 01/12/15 go config xml -node dp_quality_measurement_enable


added, go config network_activity_time enable
clarified

3 r3b1 AOS14.1 29/06/15 go config network –hrm_mode added, go config


XML clarified

2 v2b1 AOS13.4 07/10/14 go config xml –node portal_http_response_code


added

1 v1b18 AOS13.3 27/05/14 Distributed Collection in SG-Tera clarified

1 v1b17 AOS13.3 21/05/14 General edits, SG-Tera access clarified. go config


optical_if_alarm, go config fer_if_alarm, go config
pcap, go config link_auto_recovery and go config
special_protocols added. Some acmon flags added. go
config view access control, password_security and
data_collect added.

1 v1b16 AOS13.3 11/05/14 sw_tool.sh and aos-instl.sh added.

1 v1b15 AOS13.3 05/04/14 go config xml clarified, go config view –bypass and
go config view –ips added.

1 v1b14 AOS13.3 04/28/14

ii AOS Operation Guide


Doc Internal Product Published Summary of Changes
Revision Build Version

1 v1b13 AOS13.2 03/26/14

AOS Operation Guide iii


AOS .................................................................................................................................... 1

OPERATION GUIDE ....................................................................................................... 1


Important Notice ............................................................................................................................ i
Copyright ...................................................................................................................................... i
Trademarks ................................................................................................................................... i
Version History .............................................................................................................................. ii

CHAPTER 1: GETTING STARTED .......................................................................... 1-1


1.1. Overview ........................................................................................................................... 1-1
The Allot Solution .................................................................................................................... 1-1
Configuring Initial Platform Parameters ................................................................................... 1-1
Platform Troubleshooting ......................................................................................................... 1-1
Rule Provisioning ..................................................................................................................... 1-2
1.2. Terms and Concepts ........................................................................................................ 1-2
NetXplorer ................................................................................................................................ 1-2
In-Line Platforms ...................................................................................................................... 1-2
Data Collector ........................................................................................................................... 1-2
QoS ........................................................................................................................................... 1-3
Catalog Editors ......................................................................................................................... 1-3
Lines ......................................................................................................................................... 1-4
Pipes .......................................................................................................................................... 1-4
Virtual Channels ....................................................................................................................... 1-4
Conditions ................................................................................................................................. 1-4
Templates .................................................................................................................................. 1-5

CHAPTER 2: ACCESSING THE IN-LINE PLATFORM CLI ............................... 2-1


2.1. Changing the Passwords ................................................................................................. 2-1
2.2. Management Connections for CLI Access .................................................................... 2-3
NetEnforcer............................................................................................................................... 2-3
SG-Tera..................................................................................................................................... 2-3
SG-Sigma E14 .......................................................................................................................... 2-5
SG-Sigma E6 ............................................................................................................................ 2-6
SG-Sigma .................................................................................................................................. 2-7
2.3. Accessing CLI per Blade on Multi-blade Platforms ..................................................... 2-8
SG-Tera..................................................................................................................................... 2-8
SG-Sigma E14 ........................................................................................................................ 2-10
SG-Sigma ................................................................................................................................ 2-11

CHAPTER 3: CLI FOR INITIAL PLATFORM CONFIGURATION ................... 3-1


3.1. Network Parameters........................................................................................................ 3-1
Examples................................................................................................................................... 3-2
3.2. Resiliancy Parameters ..................................................................................................... 3-2
3.3. Bypass Configuration ...................................................................................................... 3-2
3.4. Centralized & Distributed Collection ............................................................................ 3-4

iv AOS Operation Guide


3.5. Deployment Profiles ........................................................................................................ 3-7
3.6. Installation Commands ................................................................................................... 3-8
aos-instl.sh ................................................................................................................................ 3-8
sw_tool.sh ............................................................................................................................... 3-10
change_admin_pass ................................................................................................................ 3-11

CHAPTER 4: CLI FOR ADVANCED FEATURE CONFIGURATION (GO


CONFIG) ........................................................................................................................ 4-1
4.1. go config access_control .................................................................................................. 4-1
4.2. go config asymmetric_steering ....................................................................................... 4-2
4.3. go config asymmetry ........................................................................................................ 4-3
4.4. go config asymmetry_remote_device ............................................................................. 4-4
4.5. go config blade_mngt_ips ................................................................................................ 4-5
4.6. go config bypass ............................................................................................................... 4-6
go config bypass –bypass_unit ................................................................................................. 4-6
go config bypass –unit .............................................................................................................. 4-7
4.7. go config cer ..................................................................................................................... 4-9
4.8. go config data_collect .................................................................................................... 4-10
4.9. go config deployment_profile ....................................................................................... 4-12
4.10. go config device_bw_limits ........................................................................................ 4-13
4.11. go config dhcp_gleaning ............................................................................................ 4-14
go config dhcp_gleaning -filter............................................................................................... 4-14
go config dhcp_gleaning –filterv6 .......................................................................................... 4-14
go config dhcp_gleaning –max_rate ....................................................................................... 4-15
4.12. go config dpi_control ................................................................................................. 4-16
4.13. go config fer_if_alarm................................................................................................ 4-17
4.14. go config fib_learn_mode .......................................................................................... 4-18
4.15. go config hairpin ........................................................................................................ 4-19
4.16. go config ip_interface ................................................................................................. 4-20
go config ip_interface add ...................................................................................................... 4-20
go config ip_interface delete................................................................................................... 4-21
4.17. go config ips ................................................................................................................ 4-22
4.18. go config key ............................................................................................................... 4-23
4.19. go config link_auto_recovery .................................................................................... 4-24
4.20. go config network ....................................................................................................... 4-25
go config network –dev_mode ............................................................................................... 4-25
go config network –hrm_mode ............................................................................................... 4-26
go config network –bypass_unit ............................................................................................. 4-27
go config network -cc ............................................................................................................. 4-28
go config network -sf .............................................................................................................. 4-29
go config network -fb ............................................................................................................. 4-30
go config network -sb ............................................................................................................. 4-31
go config network –redund_mode .......................................................................................... 4-32
go config network –hrm_mode ............................................................................................... 4-33
4.21. go config network_activity_time ............................................................................... 4-34
4.22. go config next_hop_router ........................................................................................ 4-34

AOS Operation Guide v


4.23. go config nic ................................................................................................................ 4-35
4.24. go config optical_if_alarm ......................................................................................... 4-37
4.25. go config password_security ..................................................................................... 4-39
4.26. go config pcap ............................................................................................................. 4-40
4.27. go config proxy_out_smac ......................................................................................... 4-41
go config proxy_out_smac static ............................................................................................ 4-41
go config proxy_out_smac dynamic ....................................................................................... 4-41
4.28. go config route ............................................................................................................ 4-42
go config route add ................................................................................................................. 4-42
go config route delete ............................................................................................................. 4-42
4.29. go config security........................................................................................................ 4-44
4.30. go config snmp ............................................................................................................ 4-45
go config snmp -snmpLogin ................................................................................................... 4-45
go config snmp -user............................................................................................................... 4-45
go config snmp –pass_change ................................................................................................ 4-46
go config snmp –trap_target ................................................................................................... 4-47
4.31. go config special_protocols ........................................................................................ 4-49
4.32. go config time.............................................................................................................. 4-50
4.33. go config uds ............................................................................................................... 4-51
4.34. go config web_safe...................................................................................................... 4-52
4.35. go config web_update ................................................................................................ 4-53
4.36. go config xff ................................................................................................................ 4-54
4.37. go config xml............................................................................................................... 4-55
To enable/disable tunnel encapsulation parsing: .................................................................... 4-55
To change the error code used by HTTP redirect. .................................................................. 4-56
To change the method used for VLAN bypass (AOS version 13.4.30 and later) ................... 4-57
To set DPI maximum size:...................................................................................................... 4-58
To enable Activity Time monitoring graphs ........................................................................... 4-59
To enable Distributed QoS for Asymmetric Environments .................................................... 4-60
To enable Internal Distributed QoS for Asymmetric Environments ...................................... 4-61
To enable Tor, Orbot and YouTube HD over HTTPS Identification and certain QoE Parameters
in AOS .................................................................................................................................... 4-62
To enable Enhanced Drop Precendence Buffering Decision Logic ....................................... 4-63
To enable Unsolicited Response in WebSafe ......................................................................... 4-64
To enable ToR/Psiphion Identification ................................................................................... 4-65
To seperate voice and video calls ........................................................................................... 4-69

CHAPTER 5: CLI FOR TROUBLESHOOTING PLATFORM .............................. 5-1


5.1. acmon ................................................................................................................................ 5-1
Options ...................................................................................................................................... 5-1
Output Example ........................................................................................................................ 5-1
5.2. acmon –l <LINE QID> .................................................................................................... 5-3
Options ...................................................................................................................................... 5-3
Output Example ........................................................................................................................ 5-3
5.3. acmon –p <PIPE QID> ................................................................................................... 5-5
Options ...................................................................................................................................... 5-5

vi AOS Operation Guide


Output Example ........................................................................................................................ 5-5
5.4. acmon –v <VC QID> ....................................................................................................... 5-7
Options ...................................................................................................................................... 5-7
Output Example ........................................................................................................................ 5-7
5.5. acmon –g <SERVER QID>............................................................................................. 5-8
Options ...................................................................................................................................... 5-8
5.6. acmon –y ........................................................................................................................... 5-9
Options ...................................................................................................................................... 5-9
Output Example ........................................................................................................................ 5-9
5.7. acmon –a ......................................................................................................................... 5-10
Options .................................................................................................................................... 5-10
Output Example ...................................................................................................................... 5-10
5.8. acstat ............................................................................................................................... 5-12
Options .................................................................................................................................... 5-12
Output Example ...................................................................................................................... 5-13
5.9. acstat –l server ............................................................................................................... 5-14
Options .................................................................................................................................... 5-14
5.10. acstat –l line ................................................................................................................ 5-16
Options .................................................................................................................................... 5-16
Output Example ...................................................................................................................... 5-17
5.11. acstat –l pipe ............................................................................................................... 5-18
Options .................................................................................................................................... 5-18
Output Example ...................................................................................................................... 5-19
5.12. acstat –l vc................................................................................................................... 5-21
Options .................................................................................................................................... 5-21
Output Example ...................................................................................................................... 5-22
5.13. go config view ............................................................................................................. 5-23
Options .................................................................................................................................... 5-23
Output Example ...................................................................................................................... 5-23
5.14. go config view bypass ................................................................................................. 5-32
Options .................................................................................................................................... 5-32
Output Example ...................................................................................................................... 5-32
5.15. go config view ips ....................................................................................................... 5-32
Options .................................................................................................................................... 5-32
Output Example ...................................................................................................................... 5-32
5.16. go config view key ...................................................................................................... 5-33
Options .................................................................................................................................... 5-33
Output Example ...................................................................................................................... 5-33
5.17. go config view network .............................................................................................. 5-35
Options .................................................................................................................................... 5-35
Output Example ...................................................................................................................... 5-35
5.18. go config view nic ....................................................................................................... 5-36
Options .................................................................................................................................... 5-36
Output Example ...................................................................................................................... 5-36
5.19. go config view web_safe ............................................................................................. 5-37
Options .................................................................................................................................... 5-37
Output Example ...................................................................................................................... 5-37

AOS Operation Guide vii


5.20. go config view web_update ........................................................................................ 5-38
Options .................................................................................................................................... 5-38
Output Example ...................................................................................................................... 5-38
5.21. go config view access_control .................................................................................... 5-39
Options .................................................................................................................................... 5-39
Output Example ...................................................................................................................... 5-39
5.22. go config view password_security ............................................................................. 5-40
Options .................................................................................................................................... 5-40
Output Example ...................................................................................................................... 5-40
5.23. go config view data_collect ........................................................................................ 5-41
Options .................................................................................................................................... 5-41
Output Example ...................................................................................................................... 5-41
5.24. actype .......................................................................................................................... 5-41
Options .................................................................................................................................... 5-41
Output Example ...................................................................................................................... 5-41
5.25. sw-tool.sh .................................................................................................................... 5-42
Options .................................................................................................................................... 5-42
Output Example ...................................................................................................................... 5-42
5.26. boxkey ......................................................................................................................... 5-42
Options .................................................................................................................................... 5-43
Output Example ...................................................................................................................... 5-43
5.27. snapshot ...................................................................................................................... 5-44
Options .................................................................................................................................... 5-44
5.28. ac_reboot..................................................................................................................... 5-45

viii AOS Operation Guide


FIGURES
Figure 1: NetEnforcer Management and Console Ports ............................................................... 2-3
Figure 2: SG-Tera Management Ports .......................................................................................... 2-4
Figure 3: SG-Sigma E14 Management Ports ............................................................................... 2-5
Figure 4: SG-Sigma E6 Management Ports ................................................................................. 2-6
Figure 5: SG-Sigma Management and Console Ports .................................................................. 2-7
Figure 6: SG-Tera IP Addresses ................................................................................................... 2-8
Figure 7: SG-Sigma E14 IP Addresses ...................................................................................... 2-10
Figure 8: SG-Sigma IP Addresses .............................................................................................. 2-11
Figure 9: IP Properties tab ............................................................................................................ 3-7

AOS Operation Guide ix


Chapter 1: Getting Started

1.1. Overview
The Allot Solution
Each Allot in-line platform runs AOS software. This software can be accessed in three
possible ways:

 AOS CLI: Used for initial configuration (mandatory), for troubleshooting and
for configuration of certain features - sometimes not covered by NX, sometimes
as an alternative to NX); (you can merge with the text you already have here)

 NetXplorer GUI: Used for network visibility, policy provisioning and Allot
network element management

 SNMP: Used for standard fault management, health monitoring and KPI
polling
This Guide focuses on the AOS CLI and the commands described are common to all in-
line platforms unless otherwise stated.

Configuring Initial Platform Parameters


Using the in-line platform CLI, a system administrator can perform several aspects of
initial configuration, including:
 Configuring network parameters (IP address, subnet, default gateway
etc.)
 Configure the bypass unit of the platform
 Configure the minimum or maximum number of allowed blades in a
multi-blade platform
 Enable or disable specific licensed features

Platform Troubleshooting
The CLI is most commonly used for platform troubleshooting. Amongst the
troubleshooting operations which are possible using in-line platform CLI, are the
following:
 Troubleshooting classification of traffic into rules
 Troubleshooting bandwidth throughput per platform and rule, before
and after QoS
 Reboot a particular platform or blade

AOS Operation Guide 1-1


Chapter 1: Getting Started

 View a software version

Rule Provisioning
While this is rarely used, the in-line platform CLI can also be used to provision rules
directly on the platform, bypassing the NetXplorer. Using this functionality, an operator
can for example, add, delete, change or rename policy elements in the system.

1.2. Terms and Concepts


This section introduces some of the basic terms and concepts used in NetXplorer.

NetXplorer
NetXplorer is a highly scalable Network Business Intelligence system that centrally
manages the NetEnforcer and Service Gateway product line. It enables strategic
decision-making based on comprehensive network application and subscriber traffic
analysis.

In-Line Platforms
Allot offers two different types of In-line Platform.
 NetEnforcer
NetEnforcers are the traffic management devices that inspect and monitor
network traffic.
 Service Gateway
The Service Gateway is a platform for enhancing service optimization and
service deployment. The Service Gateway provides an open, carrier-grade
solution for broadband service providers to manage multiple 10 or 1 Gigabit lines
and deploy value added services in one integrated platform. Application and
subscriber information within the Service gateway is identified for each traffic
flow and subsequently the flow is dispatched to an array of additional services
and actions using a single DPI process.

Data Collector
The Data Collector is an Allot appliance that can be added between the NetXplorer
Servers and the NetEnforcers or Service Gateways in order to support large numbers of
NetEnforcers or Service Gateways or those installed in remote geographic locations.

1-2 AOS Operation Guide


Chapter 1: Getting Started

QoS
QoS (Quality of Service) is the ability to define a level of performance in a data
communications system. In NetXplorer, QoS is an action applied to a connection when
the conditions of a filter are satisfied.
The QoS specified can include the following:
 Prioritized Bandwidth: Delivers levels of service based on class
levels. During peak traffic periods, the NetXplorer will slow down
lower priority applications, resulting in increased bandwidth delivery
to higher priority applications.
 Guaranteed Bandwidth: Enables the assignment of fixed minimum
and maximum amounts of bandwidth to specific Pipes, Virtual
Channels and connections. By borrowing excess bandwidth when it is
available, connections are able to burst above guaranteed minimum
limits, up to the maximum guaranteed rate. Guaranteed rates also
assure predictable service quality by enabling time-critical
applications to receive constant levels of service during peak and non-
peak traffic periods.
 Reserved Bandwidth on Demand: Enables the reservation of the
minimum bandwidth from the first packet of a connection until the
connection ends. This is useful when the bottleneck is not at the link
governed by the NetEnforcer or Service Gateway. By limiting other
connections (non-guaranteed), the NetEnforcer or Service Gateway
reserves enough bandwidth for the required Pipe or Virtual Channel.
 TOS Marking: Enables the user to set the ToS bytes in the
transmitted frame according to the DiffServ standard or free format.
 Access Control: Determines whether a connection is accepted,
dropped or rejected (Supported on AC-400 and AC-800 only). For
example, you can specify the following policy: accept 1000 ICMP
connections to Server1 and drop the rest. A NetEnforcer or Service
Gateway policy can also be to drop all P2P connections or accept new
connections with a lower priority
 Admission Control: Determines the bandwidth granted to a flow
based on your demand (for example, allocated minimum of 10kbps)
and the available bandwidth on the line.

Catalog Editors
Catalog Editors enable you to define values to define your policy. The possible values
for each condition of a filter and for actions are defined in the Catalog entries in the
Catalog Editors. A Catalog Editor enables you to give a logical name to a
comprehensive set of parameters (a Catalog entry). This logical name then becomes a
possible value for a condition or action

AOS Operation Guide 1-3


Chapter 1: Getting Started

Lines
A Line represents a physical or logical media in the system. A line provides a way of
classifying traffic that enables you to divide the total bandwidth and then manage every
Line as if it was an independent link. A Line consists of one or more sets of conditions
and a set of actions that apply when all of the conditions are met. A line is an address-
based or VLAN-based entity, and is not service-based.
A Line can aggregate several Pipes, acting like a container of Pipes from a QoS point of
view. The filter of the Fallback Line cannot be modified or deleted. A connection
coming into the NetEnforcer or Service Gateway is matched to a Line according to
whether the characteristics of the connection match all of the Conditions of the Line.
The connection is then further matched to the Conditions of a Pipe under the Line. The
actions defined for the Line influence all the Pipes under the Line. The actions defined
for a Pipe are enforced together with the actions of the Line.

Pipes
A Pipe provides a way of classifying traffic that enables you to divide the total
bandwidth and then manage every Pipe as if it was an independent link. Pipes cannot
stand alone and are always contained within a Line. A Pipe consists of one or more sets
of conditions and a set of actions that apply when all of the conditions are met. A Pipe
can aggregate several Virtual Channels, acting like a container of Virtual Channels from
a QoS point of view.
When you add a new Pipe, it always includes at least one Virtual Channel, the Fallback
Virtual Channel. The Fallback Virtual Channel filter cannot be modified or deleted. A
connection coming into a line is matched to a Pipe according to whether the
characteristics of the connection match all of the Conditions of the Pipe. The connection
is then further matched to the Conditions of a Virtual Channel under the Pipe. The
actions defined for the Pipe influence all the Virtual Channels under the Pipe. The
actions defined for a Virtual Channel are enforced together with the actions of the Pipe.

Virtual Channels
A Virtual Channel provides a way of classifying traffic and consists of one or more sets
of Conditions and a set of actions that apply when all of the Conditions are met. A
Virtual Channel is defined within a Pipe and cannot stand alone. A connection matched
to a Pipe is further matched to a Virtual Channel according to whether the
characteristics of the connection match all of the Conditions of the Virtual Channel.

Conditions
A Condition is defined at the Line level, Pipe level or Virtual Channel level. NetXplorer
matches connections to conditions, first at the Line level then at Pipe level and then
again at the Virtual Channel level within a Pipe.

1-4 AOS Operation Guide


Chapter 1: Getting Started

Templates
Templates enable you to create a "master" Pipe or Virtual Channel that upon saving will
create multiple Pipes or Virtual Channels similar to one another. Templates work with
host group entries defined in the Host Catalog. For example, if a host group entry in the
Host Catalog called Gold Customers consists of Company X, Company Y and
Company Z, you could define a Pipe template to be expanded for Gold Customers. This
would result in Pipes being created for Company X, Company Y and Company Z when
the Policy Editor is saved.
A Pipe or Virtual Channel template enables the fast creation of Pipes and Virtual
Channels on source/destination differentiation. This means that you do not need to
define similar Pipes and Virtual Channels when the only difference between them is the
IP address in the source or destination.

AOS Operation Guide 1-5


Chapter 2: Accessing the In-Line Platform CLI
All AOS In-line Platforms (NetEnforcers and Service Gateways) support the same user
access methods. Access to most of the CLI commands required is provided by the
sysadmin user privilege (Login as sysadmin. The default password is sysadmin).

2.1. Changing the Passwords


Allot provides end-users with CLI access to the system via a user privilege called
“sysadmin”. The sysadmin user can access all of the CLI commands outlined in this
guide. The default password for the sysadmin user is sysadmin.
In addition, each In-line Platform has an “admin” password, which is used to enable
secure communication between the NetXplorer and the In-line Platform. Whenever a
NetXplorer Operator wishes to add a new In-line Platform to the NetXplorer the admin
password of that device must be entered. In addition, no policy changes can be saved
without the correct In-line Platform admin password. The default admin password is
allot.
ATTENTION Allot STRONGLY recommends that the default passwords are changed to
ensure a minimum level of security.

To change the sysadmin password:


1. Use the supplied serial cable to connect the terminal to the
Console Connector on your In-line Platform.
2. Enter sysadmin for the login and the sysadmin password (default
is sysadmin), and then press <Enter>.
3. Enter passwd and then press <Enter>.
4. Enter a new password and press <Enter>. The password must be
between 5 and 8 characters. You can use a combination of upper
and lower case letters and numbers.
5. Re-enter the new password and press <Enter>.
NOTE You can further protect access to the Service Gateway by limiting the hosts that are
allowed to manage the unit. For more information see the NetXplorer Operation Guide.

AOS Operation Guide 2-1


Chapter 2: Accessing the In-Line Platform CLI

To change the admin password:


1. Use the supplied serial cable to connect the terminal to the
Console Connector on the front panel of the SGSV Blade located
in slot 1.
OR

Enable SSH and open an SSH session to the Service Gateway.


2. Enter sysadmin for the login and the sysadmin password (default
is sysadmin), and then press <Enter>.
3. Enter change_admin_pass and then press <Enter> to run the
script to change the admin password.
4. Enter a new admin password and press <Enter>.
5. Re-enter the new password and press <Enter>.

2-2 AOS Operation Guide


Chapter 2: Accessing the In-Line Platform CLI

2.2. Management Connections for CLI Access


A dedicated PC can be connected via a serial cable to the console port for initial IP
settings. This is located on the front panel of a NetEnforcer, on the SGSV-110 in slot 1
on an SG-Sigma, on the SFB blade in slot 1 on the SG-Sigma E6 and on the SFB blade
in slot 7 on the SG-Sigma E14 and SG-Tera.
Following initial configuration of network settings, the device can be remotely managed
over the Ethernet management port via Telnet or SSH.

NetEnforcer
Initial configuration of a NetEnforcer is achieved by connecting a local serial
connection to the CONSOLE port on the front panel. Subsequent management is then
achieved via the MGMT port.

CONSOLE MGMT

Figure 1: NetEnforcer Management and Console Ports

SG-Tera
Initial configuration of an SG-Tera is achieved by connecting a local serial connection
to the CONSOLE port of the SFB-400 in Slot 7 (front). Subsequent management is then
achieved by connecting two redundant management cables to the M1 and M2 ports
located on the RIO-8C blade in Slot 7 (rear). The two ports connected will work as
Active-Standby Lag.
There will always be one active port passing traffic while the other “Standby” ports will
be in admin state “down” and will not pass traffic.

AOS Operation Guide 2-3


Chapter 2: Accessing the In-Line Platform CLI

CONSOLE

M1

M2

Figure 2: SG-Tera Management Ports

2-4 AOS Operation Guide


Chapter 2: Accessing the In-Line Platform CLI

SG-Sigma E14
Initial configuration of an SG-Sigma E14 is achieved by connecting a local serial
connection to the CONSOLE port of the SFB-300 in Slot 7. Subsequent management is
then achieved by connecting two redundant management cables may be connected to
the MGMNT1 and MGMNT2 ports located on the SFB-300 blade in Slot 7. The two
ports connected will work as Active-Standby Lag.
There will always be one active port passing traffic while the other “Standby” ports will
be in admin state “down” and will not pass traffic.

MGMNT1

MGMNT2

CONSOLE

Figure 3: SG-Sigma E14 Management Ports

AOS Operation Guide 2-5


Chapter 2: Accessing the In-Line Platform CLI

SG-Sigma E6
Initial configuration of an SG-Sigma E16 is achieved by connecting a local serial
connection to the CONSOLE port of the SFB-300 in Slot 1. Subsequent management is
then achieved by connecting two redundant management cables may be connected to
the MGMNT1 and MGMNT2 ports located on the SFB-300 blade in Slot 1. The two
ports connected will work as Active-Standby Lag.
There will always be one active port passing traffic while the other “Standby” ports will
be in admin state “down” and will not pass traffic.

MGMNT1 MGMNT2

CONSOLE

Figure 4: SG-Sigma E6 Management Ports

2-6 AOS Operation Guide


Chapter 2: Accessing the In-Line Platform CLI

SG-Sigma
Initial configuration of the SG-Sigma is achieved by connecting a local serial
connection to the Console port on the SGSV-110 blade (in Slot 1). Subsequent
management is then achieved via the M1 (and M2 if redundancy is required) ports on
the SFC-200 blade located in slot 7.

CONSOLE

M1
M2

Figure 5: SG-Sigma Management and Console Ports

AOS Operation Guide 2-7


Chapter 2: Accessing the In-Line Platform CLI

2.3. Accessing CLI per Blade on Multi-blade


Platforms
SG-Tera
SFB-400/RIO- 8C (Slot 7) SFB-400/RIO-8C (Slot 8)
11.11.11.70/71 11.11.11.80/81

SFB-400/RIO-8C SFB-400/RIO-8C
(Slot 6) (Slot 9)
11.11.11.60/61 11.11.11.90/91

CC-400 (Slot 5) CC-400 (Slot 10)


11.11.11.50/51 11.11.11.100/101

CC-400 (Slot 4) CC-400 (Slot 11)


11.11.11.40/41 11.11.11.110/111

CC-400 (Slot 3) CC-400 (Slot 12)


11.11.11.30/31 11.11.11.120/121

CC-400 (Slot 2) CC-400 (Slot 13)


11.11.11.20/21 11.11.11.130/131

CC-400 (Slot 1) CC-400 (Slot 14)


11.11.11.10/11 11.11.11.140/141

SMC
11.11.11.1

Figure 6: SG-Tera IP Addresses


In the SG-Tera, the SFB blades each share their slot with a matching RIO blade that is
installed from the rear of the chassis. All of the relevant connectors for network traffic
and management are accessed on the RIO blade. All blades in an SG-Tera have two IP
addresses, one per XLP processor. For additional information concerning the SFB/RIO
blade combination see the SG-Tera Hardware Guide.
In order to access the SG-Tera to run CLI commands, open an SSH session to the server
by connecting to the M1 port of the RIO blade in slot 7 (rear) and log in with the
username sysadmin and password sysadmin
From the RIO you can open an SSH Session to each of the blades in the chassis,
according to the slot in which each blade is inserted. The Core controllers can be
accessed using the 20 IP addresses below (two per blade):

2-8 AOS Operation Guide


Chapter 2: Accessing the In-Line Platform CLI

 11.11.11.10/11

 11.11.11.20/21

 11.11.11.30/31

 11.11.11.40/41

 11.11.11.50/51

 11.11.11.100/101

 11.11.11.110/111

 11.11.11.120/121

 11.11.11.130/131

 11.11.11.140/141
The SFB-400/RIO-8C blades can be accessed using the 8 IP addresses below (two per
blade):

 11.11.11.60/61

 11.11.11.70/71

 11.11.11.80/81

 11.11.11.90/91
NOTE In order to open an SSH session to the shelf management controller, use the
command: ssh root@11.11.11.1. The password field should be left blank (just press
enter).

AOS Operation Guide 2-9


Chapter 2: Accessing the In-Line Platform CLI

SG-Sigma E14
SFB-300 (Slot 7) SFB-300 (Slot 8)
11.11.11.70 11.11.11.80

SFB-300 (Slot 6) SFB-300 (Slot 9)


11.11.11.60 11.11.11.90

CC-300 (Slot 5) CC-300 (Slot 10)


11.11.11.50 11.11.11.100

CC-300 (Slot 4) CC-300 (Slot 11)


11.11.11.40 11.11.11.110

CC-300 (Slot 3) CC-300 (Slot 12)


11.11.11.30 11.11.11.120

CC-300 (Slot 2) CC-300 (Slot 13)


11.11.11.20 11.11.11.130

CC-300 (Slot 1) CC-300 (Slot 14)


11.11.11.10 11.11.11.140

SMC
11.11.11.1

Figure 7: SG-Sigma E14 IP Addresses


In order to access the SG-Sigma E14 to run CLI commands, open an SSH session to the
server by connecting to the management port of the SFB-300 blade in slot 7 and log in
with the username sysadmin and password sysadmin
From the SFB-300 you can open an SSH Session to each of the blades in the chassis,
according to the slot in which each blade is inserted. The Core controllers can be
accessed using the 10 IP addresses below:

 11.11.11.10/20/30/40/50

 11.11.11.100/110/120/130/140
The Switch Flow balancers can be accessed using the 4 IP addresses below:

 11.11.11.60/70/80/90
NOTE In order to open an SSH session to the shelf management controller, use the
command: ssh root@11.11.11.1. The password field should be left blank (just press
enter).

2-10 AOS Operation Guide


Chapter 2: Accessing the In-Line Platform CLI

SG-Sigma
SFC-200 (Slot 7) SFC-200 (Slot 8)
11.11.11.70 11.11.11.80

FB-200 (Slot 6) FB-200 (Slot 9)


11.11.11.60/61/62 11.11.11.90/91/92

CC-220 (Slot 4/5) CC-220 (Slot 10/11)


11.11.11.40 11.11.11.100

CC-220 (Slot 2/3) CC-220 (Slot 12/13)


11.11.11.20 11.11.11.120

SGSV-110 (Slot 1)
11.11.11.250

SMC
11.11.11.1

Figure 8: SG-Sigma IP Addresses


In order to access the SG-Sigma to run CLI commands, open an SSH session to the
SGSV-110 blade in slot 1 by connecting to the SFC-200 management port and logging
in with the username sysadmin and password sysadmin
From the SGSV you can open an SSH Session to each of the blades in the chassis,
according to the slot in which each blade is inserted. The Core controllers can be
accessed using the 4 IP addresses below:

 11.11.11.20

 11.11.11.40

 11.11.11.100

 11.11.11.120
The Flow balancers each have 3 IPs that you can access:

 11.11.11.60/90 = Processor #1

 11.11.11.61/91 = Processor #2

AOS Operation Guide 2-11


Chapter 2: Accessing the In-Line Platform CLI

 11.11.11.62/92 = IPMC
Finally, the Switch Fabric blades can be accessed from the IPs below:

 11.11.11.70

 11.11.11.80
NOTE In order to open an SSH session to the shelf management controller, use the
command: ssh root@11.11.11.1. The password field should be left blank (just press
enter).

2-12 AOS Operation Guide


Chapter 3: CLI for Initial Platform Configuration

3.1. Network Parameters


You can use a standard terminal /PC running terminal emulation software connected to
the Console port to initially configure your In-line Platform’s IP addresses. Most
standard windows-based PC systems have a terminal emulation program called
HyperTerminal that can be used for this purpose. Configure the terminal to run VT100
terminal emulation with the following parameters:
 Baud rate 19200 (in the SG-Tera, 115200)
 8 bits
 Stop bits 1
 No flow control
 No parity
1. Use the supplied serial cable to connect the terminal to the
Console Connector on your In-line Platform.
2. Power up the SG-Tera.
3. At the terminal, select Start > Programs > Accessories and
double-click on the HyperTerminal icon. Enter a name for the
session and then set the com port and the parameters (see
previous). The system boots up and you are prompted for a login
and a password.
4. Enter sysadmin for the login and sysadmin for the password.
5. Use the go config ips command to configure the IP address,
gateway IP, DNS and NTP servers for the SG-Tera.
Command: go config ips
Usage: go config ips <-OPTION> <VALUE>...
Options:
-h Hostname set host name of NE
-d Domain set domain name of NE
-g <type:ip> set gateway IP address
-dns <dns1:dns2>|none set DNS IP addresses
-ts <ntp1:ntp2:ntp3>|none set NTP server IP addresses
-ip <type:ip:mask[:vlan]> set IP/netmask/VLAN ID

AOS Operation Guide 3-1


Chapter 3: CLI for Initial Platform Configuration

Examples
To set the IP address:
sysadmin@host-prc:~#: go config ips -ip <SG IP ADDRESS>:<MASK>

To set the gateway IP:


sysadmin@host-prc:~$ go config ips -g <GATEWAY IP ADDRESS>

To set the DNS server:


sysadmin@host-prc:~$ go config ips -dns <DNS IP ADDRESS>

To set the NTP server:


sysadmin@host-prc:~$ go config ips -ts <NTP IP ADDRESS>

It is now possible to connect to your In-line Platform via the Management port.

3.2. Resiliancy Parameters


The following parameters are set for Service Gateways only.
1. Set the minimum and maximum number of Core Controller
Blades using the following command:
go config network –cc <MIN:MAX>

If there are more CC blades in the system than the specified


maximum, the additional CC blades will be in standby mode. If
the number of CC blades is less than the minimum, the system
will go into bypass.
2. In SG-Tera and SG-Sigma E14/E6 In-line Platforms, define the
number of SFB blades installed in the chassis using the following
command:
go config network –sb <NUMBER>

If this value is set lower than the actual number of SFB blades
installed, then should one of the SFB blades fail the system will
not go into bypass and all packets directed to that SFB blade will
be dropped.
3. In SG-Sigma In-line Platforms, define the number of FB blades
installed in the chassis using the following command:
go config network –fb <NUMBER>

3.3. Bypass Configuration


1. Use the supplied serial cable to connect the terminal to the
Console Connector on your In-line Platform.

3-2 AOS Operation Guide


Chapter 3: CLI for Initial Platform Configuration

2. Power up the In-line Platform.


3. At the terminal, select Start > Programs > Accessories and
double-click on the HyperTerminal icon. Enter a name for the
session and then set the com port and the parameters (see
previous). The system boots up and you are prompted for a login
and a password.
4. Enter sysadmin for the login and sysadmin for the password.
5. Use the go config bypass command to select a Bypass Device for
the Service Gateway.
To enable an Allot Bypass Unit, enter the following command, where SFB
SLOT is the slot number of the SFB blade connected to the Bypass Unit:
go config bypass -unit <DEVICE ID>:add:external:<SFB SLOT>

For more information concerning configuring and connecting an external


Bypass Unit, see go config bypass on page 4-6 as well as the Hardware Guide
for your In-line Platform.

AOS Operation Guide 3-3


Chapter 3: CLI for Initial Platform Configuration

3.4. Centralized & Distributed Collection


Some Allot In-line Platforms have two modes of data collection:

 Distributed Collection: where data is collected on each Core


Controller blade and stored there. The host blade maintains a
central list of each data file, and the core controller informs the
host blade which files should be added or removed from the list
and on which blade each one is stored. This mode is supported by
all Allot In-line Platforms.

 Centralized Collection: where data is collected on each Core


Controller blade and transferred to the Host Blade where it is
stored. The host blade maintains a list of each data file that is
stored. This mode is supported by the SG-Sigma, SG-Sigma E14
and SG-Sigma E6 platforms only.
Allot recommends that Distributed Collection be used when 5 or more Core Controller
blades are installed in a Service Gateway chassis with a typical policy structure or when
four Core Controllers are installed and you have more than 500,000 VCs per Core
Controller.
For example, if five Core Controllers are installed in Service Gateway or if four Core
Controllers are installed and the VCs per Core Controller are 512,000, then Distributed
Mode is recommended. However, if you have only three Core Controllers then
Distributed Collection is NOT required, even if the VCs per Core Controller reaches
600,000 or higher.
If you have a large number of Core Controllers (for example, 10) but an unusually small
number of VCs per Core Controller (such as 100,000), then Distributed Collection is
not required.
Distributed Collection MUST be used with the SG-Tera. When an IP is assigned to a
CC-400 blade installed in the SG-Tera, it automatically receives TWO IPs (one for each
processor), the address you assign as well as the next in sequence. For example, if you
assign 1.1.1.1 to a CC-400 blade, then CPU 1 on that blade will be at 1.1.1.1 and CPU 2
will be at 1.1.1.2.
In addition, Distributed Collection must be used when using a Data Mediator with
HDRA/HDR CDRs enabled, or when using an SMP and the number of active sessions
exceeds 3 million. In the last case, IP addresses must be assigned to all SFB blades as
well. If in doubt, contact Allot Customer Support.

3-4 AOS Operation Guide


Chapter 3: CLI for Initial Platform Configuration

In order to enable distributed collection you will need to assign IP addresses from the
management network to each CC blade (and in some cases each SFB blade) in the
system and then enable direct access to them. When an IP is assigned to a CC-400 blade
installed in the SG-Tera, it automatically receives TWO IPs (one for each processor),
the address you assign as well as the next in sequence. For example, if you assign
1.1.1.1 to a CC-400 blade, then CPU 1 on that blade will be at 1.1.1.1 and CPU 2 will
automatically be assigned 1.1.1.2. The procedures for doing this are detailed below.

To set the IP for each blade individually:


Enter the following commands for the relevant slots:
go config blade_mngt_ips -base_ip x.x.x.x:255.255.0.0 -g y.y.y.y -slots 1:1
go config blade_mngt_ips -base_ip x.x.x.x:255.255.0.0 -g y.y.y.y -slots 2:2
go config blade_mngt_ips -base_ip x.x.x.x:255.255.0.0 -g y.y.y.y -slots 3:3
go config blade_mngt_ips -base_ip x.x.x.x:255.255.0.0 -g y.y.y.y -slots 4:4
go config blade_mngt_ips -base_ip x.x.x.x:255.255.0.0 -g y.y.y.y -slots 5:5
go config blade_mngt_ips -base_ip x.x.x.x:255.255.0.0 -g y.y.y.y -slots
10:10
go config blade_mngt_ips -base_ip x.x.x.x:255.255.0.0 -g y.y.y.y -slots
11:11
go config blade_mngt_ips -base_ip x.x.x.x:255.255.0.0 -g y.y.y.y -slots
12:12
go config blade_mngt_ips -base_ip x.x.x.x:255.255.0.0 -g y.y.y.y -slots
13:13
go config blade_mngt_ips -base_ip x.x.x.x:255.255.0.0 -g y.y.y.y -slots
14:14

6. To view the configuration, type the following command:


sysadmin@EXC-SBH[1/6]:~$ go config view
blade_mngt_ips

To set the IPs for blades in slots 1-5 and 10-14 in two steps:
Enter the following commands:
go config blade_mngt_ips -base_ip x.x.x.x:255.255.0.0 -g y.y.y.y -slots
1:5
go config blade_mngt_ips -base_ip x.x.x.x:255.255.0.0 -g y.y.y.y -slots
10:14

In the commands above x.x.x.x:255.255.0.0 represents the IP:Subnet Mask while


the y.y.y.y represents the Default Gateway. The –slots value 1:5 means that the
slot number will increment up from 1 to 5, while 10:14 means the slot number
will increment up from 10 to 14.

AOS Operation Guide 3-5


Chapter 3: CLI for Initial Platform Configuration

Using these commands on the SG-Sigma, SG-Sigma E14 or Sg-Sigma E6 will


cause the IP address (x.x.x.x in the example) to increment up as follows:

 CC n will get IP address x.x.x.x

 CC n+1 will get IP address x.x.x.x+1

 etc.
Using these commands on the SG-Tera will cause the IP address (x.x.x.x in the
example) to increment up as follows:

 CC n will get IP address x.x.x.x and x.x.x.x+1

 CC n+1 will get IP address x.x.x.x+2 and x.x.x.x+3

 etc.

To enable Distributed Collection in the NetXplorer:


1. In the Navigation pane, select and right-click the desired In-line
Platform in the Navigation tree and select Configuration from the
popup menu.
OR
Select the desired In-line Platform in the Navigation tree and then select
Configuration from the View menu.
OR

Select the desired In-line Platform in the Navigation tree and then click the
Configuration icon on the toolbar.
The Configuration window for the selected NetEnforcer or Service Gateway is
displayed.
2. Select the IP Properties tab.
3. In the Direct Access pane, check the Management IP per CC
checkbox.

3-6 AOS Operation Guide


Chapter 3: CLI for Initial Platform Configuration

Figure 9: IP Properties tab

3.5. Deployment Profiles


In order to ensure that the In-line Platform is properly configured to meet your needs
and the requirements of your network, different device deployment profiles can now be
configured.
Each profile provides a different balance of the system resources of the In-line Platform.
For example, a Default profile gives balanced performance, optimized for the average
network while a Network profile, intended for fixed network deployments, supports a
large amount of traffic and is optimized to support a large number of simultaneous
connections and a high Connection Establishment Rate.
The Device Profile may be set via the CLI using the following commands:
go config deployment_profile <PROFILE NAME>

Different in-line platforms have different available deployment profiles. For the
available Deployment Profiles for your In-line Platform and AOS version as well as the
as well as the internal division of resources for each deployment profile (e.g: number of
connections, number of rules), see the appropriate appropriate AOS Release Notes.

AOS Operation Guide 3-7


Chapter 3: CLI for Initial Platform Configuration

3.6. Installation Commands


aos-instl.sh
Use this command to run the AOS installation script.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-p Full path of file to be installed
(without file name). Default is
current directory.
-e Engineering Install
-s <NUM> Install only on the blade in the
indicated slot num.
Enter a value of zero to install as
an engineering install on the blade
you are connected to (SG-Sigma
E14 only).
-c <NUM> To install the software on a No
specific CPU (SG-Tera only)
-x Sets the switchover partition action
(SG-Tera only).
Possible values are:
0 - switch over device if
installation succeeded (default).
1 - force switch over.
2 - do not switch over.
-r Set reboot action. Possible values
are:
0 - reboot device if installation
succeeded (default).
1 - force reboot.
2 - do not reboot.
-f Force install and skip all questions
(use default answers) i.e. don't
prompt for inputs.
3-8 AOS Operation Guide
Chapter 3: CLI for Initial Platform Configuration

IN NX
PARAMETERS DESCRIPTION
GUI
-q <NUM> Set verbosity level of logs
(default:4).
-o Specify various install options.
Available options are:
- skip-shmc-test : skip ShMC
connectivity test.
- permit-root-ssh : Permit root
SSH.
- fb-force-kernel-upg : force flow-
balancer kernel upgrade (SG-
Sigma only).
- update-chassis-power : Update
the power distribution (SG-Sigma
only)
-S <LIST> Install a list of slots.
For example, to install slots 1,5,7,
type: -S 1,5,7

Example
aos-instl.sh –s 2 –c 1 -f

AOS Operation Guide 3-9


Chapter 3: CLI for Initial Platform Configuration

sw_tool.sh
Use this command to switch between the active and inactive installation partitions (SG-
Tera Only). When entered without parameters this command displays the active and
inactive partition information for all slots and CPUs.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-x Switch over and reboot, swapping
the active and inactive partitions.
-f Force switch over, even if one of
the Inactive partitions is not valid.
-s <SLOT> Specific slot
-2 : all (default)
-1 : Standalone
0 : locally on the slot
1-6/14 : Specific slot number

Example
sw_tool.sh –x –s -2

3-10 AOS Operation Guide


Chapter 3: CLI for Initial Platform Configuration

change_admin_pass
This command runs a script that allows a user signed in as sysadmin to change the
default admin password on an In-line Platform.
In addition to the sysadmin user, each in-line platform has an “admin” password,
which is used to enable secure communication between the NetXplorer and the In-Line
platform. Whenever a NetXplorer Operator wishes to add a new In-Line platform to the
NetXplorer the admin password of that In-Line platform must be entered. In addition,
no policy changes can be saved without the correct In-Line platform admin password.
The default admin password is allot.

AOS Operation Guide 3-11


Chapter 4: CLI for Advanced Feature Configuration
(go config)

4.1. go config access_control


Use these commands to add or remove a host IP address from the list of those that may
access this platform.

Options
IN NX
<OPTION> DESCRIPTION
GUI
<-IP ADDRESS|+IP ADDRESS> <-IP ADDRESS> Yes
removes a host
<+IP ADDRESS>
adds a host

Examples

To add two hosts to the access list for the platform:


go config access_control +111.111.111.111, +222.222.222.222

To add one host and remove one host from the access list for the platform:
go config access_control +333.333.333.333, -222.222.222.222

AOS Operation Guide 4-1


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.2. go config asymmetric_steering


Use this command to enable support for a proxy service in an asymmetric network with
2xNEs/SGs

Options
IN NX
PARAMETERS DESCRIPTION
GUI
enable|disable No
-ne_connect <ADDRESS:USER Parameters to connect No
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write No
permissions to CLI
client

Example
go config asymmetric_steering enable

4-2 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.3. go config asymmetry


Use this command to enable or disable the asymmetry function on the selected platform,
and to define the various asymmetry connection characteristics.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-admin <enable|disable> Enables asymmetry on Yes
local device
-gid <0-7> Sets group ID Yes
membership of local
device
-loc_did <0-15> Sets device ID of local Yes
device within the group
-transport <point2point|MAC|IP> Transport type for No
control traffic
-health_check <enable|disable> Health check of remote Yes
devices in the group

Example
go config asymmetry -admin enable -gid 1 -loc_did 12
NOTE These commands can be executed only when the device has not as of yet been added
to a NetXplorer.

AOS Operation Guide 4-3


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.4. go config asymmetry_remote_device


Use this command to configure VLAN settings for the devices which are part of the
asymmetry group.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-rem_did <0-7> Selects the remote device Yes
by ID number
delete -rem_did <0-7> Deletes the selected remote Yes
device.
-switch_id <0-1> Sets the SFC blade that the Yes
remote device is connected
to.
-port <1-12> Sets the port on the SFC Yes
blade that the remote
device uses.
-vid <1-4094> ID of the VLAN used to Yes
carry control packets to the
remote device.
(used for point2point
transport)
-mac <xx:xx:xx:xx:xx:xx> Remote device MAC Yes
address
(used for L2 bridge
transport)
-ip <xx.xx.xx.xx> Remote device IP address Yes
(used for L3 transport)
-ne_connect <ADDRESS:USER Parameters to connect to Yes
NAME:PASSWORD> the Data Server
(by default this is set to
localhost)
-f Forces the write N/A
permissions to CLI client

Example
go config asymmetry_remote_device –rem_did 2 -port -ip 11.132.4.111

4-4 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.5. go config blade_mngt_ips


Use this command in circumstances where each of the Core Controller or SFB blades in
a Service Gateway requires its own IP address to configure Distributed Collection.
For information concerning when to use distributed collections, see Centralized &
Distributed Collection on page 3-4.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-base_ip<IP:MASK> The Management IP and No
netmask.
-g <IP> gateway IP address No
-slots <FIRST:LAST> First and Last slot No
numbers in range

Example
go config blade_mngt_ips -base_ip 12.5.200.14:255.255.0.0 -g 12.5.200.40 -slots
1:1

AOS Operation Guide 4-5


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.6. go config bypass


go config bypass –bypass_unit
Use this command to enable or disable the bypass mechanism of the platform (either an
external bypass unit or an internal bypass blade).

Options
IN NX
PARAMETERS DESCRIPTION
GUI
<enable|disable> Enables or disables No
bypass

Examples

To make the in-line platform work without a bypass unit/blade:


go config bypass -bypass_unit disable

4-6 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
go config bypass –unit
Use this command to configure the bypass-platform connection characteristics (either
an external bypass unit or an internal bypass blade), once it has been enabled.

Syntax
go config bypass -unit <ID NUMBER>:<ACTION>:<TYPE>:<SLOTS>:
<UNITS>

Options
IN NX
PARAMETERS DESCRIPTION
GUI
ID NUMBER ID NUMBER is the No
index number of the
Bypass unit
ACTION ACTION values are:
add
remove
update
TYPE TYPE values are:
external,
blade,
on-board (AC-500)
SLOTS SLOTS values are:
Location of the Service
Gateway blade feeding
the bypass unit with the
keepalive signal (in
case of an External
Bypass unit)
OR
Location of the Internal
Bypass blade in the
Service Gateway
chassis.

AOS Operation Guide 4-7


Chapter 4: CLI for Advanced Feature Configuration (go
config)
IN NX
PARAMETERS DESCRIPTION
GUI
UNITS UNITS values are:
Number of External
Bypass units that are
getting the keepalive
signal. Acceptable
options are 1 or 2 (in
case of usage of with
AC-6000 or EXC Rev
C)

Examples

To add the first EXTERNAL bypass unit to an SGS, getting the keepalive signal from
the CC-200 in Slot 2
go config bypass -unit 1:add:external:2:1

To add a second EXTERNAL bypass unit to a SG-S E14, getting the keepalive signal
from the SFB-300 in Slot 8:
go config bypass -unit 2:add:external:8:1

To add the first INTERNAL bypass blade to a SG-S E6, where the bypass blade located
in Slot 6
go config bypass -unit 1:add:blade:6:1

To add the first EXTERNAL bypass unit to a SG-S E14, getting the keepalive signal
from the SFB-300 in Slot 7, and detecting the keepalive per each of the two bypass
units at the end of the cable.
go config bypass -unit 1:add:external:7:2

4-8 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.7. go config cer


Use this command to set the maximum connection establishment rate limit for the in-
line platform
When this value is reached one of two actions can be selected to take place:

 Drop – Every session over the CER limit will be dropped.

 Bypass – Every session above the CER limit will be bypassed and will not go
through any of the DPI mechanisms.
You can’t enter a number more than the maximum CER for the device.
Number entered is per blade in multi-blade systems

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-value <0-MAX_CER> CER value per No
processing unit
-action <bypass|drop> Action if CER value No
exceeded
-ne_connect <ADDRESS:USER Parameters to connect No
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write No
permissions to CLI
client

Example
go config cer -value 50000 -action drop

AOS Operation Guide 4-9


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.8. go config data_collect


Use this command to control the data collection profile of the In-Line platform, by
enabling or disabling the retrieval of statistics buckets as well as the collection of
external host information. In addition, this command provides control of the short term
data collection profile.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-conv_export <enable|disable> Enables Conversation Yes
Export
For use in conjunction
with Data Mediator
-ext_host <enable|disable> Enables/disables No
external host
-int_host <enable|disable> Enables/disables No
internal host
-service_bkt <enable|disable> Enables service No
statistics bucket
-30sec_bucket <enable|disable> Enables 30 Second No
Buckets
-service_id <enable|disable> This command is used No
to disable collection of
data for services and
service groups. When
this is disabled, the
platform will only
collect monitored
service groups. This is
sometimes done to
reduce the amount of
data collected and sent
to ClearSee, thus
enabling significantly
reduced sizing.
-nh_asn <enable|disable> Enables Next Hop ASN No
-dest_asn <enable|disable> Enables Destination No
ASN

4-10 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
IN NX
PARAMETERS DESCRIPTION
GUI
-dev_cli_id <enable|disable> Enables device client No
ID
-tether_indication <enable|disable> Enables tethering No
indication.
-policy_id <enable|disable> Enables Policy ID No
-instance_id <enable|disable> Enables Instance ID No
-min_golden_app_records <NUM> Sets Minimum Number No
of Golden Applications
-ne_connect <ADDRESS:USER Parameters to connect No
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write No
permissions to CLI
client

Examples
go config data_collect -no_ext_host disable
go config data_collect -st_reduction accuracy

AOS Operation Guide 4-11


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.9. go config deployment_profile


Use this command to configure the deployment profile of the Service Gateway,
balancing the Core Controller's resources between network deployments (more
Connections/CER/Traffic BW) and subscriber deployments (more active
Lines/Pipes/VC's and more Monitoring rules)

Options
IN NX
<OPTION> DESCRIPTION
GUI
<PROFILE> Sets deployment profile No
for selected Service
Gateway.
PROFILE examples
include:
video_class
network
default
enhanced_monitoring
subscribers
enhanced_subscribers

For use in conjunction


with Service Gateway
platforms. The actual
profiles available and
their parameters will
depend upon the
software version and In-
line Platform model.
For more information
see the appropriate
AOS Release Notes.

Examples
go config deployment_profile network

4-12 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.10. go config device_bw_limits


Use this command to control the In-Line platform overall bandwidth limitation
(depending on the platform type and its QoS license). You can configure a BW
limitation value for Full or Half Duplex modes, as well as for both traffic directions or
for each direction separately

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-qos_type <full_both|full_each|half_duplex> Sets the QoS behavior Yes
and direction
-both <VALUE or max> Sets the maximum Yes
bandwidth in both
directions
-internal <VALUE or max> Sets the maximum Yes
bandwidth for internal
direction
-external <VALUE or max> Sets the maximum Yes
bandwidth for external
direction

Examples
go config device_bw_limits -qos_type full_both -both 30000
NOTES Setting max bw in both directions can be used only when qos_type = full_both or
half_duplex
Setting max bw for internal or external direction can be used only when qos_type =
full_each

AOS Operation Guide 4-13


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.11. go config dhcp_gleaning


go config dhcp_gleaning -filter
Use this command when you use in band DHCPv4 to inform the In-line Platform
to mirror packets by Client originated traffic, Server originated or Both (NET
feature)

Syntax
go config dhcp_gleaning -filter <PARAMETER>

Options
IN NX
PARAMETERS DESCRIPTION
GUI
none No filtering for DHCPv4 No
client Client to server DHCPv4 No
messages only
server Server to client DHCPv4 No
messages only
both Both directions for DHCPv4 No

Examples
go config dhcp_gleaning –filter both

go config dhcp_gleaning –filterv6


Use this command when you use in band DHCPv6 to inform the In-line Platform
to mirror packets by Client originated traffic, Server originated or Both (NET
feature)

Syntax
go config dhcp_gleaning –filterv6 <PARAMETER>

Options
IN NX
PARAMETERS DESCRIPTION
GUI
none No filtering for DHCPv6 No
client Client to server DHCPv6 No
messages only

4-14 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
IN NX
PARAMETERS DESCRIPTION
GUI
server Server to client DHCPv6 No
messages only
both Both directions for DHCPv6 No

Examples
go config dhcp_gleaning –filterv6 server

go config dhcp_gleaning –max_rate


Use this command to set the maximum rate per device for DHCP gleaning.

Syntax
go config dhcp_gleaning –max_rate <VALUE IN PKTS/SEC>

Options
IN NX
PARAMETERS DESCRIPTION
GUI
<VALUE IN PKTS/SEC> Max filtered DHCPv4 and No
DHCPv6 packets rate per
device

Examples
go config dhcp_gleaning –max_rate 16000

AOS Operation Guide 4-15


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.12. go config dpi_control


Use this command to enable or disable the DPI function of the platform

Options
IN NX
PARAMETERS DESCRIPTION
GUI
enable|disable No

Examples
go config dpi_control disable

4-16 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.13. go config fer_if_alarm


Use this command to configure the frame error rate alarms.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-iflabel <LABEL> The name of the interface. No
Acceptable labels include:
SB_7_L1, SB_7_L2, SB_7_L3,
SB_7_L4, SB_7_L5, SB_7_L6,
SB_8_L1, SB_8_L2, SB_8_L3,
SB_8_L4, SB_8_L5, SB_8_L6,
MGMNT
-direction <in|out> Direction of interface. No
-fer_thresholds:<RISING Sets the rising and falling No
THRESHOLD>:<FALLING thresholds for alarm generation.
THRESHOLD> Values may be set in the range
of 0.001 to 99.999.
The falling threshold must be
smaller than the rising
threshold.
-status <STATUS> Status may be set to enable or No
disable.

Examples
go config fer_if_alarm –iflabel SB_8_L4 –direction out –fer_thresholds:10.1:5.02 –
status enable

AOS Operation Guide 4-17


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.14. go config fib_learn_mode


Use this command to set FIB (Forwarding Information Base) learning mode on the In-
line Platform. This is required when working with redirection.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
<MODE> MODE values are: No
disable
symmetric
asymmetric
-ne_connect <ADDRESS:USER Parameters to connect No
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write No
permissions to CLI
client

Example
go config fib_learn_mode asymmetric

4-18 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.15. go config hairpin


Use this command when the In-line Platform is deployed up in hairpin configuration
(between two interfaces on the same router). This command is only available on
NetEnforcer AC-1400 and AC-3000 models shipped after 2011.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
enable|disable No

Examples
go config hairpin disable

AOS Operation Guide 4-19


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.16. go config ip_interface


go config ip_interface add
Use this command to set an IP interface on the In-line Platform with proxy based
redirection.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-name <NAME> Set the name of the IP No
interface
-ip <IP:MASK> Set IP/netmask of No
interface
-vlan <0-4095> Sets the VLAN ID. No
Entering 0 indicates that
the interface is
untagged.
-port <LABEL> Outgoing port label. No
LABEL values are:
EXTERNAL0
EXTERNAL1
EXTERNAL2
EXTERNAL3
INTERNAL0
INTERNAL1
INTERNAL2
INTERNAL3
-ne_connect <ADDRESS:USER Parameters to connect No
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write N/A
permissions to CLI
client

Example
go config ip_interface add -name SFB_7_L3 -ip 192.68.0.2:255.255.255.0 -vlan 101
-port SB_7_L3

4-20 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
go config ip_interface delete
Use this command to remove an IP interface on the In-line Platform with proxy based
redirection.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-name <NAME> Set the name of the IP No
interface
-ip <IP:MASK> Set IP/netmask of No
interface
-vlan <0-4095> Sets the VLAN ID. No
Entering 0 indicates that
the interface is
untagged.
-port <LABEL> Outgoing port label. No
LABEL values are:
EXTERNAL0
EXTERNAL1
EXTERNAL2
EXTERNAL3
INTERNAL0
INTERNAL1
INTERNAL2
INTERNAL3
-ne_connect <ADDRESS:USER Parameters to connect No
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write N/A
permissions to CLI
client

Example
go config ip_interface delete -name SFB_7_L3 -ip 192.68.0.2:255.255.255.0 -vlan
101 -port SB_7_L3

AOS Operation Guide 4-21


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.17. go config ips


Use these commands to assign IP addresses to devices (In-Line platforms), including IP
address and Mask, Default Gateway, DNS, NTP Server, Host Name and Domain Name.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-h <HOSTNAME> Set host name of In-line Yes *
Platform
-d <DOMAIN> Set domain of In-line Yes *
Platform
-g <IP ADDRESS> Set gateway IP address Yes *
-dns <DNS1:DNS2>|none Set DNS IP addresses Yes *
-ts <NTP1:NTP2:NTP3>|none Set NTP time server IP Yes *
addresses
-ip <IP:MASK> Set IP/netmask of interface Yes *
*Can be changed from the IP Properties dialog of the NX GUI but initial configuration
of the in-line platform must be performed via the CLI command.

Examples
go config ips -ip 10.4.3.11:255.255.0.0 -g 10.4.0.1 -dns 172.17.0.10:172.18.0.10
NOTE Configuration of the IP/Mask and Default Gateway of the device is done via direct
console cable. All additional command options (e.g. DNS, NTP) can be configured via
the MNG connection.

4-22 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.18. go config key


Use this command to enter the platform’s license key.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
<KEY_STRING> Sets the license key for the Yes
selected platform

Examples
go config key <key_string>

AOS Operation Guide 4-23


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.19. go config link_auto_recovery


Use this command to enable a mechanism that identifies links in which both ports are at
"admin=down" state due to the fact that one side was flickering and brings them up.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
enable|disable No

Example
go config link_auto_recovery enable

4-24 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.20. go config network


go config network –dev_mode
Use these commands to configure the platform’s connection to the network.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
<DEV_NUM:MODE> Sets the device mode
of the selected blade
or device
DEV_NUM values
are:
<Slot Number>
System

MODE values are:


active
bypass
reboot
reset
halt

Examples

To reboot a NetEnforcer:
go config network -dev_mode system:reboot

AOS Operation Guide 4-25


Chapter 4: CLI for Advanced Feature Configuration (go
config)
go config network –hrm_mode
Use this commands to enable or disable HRM mode.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
<enable|disable> Yes

Examples

To Disable hrm mode for the selected platform.


go config network –hrm_mode disable

4-26 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
go config network –bypass_unit
Use these commands to enable or disable the connection of a bypass unit.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
<enable|disable> If this value is entered Yes
as disable no bypass
unit may be
connected, so if the
platform goes down
all packets will be
dropped.

Examples

To Disable bypass units for the selected platform.


go config network -bypass_unit disable

AOS Operation Guide 4-27


Chapter 4: CLI for Advanced Feature Configuration (go
config)
go config network -cc
Use these commands to set the minimum and maximum number of Core Controllers.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
<MIN:MAX> This command is only No
relevant for the SG-
Sigma, SG-Sigma E6
and SG-Sigma E14.

Examples

To set the minimum and maximum Core Controller blades on an SG Sigma with 4 CC
blades:
go config network -cc 2:3

4-28 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
go config network -sf
Use these commands to set minimum number of Switch Fabric blades.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
<MIN> This command is only No
relevant for the SG-
Sigma.

Examples

To set the minimum Switch Fabric blades on an SG Sigma:


go config network -sf 2
NOTE In the example above, the system will go into Bypass mode if less than 2 Switch Fabric
blades are active.

AOS Operation Guide 4-29


Chapter 4: CLI for Advanced Feature Configuration (go
config)
go config network -fb
Use this commands sets the minimum number of Flow Balancers.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
<MIN> This command is only No
relevant for the SG-
Sigma.

Examples

To set the minimum Flow Balancer blades on an SG Sigma:


go config network -fb 2
NOTE In the example above, the system will go into Bypass mode if less than 2 Flow
Balancers are active.

4-30 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
go config network -sb
Use this commands to set the minimum number of Flow Balancers that may be installed
in an SG-Sigma E6 or E14 platform.

Options
IN NX
OPTION VALUES
GUI
<MIN> This command is only relevant for No
the SG-Sigma E6 and E14 platforms.

Examples

To set the minimum Flow Balancer blades on an SG Sigma E14:


go config network –sb 2
NOTE In the example above, the system will go into Bypass mode if less than 2 Flow
Balancers are active.

AOS Operation Guide 4-31


Chapter 4: CLI for Advanced Feature Configuration (go
config)
go config network –redund_mode
Use these commands to set the platform’s redundancy mode.

Options
IN NX
OPTION VALUES
GUI
<MODE> standalone
active

Examples

To enable Active Redundancy on a platform:


go config network -redund_mode active

4-32 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
go config network –hrm_mode
Use these commands to set the platform’s Host Blade Redundancy mode (as of
AOS14.1.40).

Options
IN NX
OPTION VALUES
GUI
<enable|disable> If this value is entered as enable then No
the SFB blade in Slot 8 on an SG-
Sigma E14 or SG-Tera and the SFB
Blade in Slot 2 on an SG-Sigma E6
will act as a redundant host blade,
taking over Host blade duties should
the primary Host blade fail.

Examples

To enable Host Blade Redundancy on a platform:


go config network -hrm_mode enable

AOS Operation Guide 4-33


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.21. go config network_activity_time


Use this command to configure the CONV field NetworkActivityTime.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
enable/disable Must be enabled in No
order to send
Conversations records
to the Data Mediator
-id Service ID No
-traffic Traffic per interval (in No
Bytes)
-default Default baseline traffic No
(in Bytes)
-ne_connect <ADDRESS:USER Parameters to connect No
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write N/A
permissions to CLI
client

Example
go config network_activity_time –id 6 –traffic 500000

4.22. go config next_hop_router


Use this command to configure the NE/SG to be the next hop router when working with
Generic Proxy Redirection (L3 Transparent, L2 Non Transparent)

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-ifc_type <4 or 6> Network interface type. No
Enter 4 for IPv4 or 6 for
IPv6.

4-34 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
IN NX
PARAMETERS DESCRIPTION
GUI
-switch_id <0-1> Sets the SFC blade that No
the next hop router is
connected to.
-port <1-12> Sets the port on the SFC No
blade that the next hop
router uses.
-vlan <1-4094 or none> ID of the VLAN used to No
carry control packets to
the next hop router
-mac <xx:xx:xx:xx:xx:xx> Next hop router MAC No
address
-ip <xx.xx.xx.xx> Next hop router IP No
address
-ne_connect <ADDRESS:USER Parameters to connect No
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write N/A
permissions to CLI
client

Example
go config next_hop_router external -ifc_type 4 -ip 192.70.0.1
go config next_hop_router internal -ifc_type 4 -switch_id 0 -port 3 -mac
A1:A1:A1:A1:A1:A1 –vlan 101

4.23. go config nic


Use this command to configure the device Network Interfaces physical
parameters (mode, speed), as well as their logical functionality (port usage, action on
failure).

Syntax
go config nic <LABEL>:<MODE>:<SPEED>:<FAILURE_ACTION>
:<PORT_USAGE>

AOS Operation Guide 4-35


Chapter 4: CLI for Advanced Feature Configuration (go
config)
Options
IN NX
PARAMETERS DESCRIPTION
GUI
<LABEL> LABEL values are:
EXTERNAL0
EXTERNAL1
EXTERNAL2
EXTERNAL3
INTERNAL0
INTERNAL1
INTERNAL2
INTERNAL3
SERVICE1
SERVICE2
SERVICE3
SERVICE4
MGMNT

<MODE> MODE values are:


full
auto

<SPEED> SPEED values are:


10
100
1000
AUTO

<FAILURE_ACTION> FAILURE_ACTION values are:


none
fail_pair
fail_all
bypass

4-36 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
IN NX
PARAMETERS DESCRIPTION
GUI
<PORT_USAGE> PORT_USAGE values depend on
the selected port and the specific in-
line platform, as follows:
AC-500
EXT0 / INT0 = network
ETX1 / INT1 = clone (for
redundancy)
AC-1000/AC-3000
All ETX /INT ports = network,
redirect_indirect, redirect_direct
All Service ports =
redirect_indirect, redirect_direct,
asymmetry
SG-Sigma
SFC L3 / L4 = network, storage,
asymmetry
SFC L5 - L8 = network,
redirect_indirect
SG-Sigma E
SB L1 / L2 = network, storage,
asymmetry
SB L3 - L6 = network,
redirect_indirect
The MGMNT port on all In-Line
platforms is always set to
management
-stp <enable|disable> Enables support for Spanning Tree Yes
protocol
(Non AOS products only)

Examples
go config nic EXTERNAL1:full:auto:none:network
go config nic INTERNAL3:full:1000:none:redirect_direct

4.24. go config optical_if_alarm


Use this command to configure the optical interface alarms.

AOS Operation Guide 4-37


Chapter 4: CLI for Advanced Feature Configuration (go
config)
Options
IN NX
PARAMETERS DESCRIPTION
GUI
-iflabel <LABEL> The name of the interface. No
Acceptable labels include:
SB_7_L1, SB_7_L2, SB_7_L3,
SB_7_L4, SB_7_L5, SB_7_L6,
SB_8_L1, SB_8_L2, SB_8_L3,
SB_8_L4, SB_8_L5, SB_8_L6,
MGMNT
-direction <in|out> Direction of interface. No
-power_thresholds:<LOW Sets the low and high thresholds No
THRESHOLD>:<HIGH for alarm generation. Values
THRESHOLD> may be set in the range of -99.0
to 99.0.
The high threshold must be
greater than the low threshold.
-status <STATUS> Status may be set to enable or No
disable.

Examples
go config optical_if_alarm –iflabel SB_8_L4 –direction out –power_thresholds
10:50 –status enable

4-38 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.25. go config password_security


Use this command to configure the password characteristics (length, expiration date,
etc).

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-exp_days <VALUE> Number of days before No
password expires.
Entering a value of 0 means the
password will not expire.
-warn_days <VALUE> Number of days before the No
password expires that a warning
is given.
Entering a value of 0 means that
no warning is given.
-length <5-127> The minimum required length No
of a password.
-char_enforce <enable|disable> Toggles character enforcement No
-default Reverts to the default password No
values (No expiration, no
warning, length = 5, no
character enforcement)

Examples
go config password_security -exp_days 30

AOS Operation Guide 4-39


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.26. go config pcap


Use this command to configure authorization control for ad hoc packet capture.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
<session|persistent|disable|remove> Session indicates that No
users are authenticated
on a session by session
basis, while Persisent
means that a user will
stay authorized between
sessions.
-ne_connect <ADDRESS:USER Parameters to connect No
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write N/A
permissions to CLI
client

Example
go config pcap disable

4-40 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.27. go config proxy_out_smac


go config proxy_out_smac static
Use this command to configure to set source MAC to be used for outgoing traffic when
working with Generic Proxy Redirection (L3 Transparent, L2 Non Transparent).

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-ne_connect <ADDRESS:USER Parameters to connect No
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write No
permissions to CLI
client

Example
go config proxy_out_smac static

go config proxy_out_smac dynamic


Use this command to

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-ne_connect <ADDRESS:USER Parameters to connect No
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write No
permissions to CLI
client

Example
go config proxy_out_smac dynamic

AOS Operation Guide 4-41


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.28. go config route


go config route add
Use this command to configure a static FIB entry (currently only IPv4). This is required
when working with Non Transparent Proxy Redirection.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-ip <IP:MASK> Set IP/netmask of the
destination
-gw <IP> IPv4 address of the
gateway
-ne_connect <ADDRESS:USER Parameters to connect
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write
permissions to CLI
client

Example
go config route add -ip 192.67.0.0:255.255.0.0 -gw 192.68.0.1

go config route delete


Use this command to remove a static FIB entry (currently only IPv4). This is required
when working with Non Transparent Proxy Redirection.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-ip <IP:MASK> Set IP/netmask of the
destination
-gw <IP> IPv4 address of the
gateway

4-42 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
IN NX
PARAMETERS DESCRIPTION
GUI
-ne_connect <ADDRESS:USER Parameters to connect
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write
permissions to CLI
client

Example
go config route delete -ip 192.67.0.0:255.255.0.0 -gw 192.68.0.1

AOS Operation Guide 4-43


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.29. go config security


Use this command to determine which communication methods are allowed to connect
to the platform.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-telnet <enable|disable> Toggles telnet access to the Yes
platform.
-ping <enable|disable> Toggles ping access to the Yes
platform.
-ssh <enable|disable> Toggles ssh access to the Yes
platform.
-enh_tcp_sec <enable|disable> Toggles Enhanced TCP Yes
Security access to the platform.
-timeout <VALUE> Sets the Auto-logout timeout in Yes
seconds.

Examples
go config security -telnet enable

4-44 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.30. go config snmp


Use these commands to control SNMP features.

go config snmp -snmpLogin


Syntax
go config snmp –snmpLogin
<SECURITYNAME:SECURITYLEVEL[:AUTHPROTOCOL[:PRIVPROTOCOL]]>

Options
IN NX
PARAMETERS DESCRIPTION
GUI
SECURITYNAME Defines the name of the security Yes
SECURITYLEVEL Toggles ping access to the Yes
platform.
AUTHPROTOCOL Toggles ssh access to the Yes
platform.
PRIVPROTOCOL Toggles Enhanced TCP Yes
Security access to the platform.
-timeout <VALUE> Sets the Auto-logout timeout in Yes
seconds.

go config snmp -user


Syntax
go config snmp –user <PREFIX><USER>[,<Prefix><USER>,...]

Options
PARAMETERS DESCRIPTION IN NX GUI

<PREFIX> PREFIX values are:


+ (add a user, all USER parameters are specified)
- (delete a user, only SecurityName and
SecurityModel can be specified)

AOS Operation Guide 4-45


Chapter 4: CLI for Advanced Feature Configuration (go
config)
PARAMETERS DESCRIPTION IN NX GUI

<USER> USER format :


<SecurityName:SecurityModel[:Group:AuthProtoco
l:PrivProtocol]>
SecurityModel values are:
any
v1
v2c
usm
Group: enter 'view snmp' command to see existing
groups
AuthProtocol values are:
usmNoAuth
usmHMACMD5
usmHMACSHA
PrivProtocol values are:
usmNoPriv
usmDES
usmIDEA
usmAES128
usmAES192
usmAES256

go config snmp –pass_change


Syntax
go config snmp –pass_change <SECURITYNAME
[:AUTHPROTOCOL[:PRIVPROTOCOL]]>

4-46 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
Options
PARAMETERS DESCRIPTION IN NX GUI

<SECURITYNAME> SECURITY NAME format :


<SECURITYNAME
[:AUTHPROTOCOL[:PRIVPROTOCOL]]>
Auth Protocol values are:
usmHMACMD5
usmHMACSHA
Priv Protocol values are:
usmDES
usmIDEA
usmAES128
usmAES192
usmAES256

go config snmp –trap_target


Syntax
go config snmp –trap_target <PREFIX><TARGET>[,<Prefix><TARGET>,...]

Options
PARAMETERS DESCRIPTION IN NX GUI

<PREFIX> PREFIX values are:


+ (add a user, all USER parameters are specified)
- (delete a user, only SecurityName and
SecurityModel can be specified)

AOS Operation Guide 4-47


Chapter 4: CLI for Advanced Feature Configuration (go
config)
PARAMETERS DESCRIPTION IN NX GUI

<TARGET> TARGET format :


<Name[:SecurityName:SecurityModel:MPModel:Se
curityLevel:IP[:Port]]>
SecurityModel values are:
any
v1
v2c
usm
MPModel values are:
v1
v2c
v2u
v3
Default Port=162

4-48 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.31. go config special_protocols


Use this command to set actions to be performed on special protocols.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
add|delete|change Action to be performed. No
-type <TYPE> Special Protocol type. No
Acceptable types are:
TCP
UDP
IP
nonIP
-id <VALUE> Protocol ID. No

Acceptable range is
from 0 to 65535.
-action Acceptable actions are: No
bypass
none
-ne_connect <ADDRESS:USER Parameters to connect No
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write No
permissions to CLI
client

Example
go config special_protocols add –type TCP –id 5643 –action bypass

AOS Operation Guide 4-49


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.32. go config time


Use these commands to enable and configure the current time and time zone of your
platform.
NOTE This command can only be executed when the device is not connected to an NX.
When it is managed by an NX, you can change the time zone from the GUI only, and
the time is set by NTP. You will get this error:
Error: Not allowed command on the centrally managed box. Ref: CLI-1147.
When configuring the time (using -'t' flag) you configure GMT time

Options
PARAMETERS DESCRIPTION IN NX GUI

-t DD-MM-YYYY-HH-mm
-tz <ZONE>

Examples
go config time -tz Europe/London
go config time -t 08-07-2013-15-10

4-50 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.33. go config uds


Use this command to enable user defined signatures
NOTE This command changes only NON HTTPS user defined signatures. For HTTPS UDS
contact support@allot.com.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
enable|disable
-ne_connect <ADDRESS:USER Parameters to connect
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write
permissions to CLI
client

Example
go config uds enable

AOS Operation Guide 4-51


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.34. go config web_safe


Use this command to configure WebSafe.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-mode MODE values are:
disabled
always
vcbased
-action ACTION values are:
reportOnly
block
redirect
respond
-ne_connect <ADDRESS:USER Parameters to connect
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write
permissions to CLI
client

Example
go config web_safe –mode always –action block

4-52 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.35. go config web_update


Use this command to configure Web Updates, for installing Protocol Packs.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-ne_connect <ADDRESS:USER Parameters to connect
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write
permissions to CLI
client

Example
go config web_update

AOS Operation Guide 4-53


Chapter 4: CLI for Advanced Feature Configuration (go
config)

4.36. go config xff


Use this command to classify traffic by the host address in the X-forwarded field.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
enable|disable No
-ne_connect <ADDRESS:USER Parameters to connect No
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write No
permissions to CLI
client

Example
go config xff enable

4-54 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)

4.37. go config xml


This command is used to give a direct solution for particular issues and is to be used
from time to time as directed by Allot CS or in Maintenance release notes. For example,
this command can be used to enable or disable tunnel encapsulation parsing for certain
encapsulation methods.

To enable/disable tunnel encapsulation parsing:


Options
IN NX
PARAMETERS DESCRIPTION
GUI
-node Possible values include:
pd_12tp_decap
pd_gre_decap
pd_teredo_decap
-value Possible values include:
enable
disable
-ne_connect <ADDRESS:USER Parameters to connect to the Data
NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to
CLI client

Example
go config xml -node dpi_max_mainauth_size -value 22000000

go config xml –node pd_toredo_decap –value enable

AOS Operation Guide 4-55


Chapter 4: CLI for Advanced Feature Configuration (go
config)
To change the error code used by HTTP redirect.
Options
IN NX
PARAMETERS DESCRIPTION
GUI
-node portal_http_response_code
-value Code to be used
Possible values include:
302 (default)
303
307
-ne_connect <ADDRESS:USER Parameters to connect to the Data
NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to
CLI client

Example
go config xml -node portal_http_response_code -value 303

4-56 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
To change the method used for VLAN bypass (AOS version
13.4.30 and later)
Options
IN NX
PARAMETERS DESCRIPTION
GUI
-node vlan_bypass_method
-value Method to be used
Possible values include:
0 (Pure)
1 (Outer)
2 (Inner)
By default, it is assumed that the
first encapsulation of the packet is
a VLAN and traffic is bypassed
accordingly. This method is called
Pure (value in the CLI command is
0)
Two more methods are available:
“OUTER” (CLI value 1) looks for
the first, outermost VLAN
encapsulation (it may or may not
be the first actual encapsulation of
the packet)
“INNER” (CLI value 2) looks for
the last, innermost VLAN
encapsulation and reads that.

-ne_connect <ADDRESS:USER Parameters to connect to the Data


NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to
CLI client

Example
go config xml -node vlan_bypass_method 1

AOS Operation Guide 4-57


Chapter 4: CLI for Advanced Feature Configuration (go
config)
To set DPI maximum size:
Options
IN NX
PARAMETERS DESCRIPTION
GUI
-node dpi_max_mainauth_size

-value <NUMBER>

-ne_connect <ADDRESS:USER Parameters to connect to the Data


NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to
CLI client

Example
go config xml -node dpi_max_mainauth_size -value 22000000

4-58 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
To enable Activity Time monitoring graphs
Options
IN NX
PARAMETERS DESCRIPTION
GUI
-node netw_act_time_state
-value Possible values include:

1 (enable)
2 (disable)

-ne_connect <ADDRESS:USER Parameters to connect to the Data


NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to
CLI client

Example
go config xml -node netw_act_time_state 1

AOS Operation Guide 4-59


Chapter 4: CLI for Advanced Feature Configuration (go
config)
To enable Distributed QoS for Asymmetric Environments
Options
IN NX
PARAMETERS DESCRIPTION
GUI
-node enable asym_dqos_status
-value Possible values include:

1 (enable)
2 (disable)

-ne_connect <ADDRESS:USER Parameters to connect to the Data


NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to
CLI client

Example
go config xml -node enable asym_dqos_status –value 1

4-60 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
To enable Internal Distributed QoS for Asymmetric
Environments
Options
IN NX
PARAMETERS DESCRIPTION
GUI
-node enable asym_dqos_internal_enable
-value Possible values include:

1 (enable)
2 (disable)

-ne_connect <ADDRESS:USER Parameters to connect to the Data


NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to
CLI client

Example
go config xml -node enable asym_dqos_internal_enable –value 1

AOS Operation Guide 4-61


Chapter 4: CLI for Advanced Feature Configuration (go
config)
To enable Tor, Orbot and YouTube HD over HTTPS
Identification and certain QoE Parameters in AOS
This command wil enable the following QoE parameters:
 RetransmittedTcpDataSegmentsIn
 TotalTcpDataSegmentsIn
 RetransmittedTcpDataSegmentsOut
 TotalTcpDataSegmentsOut
 RttEstimateExternalAvgMsec
 RttEstimateInternalAvgMsec

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-node dp_quality_measurement_enable
-value Possible values include:

1 (enable)
2 (disable)

-ne_connect <ADDRESS:USER Parameters to connect to the Data


NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to
CLI client

Example
go config xml -node dp_quality_measurement_enable -value 1

4-62 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
To enable Enhanced Drop Precendence Buffering Decision
Logic
This command will set Drop Precendence to buffer traffic according to the drop
precedence set in the QoS catalogue (overrides the buffering decision according to the
service) unless the service identification says no buffering.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-node dp_qos_override_dpi_buffering_decision
-value Possible values include:

1 (enable)
2 (disable)

-ne_connect Parameters to connect to the Data Server


<ADDRESS:USER (by default this is set to localhost)
NAME:PASSWORD>
-f Forces the write permissions to CLI
client

Example
go config xml -node dp_qos_override_dpi_buffering_decision -value 1

AOS Operation Guide 4-63


Chapter 4: CLI for Advanced Feature Configuration (go
config)
To enable Unsolicited Response in WebSafe
This command will set enable Allot’s Unsolicited Response feature, which allows
WebSafe to buffer an unsolicited response until the HTTP GET is received.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-node urlf_unsol_mode_is_on
-value Possible values include:

1 (enable)
2 (disable)

-ne_connect <ADDRESS:USER Parameters to connect to the Data


NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to
CLI client

Example
go config xml -node urlf_unsol_mode_is_on –value 1

4-64 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
To enable ToR/Psiphion Identification
To enable ToR identification (Scramble-suit, obfs4, google-meek) the following four CLI
commands must be set to enable (-value 1).

 go config xml -node prdobs_state

 go config xml -node dpi_sit_enableModule

 go config xml -node dpi_oracle_state

 go config xml -node dp_quality_measurement_enable

To enable Psiphon identification the following two CLI commands must be set to enable
(-value 1).

 go config xml -node prdobs_state

 go config xml -node dp_quality_measurement_enable

go config xml -node prdobs_state


This command enables "predefined observers".

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-value Possible values include:

1 (enable)
2 (disable)

-ne_connect <ADDRESS:USER Parameters to connect to the Data


NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to
CLI client

Example
go config xml -node prdobs_state -value 1

AOS Operation Guide 4-65


Chapter 4: CLI for Advanced Feature Configuration (go
config)
go config xml -node dpi_sit_enableModule
This command nnables the "SIT" process used to identify the http browser called TOR.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-value Possible values include:

1 (enable)
2 (disable)

-ne_connect <ADDRESS:USER Parameters to connect to the Data


NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to
CLI client

Example
go config xml -node dpi_sit_enableModule -value 1

4-66 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
go config xml -node dpi_oracle_state
This command enables the DPI add-on detection mechanism called Oracle – which
helps to guess what is the real application based on statistics.
For example if a certain site has 90% of Facebook the DPI will guess that the rest is
Facebook as well. (Also similar to the P2P PLM process).

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-value Possible values include:

1 (enable)
2 (disable)

-ne_connect <ADDRESS:USER Parameters to connect to the Data


NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to
CLI client

Example
go config xml -node dpi_oracle_state -value 1

AOS Operation Guide 4-67


Chapter 4: CLI for Advanced Feature Configuration (go
config)
go config xml -node dp_quality_measurement_enable
This command ensures that Orbot (a ToR client for mobile phones) is correctly
identified as a ToR protocol.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-value Possible values include:

1 (enable)
2 (disable)

-ne_connect <ADDRESS:USER Parameters to connect to the Data


NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to
CLI client

Example
go config xml -node dp_quality_measurement_enable -value 1

4-68 AOS Operation Guide


Chapter 4: CLI for Advanced Feature
Configuration (go config)
To seperate voice and video calls
This command will set separate voice and video calls is such services as
GoogleHangout, Tango, Line and Facetime.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-node dpi_app_tracker_by_rateMon_state

-value Possible values include:

1 (enable)
2 (disable)

-ne_connect <ADDRESS:USER Parameters to connect to the Data


NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to
CLI client

Example
go config xml -node dpi_app_tracker_by_rateMon_state –value 1

AOS Operation Guide 4-69


AOS Operation Guide 4-1
Chapter 5: CLI for Troubleshooting Platform

5.1. acmon
Use this command to view bandwidth for the entire system.

Options
OPTION NAME VALUES NOTES

-I/--instancetype <INSTANCE_TYPE> Filter by instance type.


Possible instance types are:
1 - pipe host list
2 - vc host list
3 - pipe host group
4 - vc host group
5 - pipe new service plan
6 - vc new service plan
7 - pipe old service plan
8 - vc old service plan
-K/--key1 <KEY1> Filter by key 1
-Y/--key2 <KEY2> Filter by key 2
-A None Show all ports
-V None Verbose output
-t <SECONDS> Set the time to wait between
samples in seconds
-c <COUNT> Run acmon for a limited
number of lines
-r None Displays the throughput
from the receiving side (Rx
before QoS)
-d None Monitor packet distribution
according to packet size

Output Example
---------------------------------------------------------------------------
Link Statistics
---------------------------------------------------------------------------
SB_7_L5 / SB_7_L6 Inbound: 400.04 Mbps Outbound: 0.00 bps

AOS Operation Guide 5-1


Chapter 5: CLI for Troubleshooting Platform

SB_8_L3 / SB_8_L4 Inbound: 0.00 bps Outbound: 0.00 bps


SB_8_L5 / SB_8_L6 Inbound: 199.92 Mbps Outbound: 400.08 Mbps
SB_8_L1 / SB_8_L2 Inbound: 0.00 bps Outbound: 0.00 bps
---------------------------------------------------------------------------
Total Inbound: 599.96 Mbps Outbound: 400.08 Mbps

5-2 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

5.2. acmon –l <LINE QID>


Use this command to view bandwidth for a specific line.

Options
OPTION NAME VALUES NOTES

-x 1 Displays throughput on a
specific XLR (when
2 relevant)
-V None Verbose output
-t <SECONDS> Set the time to wait between
samples in seconds
-c <COUNT> Run acmon for a limited
number of lines
-r None Displays the throughput
from the receiving side (Rx
before QoS)
-d None Monitor packet distribution
according to packet size

Output Example
sysadmin@sigma-3-SBH[7/14]:~$ acmon -l 2 -c 20
*****************************************************
CC: 1
*****************************************************

[xlr 0 line: 2] 07:47:56 >> rate inbound: 99.239 Mbps outbound: 0.000 bps 0
conn ps
[xlr 1 line: 2] 07:48:01 >> rate inbound: 99.805 Mbps outbound: 0.000 bps 0
conn ps
[xlr 0 line: 2] 07:48:05 >> rate inbound: 100.120 Mbps outbound: 0.000 bps 0
conn ps
[xlr 1 line: 2] 07:48:09 >> rate inbound: 100.090 Mbps outbound: 0.000 bps 0
conn ps
[xlr 0 line: 2] 07:48:14 >> rate inbound: 100.023 Mbps outbound: 0.000 bps 0
conn ps
[xlr 1 line: 2] 07:48:18 >> rate inbound: 99.989 Mbps outbound: 0.000 bps 0
conn ps
[xlr 0 line: 2] 07:48:23 >> rate inbound: 99.989 Mbps outbound: 0.000 bps 0
conn ps
[xlr 1 line: 2] 07:48:27 >> rate inbound: 99.977 Mbps outbound: 0.000 bps 0
conn ps
[xlr 0 line: 2] 07:48:32 >> rate inbound: 100.022 Mbps outbound: 0.000 bps 0
conn ps
[xlr 1 line: 2] 07:48:36 >> rate inbound: 100.135 Mbps outbound: 0.000 bps 0
conn ps
[xlr 0 line: 2] 07:48:41 >> rate inbound: 100.034 Mbps outbound: 0.000 bps 0
conn ps

AOS Operation Guide 5-3


Chapter 5: CLI for Troubleshooting Platform

[xlr 1 line: 2] 07:48:45 >> rate inbound: 100.000 Mbps outbound: 0.000 bps 0
conn ps
[xlr 0 line: 2] 07:48:50 >> rate inbound: 100.000 Mbps outbound: 0.000 bps 0
conn ps
[xlr 1 line: 2] 07:48:54 >> rate inbound: 99.943 Mbps outbound: 0.000 bps 0
conn ps
[xlr 0 line: 2] 07:48:58 >> rate inbound: 100.056 Mbps outbound: 0.000 bps 0
conn ps
[xlr 1 line: 2] 07:49:03 >> rate inbound: 100.079 Mbps outbound: 0.000 bps 0
conn ps
[xlr 0 line: 2] 07:49:07 >> rate inbound: 99.989 Mbps outbound: 0.000 bps 0
conn ps
[xlr 1 line: 2] 07:49:11 >> rate inbound: 99.932 Mbps outbound: 0.000 bps 0
conn ps
[xlr 0 line: 2] 07:49:16 >> rate inbound: 100.022 Mbps outbound: 0.000 bps 0
conn ps
[xlr 1 line: 2] 07:49:20 >> rate inbound: 100.124 Mbps outbound: 0.000 bps 0
conn ps

5-4 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

5.3. acmon –p <PIPE QID>


Use this command to view bandwidth for a specific pipe.

Options
OPTION NAME VALUES NOTES

-x 1 Diaplays throughput on a
specific XLR (when
2 relevant)
-V None Verbose output
-t <SECONDS> Set the time to wait between
samples in seconds
-c <COUNT> Run acmon for a limited
number of lines
-r None Displays the throughput
from the receiving side (Rx
before QoS)
-d None Monitor packet distribution
according to packet size

Output Example
sysadmin@sigma-3-SBH[7/14]:~$ acmon -p 2.28 -c 20
*****************************************************
CC: 1
*****************************************************
[xlr 0 pipe: 2.28] 07:52:35 >> rate inbound: 25.084 Mbps outbound: 0.000 bps
0 conn ps
[xlr 1 pipe: 2.28] 07:52:40 >> rate inbound: 24.982 Mbps outbound: 0.000 bps
0 conn ps
[xlr 0 pipe: 2.28] 07:52:44 >> rate inbound: 25.007 Mbps outbound: 0.000 bps
0 conn ps
[xlr 1 pipe: 2.28] 07:52:48 >> rate inbound: 25.014 Mbps outbound: 0.000 bps
0 conn ps
[xlr 0 pipe: 2.28] 07:52:53 >> rate inbound: 24.986 Mbps outbound: 0.000 bps
0 conn ps
[xlr 1 pipe: 2.28] 07:52:57 >> rate inbound: 25.000 Mbps outbound: 0.000 bps
0 conn ps
[xlr 0 pipe: 2.28] 07:53:02 >> rate inbound: 25.033 Mbps outbound: 0.000 bps
0 conn ps
[xlr 1 pipe: 2.28] 07:53:06 >> rate inbound: 24.986 Mbps outbound: 0.000 bps
0 conn ps
[xlr 0 pipe: 2.28] 07:53:11 >> rate inbound: 24.997 Mbps outbound: 0.000 bps
0 conn ps
[xlr 1 pipe: 2.28] 07:53:15 >> rate inbound: 25.031 Mbps outbound: 0.000 bps
0 conn ps
[xlr 0 pipe: 2.28] 07:53:20 >> rate inbound: 24.983 Mbps outbound: 0.000 bps
0 conn ps
[xlr 1 pipe: 2.28] 07:53:24 >> rate inbound: 24.983 Mbps outbound: 0.000 bps
0 conn ps

AOS Operation Guide 5-5


Chapter 5: CLI for Troubleshooting Platform

[xlr 0 pipe: 2.28] 07:53:29 >> rate inbound: 24.986 Mbps outbound: 0.000 bps
0 conn ps
[xlr 1 pipe: 2.28] 07:53:33 >> rate inbound: 25.020 Mbps outbound: 0.000 bps
0 conn ps
[xlr 0 pipe: 2.28] 07:53:38 >> rate inbound: 25.045 Mbps outbound: 0.000 bps
0 conn ps
[xlr 1 pipe: 2.28] 07:53:42 >> rate inbound: 25.005 Mbps outbound: 0.000 bps
0 conn ps
[xlr 0 pipe: 2.28] 07:53:46 >> rate inbound: 25.009 Mbps outbound: 0.000 bps
0 conn ps
[xlr 1 pipe: 2.28] 07:53:51 >> rate inbound: 25.006 Mbps outbound: 0.000 bps
0 conn ps
[xlr 0 pipe: 2.28] 07:53:55 >> rate inbound: 24.997 Mbps outbound: 0.000 bps
0 conn ps
[xlr 1 pipe: 2.28] 07:54:00 >> rate inbound: 24.989 Mbps outbound: 0.000 bps
0 conn ps

5-6 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

5.4. acmon –v <VC QID>


Use this command to view bandwidth for a specific VC.

Options
OPTION NAME VALUES NOTES

-x 1 Diaplays throughput on a
specific XLR (when
2 relevant)
-V None Verbose output
-t <SECONDS> Set the time to wait between
samples in seconds
-c <COUNT> Run acmon for a limited
number of lines
-r None Displays the throughput
from the receiving side (Rx
before QoS)
-d None Monitor packet distribution
according to packet size

Output Example
sysadmin@sigma-3-SBH[7/14]:~$ acmon -v 4.50.122 -c 20
*****************************************************
CC: 1
*****************************************************
[xlr 0 vc: 4.50.122] 07:56:15 >> rate inbound: 11.504 Mbps outbound: 24.945
Mbps 0 conn ps
[xlr 1 vc: 4.50.122] 07:56:20 >> rate inbound: 12.269 Mbps outbound: 24.996
Mbps 0 conn ps
[xlr 0 vc: 4.50.122] 07:56:24 >> rate inbound: 12.381 Mbps outbound: 25.006
Mbps 0 conn ps
[xlr 1 vc: 4.50.122] 07:56:28 >> rate inbound: 12.490 Mbps outbound: 25.011
Mbps 0 conn ps
[xlr 0 vc: 4.50.122] 07:56:33 >> rate inbound: 12.706 Mbps outbound: 25.011
Mbps 0 conn ps
[xlr 1 vc: 4.50.122] 07:56:37 >> rate inbound: 12.415 Mbps outbound: 25.000
Mbps 0 conn ps
[xlr 0 vc: 4.50.122] 07:56:42 >> rate inbound: 12.891 Mbps outbound: 25.003
Mbps 0 conn ps
[xlr 1 vc: 4.50.122] 07:56:46 >> rate inbound: 12.450 Mbps outbound: 25.000
Mbps 0 conn ps
[xlr 0 vc: 4.50.122] 07:56:51 >> rate inbound: 12.842 Mbps outbound: 24.997
Mbps 0 conn ps

AOS Operation Guide 5-7


Chapter 5: CLI for Troubleshooting Platform

5.5. acmon –g <SERVER QID>


Use this command to view bandwidth for a specific server.

Options
OPTION NAME VALUES NOTES

-x 1 Diaplays throughput on a
specific XLR (when
2 relevant)
-V None Verbose output
-t <SECONDS> Set the time to wait between
samples in seconds
-c <COUNT> Run acmon for a limited
number of lines
-r None Displays the throughput
from the receiving side (Rx
before QoS)
-d None Monitor packet distribution
according to packet size

5-8 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

5.6. acmon –y
Use this command to view total asymmetric traffic statistics, if relevant.

Options
OPTION NAME VALUES NOTES

-x 1 Diaplays throughput on a
specific XLR (when
2 relevant)
-V None Verbose output
-t <SECONDS> Set the time to wait between
samples in seconds
-c <COUNT> Run acmon for a limited
number of lines
-r None Displays the throughput
from the receiving side (Rx
before QoS)
-d None Monitor packet distribution
according to packet size

Output Example
*****************************************************
CC: 1
*****************************************************
[xlr 0 y ] 07:36:37 >> rate received: 8.932 Kbps sent: 10.718 Kbps 0 conn ps
[xlr 1 y ] 07:36:38 >> rate received: 8.976 Kbps sent: 10.771 Kbps 0 conn ps
*****************************************************
CC: 2
*****************************************************
[xlr 0 y ] 07:36:41 >> rate received: 8.976 Kbps sent: 10.771 Kbps 0 conn ps
[xlr 1 y ] 07:36:41 >> rate received: 8.976 Kbps sent: 10.771 Kbps 0 conn ps

AOS Operation Guide 5-9


Chapter 5: CLI for Troubleshooting Platform

5.7. acmon –a
Use this command to view detailed asymmetric traffic statistics, if relevant.

Options
OPTION NAME VALUES NOTES

-x 1 Displays throughput on a
specific XLR (when
2 relevant)
-V None Verbose output
-t <SECONDS> Set the time to wait between
samples in seconds
-c <COUNT> Run acmon for a limited
number of lines
-r None Displays the throughput
from the receiving side (Rx
before QoS)
-d None Monitor packet distribution
according to packet size

Output Example
*****************************************************
CC: 1
*****************************************************
[a 0] 07:33:49 >> rate received: 0.000 bps sent: 0.000 bps 0 conn ps
[a 1] 07:33:49 >> rate received: 10.771 Kbps sent: 0.000 bps 0 conn ps

[a 0] 07:33:49 >> rate received: 7.125 Kbps sent: 10.687 Kbps 0 conn ps
[a 1] 07:33:49 >> rate received: 0.000 bps sent: 10.687 Kbps 0 conn ps

[a 0] 07:33:50 >> rate received: 0.000 bps sent: 0.000 bps 0 conn ps
[a 1] 07:33:50 >> rate received: 10.687 Kbps sent: 0.000 bps 0 conn ps

[a 0] 07:33:50 >> rate received: 7.125 Kbps sent: 10.687 Kbps 0 conn ps
[a 1] 07:33:50 >> rate received: 0.000 bps sent: 10.687 Kbps 0 conn ps

[a 0] 07:33:51 >> rate received: 0.000 bps sent: 0.000 bps 0 conn ps
[a 1] 07:33:51 >> rate received: 10.687 Kbps sent: 0.000 bps 0 conn ps

[a 0] 07:33:51 >> rate received: 7.125 Kbps sent: 10.687 Kbps 0 conn ps
[a 1] 07:33:51 >> rate received: 0.000 bps sent: 10.687 Kbps 0 conn ps

[a 0] 07:33:52 >> rate received: 0.000 bps sent: 0.000 bps 0 conn ps
[a 1] 07:33:52 >> rate received: 10.687 Kbps sent: 0.000 bps 0 conn ps

[a 0] 07:33:52 >> rate received: 7.166 Kbps sent: 10.750 Kbps 0 conn ps
[a 1] 07:33:52 >> rate received: 0.000 bps sent: 10.750 Kbps 0 conn ps

5-10 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

[a 0] 07:33:53 >> rate received: 0.000 bps sent: 0.000 bps 0 conn ps
[a 1] 07:33:53 >> rate received: 10.771 Kbps sent: 0.000 bps 0 conn ps

[a 0] 07:33:53 >> rate received: 7.125 Kbps sent: 10.687 Kbps 0 conn ps
[a 1] 07:33:53 >> rate received: 0.000 bps sent: 10.687 Kbps 0 conn ps

[a 0] 07:33:54 >> rate received: 0.000 bps sent: 0.000 bps 0 conn ps
[a 1] 07:33:54 >> rate received: 10.687 Kbps sent: 0.000 bps 0 conn ps

[a 0] 07:33:54 >> rate received: 7.125 Kbps sent: 10.687 Kbps 0 conn ps
[a 1] 07:33:54 >> rate received: 0.000 bps sent: 10.687 Kbps 0 conn ps

[a 0] 07:33:55 >> rate received: 0.000 bps sent: 0.000 bps 0 conn ps
[a 1] 07:33:55 >> rate received: 10.687 Kbps sent: 0.000 bps 0 conn ps

[a 0] 07:33:55 >> rate received: 7.069 Kbps sent: 10.604 Kbps 0 conn ps
[a 1] 07:33:55 >> rate received: 0.000 bps sent: 10.604 Kbps 0 conn ps

[a 0] 07:33:56 >> rate received: 0.000 bps sent: 0.000 bps 0 conn ps
[a 1] 07:33:56 >> rate received: 10.687 Kbps sent: 0.000 bps 0 conn ps

[a 0] 07:33:56 >> rate received: 7.125 Kbps sent: 10.687 Kbps 0 conn ps
[a 1] 07:33:56 >> rate received: 0.000 bps sent: 10.687 Kbps 0 conn ps

[a 0] 07:33:57 >> rate received: 0.000 bps sent: 0.000 bps 0 conn ps
[a 1] 07:33:57 >> rate received: 10.687 Kbps sent: 0.000 bps 0 conn ps

[a 0] 07:33:57 >> rate received: 7.125 Kbps sent: 10.687 Kbps 0 conn ps
[a 1] 07:33:57 >> rate received: 0.000 bps sent: 10.687 Kbps 0 conn ps

[a 0] 07:33:58 >> rate received: 0.000 bps sent: 0.000 bps 0 conn ps
[a 1] 07:33:58 >> rate received: 10.687 Kbps sent: 0.000 bps 0 conn ps

[a 0] 07:33:58 >> rate received: 7.181 Kbps sent: 10.771 Kbps 0 conn ps
[a 1] 07:33:58 >> rate received: 0.000 bps sent: 10.771 Kbps 0 conn ps

AOS Operation Guide 5-11


Chapter 5: CLI for Troubleshooting Platform

5.8. acstat
Use this command to display the number of open connections for the entire system.

Options
OPTION NAME VALUES NOTES

<none> None Display the number of open


connections.
-c None Display connection
establishment rate per Core
Controller
-e None Display Service name and
connection
-t None Display TCP connections
-u None Display UDP connections
-a None Display any IP connections
-n None Display non IP connections
-i None Display all connections
-s None Display connection
allocation summary
-S None Display connection
allocation (extended)
-f None Display extended view
-x None Display internal/external
instead of client server
-m <NUMBER> Display up to NUMBER of
sessions
-N None Don't resolve names
-b None Dump binary data to file
-r <FILE> Read binary data from
FILE.
-I <LINE ID>/<PIPE ID>/<VC ID> Displays the hierarchy of all
connections on the
indicated line, pipe or vc

5-12 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

Output Example
sysadmin@EXC-SBH/7:~ $ acstat
*****************************************************
DPIC: 1
*****************************************************
---------------------------
XLR 0
---------------------------
---------------------------
Protocol type Connections
---------------------------
TCP : 183471
UDP : 260635
anyIP : 43846
nonIP : 0
---------------------------
TOTAL : 487952
---------------------------
XLR 1
---------------------------
---------------------------
Protocol type Connections
---------------------------
TCP : 184324
UDP : 257180
anyIP : 38602
nonIP : 0
---------------------------
TOTAL : 480106
*****************************************************
DPIC: 2
*****************************************************
---------------------------
XLR 0
---------------------------
---------------------------
Protocol type Connections
---------------------------
TCP : 183731
UDP : 261848
anyIP : 46405
nonIP : 0
---------------------------
TOTAL : 491984
---------------------------
XLR 1
---------------------------
---------------------------
Protocol type Connections
---------------------------
TCP : 184540
UDP : 255830
anyIP : 48124
nonIP : 0
---------------------------
TOTAL : 488494

AOS Operation Guide 5-13


Chapter 5: CLI for Troubleshooting Platform

5.9. acstat –l server


Use this command to display the number of open connections by server.

Options
OPTION NAME VALUES NOTES

<none> None Display the number of open


connections.
-c None Display connection
establishment rate per Core
Controller
-e None Display Service name and
connection
-t None Display TCP connections
-u None Display UDP connections
-a None Display any IP connections
-n None Display non IP connections
-i None Display all connections
-s None Display connection
allocation summary
-S None Display connection
allocation (extended)
-f None Display extended view
-x None Display internal/external
instead of client server
-m <NUMBER> Displays up to NUMBER
of sessions
-N None Don't resolve names
-b None Dumps binary data to file
-r <FILE> Reads binary data from
FILE.
-I <LINE ID>/<PIPE ID>/<VC ID> Displays the hierarchy of all
connections on the
indicated line, pipe or vc

5-14 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

OPTION NAME VALUES NOTES

-6 None Displays IPv6 connections.


This option can only be
used in conjunctioned with
the following options
options:
-t
-u
-i
-I

AOS Operation Guide 5-15


Chapter 5: CLI for Troubleshooting Platform

5.10. acstat –l line


Use this command to display the number of open connections by line.

Options
OPTION NAME VALUES NOTES

<none> None Display the number of open


connections.
-c None Display connection
establishment rate per Core
Controller
-e None Display Service name and
connection
-t None Display TCP connections
-u None Display UDP connections
-a None Display any IP connections
-n None Display non IP connections
-i None Display all connections
-s None Display connection
allocation summary
-S None Display connection
allocation (extended)
-f None Display extended view
-x None Display internal/external
instead of client server
-m <NUMBER> Displays up to NUMBER
of sessions
-N None Don't resolve names
-b None Dumps binary data to file
-r <FILE> Reads binary data from
FILE.
-I <PIPE ID>/<VC ID> Displays the hierarchy of all
connections on the
indicated pipe or vc

5-16 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

OPTION NAME VALUES NOTES

-6 None Displays IPv6 connections.


This option can only be
used in conjunctioned with
the following options
options:
-t
-u
-i
-I

Output Example
sysadmin@sigma-3-SBH[7/14]:~$ acstat -l vc

*****************************************************
CC: 1
*****************************************************
---------------------------
XLR 0
---------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
Rule QID Rule name Instance Type
Key1 Key2 Live connections Accepted
conn Drop connections
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
2 CMTS-1
128 134 0
4 CMTS-3
262 272 0
---------------------------
XLR 1
---------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
Rule QID Rule name Instance Type
Key1 Key2 Live connections Accepted
conn Drop connections
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
2 CMTS-1
130 134 0
4 CMTS-3
242 248 0

AOS Operation Guide 5-17


Chapter 5: CLI for Troubleshooting Platform

5.11. acstat –l pipe


Use this command to display the number of open connections by pipe.

Options
OPTION NAME VALUES NOTES

<none> None Display the number of open


connections.
-c None Display connection
establishment rate per Core
Controller
-e None Display Service name and
connection
-t None Display TCP connections
-u None Display UDP connections
-a None Display any IP connections
-n None Display non IP connections
-i None Display all connections
-s None Display connection
allocation summary
-S None Display connection
allocation (extended)
-f None Display extended view
-x None Display internal/external
instead of client server
-m <NUMBER> Displays up to NUMBER
of sessions
-N None Don't resolve names
-b None Dumps binary data to file
-r <FILE> Reads binary data from
FILE.
-I <VC ID> Displays the hierarchy of all
connections on the
indicated vc

5-18 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

OPTION NAME VALUES NOTES

-6 None Displays IPv6 connections.


This option can only be
used in conjunctioned with
the following options
options:
-t
-u
-i
-I

Output Example
sysadmin@sigma-3-SBH[7/14]:~$ acstat -l pipe
*****************************************************
CC: 1
*****************************************************
---------------------------
XLR 0
---------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
Rule QID Rule name Instance Type
Key1 Key2 Live connections Accepted
conn Drop connections
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
2.28 P2P_CMTS-1
64 67 0
2.29 HTTP_CMTS-1
64 67 0
4.50 P2P_CMTS-3
131 136 0
4.51 HTTP_CMTS-3
131 136 0
---------------------------
XLR 1
---------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
Rule QID Rule name Instance Type
Key1 Key2 Live connections Accepted
conn Drop connections
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
2.28 P2P_CMTS-1
65 67 0
2.29 HTTP_CMTS-1
65 67 0
4.50 P2P_CMTS-3
121 124 0
4.51 HTTP_CMTS-3
121 124 0
*****************************************************

AOS Operation Guide 5-19


Chapter 5: CLI for Troubleshooting Platform

CC: 2
*****************************************************
---------------------------
XLR 0
---------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
Rule QID Rule name Instance Type
Key1 Key2 Live connections Accepted
conn Drop connections
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
1.2 WSP-test_Fallback
6763 6785 0
2.28 P2P_CMTS-1
65 67 0
2.29 HTTP_CMTS-1
65 67 0
4.50 P2P_CMTS-3
127 128 0
4.51 HTTP_CMTS-3
127 128 0
---------------------------
XLR 1
---------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
Rule QID Rule name Instance Type
Key1 Key2 Live connections Accepted
conn Drop connections
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
2.28 P2P_CMTS-1
60 60 0
2.29 HTTP_CMTS-1
60 60 0
4.50 P2P_CMTS-3
129 134 0
4.51 HTTP_CMTS-3
129 134 0

5-20 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

5.12. acstat –l vc
Use this command to display the number of open connections by vc.

Options
OPTION NAME VALUES NOTES

<none> None Display the number of open


connections.
-c None Display connection
establishment rate per Core
Controller
-e None Display Service name and
connection
-t None Display TCP connections
-u None Display UDP connections
-a None Display any IP connections
-n None Display non IP connections
-i None Display all connections
-s None Display connection
allocation summary
-S None Display connection
allocation (extended)
-f None Display extended view
-x None Display internal/external
instead of client server
-m <NUMBER> Displays up to NUMBER
of sessions
-N None Don't resolve names
-b None Dumps binary data to file
-r <FILE> Reads binary data from
FILE.

AOS Operation Guide 5-21


Chapter 5: CLI for Troubleshooting Platform

OPTION NAME VALUES NOTES

-6 None Displays IPv6 connections.


This option can only be
used in conjunctioned with
the following options
options:
-t
-u
-i
-I

Output Example
sysadmin@sigma-3-SBH[7/14]:~$ acstat -l vc
*****************************************************
CC: 1
*****************************************************
---------------------------
XLR 0
---------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
Rule QID Rule name Instance Type
Key1 Key2 Live connections Accepted
conn Drop connections
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
4.50.122 Fallback_P2P_CMTS-3
131 136 0
4.51.114 Fallback_HTTP_CMTS-3
131 136 0
2.28.77 Fallback_P2P_CMTS-1
64 67 0
2.29.69 Fallback_HTTP_CMTS-1
64 67 0
---------------------------
XLR 1
---------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
Rule QID Rule name Instance Type
Key1 Key2 Live connections Accepted
conn Drop connections
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---
4.50.122 Fallback_P2P_CMTS-3
121 124 0
4.51.114 Fallback_HTTP_CMTS-3
121 124 0
2.29.69 Fallback_HTTP_CMTS-1
65 67 0
2.28.77 Fallback_P2P_CMTS-1
65 67 0

5-22 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

5.13. go config view


This command displays all information concerning the In-line Platform’s configuration.

Options
OPTION NAME VALUES NOTES

None

Output Example
==== IP & Host Name ====
Host Name AC-6K-3-14
Domain Name allot.local
Primary Domain Name Server 172.17.1.10
Secondary Domain Name Server 8.8.8.8
Primary NTP Time Server 10.4.3.212
Secondary NTP Time Server none
Tertiary NTP Time Server none
IP Address 10.4.3.14
Network Mask 255.255.0.0
Vlan ID none
Out-of-band Gateway 10.4.0.1

Interface L1 : Mode full


Speed 1000 Mbps
MAC 00:09:38:90:31:C1
Admin enable
Status enable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage network
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, auto

Interface L2 : Mode full


Speed 1000 Mbps
MAC 00:09:38:90:31:C4
Admin enable
Status enable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage network
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, auto

Interface L3 : Mode full


Speed 1000 Mbps
MAC 00:09:38:90:31:C5
Admin enable
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage network
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, auto

Interface L4 : Mode full


Speed 1000 Mbps
MAC 00:09:38:90:31:C7
Admin enable
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage network
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, 10000, auto

Interface L5 : Mode full


Speed 1000 Mbps
MAC 00:09:38:90:31:C8
Admin enable

AOS Operation Guide 5-23


Chapter 5: CLI for Troubleshooting Platform
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage redirect_indirect
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, 10000, auto

Interface L6 : Mode full


Speed 1000 Mbps
MAC 00:09:38:90:31:C9
Admin enable
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage redirect_indirect
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, 10000, auto

Interface L7 : Mode full


Speed 10000 Mbps
MAC 00:09:38:90:31:CA
Admin enable
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage network
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, 10000, auto

Interface L8 : Mode full


Speed 10000 Mbps
MAC 00:09:38:90:31:CB
Admin enable
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage network
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, 10000, auto

Interface L9 : Mode full


Speed 1000 Mbps
MAC 00:09:38:90:31:CC
Admin enable
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage network
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, auto

Interface L10 : Mode full


Speed 1000 Mbps
MAC 00:09:38:90:31:CD
Admin enable
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage network
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, auto

Interface L11 : Mode full


Speed 1000 Mbps
MAC 00:09:38:90:31:CE
Admin enable
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage network
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, auto

Interface L12 : Mode full


Speed 1000 Mbps
MAC 00:09:38:90:31:CF
Admin enable
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage network

5-24 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, auto

Interface L13 : Mode full


Speed 1000 Mbps
MAC 00:09:38:90:31:D0
Admin enable
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage network
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, auto

Interface L14 : Mode full


Speed 1000 Mbps
MAC 00:09:38:90:31:D1
Admin enable
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage network
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, auto

Interface L15 : Mode full


Speed 1000 Mbps
MAC 00:09:38:90:31:D2
Admin enable
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage network
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, auto

Interface L16 : Mode full


Speed 1000 Mbps
MAC 00:09:38:90:31:D3
Admin enable
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all, bypass
Port Usage network
Supported Usages network, redirect_indirect, redirect_direct, asymmetry
Supported Modes full, auto
Supported Speeds 100, 1000, auto

Interface MGMNT : Mode auto


Speed auto
MAC 00:09:38:90:31:C0
Admin enable
Status enable
Action on Failure none
Supported Actions none
Port Usage management
Supported Usages management
Supported Modes full, auto
Supported Speeds 100, auto

==== Network ====


Redundancy Mode standalone
Bypass Unit Configuration disable
Bypass Unit Detection N/A
System Status active
Host Redundancy disable

Cards list :
|Slot |Card Type |SMC State |Card Status
--------------------------------------------
|1 |EXC-CC |ON |ACTIVE
--------------------------------------------

==== Access Control ====


Users list : all

==== Security ====


Telnet disable
Ping enable
SSH enable
Enhanced TCP security disable
Autologout Timeout 0 sec

AOS Operation Guide 5-25


Chapter 5: CLI for Troubleshooting Platform
Current Date/Time : 04/02/2016 12:42 Israel

==== Password Security ====


Expiration days disable
Warning days disable
Length 5
Character enforcement disable

==== LINK AUTO RECOVERY ====


Link auto recovery disable

==== Bypass Unit ====


Bypass Unit Configuration disable

Bypass Units list :


|ID |Bypass Type |Control Slots |Units |State |Detection (per unit)
--------------------------------------------------------------------------------------------------
|1 |external |all |1 |N/A |not connected not connected
--------------------------------------------------------------------------------------------------

==== HAIRPIN ====


Hairpin mode disable

==== NEX ====


NEX Configuration (null)
NEX State disable

==== Blade Management IPs ====


none

==== Optical power alarm settings ====


Interface L1 : Input threshold (low:high) -14.4:0.5
Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L2 : Input threshold (low:high) -14.4:0.5


Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L3 : Input threshold (low:high) -14.4:0.5


Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L4 : Input threshold (low:high) -14.4:0.5


Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L5 : Input threshold (low:high) -14.4:0.5


Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L6 : Input threshold (low:high) -14.4:0.5


Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L7 : Input threshold (low:high) -14.4:0.5


Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L8 : Input threshold (low:high) -14.4:0.5


Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L9 : Input threshold (low:high) -14.4:0.5


Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L10 : Input threshold (low:high) -14.4:0.5

5-26 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform
Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L11 : Input threshold (low:high) -14.4:0.5


Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L12 : Input threshold (low:high) -14.4:0.5


Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L13 : Input threshold (low:high) -14.4:0.5


Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L14 : Input threshold (low:high) -14.4:0.5


Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L15 : Input threshold (low:high) -14.4:0.5


Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface L16 : Input threshold (low:high) -14.4:0.5


Input status disable

Output threshold (low:high) -8.2:0.5


Output status disable

Interface MGMNT : Input threshold (low:high) 0.0:0.0


Input status disable

Output threshold (low:high) 0.0:0.0


Output status disable

==== FER alarm settings ====


Interface L1 : Input threshold (rising:fallin 0.000:0.000
Input status disable

Output threshold (rising:falli 0.000:0.000


Output status disable

Interface L2 : Input threshold (rising:fallin 0.000:0.000


Input status disable

Output threshold (rising:falli 0.000:0.000


Output status disable

Interface L3 : Input threshold (rising:fallin 1.000:0.100


Input status disable

Output threshold (rising:falli 1.000:0.100


Output status disable

Interface L4 : Input threshold (rising:fallin 1.000:0.100


Input status disable

Output threshold (rising:falli 1.000:0.100


Output status disable

Interface L5 : Input threshold (rising:fallin 0.000:0.000


Input status disable

Output threshold (rising:falli 0.000:0.000


Output status disable

Interface L6 : Input threshold (rising:fallin 0.000:0.000


Input status disable

Output threshold (rising:falli 0.000:0.000


Output status disable

Interface L7 : Input threshold (rising:fallin 1.000:0.100


Input status disable

AOS Operation Guide 5-27


Chapter 5: CLI for Troubleshooting Platform
Output threshold (rising:falli 1.000:0.100
Output status disable

Interface L8 : Input threshold (rising:fallin 1.000:0.100


Input status disable

Output threshold (rising:falli 1.000:0.100


Output status disable

Interface L9 : Input threshold (rising:fallin 1.000:0.100


Input status disable

Output threshold (rising:falli 1.000:0.100


Output status disable

Interface L10 : Input threshold (rising:fallin 1.000:0.100


Input status disable

Output threshold (rising:falli 1.000:0.100


Output status disable

Interface L11 : Input threshold (rising:fallin 1.000:0.100


Input status disable

Output threshold (rising:falli 1.000:0.100


Output status disable

Interface L12 : Input threshold (rising:fallin 1.000:0.100


Input status disable

Output threshold (rising:falli 1.000:0.100


Output status disable

Interface L13 : Input threshold (rising:fallin 1.000:0.100


Input status disable

Output threshold (rising:falli 1.000:0.100


Output status disable

Interface L14 : Input threshold (rising:fallin 1.000:0.100


Input status disable

Output threshold (rising:falli 1.000:0.100


Output status disable

Interface L15 : Input threshold (rising:fallin 1.000:0.100


Input status disable

Output threshold (rising:falli 1.000:0.100


Output status disable

Interface L16 : Input threshold (rising:fallin 1.000:0.100


Input status disable

Output threshold (rising:falli 1.000:0.100


Output status disable

Interface MGMNT : Input threshold (rising:fallin 0.000:0.000


Input status disable

Output threshold (rising:falli 0.000:0.000


Output status disable

==== Global information ====


Product Name AC6000
Activation Key AC6000-9449920-
6074P2W19W24X07X2020TPJ52W1S1HJ50W3S8000HJ58W3S8000HJ57W3S8000HJ55W3S8000HJ53W12S1000HJ51W3S8000HTPT-E77F8613F9
Global Expiration Date 25/07/2020
Global status valid

==== Features information ====


1) Traffic Processing
------------------
Feature is valid
Attributes:
Bandwidth 8.00 Gbps

2) Real time reporting


-------------------
Feature is valid
Attributes:
Bandwidth 8.00 Gbps

3) Allot Protocol Update


---------------------
Feature is valid
Attributes:

5-28 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform
Status enable

4) Traffic steering
----------------
Feature is valid
Attributes:
Steering Bandwidth 1.00 Gbps

5) WebSafe enforcement
-------------------
Feature is valid
Attributes:
Bandwidth 8.00 Gbps

6) SP NBAD Sensor
--------------
Feature is valid
Attributes:
Bandwidth 8.00 Gbps

7) SP NBAD Mitigation
------------------
Feature is valid
Attributes:
Bandwidth 8.00 Gbps

==== Data Collection ====


External Host enable disable
Internal Host enable enable
Service id enable enable
Next hop ASN enable enable
Destination ASN enable enable
Device Client id enable enable
Tethering indication enable enable
Monitoring service group enable enable
Policy id enable enable
Instance id enable enable

Service statistic bucket disable


Conversation Export bucket enable
30sec bucket enable

Minimum golden records 10%


Max active vcs 250000
Max monitored conversations (LT) 50000
Max exported conversations (LT) 450000

======== Device BW Limits ========


QoS type - full_both
Both Directions Maximum - max Kbits/sec

==== User Defined Signature ====


HTTP UDS state enable
HTTPS UDS state enable

==== X-Forwarded-For ====


XFF state disable

==== DPI control ====


DPI observers enable

==== Http Persistence Status ====


HttpPersistence Mode: Disable

==== Asymmetry ====


Admin disable
Group ID 0
Local Device ID 0
Transport type point2point
Health check enable

==== Asymmetry remote devices ====

==== Ip Interfaces ====

==== Static Fib entries ====

==== Fib learning ====


Fib learning mode symmetric
==== Web Update ====
Base version 3.37
Current version 3.38
Patch version 55

==== Web Safe ====


Operation mode always
Action reportOnly

AOS Operation Guide 5-29


Chapter 5: CLI for Troubleshooting Platform

==== Next Hop Router IPV4 ====

==== Next Hop Router IPV6 ====

==== DP egress storage limits ====


Total storage 300
Storage per session 10

==== CER limits ====


CER value 77000
Action bypass

==== Source MAC assignment for proxy outgoing traffic ====


Proxy out source MAC dynamic

==== DHCP Gleaning configuration ====

Filter: NONE

Filter: NONE

Max rate: 200 pkts/sec

==== Deployment Profile configuration ====


Deployment profile default
==== Quick Signature configuration ====

Quick Signature is disabled

Quick Signature DHT: 0


Quick Signature DNS: 0
Quick Signature ICMP: 0

======== Pcap ========


Pcap mode disable

==== Special protocols configuration ====


Special protocols state disable

Protocol: TCP:179:bypass

Protocol: UDP:179:bypass

Protocol: nonIP:34825:bypass

Protocol: nonIP:8948:bypass

Protocol: IP:9:bypass

Protocol: nonIP:2054:bypass

Protocol: IP:8:bypass

Protocol: IP:3:bypass

Protocol: IP:89:bypass

Protocol: UDP:520:bypass

Protocol: UDP:3784:bypass

Protocol: TCP:3784:bypass

Protocol: TCP:3785:bypass

Protocol: UDP:3785:bypass

Protocol: TCP:4784:bypass

Protocol: UDP:4784:bypass

Protocol: TCP:646:bypass

Protocol: UDP:646:bypass

Protocol: IP:46:bypass

Protocol: TCP:363:bypass

Protocol: UDP:363:bypass

Protocol: TCP:1698:bypass

Protocol: UDP:1698:bypass

Protocol: TCP:1699:bypass

5-30 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

Protocol: UDP:1699:bypass

Protocol: TCP:701:bypass

Protocol: UDP:701:bypass

==== Network activity time configuration ====

Network activity time state enable


Default baseline traffic per 30s 0

AOS Operation Guide 5-31


Chapter 5: CLI for Troubleshooting Platform

5.14. go config view bypass


This command displays all information concerning the In-line Bypass units and
configuration.

Options
OPTION NAME VALUES NOTES

None

Output Example
==== Bypass Unit ====
Bypass Unit Configuration enable

Bypass Units list :


|ID |Bypass Type |Control Slots |Units |State |Detection
(per unit)
--------------------------------------------------------------------------------
------------------
|1 |external |all |1 |ACTIVE |connected
not connected
--------------------------------------------------------------------------------
------------------
Request completed successfully.

5.15. go config view ips


This command displays all information concerning the In-line Platform’s IP addresses
and Host Names.

Options
OPTION NAME VALUES NOTES

None

Output Example
==== IP & Host Name ====
Host Name EXC
Domain Name none
Primary Domain Name Server none
Secondary Domain Name Server none
Primary NTP Time Server 10.4.100.71
Secondary NTP Time Server none
Tertiary NTP Time Server none
IP Address 10.17.1.80
Network Mask 255.255.0.0
Vlan ID 4022
Out-of-band Gateway 10.17.0.1
Request completed successfully.

5-32 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

5.16. go config view key


This command displays all information concerning the In-line Platform’s license key,
including what features are enabled by the current key.

Options
OPTION NAME VALUES NOTES

None

Output Example
sysadmin@AC-3K-3-11:~$ go config view key
==== Global information ====
Product Name AC3040
Activation Key AC3040-3156645-
4172H1L17L1U1U2020THK1L1Y1RK2L1Y1RK3L1Y1RK4L4Y8192RK5L4Y2048RK6L4Y256RK7L1Y1RK8L
2Y1RK9L1Y1RK10L1Y1L4Y100L3Y4000L5Y999999RK11L2Y1RK13L2Y1RK14L2Y1RK15L2Y1RK16L2Y1
RTHT-EFF4D1B082
Global Expiration Date 01/01/2020
Global status valid

==== Features information ====


1) QoS
---
Feature is valid
Attributes:
Status enable

2) Real time reporting


-------------------
Feature is valid
Attributes:
Status enable

3) Long term reporting


-------------------
Feature is valid
Attributes:
Status enable

4) Number of VCs
-------------
Feature is valid
Attributes:
Number of elements 8192

5) Number of Pipes
---------------
Feature is valid
Attributes:
Number of elements 2048

6) Number of Lines
---------------
Feature is valid
Attributes:
Number of elements 256

7) Allot Protocol Update

AOS Operation Guide 5-33


Chapter 5: CLI for Troubleshooting Platform

---------------------
Feature is valid
Attributes:
Status enable

8) WebSafe enforcement
-------------------
Feature is valid
Attributes:
Number of SGCC 1

9) WebSafe update subscription


---------------------------
Feature is valid
Attributes:
Status enable

10) Traffic steering


----------------
Feature is valid
Attributes:
Status enable
Bandwidth 4.00 Gbps
Number of elements 100
Number of subscribers 999999

11) SP Mitigation
-------------
Feature is valid
Attributes:
Number of SGCC 1

12) SP Sensor
---------
Feature is valid
Attributes:
Number of SGCC 1

13) Mobile reports


--------------
Feature is valid
Attributes:
Number of SGCC 1

14) Statistics Export


-----------------
Feature is valid
Attributes:
Number of SGCC 1

15) Tethering
---------
Feature is valid
Attributes:
Number of SGCC 1
Request completed successfully.

5-34 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

5.17. go config view network


This command displays all information concerning the In-line Platform’s network
configuration.

Options
OPTION NAME VALUES NOTES

None

Output Example
==== Network ====
Redundancy Mode standalone
Bypass Unit Configuration disable
Bypass Unit Detection N/A
System Status active
Minimum number of Core Controllers 2
Number of active Core Controllers 2
Minimum number of Switch Balancers 1
Cards list :
|Slot |Card Type |SMC State |Card Status
--------------------------------------------
|1 |EXC-CC |ON |STANDBY
--------------------------------------------
|2 |EXC-CC |ON |STANDBY
--------------------------------------------
|3 |EXC-CC |ON |ACTIVE (M)
--------------------------------------------
|4 |EXC-CC |ON |ACTIVE
--------------------------------------------
|7 |EXC-SB |ON |ACTIVE
--------------------------------------------
|8 |EXC-SB |ON |ACTIVE
--------------------------------------------
|14 |VAS |ON |
--------------------------------------------
|1001 |SMC |ON |ACTIVE
--------------------------------------------
Request completed successfully.
sysadmin@SGS-E14-SBH[7/14]:~$

NOTE When this command is run on a multi blade system, you will notice one of the CC is
marked with ACTIVE (M). This is for INTERNAL USE by the Qos engine. It indicates
what CC is the master CC for synchronization with the chassis (for example, in
asymmetric environments).

AOS Operation Guide 5-35


Chapter 5: CLI for Troubleshooting Platform

5.18. go config view nic


This command displays all information concerning the In-line Platform’s nic settings.

Options
OPTION NAME VALUES NOTES

None

Output Example
sysadmin@AC-3K-3-11:~$ go config view nic
Interface EXTERNAL0 : Mode auto
Speed auto
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all,
bypass
Supported Modes full, auto
Supported Speeds 10, 100, 1000, auto
Port Usage network
Supported Usages network, redirect_indirect,
redirect_direct

Interface EXTERNAL1 : Mode auto


Speed auto
Status disable
Action on Failure none
Supported Actions none, fail_pair, fail_all,
bypass
Supported Modes full, auto
Supported Speeds 10, 100, 1000, auto
Port Usage network
Supported Usages network, redirect_indirect,
redirect_direct

5-36 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

5.19. go config view web_safe


Use this command to view the values for WebSafe.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-mode MODE values are:
disabled
always
vcbased
-action ACTION values are:
reportOnly
block
redirect
respond
-ne_connect <ADDRESS:USER Parameters to connect
NAME:PASSWORD> to the Data Server
(by default this is set to
localhost)
-f Forces the write
permissions to CLI
client

Output Example
sysadmin@sigma-3-SBH[7/14]:~$ go config view web_safe
==== Web Safe ====
Operation mode always
Action reportOnly

AOS Operation Guide 5-37


Chapter 5: CLI for Troubleshooting Platform

5.20. go config view web_update


Use this command to view the XML values for Web Updates, indicating which Protocol
Pack is current installed.

Options
IN NX
PARAMETERS DESCRIPTION
GUI
-ne_connect <ADDRESS:USER Parameters to connect to the Data
NAME:PASSWORD> Server
(by default this is set to localhost)
-f Forces the write permissions to CLI
client

Output Example
sysadmin@sigma-3-SBH[7/14]:~$ go config view web_update
==== Web Update ====
Base version 3.25
Current version 3.31
Patch version 28

5-38 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

5.21. go config view access_control


This command displays all information concerning access control.

Options
OPTION NAME VALUES NOTES

None

Output Example
sysadmin@SG-E14-20-SBH[7/14]:~$ go config view access_control

==== Access Control ====


Users list : all
Request completed successfully.

AOS Operation Guide 5-39


Chapter 5: CLI for Troubleshooting Platform

5.22. go config view password_security


This command displays all information concerning password security.

Options
OPTION NAME VALUES NOTES

None

Output Example
sysadmin@SG-E14-20-SBH[7/14]:~$ go config view password_security

==== Password Security ====


Expiration days disable
Warning days disable
Length 5
Character enforcement disable

5-40 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

5.23. go config view data_collect


This command displays all information concerning data collection.

Options
OPTION NAME VALUES NOTES

None

Output Example
sysadmin@SG-E14-20-SBH[7/14]:~$ go config view data_collect
==== Data Collection ====
External Host enable disable
Internal Host enable enable
Service id enable enable
Next hop ASN enable enable
Destination ASN enable enable
Device Client id enable enable
Tethering indication enable enable
Policy id enable enable
Instance id enable enable

Service statistic bucket enable


Conversation Export bucket enable
30sec bucket disable

Minimum golden records 10%


Max active vcs 380000
Max monitored conversations (LT) 50000
Max exported conversations (LT) 1040000

Request completed successfully.

5.24. actype
This command displays the AOS version number. It is also possible to ssh to a specific
blade and run actype.

Options
OPTION NAME VALUES NOTES

None

Output Example
sysadmin@AC-3K-3-11:~$ actype
Version AOS.AC3K.13.1.0 Build 1

sysadmin@SG-E14-20-SBH[7/14]:~$ actype
Version AOS.SGSE14.13.3.170 Build 5

AOS Operation Guide 5-41


Chapter 5: CLI for Troubleshooting Platform

5.25. sw-tool.sh
This command displays the active and inactive partition information for all slots and
CPUs.

Options
OPTION NAME VALUES NOTES

None

Output Example
sw_tool.sh
+------+-----------+---------+----------------------+----------------------+
| Slot | Cpu | Field | Active | Inactive |
+------+-----------+---------+----------------------+----------------------+
| 1 | primary | name | main2 | main1 |
| | | version | 13.1.600-30 | 13.1.600-28 |
| | | date | 2014-04-10^15.01.19 | 2014-04-10^11.44.03 |
| | | status | NEW | NEW |
+------+-----------+---------+----------------------+----------------------+
| 1 | secondary | name | main2 | main1 |
| | | version | 13.1.600-30 | 13.1.600-28 |
| | | date | 1970-01-01^00.23.09 | 1970-01-01^02.21.45 |
| | | status | NEW | NEW |
+------+-----------+---------+----------------------+----------------------+
| 7 | primary | name | main2 | main1 |
| | | version | 13.1.600-30 | 13.1.600-28 |
| | | date | 2014-04-10^15.05.36 | 2014-04-10^11.48.38 |
| | | status | NEW | NEW |
+------+-----------+---------+----------------------+----------------------+
| 7 | secondary | name | main2 | main1 |
| | | version | 13.1.600-30 | 13.1.600-28 |
| | | date | 2014-04-10^15.05.21 | 2014-04-10^11.48.07 |
| | | status | NEW | NEW |
+------+-----------+---------+----------------------+----------------------+
| 11 | primary | name | main2 | main1 |
| | | version | 13.1.600-30 | 13.1.600-28 |
| | | date | 2014-04-10^15.00.48 | 2014-04-10^11.43.48 |
| | | status | NEW | NEW |
+------+-----------+---------+----------------------+----------------------+
| 11 | secondary | name | main2 | main1 |
| | | version | 13.1.600-30 | 13.1.600-28 |
| | | date | 2014-04-10^14.59.31 | 2014-04-10^11.42.32 |
| | | status | NEW | NEW |
+------+-----------+---------+----------------------+----------------------+

5.26. boxkey
This command displays the box key of the In-line Platform. The box key is sent to Allot
in order to purchase a system activation key.

5-42 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

Options
OPTION
VALUES NOTES
NAME
None

Output Example
sysadmin@AC-3K-3-11:~$ boxkey
3156645

AOS Operation Guide 5-43


Chapter 5: CLI for Troubleshooting Platform

5.27. snapshot
Create a snapshot of the status & logs of all blades

Options
OPTION NAME VALUES NOTES

None

5-44 AOS Operation Guide


Chapter 5: CLI for Troubleshooting Platform

5.28. ac_reboot
Use this command to reboot devices and platforms.

AOS Operation Guide 5-45


Chapter 5: CLI for Troubleshooting Platform

5-46 AOS Operation Guide