cc/td/doc/product/access/acs_serv/6510ssg
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Command Reference
 Help Information
 Pattern Matching
 Commands Listed by Feature
 Alphabetical Listing of Commands

Command Reference

This chapter contains an alphabetical listing of the Cisco 6510 Service Selection Gateway (Cisco 6510) commands. The description of each command includes a brief description of its use, command syntax, and usage guidelines.

Commands can be entered directly at the command-line prompt. These commands are not case sensitive.

Help Information

Enter the help command to display the available Cisco 6510 commands. Also, typing the name of a command followed by a question mark (?) displays the syntax for that command. For example, to display the syntax for the config command, enter config ? at the Cisco 6510 console prompt.

Pattern Matching

The config set commands support pattern matching. For example, if you enter config set fei, you will be prompted to configure the following parameters:

Carriage Return to Skip; '.' to quit; 'c' to clear -->
FEI0_InetAddr: <10.10.10.1>:
FEI0_Mask: <255.255.0.0>:
FEI0_InetGateway: <>:
FEI0_InetName: <Hosts>:
FEI1_InetAddr: <171.69.255.54>:
FEI1_Mask: <255.255.255.240>:
FEI1_InetGateway: <171.69.255.49>:
FEI1_InetName: <UCPcard>:
FEI2_InetAddr: <171.69.255.21>:
FEI2_Mask: <255.255.255.248>:
FEI2_InetGateway: <171.69.255.22>:
FEI2_InetName: <ISPcard>:

Timesaver   To configure all parameters for a first-time configuration, enter config set without any parameters.

Commands Listed by Feature

Table 4-1 lists configuration commands by Cisco 6510 features.

Table 4-1   Command Feature Summary

Feature Command

Configuration Management

  • Set parameters
  • Display current configuration
  • Reboot and configure from Flash memory
  • Save the current configuration

 

config set

config show

reboot

config save

Help

  • Display list of commands and command syntax
  • Display help for an individual command

 

help

command ?

Network Interfaces

  • Set interface card IP addresses and gateway IP addresses


ifconfig

Security

  • Set shared secret with Dashboard
  • Set shared secret with RADIUS AAA server

 

secret dashboardpassword

secret aaapassword

Logging

  • Specify output device and destination for logging

 

logtarget

Debugging

  • Configure debugging options

 

debug

System Upgrade

  • Upgrade Flash memory or ROM BIOS from image file

 

burnimg

Failover

  • Configure failover feature

 

failover

Next Hop Gateway

  • Download the next hop gateway profile

 

nhgtable

Transparent Passthrough Filtering

  • Download the filter profile

 

tptfilter

Telnet

  • Set the Telnet password
  • Show whether a Telnet session is active
  • Disconnect a Telnet session

 

passwd

telnet show

telnet disconnect

Alphabetical Listing of Commands

The following pages contain sections on each of the Cisco 6510 commands.

accountingparam

This command sets accounting timeouts and retries.

accountingparam [-t timeout] [-r retries]
Syntax Description

timeout

Sets how long (in seconds) the Cisco 6510 will wait before resending an accounting packet to a Remote Access Dial-In User Service (RADIUS) accounting server (default: 10).

retries

Sets the number of times the Cisco 6510 will retry an accounting packet to a RADIUS accounting server (default: 5).

Usage Guidelines

Use the accountingparam command to set accounting timeouts and retries. Entering accountingparam by itself displays the current settings.

Parameters set with the accountingparam command do not take effect until the Cisco 6510 is rebooted.

Example
SSG > accountingparam -t 20 -r 10
AccountingParam: <Timeout: 20 Seconds>
<Retries: 10 times>

burnimg

This command can be used to write an image of the Cisco 6510 software to Flash memory or update the ROM BIOS. When the unit is rebooted, the system will display the new version of the software.

burnimg -f /fd0/filename [-t bios | img]
Syntax Description

filename

Filename of the configuration file to read.

bios

With the -t parameter, specifies writing the configuration to the ROM BIOS.

img

With the -t parameter, specifies writing the configuration file to the software image maintained in Flash memory (default).

Usage Guidelines

Use the burnimg command to update the Cisco 6510 software and write the new version to the system's Flash memory from disk.

To use the default target for the image file, enter burnimg -f /fd0/filename, where filename is the filename of the image file.

When you enter the burnimg command, specify the filename and location of the update file with the -f parameter.

Next, specify where to write the software image. To update the Cisco 6510's BIOS chip with a new ROM BIOS image, specify bios with the -t parameter. To update the auxiliary chips on the Cisco 6510 with the new software image, specify img with the -t command.

Example
SSG > burnimg -f /fd0/csco6510 -t img
Reading file /fd0/csco6510 ...
Reading file is done.
Burning image /fd0/csco6510 to flash memory ...
Burning Image is Done!

config clear

This command clears configuration settings for the selected parameter.

config clear parm_name
Syntax Description

parm_name

Cisco 6510 configuration parameter name.

Usage Guidelines

Use the config clear command to clear settings for a Cisco 6510 configuration parameter. It can clear any parameter in "Configuration Reference."

Example
SSG > config clear AccountingIP2
Cleared AccountingIP2.
SSG > config clear inet
Cleared FEI0_InetAddr.
Cleared FEI0_InetGateway.
Cleared FEI0_InetName.
Cleared FEI1_InetAddr.
Cleared FEI1_InetGateway.
Cleared FEI1_InetName.
Cleared FEI2_InetAddr.
Cleared FEI2_InetGateway.
Cleared FEI2_InetName.

config load

This command loads the settings of a Cisco 6510 configuration file from a floppy disk to RAM.

config load -f /fd0/filename
Syntax Description

filename

Name of the configuration file (maximum 8 characters).

Usage Guidelines

Use the config load command to load the settings of a Cisco 6510 configuration file from a floppy disk to RAM. After loading the configuration and making any changes, use the config save command to save the configuration to memory.

Example
SSG > config load -f /fd0/6510cfg
config load -f /fd0/sample1.cfg
Reading file /fd0/sample1.cfg ...
Reading file is done.
Load from Configuration File (/fd0/sample1.cfg) Done.
Reconfiguring Network Interface 0:
IP=192.168.2.2, Mask=255.255.255.0, GW=192.168.2.1, Name=Host
Reconfiguring Network Interface 1:
IP=192.168.100.122, Mask=255.255.255.0, GW=, Name=Management
Reconfiguring Network Interface 2:
IP=192.168.12.3, Mask=255.255.255.0, GW=192.168.12.1, Name=SP
Updating dhcp remote port to 67
DHCPRemotePort = <67>
Updating dns remote port to 53
DNSRemotePort = <53>
Updating radius remote port to 1645
RadiusRemotePort = <1645>
Updating l2f remote port to 1701
L2FRemotePort = <1701>
Updating accounting remote port to 1646
AccountingRemotePort = <1646>
Updating ARP parameters: timeout=0 msec, retries=1
arpParam: <Timeout: 0 milliSeconds ( == 0 ticks)> <Retries: 1 times>
Updating Accounting parameters: timeout=10 sec, retries=5
AccountingParam: <Timeout: 10 Seconds>
<Retries: 5 times>

config save

This command writes the current Cisco 6510 configuration settings to Flash memory or floppy disk.

config save [-f /fd0/filename]
Syntax Description

filename

Name of the configuration file (8.3 format).

Usage Guidelines

Use the config save command to save changes to the Cisco 6510 configuration parameter or back up the configuration file to disk.

Using config save without a switch causes the Cisco 6510 to save configuration changes to memory.

Using config save with the -f /fd0 switch causes the Cisco 6510 to save the configuration to floppy disk using the name specified in filename.

Note      If you use config save to back up the configuration file to disk, be sure to save the configuration changes to memory first.

Example
SSG > config save
Save to Flash Done.
SSG > config save -f /fd0/6510cfg
Writing file /fd0/sample1.cfg ...
Writing file is done.
Save to Configuration File (/fd0/sample1.cfg) Done.

config set

This command sets Cisco 6510 configuration parameters.

config set parm_name parm_values

Note      This is the most frequently used Cisco 6510 command. It can configure all parameters in "Configuration Reference."

Syntax Description

parm_name

Cisco 6510 configuration parameter name (supports pattern matching).

parm_value

Parameter value.

Usage Guidelines

Use the config set command to set configuration parameters. The syntax used with the parm_value varies depending on which parameter is set.

Example
SSG > config set AccountingRemotePort 1848
SSG > config set AAIP1 171.69.73.151
SSG > config set fei
Carriage Return to Skip; '.' to quit; 'c' to clear -->
FEI0_InetAddr: <10.10.10.1>:
FEI0_Mask: <255.255.0.0>:
FEI0_InetGateway: <>:
FEI0_InetName: <Hosts>:
FEI1_InetAddr: <171.69.255.54>:
FEI1_Mask: <255.255.255.240>:
FEI1_InetGateway: <171.69.255.49>:
FEI1_InetName: <UCPcard>:
FEI2_InetAddr: <171.69.255.21>:
FEI2_Mask: <255.255.255.248>:
FEI2_InetGateway: <171.69.255.22>:
FEI2_InetName: <ISPcard>:

config setdefault

This command sets the Cisco 6510's network settings to their default values.

config setdefault
Usage Guidelines

Use this command to set the Cisco 6510's network configuration settings to their default values. This command is useful if you have changed the configuration and need to reset it to default settings.

Table 4-2 indicates the default configuration settings for the Cisco 6510.

Table 4-2   Default Configuration Settings

Parameter Default Setting

AAAClientIF

0

AAFTCheckThreshold

60

AAFTCheckInterval

0.1

AAIP1

0.0.0.0

AAIP2

0.0.0.0

AAAPassword

secret

AccountingIP1

0.0.0.0

AccountingIP2

0.0.0.0

ACCOUNTINGRemotePort

1646

ACCTRetryCount

5

ACCTTimeout

10

ARPRetryCount

1

ARPTimeOut

0

DashBoardPassword

secret

DebugACCTHandler

0

DebugACCTLevel

0

DebugDHCPHandler

0

DebugDHCPLevel

0

DebugDNSHandler

0

DebugDNSLevel

0

DebugFOVERHandler

0

DebugFOVERLevel

0

DebugL2FHandler

0

DebugL2FLevel

0

DebugNATHandler

0

DebugNATLevel

0

DebugPPPHandler

0

DebugPPPLevel

0

DebugRADIUSHandler

0

DebugRADIUSLevel

0

DebugSystem

0

DebugSystemLevel

0

DefaultServerIF

2

DefaultServerIP

0.0.0.0

DefaultServerIPMask

255.255.255.255

DefaultServerIP2

0.0.0.0

DefaultServerIP2Mask

255.255.255.255

DHCPIP

0.0.0.0

DHCPRelayEnable

0

DHCPRemotePort

67

DNSFTCheckInterval

60

DNSFTCheckThreshold

0.1

DNSRemotePort

53

FailoverActiveIP0

0.0.0.0

FailoverActiveIP1

0.0.0.0

FailoverActiveIP2

0.0.0.0

FailoverActiveMac0

 

FailoverActiveMac1

 

FailoverActiveMac2

 

FailOverActiveState

1

FailoverEnable

0

FailoverStandbyIP0

0.0.0.0

FailoverStandbyIP1

0.0.0.0

FailoverStandbyIP2

0.0.0.0

FailoverStandbyMac0

 

FailoverStandbyMac1

 

FailoverStandbyMac2

 

FEI0_InetAddr

 

FEI0_InetGateway

 

FEI0_InetName

 

FEI0_Mask

0.0.0.0

FEI1_InetAddr

 

FEI1_InetGateway

 

FEI1_InetName

 

FEI1_Mask

0.0.0.0

FEI2_InetAddr

 

FEI2_InetGateway

 

FEI2_InetName

 

FEI2_Mask

0.0.0.0

IGMPHelperEnable

0

L2FRemotePort

1701

LogFacility

0

LogTarget0

0

MachineName

ssg

MaxServicePerHost

10

MulticastEnable

0

NATFTPCleanupInternal

300

NATFTPConnTimeout

14400

NATFTPFinConnTimeOut

1

NHGTableProfile

NHGTableProfile

RADIUSRemotePort

1645

SNMPIP

0.0.0.0

SNMPRemotePort

162

SNMPRetryCount

0

TPTEnable

0

TPTFilter

TPTFilterProfile

ServicePassword

secret

TunnelTimeout

60

Example
SSG > config setDefault

config show

This command displays the current setting for all configuration parameters or a specified configuration parameter.

config show [parm_name]
Syntax Description

parm_name

Configuration parameter whose setting you want to show. If parm_name is not specified, all parameters are shown.

This parameter supports pattern matching.

Usage Guidelines

Use the conifg show command to display the current setting for all configuration parameters or a specified configuration parameter.

Example
SSG > config show AAIP
AAIP1: <0.0.0.0>
AAIP2: <0.0.0.0>
SSG > config show Password
DashboardPassword: <secret>
AAAPassword: <secret>
ServicePassword: <secret>

debug

This command enables or disables debugging for a specified debug handler at a specified level.

debug {enable | disable} [-h handler] [-l level]
Syntax Description

handler

You can enable or disable the following debug handlers:

system—System debug handler.

dhcp—Dynamic Host Configuration Protocol (DHCP) handler.

dns—Domain Name System (DNS) handler.

l2f—Layer 2 Forwarding (L2F) handler.

radius—Remote Access Dial-In User Service (RADIUS) handler.

accounting—Accounting protocol handler.

nat—Network address translation handler.

failover—Failover handler.

ppp—Point-to-Point Protocol handler.

level

You can set the following debug levels:

error—Display error messages.

info—Display informational messages.

verbose—Display the long form of messages.

packet—Output the contents of each packet that is received and transmitted.

all—Display error, informational, and packet messages, in verbose form.

Usage Guidelines

Use the debug command to enable or disable debugging for a specific debug handler. To enable a debug handler, enter debug enable followed by -h and the name of the handler to enable, -l, and the level of debugging. To disable a debug handler, enter debug disable followed by -h and the name of the handler to disable. If you are disabling a debug handler, you do not need to specify a debug level.

To disable all debugging levels without changing setting levels, enter debug disable. To restore these levels to their previous settings, enter debug enable.

When the handler is enabled, debug messages are output to the device(s) specified by the logtarget command. This can be the terminal device to which the Cisco 6510 is connected or a UNIX syslog server.

Example
SSG > debug enable -h dhcp -l error
Debug DHCP: Enabled [Active Level: ERROR]
SSG > debug enable -h l2f -l all
Debug L2F: Enabled [Active Level: ERROR INFO VERBOSE PACKET]
SSG > debug disable -h radius
Debug RADIUS: Disabled [Active Level: ERROR ]
SSG > debug disable
Debug DHCP: Disabled [Active Level: ERROR ]
Debug DNS: Disabled [Active Level: ERROR ]
Debug L2F: Disabled [Active Level: ERROR ]
Debug PPP: Disabled [Active Level: ERROR ]
Debug RADIUS: Disabled [Active Level: ERROR ]
Debug ACCOUNTING: Disabled [Active Level: ERROR INFO VERBOSE PACKET ]
Debug NAT: Disabled [Active Level: ERROR ]
Debug FAILOVER: Disabled [Active Level: ERROR ]
Debug SYSTEM: Disabled [Active Level: ERROR ]

Timesaver   To quickly specify all debug levels for a debug handler, use a numeric value between 0 and 15.

To determine the numeric value, use Table 4-3. The value "1" indicates the debug level is enabled and "0" indicates the debug level is disabled.

Table 4-3  


No. 		Packet
 		Verbose
 		Info
 		Error

0

0

0

0

0

1

0

0

0

1

2

0

0

1

0

3

0

0

1

1

4

0

1

0

0

5

0

1

0

1

6

0

1

1

0

7

0

1

1

1

8

1

0

0

0

9

1

0

0

1

10

1

0

1

0

11

1

0

1

1

12

1

1

0

0

13

1

1

0

1

14

1

1

1

0

15

1

1

1

1

Debug Numeric Values

Example

To enable error-level debugging for all handlers, enter the following:

SSG > config set level
Carriage Return to Skip; '.' to quit; 'c' to clear -->
DebugDHCPLevel: <7>:1
DebugDNSLevel: <1>:1
DebugL2FLevel: <1>:1
DebugPPPLevel: <1>:1
DebugRADIUSLevel: <1>:1
DebugACCTLevel: <1>:1
DebugNATLevel: <1>:1
DebugFOVERLevel: <1>:1
DebugSystemLevel: <1>:1
Configuration Transferred to STANDBY

debug show

This command displays the current debug settings.

debug show
Usage Guidelines

Use the debug show command to display the current debug settings.

Example
SSG > debug show
Debug DHCP: Disabled [Active Level: (None)]
Debug DNS: Disabled [Active Level: (None)]
Debug L2F: Disabled [Active Level: (None)]
Debug PPP: Disabled [Active Level: (None)]
Debug RADIUS: Enabled [Active Level: ERROR ]
Debug ACCOUNTING: Disabled [Active Level: (None)]
Debug NAT: Disabled [Active Level: (None)]
Debug FAILOVER: Disabled [Active Level: (None)]
Debug SYSTEM: Enabled [Active Level: ERROR ]

failover

This command enables or disables the failover feature for the Cisco 6510.

failover {enable | disable}
Syntax Description

enable

Enables the failover feature.

disable

Disables the failover feature.

Usage Guidelines

Use the failover command to enable or disable the Cisco 6510's failover feature. For detailed information on how the failover feature works, see the "Failover Mechanism" section.

Example
SSG > failover enable
SSG > failover disable

failover reset

This command resets the failover mechanism for the Cisco 6510.

failover reset
Usage Guidelines

Use the failover reset command to reset the failover mechanism for the Cisco 6510. It is necessary to enter this command to activate failover without rebooting, when a serious error is reported for either unit, or in the event that the failover cable becomes disconnected.

To use failover reset, first enter the command on the standby unit. Then, enter the command on the primary unit.

If you are activating failover for the first time, you must first enter the failover enable command described in the "failover" section.

Example
SSG > failover reset
Failover::Init: Initialize failover service hot...
Failover Reset started.
SSG>Failover::Init: Waiting for failover to initialize (COUNTDOWN: 10)
Failover::Init: Waiting for failover to initialize (COUNTDOWN: 9)
Failover::Init: Waiting for failover to initialize (COUNTDOWN: 8)
FAILOVER: %%%%%%%%%%%%%SWITCHING INTERFACES to STANDBY %%%%%%%%%%%%%%%%
FAILOVER: (failSwitch) unit(0): Switching to MAC(00:a0:c9:76:9c:a4)
FAILOVER: (failSwitch) unit(0): Switching to IP...
FAILOVER: (SwitchIP) Switching unit(0) to IP=<10.10.10.2>, mask=<255.255.0.0>, GW=<>, name=<host>
FAILOVER: %%%%%%%%%%%%%SWITCHING INTERFACES to STANDBY %%%%%%%%%%%%%%%%
FAILOVER: (failSwitch) unit(1): Switching to MAC(00:a0:c9:76:9c:38)
FAILOVER: (failSwitch) unit(1): Switching to IP...
FAILOVER: (SwitchIP) Switching unit(1) to IP=<171.69.255.20>, mask=<255.255.255.248>, GW=<171.69.255.18>, name=<ncp/isp>
FAILOVER: %%%%%%%%%%%%%SWITCHING INTERFACES to STANDBY %%%%%%%%%%%%%%%%
FAILOVER: (failSwitch) unit(2): Switching to MAC(00:a0:c9:76:9c:42)
FAILOVER: (failSwitch) unit(2): Switching to IP...
FAILOVER: (SwitchIP) Switching unit(1) to IP=<171.52.255.20>, mask=<255.255.255.248>, GW=<171.52.255.18>, name=<mgmt>
Failover::Init: Waiting for failover to initialize (COUNTDOWN: 7)
Failover::Init: Initialization Done!

failover set

This command sets the IP addresses that are used by the failover feature for each interface card in both the primary and standby Cisco 6510s.

failover set

Note      This command should be executed from the active unit.

Usage Guidelines

Use the failover set command to set the IP addresses of the active and standby units.

SSG > failover set
FailoverActiveIP0 <198.46.3.2>:
FailoverActiveIP1 <198.46.4.2>:
FailoverActiveIP2 <198.46.5.2>:
FailoverStandbyIP0 <0.0.0.0>: 198.46.6.2
FailoverStandbyIP1 <0.0.0.0>: 198.46.7.2
FailoverStandbyIP2 <0.0.0.0>: 198.46.8.2

failover show

This command displays either the IP address of the standby failover unit or the IP addresses and status information about the active and standby units.

failover show [IP | stats]
Syntax Description

IP

Displays the IP addresses of the active and standby units.

stats

Displays status information of the active and standby units.

Usage Guidelines

Use the failover show command to display information about the active and standby units.

If you enter failover show, the console displays information about whether failover is enabled and the processing status. If you enter failover show IP, the console displays the IP addresses of the active and standby units. If you enter failover show stats, the console displays failover realtime status information.

For detailed information on how the failover feature works, see the "Failover Mechanism" section.

Example
SSG > failover show
Failover Feature <Enabled>: SSG Processing <ON>
SSG > failover show stats
---------------- Failover module real-time status --------------------
PRIMARY: Failover Monitor Enabled: ACTIVE (Peer Unit: STANDBY)
0: 10.10.10.1 (00:a0:c9:9b:7c:bf) LINK = up
1: 171.69.255.19 (00:a0:c9:9b:82:28) LINK = up
2: 171.52.255.19 (00:a0:c9:9b:82:42) LINK = up
Logical information:
Interface fei2: READY
Interface fei1: READY
Interface fei0: READY
Total Number of Switchover Taken Place: 1

failover switchover

This command switches the Cisco 6510 to either active or standby status.

failover switchover {active | standby}
Syntax Description

active

Makes the unit the active unit.

standby

Makes the unit the standby unit.

Usage Guidelines

Use the failover switchover command to switch the Cisco 6510 to active or standby. For detailed information on how the failover feature works, see the "Failover Mechanism" section.

Example
SSG > failover switchover active
SSG > failover switchover standby

failover test

This command tests the failover feature for the Cisco 6510.

failover test
Usage Guidelines

Use the failover test command to test the Cisco 6510's failover feature. For detailed information on how the failover feature works, see the "Failover Mechanism" section.

Example
SSG > failover test
---------------- Failover module Self Test --------------------
FAILOVER: (selfTest) tNetTask OK.
FAILOVER: (selfTest) Cable OK.
FAILOVER: (selfTest) Ethernet(2) OK.
FAILOVER: (selfTest) Ethernet(1) OK.
FAILOVER: (selfTest) Ethernet(0) OK.
FAILOVER: (selfTest) Succeeded: Passed All Tests.

hardware

This command displays the hardware configuration of the Cisco 6510.

hardware
Usage Guidelines

Use the hardware command to display the hardware configuration of the Cisco 6510.

Example
SSG > hardware
INTEL Processor: <GenuineIntel>
      OEM: Pentium II processor, model 3, 300 MHz
Total Memory: 402649 Kbytes
Performing Failover Cable Loopback Test...
loopback test: Tx/Rx 128 characters were dropped
Result = FAILED
Ethernet Cards:
SSG diagnostics: Intel 82557 #0 found at pciDevice number 13
***
82557(0): Intel EtherExpress Pro 10/100 at 0xfcc0 00:A0:C9:CA:AF:04
CSR mem base address = feaff000, Flash mem base address = fed00000
PCI bus no. = 0, device no. = d, function no. = 0, IRQ = 11
Board assembly 689661-003, Physical connectors present: RJ45
Primary interface chip unknown PHY #1.
General self-test: passed.
Serial sub-system self-test: passed.
Internal registers self-test: passed.
ROM checksum self-test: passed (0x24c9f043).
***
SSG diagnostics: Intel 82557 #1 found at pciDevice number 14
***
82557(1): Intel EtherExpress Pro 10/100 at 0xfca0 00:A0:C9:CC:31:17
CSR mem base address = feafe000, Flash mem base address = fec00000
PCI bus no. = 0, device no. = e, function no. = 0, IRQ = 10
Board assembly 689661-003, Physical connectors present: RJ45
Primary interface chip unknown PHY #1.
General self-test: passed.
Serial sub-system self-test: passed.
Internal registers self-test: passed.
ROM checksum self-test: passed (0x24c9f043).

***
SSG diagnostics: Intel 82557 #2 found at pciDevice number 15
***
82557(2): Intel EtherExpress Pro 10/100 at 0xfc60 00:A0:C9:CC:31:91
CSR mem base address = feafd000, Flash mem base address = feb00000
PCI bus no. = 0, device no. = f, function no. = 0, IRQ = 15
Board assembly 689661-003, Physical connectors present: RJ45
Primary interface chip unknown PHY #1.
General self-test: passed.
Serial sub-system self-test: passed.
Internal registers self-test: passed.
ROM checksum self-test: passed (0x24c9f043).

ifconfig

This command configures a Cisco 6510 interface card.

ifconfig -u unit -a inetadrs -m netmask [-g inetgateway] [-n inetname]
Syntax Description

unit

Card number of the interface card (card number 0, 1, or 2).

inetadrs

IP address assigned to the interface card.

netmask

Subnet mask assigned to the interface card.

inetgateway

Default gateway (optional).

inetname

String identifying the interface card (optional).

Usage Guidelines

Use the ifconfig command to configure an interface card installed in the Cisco 6510. All cards in the Cisco 6510 should be assigned an IP address and subnet mask.

Example
SSG > ifconfig -u 0 -a 198.46.3.2 -m 255.255.255.0
SSG > ifconfig -u 1 -a 198.46.4.2 -m 255.255.255.0 -n UCPcard
SSG > ifconfig -u 2 -a 198.46.5.2 -m 255.255.255.0 -g 198.46.5.1

logtarget

The logtarget command specifies where to log debugging messages.

logtarget -t output_type [-d ip_address]
Syntax Description

output_type

Output device where messages are sent. You can specify the following devices:

tty— Messages sent to the terminal console connected to the Cisco 6510

syslog—Messages sent to the syslog file for the system with the IP address specified with the -d parameter.

ip_address

If you specify syslog for the output_type parameter, this parameter specifies the IP address of the syslog server to which you want to output logging information.

Usage Guidelines

The output devices can include the console device connected to the Cisco 6510 and a syslog file on a system connected to the Cisco 6510.

If you specify syslog for the output_type parameter, you must specify the IP address of the system with the ip_address parameter. For information on how to specify the syslog facility, see the "logtarget facility" section.

Example
SSG > logtarget -t syslog -d 192.168.100.22
Target0: 192.168.100.22
Log Facility: LOCAL2
SSG > logtarget -t tty
Target0: TTY
Log Facility: LOCAL2

logtarget facility

Specifies the UNIX syslog facility used to monitor debug messages.

logtarget facility {local0... | local7}
Syntax Description

local0...|local7

Syslog facility to receive debug messages.

Usage Guidelines

Use the logtarget facility command to specify the local device to which the Cisco 6510 writes syslog facility messages.

Example
SSG > logtarget facility local0
Target0: 192.168.100.24
Log Facility: LOCAL0

logtarget show

Displays the logging targets currently configured for the Cisco 6510.

logtarget show
Usage Guidelines

Use the logtarget show command to display a list of log targets where the Cisco 6510 sends logging information.

Example
SSG > logtarget show
Target0: 192.168.100.22
Log Facility: LOCAL2

nhgtable clear

This command clears the next hop gateway table profile settings.

nhgtable clear
Usage Guidelines

Use the nhgtable clear command to clear the next hop gateway table profile settings.

Example
SSG > nhgtable clear

nhgtable download

Because multiple Cisco 6510s might access services from different networks, each service profile specifies a next hop key rather than a next hop IP address. For each Cisco 6510 to determine the IP address of the next hop, each Cisco 6510 downloads its own next hop gateway table that associates keys with IP addresses.

This command downloads next hop table settings from the AAA server.

nhgtable download [profile]
Syntax Description

profile

Name of the RADIUS profile that contains the NHG table for this Cisco 6510.

Note If the NHGTableProfile parameter is set, the profile switch is optional. For more information, see the "NHGTableProfile" section in the "Configuration Reference" chapter.

Usage Guidelines

Use the nhgtable download command to download next hop gateway table profile. If you do not specify profile, the Cisco 6510 will use the profile specified in the NHGTableProfile parameter. For more information, see the "NHGTableProfile" section.

Example
SSG > nhgtable download SSG_1
Downloading NHGTable from Profile (SSG_1)...
NHGTable: Profile SSG_1 is downloaded!

Note      For information on defining next hop keys for services, see the "Service Next Hop Gateway" section. For information on creating a next hop table, see the "Next Hop Gateway Table Entry" section.

nhgtable show

This command displays the next hop gateway table profile settings.

nhgtable show
Usage Guidelines

Use the nhgtable show command to display the next hop gateway table profile settings.

Example
SSG > nhgtable show
Next Hop Gateway Table Loaded from Profile: steve-nhg
Key: ISP-1 ip: 192.168.12.1
Key: ISP-3 ip: 192.168.12.2
Key: ISP-2 ip: 192.168.12.3
Key: ISP-9 ip: 192.168.12.4
Key: ISP-8 ip: 192.168.12.5
Key: ISP-10 ip: 192.168.12.6
Key: ISP-5 ip: 192.168.12.7
Key: ISP-4 ip: 192.168.12.8
Key: ISP-7 ip: 192.168.12.9
Key: ISP-6 ip: 192.168.12.10

passwd

This command changes the password used to access the Cisco 6510 through a Telnet connection.

passwd
Usage Guidelines

Use the passwd command to change the password used to access the Cisco 6510 through a Telnet connection (default: admin).

Example
SSG > passwd
Old Password: *****
New Password: *****
Re-enter New Password: *****
Password changed.

passwd reset

This command resets the password used to access the Cisco 6510 through a Telnet connection.

passwd reset
Usage Guidelines

If you forget the Telnet password, use passwd reset to restore the Telnet password to the default setting (default: admin).

Example
SSG > passwd reset

Note      The passwd reset command cannot be used remotely.

reboot

This command causes the Cisco 6510 to shut down and reboot using the configuration stored in Flash memory.

reboot
Usage Guidelines

Enter the reboot command to reboot the Cisco 6510 using the configuration stored in Flash memory.

Example
SSG > reboot
System configuration has been modified. Save? [y/n]: y
Proceed with reboot? [y/n]: y

remoteport set

This command specifies the ports the Cisco 6510 uses to communicate with services.

remoteport set -h service -p port
Syntax Description

service

Select from the following services:

dhcp— Dynamic Host Configuration Protocol service.

dns— Domain Name System service.

radius—Remote Access Dial-In User Service.

l2f—Layer 2 Forwarding service.

accounting—RADIUS accounting service.

snmp—Simple Network Management Protocol service.

port

Port used for the specified service.

Usage Guidelines

Use the remoteport set command to specify the ports the Cisco 6510 uses to receive packets from services.

Example
SSG > remoteport set -h dhcp -p 67
DHCPRemotePort = <67>

remoteport show

This command displays the port setting for a specified service.

remoteport show [-h service]
Syntax Description

service

You can view the port setting for the following services:

dhcp— Dynamic Host Configuration Protocol service.

dns— Domain Name System service.

radius—Remote Access Dial-In User service.

l2f—Layer 2 Forwarding service.

accounting—RADIUS accounting service.

snmp—Simple Network Management Protocol service.

Example
SSG > remoteport show -h dhcp
DHCPRemotePort = <67>
SSG > remoteport show
DHCPRemotePort = <67>
DNSRemotePort = <53>
RadiusRemotePort = <1645>
L2FRemotePort = <1701>
AccountingRemotePort = <1646>

secret aaapassword

This command specifies the shared secret used for RADIUS communication between the Cisco 6510 and the AA server.

secret aaapassword secret_string
Syntax Description

secret_string

Text string containing the shared secret.

Usage Guidelines

Use the secret aaapassword command to specify the shared secret used for RADIUS communication between the Cisco 6510 and the AA server.

Example
SSG > secret aaapassword secret2

secret dashboardpassword

This command specifies the shared secret used for RADIUS communication between the Cisco 6510 and the Cisco SSD.

secret dashboardpassword secret_string
Syntax Description

secret_string

Text string containing the shared secret.

Usage Guidelines

Use the secret dashboardpassword command to specify the shared secret used for the RADIUS communication between the Cisco 6510 and the Cisco SSD.

Example
SSG > secret dashboardpassword secret1

server

This command sets IP addresses for servers which communicate with the Cisco 6510.

server [name [ip_address]]
Syntax Description

name

Name of the server. These include:

defaultserverip—Cisco SSD

aaip1—first AA authentication and authorization service.

aaip2—second AA authentication and authorization service.

accountingip1—first AAA accounting service.

accountingip2—second AAA accounting service.

dhcpip—DHCP server.

snmpip—SNMP server.

ip_address

IP address of the server or service.

Usage Guidelines

If you enter server by itself, the Cisco 6510 will prompt you to enter each IP address. If you enter server followed by the name of the service, the Cisco 6510 will prompt you to enter the IP address for that service.

Example
SSG > server dhcpip 136.123.56.57
SSG > server
DefaultServerIP: <0.0.0.0>: 192.168.1.2
AAIP1: <0.0.0.0>: 171.69.73.151
AAIP2: <0.0.0.0>: 171.69.73.152
AccountingIP1: <0.0.0.0>: 175.63.73.250
AccountingIP2: <0.0.0.0>: 175.63.73.251
DHCPIP: <0.0.0.0>: 136.123.56.57
SNMPIP: <0.0.0.0>: 136.123.56.59

server show

This command shows the IP addresses for the default server, RADIUS services, and the DHCP server.

server show
Usage Guidelines

Use the server show command to show the IP addresses for the default server, RADIUS services, and the DHCP server.

Example
SSG > server show
DefaultServerIP: <192.168.100.24> (Interface: Network)
AAIP1: <192.168.100.22>
AAIP2: <0.0.0.0>
AccountingIP1: <192.168.100.22>
AccountingIP2: <0.0.0.0>
DHCPIP: <192.168.100.11>
SNMPIP: <136.123.56.59>

telnet disconnect

This command terminates the Telnet session to the Cisco 6510.

telnet disconnect
Usage Guidelines

To determine whether there is an active Telnet session to the Cisco 6510, use the telnet show command. To terminate the session, use the telnet disconnect command.

This command can only be entered from the Cisco 6510 terminal interface.

Example
SSG > telnet disconnect

telnet show

This command shows whether there is an active Telnet session to the Cisco 6510.

telnet show
Usage Guidelines

Use the telnet show command to show whether there is an active Telnet session to the Cisco 6510. If there is, you can terminate the session by using the telnet disconnect command.

This command can only be entered from the Cisco 6510 terminal interface.

Example
SSG > telnet show

tptfilter clear

This command clears the transparent passthrough filter settings.

tptfilter clear
Usage Guidelines

Use the tptfilter clear command to clear the transparent passthrough filter settings.

Example
SSG > tptfilter clear
Transparent Passthrough service filter is cleared

tptfilter download

This command downloads transparent passthrough filter settings from the AAA server.

tptfilter download profilename
Syntax Description

profilename

Name of the Internet filter.

Usage Guidelines

Transparent passthrough is designed to allow unauthenticated traffic (users or network devices that have not logged in to the Cisco 6510 through the Cisco SSD) to pass through the SSG (usually to the Internet).

Use the tptfilter download command to download transparent passthrough filter settings. This filter is downloaded from the AAA server and contains filter statements that describe which IP address ranges are permitted and denied.

The filter list is processed from beginning to end until an explicit match is found or until the end of the list is reached. Because there is an implicit deny for the list, the packet will be denied if no IP match is found.

Note      The presence of a filter within a profile implies that all IP/mask combinations that do not appear in the filter list are denied. To permit access to all IP/mask combinations that do not appear in the filter list, add an "explicit permit" to the last line of the filter list.

Example
SSG > tptfilter download PF1
Downloading TPTFilter from Profile (PF1)...
TPTFilter: Profile PF1 is downloaded!

Note      For information on configuring filters, see the "Filter" section.

tptfilter show

This command displays the transparent passthrough filter settings.

tptfilter show
Usage Guidelines

Use the tptfilter show command to display the transparent passthrough filter settings.

Example
SSG > tptfilter show
*** Transparent Passthrough Filter Information ***
Filter info downloaded from Service PF1
5 Filter(s) in the current profile
Filter flag is Src_Dst Permit, Filter_ID is 1
1.1.1.1/255.255.255.0:20,21
2.2.101.2/255.255.255.0;0-9999
Filter flag is Src_Dst Permit, Filter_ID is 2
1.1.2.1/255.255.255.0:20,21
2.2.102.2/255.255.255.0:0-9999
Filter flag is Src_Dst Permit, Filter_ID is 3
1.1.3.1/255.255.255.0:20,21
2.2.103.2/255.255.255.0:0-9999
Filter flag is Src_Dst Deny, Filter_ID is 4
1.1.4.1/255.255.255.0:20,21
2.2.104.2/255.255.255.0:0-9999
Filter flag is Src_Dst Deny, Filter_ID is 5
1.1.5.1/255.255.255.0:20,21
2.2.105.2/255.255.255.0:0-9999

version

This command displays the version of the software installed in the Cisco 6510.

version
Usage Guidelines

Use the version command to display the version of the currently installed firmware.

Example
SSG > version
Service Selection Gateway Version 1.1(0) Build 75, Aug 18 1998, 17:58:57
Copyright (c) 1998 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is subject to
restrictions as set forth in subparagraph (c) of the Commercial
Computer Software - Restricted Rights clause as FAR sec. 32.227-19
and subparagraph (c) (i) (ii) of the Rights in Technical Data and
Computer Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

hometocprevnextglossaryfeedbacksearchhelp
Posted: Sat Jan 18 23:59:19 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.