|
|
To enable AAA accounting of requested services for billing or security purposes when using TACACS+, use the aaa accounting global configuration command. Use the no form of this command to disable accounting.
AAA accounting is not enabled.
The aaa accounting command allows you to set start-stop accounting for any or all of the functions listed in "Syntax Description." For minimal accounting control, issue the stop-only keyword, which sends a stop record accounting notice at the end of the requested user process. For additional accounting control, you can issue the start-stop command, where TACACS+ sends a start accounting notice at the beginning of the requested process and a stop accounting notice at the end of the process. You can further control access and accounting by issuing the wait-start command, which ensures that the start notice is received by the TACACS+ server before granting the user's process request. Accounting is done only to the TACACS+ server.
Note This command, along with aaa authorization, replaces the tacacs-server authenticate command in previous versions of TACACS. This command can be used only with AAA TACACS+.
In the following example, accounting is set for outbound Telnet and rlogin, and both a start and stop accounting notice is sent to the TACACS+ server.
In the following example, accounting is set for privilege level 15 commands, with a wait-start restriction.
aaa authorization
aaa new-model
Note This command or some of its parameters might not function as expected in the LightStream 1010 ATM switch environment.
To enable an AAA authentication method for AppleTalk Remote Access (ARA) users using TACACS+, use the aaa authentication arap global configuration command. Use the no form of this command to disable this authentication.
Uses the listed methods that follow this argument as the default list of methods when a user logs in. |
|
Character string used to name the following list of authentication methods tried when a user logs in. |
|
One of the keywords described in Table 1-1. |
If the default list is not set, only the local user database is checked. This version has the same effect as the following command.
The list names and default that you set with the aaa authentication arap command are used with the arap authentication command. These lists can contain up to four authentication methods that are used when a user tries to log in with ARA.
Create a list by entering the aaa authentication arap list-name method command, where list-name is any character string used to name this list (such as MIS-access). The method argument identifies the list of methods the authentication algorithm tries in the given sequence. You can enter up to four methods, which are described in Table 1-1.
To create a default list that is used if no list is specified in the arap authentication command, use the default keyword followed by the methods to be used in default situations.
The additional methods of authentication are used only if the previous method returns an error but not if it fails.
Use the show running-config command to view lists of authentication methods.
Table 1-1 AAA Authentication ARAP Method Descriptions
Does not authenticate if the user has already been authenticated on a TTY line.
The following example creates a list called MIS-access, which first tries TACACS+ authentication and no others.
The following example creates the same list but sets it as the default list that is used for all ARA protocol authentications if no other list is specified.
aaa authentication local-override
To enable AAA authentication to determine if a user can access the privileged command level with TACACS+, use the aaa authentication enable default global configuration command. Use the no form of this command to disable this authorization method.
At least one and up to four of the keywords described in Table 1-2.
If the default list is not set, only the enable password is checked. This version has the same effect as the following command.
On the console, the enable password is used if it exists. If no password is set, the process succeeds anyway.
Use the aaa authentication enable default command to create a series of authentication methods that are used to determine if a user can access the privileged command level. You can specify up to four authentication methods. Method keywords are described in Table 1-2. The additional methods of authentication are used only if the previous method returns an error but not if it fails. To specify that the authentication should succeed even if all methods return an error, specify none as the final method in the command line.
If a default authentication routine is not set for a function, the default is none and no authentication is performed. Use the show running-config command to view currently configured lists of authentication methods.
Table 1-2 AAA Authentication Enable Default Method Descriptions
The following example creates an authentication list that first tries to contact a TACACS+ server. If no server can be found, AAA tries to use the enable password. If this attempt also returns an error (because no enable password is configured on the server), the user is allowed access with no authentication.
aaa authentication local-override
To have the LightStream 1010 ATM switch check the local user database for authentication before attempting another form of authentication, use the aaa authentication local-override global configuration command. Use the no form of this command to disable the override.
This command has no arguments or keywords.
This command is useful when you want to configure an override to the normal authentication process for certain personnel, such as system administrators.
When this override is set, the user is always prompted for the username. The system then checks to see if the entered username corresponds to a local account. If the username does not correspond to one in the local database, login proceeds with the methods configured with other aaa commands (such as aaa authentication login). When using this command that Username: is fixed as the first prompt.
The following example enables AAA authentication override.
aaa authentication arap
To set AAA authentication at login when using TACACS+, use the aaa authentication login global configuration command. Use the no form of this command to disable AAA authentication.
Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.
Character string used to name the following list of authentication methods tried when a user logs in.
At least one and up to four of the keywords described in Table 1-3.
If the default list is not set, only the local user database is checked. This version has the same effect as the following command.
The default and optional list names that you create with the aaa authentication login command are used with the login authentication command.
Create a list by entering the aaa authentication list-name method command, where list-name is any character string used to name this list (such as MIS-access). The method argument identifies the list of methods the authentication algorithm tries, in the given sequence. Method keywords are described in Table 1-3.
To create a default list that is used if no list is assigned to a line with the login authentication command, use the default argument followed by the methods you want in default situations.
The additional methods of authentication are used only if the previous method returns an error but not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
If authentication is not specifically set for a line, the default is to deny access—no authentication is performed. Use the show running-config command to view currently configured lists of authentication methods.
The following example creates an AAA authentication list called MIS-access. This authentication first tries to contact a TACACS+ server. If no server is found, TACACS+ returns an error, and AAA tries to use the enable password. If this attempt also returns an error (because no enable password is configured on the server), the user is allowed access with no authentication.
The following example creates the same list but sets it as the default list that is used for all login authentications if no other list is specified.
aaa authentication local-override
To specify one or more AAA authentication methods for use on serial interfaces running Point-to-Point Protocol (PPP) when using TACACS+, use the aaa authentication ppp global configuration command. Use the no form of this command to disable authentication.
Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.
Character string used to name the following list of authentication methods tried when a user logs in.
At least one and up to four of the keywords described in Table 1-4.
If the default list is not set, only the local user database is checked. This version has the same effect as the following command.
The lists that you create with the aaa authentication ppp command are used with the ppp authentication command. These lists contain up to four authentication methods that are used when a user tries to log in to the serial interface.
Create a list by entering the aaa authentication ppp list-name method command, where list-name is any character string used to name this list, such as MIS-access. The method argument identifies the list of methods the authentication algorithm tries in the given sequence. You can enter up to four methods. Method keywords are described in Table 1-4.
The additional methods of authentication are only used if the previous method returns an error but not if it fails. Specify none as the final method in the command line to have authentication succeed even if all methods return an error.
If authentication is not specifically set for a function, the default is none and no authentication is performed. Use the show running-config command to view lists of authentication methods.
Does not authenticate if user has already been authenticated on a TTY line.
Uses Kerberos 5 for authentication. (Can only be used for PAP authentication.)
The following example creates an AAA authentication list called MIS-access for serial lines that use PPP. This authentication first tries to contact a TACACS+ server. If this action returns an error, the user is allowed access with no authentication.
aaa authentication local-override Note This command, or some of its parameters, might not function as expected in the
LightStream 1010 ATM switch environment. Only IP protocols are currently supported.
To set parameters that restrict a user's network access based on TACACS+ authorization, use the aaa authorization global configuration command. To disable authorization for a function, use the no form of this command.
Performs authorization for all network-related service requests, including SLIP, PPP, PPP NCPs, and ARA protocol.
Runs authorization to determine if the user is allowed to run an EXEC shell. This keyword might return user profile information such as autocommand information.
Runs authorization for all commands at the specified privilege level.
Specific command level that should be authorized. Valid entries are 0 through 15.
Table 1-5 lists the methods keywords.
Authorization is disabled for all actions (equivalent to the keyword none).
Currently, only the IP protocols are supported. Use the aaa authorization command to create a list of one and up to four authorization methods that can be used when a user accesses the specified function.
Note This command, along with aaa accounting, replaces the tacacs-server suite of commands in
previous versions of TACACS.
The additional methods of authorization are only used if the previous method returns an error but not if it fails. Specify none as the final method in the command line to have authorization succeed even if all methods return an error.
Table 1-5 AAA Authorization Method Descriptions
Allows the user to access the requested function if the user is authenticated.
If authorization is not specifically set for a function, the default is none and no authorization is performed.
The authorization command causes a request packet containing a series of attribute value pairs to be sent to the TACACS daemon as part of the authorization process. The daemon can perform the following:
Table 1-6 describes attribute value pairs associated with the aaa authorization command. Registered users can find more information about TACACS+ and attribute pairs on Cisco Connection Online.
Table 1-6 Attribute Value Pairs for Authorization
The following example specifies that TACACS+-style of authorization is used for all network-related requests. If this authorization method returns an error (if the TACACS+ server cannot be contacted), no authorization is performed and the request is successful.
The following example specifies that TACACS+-style of authorization is run for level 15 commands. If this authorization method returns an error (if the TACACS+ server cannot be contacted), no authorization is performed and the request succeeds.
To enable the AAA access control model that includes TACACS+, issue the aaa new-model global configuration command. Use the no form of this command to disable this functionality.
This command has no arguments or keywords.
This command enables the AAA access control system and TACACS+. If you initialize this functionality and later decide to use TACACS or extended TACACS, issue the no form of this command and then enable the version of TACACS you want to use.
The following example initializes AAA and TACACS+.
aaa accounting
To restrict incoming and outgoing connections between a particular virtual terminal line (into a Cisco device) and the addresses in an access list, use the access-class line configuration command. To remove access restrictions, use the no form of this command.
Remember to set identical restrictions on all the virtual terminal lines because a user can connect to any of them.
To display the access lists for a particular terminal line, use the show line EXEC command and specify the line number.
The following example defines an access list that permits only hosts on network 192.89.55.0 to connect to the virtual terminal ports on the switch.
The following example defines an access list that denies connections to networks other than network 36.0.0.0 on terminal lines 1 through 5.
To enable the switch to create a temporary access list entry in a dynamic access list, use the access-enable EXEC command.
This command enables the lock-and-key access feature.
You should always define either an idle timeout (with the timeout keyword in this command) or an absolute timeout (with the timeout keyword in the access-list command). Otherwise, the temporary access list entry remains, even after the user has terminated the session.
The following example causes the software to create a temporary access list entry and tells the software to enable access only for the host from which the Telnet session originated. If the access list entry is not accessed within 2 minutes, it is deleted.
Switch# autocommand access-enable host timeout 2
access-list (extended)
Currently, this command only supports the IP host. To define an extended IP access list, use the extended version of the access-list global configuration command. To remove the access lists, use the no form of this command.
For ICMP, you can also use the following syntax:
For TCP, you can also use the following syntax:
For UDP, you can also use the following syntax:
An extended access list defaults to a list that denies everything. An extended access list is terminated by an implicit deny statement.
You can use access lists to control the transmission of packets on an interface, control virtual terminal line access, and restrict contents of routing updates. The switch stops checking the extended access list after a match occurs.
Fragmented IP packets, other than the initial fragment, are immediately accepted by any extended IP access list. Extended access lists used to control virtual terminal line access or restrict contents of routing updates must not match against the TCP source port, the type of service value, or the packet's precedence.
Note After an access list is created initially, any subsequent additions (possibly entered from the
terminal) are placed at the end of the list. In other words, you cannot selectively add or remove access
list command lines from a specific access list.
The following is a list of precedence names:
The following is a list of type of service (TOS) names:
The following is a list of ICMP message-type names and ICMP message-type and code names:
The following is a list of TCP port names that can be used instead of port numbers. Refer to the current Assigned Numbers RFC to find a reference to these protocols. Port numbers corresponding to these protocols can also be found by entering a ? in the place of a port number.
The following is a list of UDP port names that can be used instead of port numbers. Refer to the current Assigned Numbers RFC to find a reference to these protocols. Port numbers corresponding to these protocols can also be found by entering a ? in the place of a port number.
In the following example, serial interface 0 is part of a Class B network with the address 128.88.0.0, and the mail host's address is 128.88.1.2. The keyword established is used only for the TCP protocol to indicate an established connection. A match occurs if the TCP datagram has the ACK or RST bits set, which indicate that the packet belongs to an existing connection.
The following example also permit DNS packets and ICMP echo and echo reply packets.
access-class
To define a standard IP access list, use the standard version of the access-list global configuration command. To remove a standard access list, use the no form of this command.
The access list defaults to an implicit deny statement for everything. The access list is always terminated by an implicit deny statement for everything.
Plan your access conditions carefully, and be aware of the implicit deny statement at the end of the access list.
You can use access lists to control the transmission of packets on an interface, control virtual terminal line access, and restrict the contents of routing updates.
Use the show access-lists EXEC command to display the contents of all access lists.
Use the show ip access-list EXEC command to display the contents of one access list.
The following example of a standard access list allows access for only those hosts on the three specified networks. The wildcard bits apply to the host portions of the network addresses. Any host with a source address that does not match the access list statements is rejected.
To specify a large number of individual addresses more easily, you can omit the wildcard if it is all zeros. This means the following two configuration commands have the same effect.
access-class
To create a temporary access list entry, use the access-template privileged EXEC command.
To configure the mode of default administrative weight assignment for PNNI interfaces, use the administrative-weight ATM router PNNI configuration command. To return to the default value, use the no form of this command.
ATM router PNNI configuration.
Administrative weight is used as the primary routing metric to minimize use of network resources. In the absence of other constraints, this causes PNNI routing to minimize the number of hops. Basing administrative weight on linespeed allows path selection to prefer paths along higher bandwidth interfaces. Higher speed links have lower administrative weights and are preferred during routing. The value set in this command becomes the default for the atm pnni admin-weight command.
For more information, refer to the LightStream 1010 ATM Switch Software Configuration Guide.
The following script shows how to access the administrative-weight ATM router PNNI configuration command.
atm pnni admin-weight Note This command or some of its parameters might not function as expected in the
LightStream 1010 ATM switch environment.
To create a command alias, use the alias global configuration command. Use the no alias command to delete all aliases in a command mode or to delete a specific alias, and to revert to the original command syntax.
Command mode of the original and alias commands. See Table 1-7 for a list of options for this argument.
Default aliases are in EXEC mode, as follows:
You can use simple words or abbreviations as aliases. The aliases in the Default section are predefined. They can be turned off using the no alias command.
Table 1-7 shows the acceptable options for the mode argument in the alias global configuration command.
Mode Argument Options
See the summary of command modes in the user interface chapter in the Router Products Configuration Guide for more information about command modes.
When you use online help, command aliases are indicated by an asterisk (*). In the following example, the first entry (logout) represents the current alias, and the other aliases are listed to show the options available.
When you use online help, aliases that contain spaces (for example, Telnet device.cisco.com 25) are displayed as follows.
When you use online help, the alias is expanded and replaced with the original command, as shown in the following example with the td alias.
To list only commands and omit aliases, begin your input line with a space. In the following example, the alias td is not shown because there is a space before the t? command line.
As with commands, you can use online help to display the arguments and keywords that can follow a command alias. In the following example, the alias td is created to represent the command telnet device. The /debug and /line switches can be added to telnet device to modify the command.
You must enter the complete syntax for the alias command. Partial syntax for aliases are not accepted. In the following example, the parser does not recognize the command t as indicating the alias td.
In the following example, the alias fixmyrt is created for the EXEC-mode command clear ip route 198.92.116.16.
To add a permanent entry in the ARP cache, use the arp global configuration command. To remove an entry from the ARP cache, use the no form of this command.
No entries are permanently installed in the ARP cache.
The switch uses ARP cache entries to translate 32-bit IP addresses into 48-bit hardware addresses.
Because most hosts support dynamic resolution, you generally do not need to specify static ARP cache entries.
The following is an example of a static ARP entry for a typical Ethernet host.
To control the interface-specific handling of IP address resolution into 48-bit Ethernet, use the arp interface configuration command. To disable an encapsulation type, use the no form of this command.
Arguments to the arp command are not mutually exclusive. Each command enables or disables a specific type of ARP. For example, if you enter the arp arpa command followed by the arp probe command, the switch sends three packets (two for probe and one for arpa) each time it needs to discover a MAC address.
The arp probe command allows the switch to use the Probe protocol (in addition to ARP) whenever attempting to resolve an IEEE-802.3 or Ethernet local data interface address. The subset of Probe that performs address resolution is called Virtual Address Request and Reply. Using Probe, the switch communicates transparently with Hewlett-Packard IEEE-802.3 hosts using this type of data encapsulation.
The show interface EXEC command displays the type of ARP being used on a particular interface. To remove all nonstatic entries from the ARP cache, use the clear arp-cache privileged EXEC command.
The following example enables probe services.
To configure how long an entry remains in the ARP cache, use the arp timeout interface configuration command. To restore the default value, use the no form of this command.
Interface configuration that is not valid for ATM interfaces. Only applies to interfaces in the ASP.
This command is ignored when issued on interfaces that do not use ARP. The show interface EXEC command displays the ARP timeout value. The value follows the "Entry Timeout:" heading, as shown in the following show interface display.
The following example sets the ARP timeout to 12,000 seconds to allow entries to timeout more quickly than the default.
To configure extended BOOTP requests for asynchronous interfaces as defined in RFC 1084, use the async-bootp global configuration command. Use the no form of this command to restore the default.
Item being requested; expressed as filename, integer, or IP dotted-decimal address. See Table 1-8 for possible values.
(Optional) This entry applies only to the host specified. The argument :hostname accepts both an IP address and a logical host name.
List of IP addresses entered in dotted-decimal notation or as logical host names, as a number, or as a quoted string.
Table 1-8 Async-BOOTP Tag Keywords
If not extended, BOOTP commands are entered and the switch software generates a gateway and subnet mask appropriate for the local network.
Use the EXEC command show async bootp to list the configured parameters. Use the no async-bootp command to clear the list.
The following example illustrates how to specify different boot files—one for a PC and one for a Macintosh. With this configuration, a BOOTP request from the host on 128.128.1.1 results in a reply listing the boot filename as pcboot. A BOOTP request from the host named mac results in a reply listing the boot filename as macboot.
The following example specifies a subnet mask of 255.255.0.0.
The following example specifies a negative time offset of the local subnetwork of -3600 seconds.
The following example specifies the IP address of a time server.
Use the atm abr-mode global configuration command on ABR connections to select efci marking, relative-rate marking, or both. To assign the default value to ABR mode, use the no form of this command.
This global configuration command changes the global type of notification used on ABR connections to send a congestion alert to the end stations. This change can be made if the switch connects to a network or end station that uses the new technique. The use of all causes both efci and relative-rate marking to be used.
If the ABR/UBR output queue of the forward-direction interface of the connection is congested, using the relative-rate argument marks a backward RM cell on an ABR connection when it is queued to the ABR/UBR output queue of the backward-direction interface.
In the following example, the abr mode of the switch is set to efci.
To subscribe an interface or subinterface to an existing ATM address pattern-matching filter expression, use the atm access-group interface configuration command. To delete an address access filter subscription on a specified interface of subinterface, use the no form of this command.
This command affects ATM signaling SETUP requests received or transmitted by the switch on an interface.
You should use the atm filter-set command prior to using this command. Filter sets and expressions are described in this manual in the descriptions for the atm filter-expr, atm filter-set, and atm template-alias global configuration commands.
Each interface has only one access group. If you create a new access group, it overrides any existing group.
The following is sample output from the atm access-group command.
atm filter-expr
To assign a 20-byte ATM address to the switch, use the atm address global configuration command. To delete a specific ATM address, use the no form of this command.
When no atm address has been configured, an autoconfigured ATM address is assigned. Refer to the LightStream 1010 ATM Switch User Guide for more information.
You can have multiple ATM addresses. When you delete the most current address, the next address becomes available.
In autoconfiguration mode, the switch establishes an address according to the format specified in the software configuration guide.
The first 13-byte prefix of this address is used by ILMI to assign addresses to end stations connected to the UNI ports (unless there is a prefix assigned per port). PNNI also summarizes this prefix automatically in reachable address advertisements. Refer to the auto-summary command for more information.
For two switches to belong to the same PNNI peer group, they need to have the same peer group identifier. Peer group identifiers must be prefixes of private ATM addresses, which means the organization that administers the peer group has assignment authority over that prefix (refer to the LightStream 1010 ATM Switch Software Configuration Guide for more information).
In autoconfiguration mode, all switches have the same peer group identifier based on the first 7 bytes of the autoconfigured ATM address.
The first 13-byte prefix is also used to automatically generate ATM addresses for each ATM interface that can be used for soft PVCs and PVPs to identify the destination ATM interface.
atm prefix
To enable the switch to engage in address registration with the Interim Local Management Interface (ILMI), use the atm address-registration interface configuration command. To disable ILMI address registration functions, use the no form of this command.
This command has no keywords or arguments.
This command does not apply to the CPU interface.
This command enables a switch to register its address with the ILMI when specific events occur, such as incoming SNMP traps or incoming new network prefixes.
The following example disables an ATM address-registration on ATM interface 1/0/0.
To identify an ATM Address Resolution Protocol (ARP) server for the IP network or set time-to-live (TTL) values for entries in the ATM ARP table, use the atm arp-server interface configuration command.
The ARP server process is disabled. The default timeout value is 20 minutes.
If an NSAP address is specified, the ARP client on this interface uses the specified host as an ARP server.
Multiple ATM ARP servers can be specified by repeating the command. The no option is used to remove the definition of an ATM ARP server. If self is specified, this interface acts as the ARP server for the logical IP network.
The ATM ARP server takes one of the following actions if a destination listed in the server's ARP table expires:
This implementation follows RFC 1577, "Classical IP over ATM."
To enable or disable the autolink, use the atm auto-configuration interface configuration command. To disable this feature, use the no form of this command.
This command has no arguments or keywords.
This feature determines the role the local interface has (such as user/network) on the UNI. This feature is activated automatically when an interface comes up with or without a reset.
Use the shutdown command before using this command to shut down the interface.
To change the maximum number of high-priority cells coming from the destination to the source at the burst level on the switched virtual circuit (SVC), use the atm backward-max-burst-size-clp0 map-class configuration command. The no form of this command restores the default.
-1. The switch does not request this QOS parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp0 indicates this command affects only cells with a cell loss priority (CLP) of 0 (high-priority cells).
The following example sets the maximum number of high-priority cells coming from the destination switch at the burst level to 800 cells.
To change the maximum number of low-priority cells coming from the destination to the source at the burst level on the SVC, use the atm backward-max-burst-size-clp1 map-class configuration command. The no form of this command restores the default value.
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp1 indicates that this command affects only cells with a cell loss priority (CLP) of 1 (low-priority cells).
The following example sets the maximum number of low-priority cells coming from the destination switch at the burst level to 100,000.
To change the peak rate of high-priority cells coming from the destination to the source on the SVC, use the atm backward-peak-cell-rate-clp0 map-class configuration command. The no form of this command restores the default.
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp0 indicates that this command affects only cells with a cell loss priority (CLP) of 0 (high-priority cells).
The following example sets the peak rate for high-priority cells from the destination switch to 8,000 kbps.
To change the peak rate of low-priority cells coming from the destination to the source on the SVC, use the atm backward-peak-cell-rate-clp1 map-class configuration command. The no form of this command restores the default.
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
This command defines a QOS parameter for the SVC connection.
The keyword clp1 indicates this command affects only cells with a cell loss priority (CLP) of 1 (low-priority cells).
The following example sets the peak rate for low-priority cells from the destination switch to 7,000 kbps.
To change the sustainable rate of high-priority cells coming from the destination to the source on the SVC, use the atm backward-sustainable-cell-rate-clp0 map-class configuration command. The no form of this command restores the default.
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
This command defines a QOS parameter for the SVC connection.
The keyword clp0 indicates this command affects only cells with a cell loss priority (CLP) of 0 (high-priority cells).
The following example sets the sustainable rate for high-priority cells from the destination switch to 800 kbps.
To change the sustainable rate of low-priority cells coming from the destination to the source on the SVC, use the atm backward-sustainable-cell-rate-clp1 map-class configuration command. The no form of this command restores the default value.
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
This command defines a QOS parameter for the SVC connection.
The keyword clp1 indicates this command affects only cells with a cell loss priority (CLP) of 1 (low-priority cells).
The following example sets the sustainable rate for low-priority cells from the destination switch to 700 kbps.
To change the resource management interface controlled link sharing parameters, use the atm cac link interface configuration command. To reset the parameter values to the default, use the no form of this command.
To change the best-effort interface connection limit, use the atm cac best-effort-limit command. To disable the best-effort limit, use the no form of this command.
To change the interface maximum for individual traffic parameters allowed on connection setup, use the following command. To reset the maximum value to the default value, use the no form of this command.
No link-sharing, best-effort limits, or parameter limits.
The atm cac commands provide the ability to tune parameters used in the Connection Admission Control functions performed by Resource Management. The three types of parameters, which are configured per interface, are described in Table 1-9. Any changes made to these parameters only affect subsequent connection setups.
Connection Admission Control Interface Parameters
For UBR connections, cell rate is not checked in CAC. By specifying a peak-cell-rate limit, CAC rejects connections that exceed the limit.
The following commands are a subset of the interface configuration and are supported for the subinterface configuration.
The following command is not supported for the subinterface configuration.
In the following example, a peak-cell-rate traffic parameter limit of 3,001 kbps is defined for ABR connections in the receive direction on the interface.
In the following example, the maximum bandwidth that can be allocated to VBR connections in the transmit direction on the interface is limited to 61 percent of the total bandwidth.
In the following example, the number of best-effort connections allowed on the interface is limited to 200.
To create a table entry, use the atm connection-traffic-table-row global configuration command. To delete an entry, use the no form of this command.
Rows 1 through 6 in the table are predefined.
This command sets up the traffic characteristics used in PVC definition. The characteristics are stored as rows of a table. The row index is referenced when a PVC is created using the atm pvc interface command.
When the atm connection-traffic-table-row command is issued, without the index clause, software uses a free row-index, which is displayed to the user if the command is successful.
When the tolerance parameter is not specified in the creation of a row, a default value is chosen by software to use if UPC is enabled.
For ubr only, specifying peak-cell-rate is optional.
Six connection traffic table rows are defined by default and are numbered 1 through 6. Row 1 is the default row used by the atm pvc command if no rows are explicitly specified. Rows 2 through 6 are used for well-known vcs on a vp tunnel subinterface, depending on the service category of the underlying vp. Default rows cannot be deleted.
In the following example, a cbr Connection Traffic Table row is defined with index 200 and a peak-cell-rate of 7,743 kbps.
atm pvc
To configure an ATM address filter that matches patterns, use the atm filter-expr global configuration command. To delete the specified filter, use the no form of this command.
The first form listed defines a simple filter expression that is pattern-matched only if the pattern given by term is matched.
The second form defines a filter expression that is pattern-matched only if the pattern given by term is not matched.
The third form defines a filter expression that is pattern-matched if either of the patterns given by the two terms are matched.
The fourth form defines a filter expression that is pattern-matched only if both of the patterns given by the two terms are matched.
The fifth form defines a filter expression that is pattern-matched only if one of the patterns, but not both, given by the two terms is matched.
For commands with two terms, that is, commands using logical operators or, and, and xor, the evaluation sequence is from left to right of the expression. Further, for commands using logical operators or and and, the evaluation for the second term is conducted only when necessary, that is, the evaluation for the second term is omitted if the truth or falsehood can already be concluded from the evaluation for the first term.
The following is sample output from the atm filter-expr command.
To configure an ATM address filter set, use the atm filter-set global configuration command. To delete the specified filter set, use the no form of this command.
If neither permit nor deny is specified, permit is assumed. If an address does not match any of the filter set entries, an implicit "deny" is returned as the permit/deny action of the filter set.
The following is an example of the atm filter-set command.
To change the maximum number of high-priority cells going from the source to the destination at the burst level on the SVC, use the atm forward-max-burst-size-clp0 map-class configuration command. The no form of this command restores the default value.
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
This command defines a QOS parameter for the SVC connection.
The keyword clp0 indicates this command affects only cells with a cell loss priority (CLP) of 0 (high-priority cells).
The following example sets the maximum number of high-priority cells going from the source switch at the burst level to 100,000.
To change the maximum number of low-priority cells going from the source to the destination at the burst level on the SVC, use the atm forward-max-burst-size-clp1 map-class configuration command. The no form of this command restores the default value.
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
This command defines a QOS parameter for the SVC connection.
The keyword clp1 indicates this command affects only cells with a cell loss priority (CLP) of 1 (low-priority cells).
The following example sets the maximum number of low-priority cells going from the source switch at the burst level to 100,000.
To change the peak rate of high-priority cells going from the source to the destination on the SVC, use the atm forward-peak-cell-rate-clp0 map-class configuration command. The no form of this command restores the default value.
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
This command defines a QOS parameter for the SVC connection.
The keyword clp0 indicates this command affects only cells with a cell loss priority (CLP) of 0 (high-priority cells).
The following example sets the peak high-priority cell rate from the source switch to 1000 Kbps.
To change the peak rate of low-priority cells coming from the source to the destination on the SVC, use the atm forward-peak-cell-rate-clp1 map-class configuration command. The no form of this command restores the default value.
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
This command defines a QOS parameter for the SVC connection.
The keyword clp1 indicates this command affects only cells with a cell loss priority (CLP) of 1 (low-priority cells).
The following example sets the peak low-priority cell rate from the source switch to 100,000 kbps.
To change the sustainable rate of high-priority cells coming from the source to the destination on the SVC, use the atm forward-sustainable-cell-rate-clp0 map-class configuration command. The no form of this command restores the default value.
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
This command defines a QOS parameter for the SVC connection.
The keyword clp0 indicates this command affects only cells with a cell loss priority (CLP) of 0 (high-priority cells).
The following example sets the sustainable rate for high-priority cells from the source switch to 100,000 kbps.
To change the sustainable rate of low-priority cells coming from the source to the destination on the SVC, use the atm forward-sustainable-cell-rate-clp1 map-class configuration command. The no form of this command restores the default value.
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp1 indicates that this command affects only cells with a cell loss priority (CLP) of 1 (low-priority cells).
The following example sets the sustainable rate for low-priority cells from the source switch to 100,000 kbps.
To change the idle timer for SVCs on an interface that will cause the SVCs to disconnect when inactive for a specified interval, use the atm idle-timeout interface configuration command. To return to the default setting, use the no form of this command.
Interface configuration. This command applies only to the CPU interface (ATM 2/0/0).
To disable idle timeouts entirely, set the value of seconds to zero.
To configure ATM IISP (Interim Interswitch Signaling Protocol) on the specified physical or logical (VP tunnel) port, use the atm iisp interface configuration command.
Refer to the LightStream 1010 ATM Switch Software Configuration Guide for more information about this command.
Before using this command, the interface must be administratively shut down and autoconfiguration mode has to be disabled.
Configure an IISP interface (user-side, version 3.0 or 3.1) with 12 maximum vci-bits, on card 3, subcard 1, and port 2.
Configure IISP (network-side) on logical interface and use the defaults for this command.
atm connection-traffic-table-row
To enable the ILMI on a port, use the atm ilmi-enable interface configuration command. To disable the ILMI, use the no form of this command.
This command has no arguments or keywords.
This command does not apply to the CPU interface.
The ILMI is enabled by default; however, if the peer does not support ILMI, you should turn off the ILMI using this command. When you use the no form of this command, the switch is disabled only after restart.
To change the number of seconds an ILMI keepalive polls the UME, use the atm ilmi-keepalive interface configuration command. To disable ILMI keepalive, use the no form of this command.
This command does not apply to the CPU interface.
When the ILMI is enabled, the ILMI keepalives are sent if the interface is a UNI or PNNI interface.
The following example enables ILMI keepalive for the ATM interface 1/0/0.
atm address-registration
To configure the LECS address advertised by the switch to the end system, use the atm lecs-address interface configuration command.
If the LECS address is not configured on an interface, the LECS address that was configured using the atm-lecs-address-default global configuration command is used by default.
The LECS address is provided by the switch to directly connected LANE clients over the ILMI. LECS addresses can be configured on both interface and global levels. The globally configured address is sent to a port only if there is no LECS address configured on that port. The sequence number provides the position of this address in the ordered LECS address table.
atm lecs-address-default
To configure the LECS address advertised by the switch to the end system, use the atm lecs-address-default global configuration command.
The LECS address is provided by the switch to directly connected LANE Clients over the ILMI. LECS addresses can be configured on both interface and global levels. The globally configured address is sent to a port only if there is no LECS address configured on that port. The sequence number provides the position of this address in the ordered LECS address table.
atm lecs-address
To alter the propagation delay component of the cell-transfer delay offered by an interface, use the atm link-distance command. To reset the propagation delay to the default value, use the no form of this command.
The cell-transfer delay is used for the resource connection admission control of a CBR or VBR-RT connection.
This resource management command is supported for interface and subinterface configurations and when interface metrics are provided to PNNI routing.
To configure the maximum number of ATM virtual channels (VC) supported on the ATM interface, use the atm maxvc-number interface configuration command. To restore the default value, use the no form of this command.
Before using this command, the interface must be administratively shut down.
The following example sets the maximum number of ATM virtual channels supported on interface ATM 0/0/0 to 8000.
atm maxvci-bits
To configure the maximum number of active bits of virtual channel identifier (VCI) supported on an ATM interface, use the atm maxvci-bits interface configuration command. To restore the default value, use the no form of this command.
Before using this command, the interface must be administratively shut down and autoconfiguration mode has to be disabled.
The following example sets the maximum number of active VCI bits to 10 for interface ATM 0/0/0.
atm connection-traffic-table-row
To configure the maximum number of ATM virtual paths (VP) supported on an ATM interface, use the atm maxvp-number interface configuration command. To restore the default value, use the no form of this command.
Before using this command, the interface must be administratively shut down.
The following example sets the maximum number of ATM virtual paths supported on interface ATM 0/0/1 to 128.
atm maxvpi-bits
To configure the maximum number of active bits of virtual path identifier (VPI) supported on an ATM interface, use the atm maxvpi-bits interface configuration command. To restore the default value, use the no form of this command.
Before using this command, the interface must be administratively shut down and autoconfiguration mode has to be disabled.
The following example sets the maximum number of active VPI bits to 6 for interface ATM 0/0/0.
atm connection-traffic-table-row
To enable point-to-multipoint signaling to the ATM switch, use the atm multipoint-signaling interface configuration command. To disable point-to-multipoint signaling to the ATM switch, use the no form of this command.
This command has no keywords and arguments.
This command only applies to the CPU and IP interface. If multipoint signaling is enabled, the switch uses existing static map entries that have the broadcast keyword set to establish multipoint calls. One call is established for each logical subnet of each protocol.
All destinations are added to the call. One multicast packet is sent to the ATM switch for each multipoint call. The ATM switch replicates the packet to all destinations.
To configure an ATM Network Network Interface (NNI) on the specified physical or logical (VP tunnel) port, use the atm nni interface configuration command.
This command has no keywords or arguments.
Before using this command, the interface must be administratively shut down and autoconfiguration mode has to be disabled.
Configure an ATM NNI on logical port card 4, subcard 1, and port 3 and the VPI is 99.
atm connection-traffic-table-row
To define an ATM map statement for an SVC, use the atm-nsap map-list configuration subcommand in conjunction with the map-list global configuration subcommand. The no form of this command removes the address.
No map statements are defined.
This command is required with the map-list command when you are configuring an SVC.
In the following example, a map list named atmsvc includes one map statement for a destination address being mapped.
The following atm oam command globally configures the OAM, AIS, RDI, and loopback operation.
The following atm oam command configures the OAM, AIS, RDI, and loopback modules at the interface configuration level for a connection specified by vpi and vci.
Global configuration.
To enable or disable OAM operations on VP connection, only specify the vpi value. To enable or disable VC connections, you must specify both vpi and vci values.
In interface and subinterface command modes, vpt configuration is supported.
The following example globally enables AIS, RDI, and segment loopback operators for all interfaces.
The following example enables end-loopback on vpi 50 vci 100 on ATM 3/0/0.
The following example enables or disables the OAM, AIS, RDI, and loopback operation to a specified connection.
To set the maximum number of OAM connections that can be configured per switch, use the atm oam max-limit global configuration command.
To change the loopback interval use the atm oam loopback-timer interface configuration command. Use the no for of this command to disable this feature.
This command is only intended for use with atm oam seg-loopback and atm oam end-loopback.
The following example shows changing the loopback timer interval to 10 seconds.
To change the output queue maximum queue size, use the atm output-queue interface configuration command. To reset the maximum queue size to the default value, use the no form of this command.
Varies by physical interface type, queue, and for abr-ubr or vbr-nrt queues, by the value of Over Subscription Factor (OSF).
The force argument indicates that the change should be made even if it results in losing data on the interface queue (the queue must be momentarily disabled to change the threshold). This command without the force argument only changes the threshold if the interface is down. An error message is displayed and the command does not take effect if the interface is up and the force argument is not present.
This command is not supported for the subinterface configuration and does not apply to the CPU interface.
In the following example, the maximum size of the vbr-nrt output queue is set to a minimum of 512 cells. This can be set even if the interface is up.
atm over-subscription-factor
To change the output queue thresholds, use the atm output-threshold interface configuration command. To reset the threshold to the default value, use the no form of this command.
For all service categories discard is 87 percent and efci is 25 percent. The abr relative-rate is 25 percent.
This command is not supported for the subinterface configuration. This command does not apply to the CPU interface.
In the following example, the discard threshold of the VBR-NRT queue is set to 87 percent of the maximum queue size.
To set the OSF, use the atm over-subscription-factor global configuration command. To assign the default value to OSF, use the no form of this command.
The OSF number is a positive integer in the range from 1 through 32. This command is used to determine the initial port queue size. OSF is used to size the vbr-nrt and abr-ubr queues.
The resizing of queues can be overridden by ATM output-queues commands. Changes to atm over-subscription-factor only take place during startup.
The sizing of vbr-nrt and abr-ubr queues is determined by the following equations.
The default size of the cbr and vbr queues vary by interface type as defined in the following list:
In the following example, the OSF of the switch is set to 15. This does not take effect in resizing ubr and vbr-nrt queues unless the configuration is written to NVRAM and the switch is restarted.
To enable or change the artificial limitation on interface output rate, use the atm pacing interface configuration command. To disable output pacing, use the no form of this command.
The force argument indicates that the change should be made even if it results in an output cell-rate that does not provide sufficient bandwidth for guaranteed service on the transmit flow of the interface. An error message is displayed and the command does not take effect if the change impacts guaranteed bandwidth and the force argument is not present.
This command is not supported for the subinterface configuration and does not apply to the CPU interface.
Note The granularity of pacing rate provided by hardware varies with the size of the bit rate
requested. The value entered by the user is rounded up to the closest value available for installation
in hardware. Both the configured and installed values are displayed through the show interface
command.
In the following example, the transmit cell-rate of the interface is limited to the closest value possible in hardware, greater than 30,000 kbps. If the amount of bandwidth allocated to cbr and vbr connections in the transmit direction on the interface is greater than 30,000 kbps, the command fails.
To specify the administrative weight of the ATM PNNI interface, use the atm pnni admin-weight interface configuration command. To return to the default values, use the no form of this command.
Determined by the mode set by administrative-weight command.
This command does not apply to the CPU interface and applies only the NNI interface.
Use this command to manually set the administrative weight of an interface. Changing the administrative weight of an interface to a larger value might cause calls to be routed away from the interface.
administrative-weight
To configure a method for selecting a link out to multiple links to the same neighbor, use the atm pnni link-selection interface configuration command. To return to the default value, use the no form of this command.
This command does not apply to the CPU interface.
This command only affects CBR and VBR calls. Load balancing is always used for ABR and UBR calls.
Link selection applies whenever the port specified in the Designated Transit List (DTL) is zero and there are multiple interfaces to the next node.
When multiple parallel links are configured inconsistently, the order of precedence of configured values is admin-weight-minimize, blocking-minimize, transmit-speed-maximize, and load-balance. For example if any link is configured as admin-weight-minimize, that becomes the link selection criteria for the entire link group.
To specify which PNNI node in the switch runs on an interface when the interface runs PNNI, use the atm pnni node ATM PNNI node command. To return to the default value, use the no form of this command.
This command does not apply to the CPU interface.
Currently node index 1 is the only valid value. Refer to the node command for more information.
By default, PNNI node 1 automatically runs on all PNNI interfaces.
This command does not turn PNNI on or off for this interface. See the atm auto-configuration command and the atm nni commands for more information on the interface type.
To configure an ATM address prefix for an ATM interface, use the atm prefix interface configuration command. To reset the default values, use the no form of this command.
This command is used to assign an address prefix to a specific interface that is different from the admin prefix of the switch. PNNI advertises this prefix as an internal reachable address. ILMI assigns the prefix to end systems attached to this interface.
The following example shows how to set an ATM prefix.
show atm iisp prefix
To create a permanent virtual channel (PVC), use the atm pvc interface configuration command. Use the long form of the atm pvc command to create a permanent virtual channel connection (PVCC). Use the short form of the atm pvc command to create a permanent virtual channel link (PVCL). To remove the specified PVC, use the no form of this command.
Specified as p2p | p2mp-root | p2mp-leaf. The default is p2p.
ATM virtual path identifier (VPI) of this PVC, in the range from 0 through 255. The VPI is an 8-bit field in the header of the ATM cell. The VPI value is unique only on an interface, not throughout the ATM network (it has local significance only).
ATM virtual channel identifier (VCI) of this PVC, in the range of 32 through 65535. The VCI is a 16-bit field in the header of the ATM cell. The VCI value is unique only on a single interface, not throughout the ATM network (it has local significance only).
Intelligent packet discard option. Specified as on | off. The default is off.
ATM adaptation layer (AAL) and encapsulation type and applies only to terminating connections. When aal5mux is specified, a protocol is required. Possible values are as follows:
Usage parameter control, specified as pass | tag | drop; the default is pass. The upc option can be set to tag or drop only under the following conditions:
Connection traffic table row index in the received direction. The connection-traffic table row should be configured before using atm pvc command. Refer to the atm connection-traffic-table-row command for information on configuring the rx-cttr. The default is 1.
Connection traffic table row index in the transmitted direction. The connection-traffic table row should be configured before using atm pvc command. Refer to the atm connection-traffic-table-row command for information on configuring the tx-cttr. The default is 1.
Specifies how often Inverse ARP datagrams are sent on this virtual connection and applies only to terminating connections. The default value is 15 minutes. Note: This applies only to terminating connections.
The commands are used to create or delete the following types of ATM connections on a switch:
When setting UBR connections the tx-cttr and the rx-cttr fields are not needed, but these fields are required when setting up a CBR or VBR connection. Refer to the atm connection-traffic-table-row command for information on configuring in the connection traffic table specified by index.
The following example shows how to set up a UBR PVC connection between interface ATM 4/0/0 and 4/0/1 with a vpi of 0 and a vci of 40.
The following example shows a display using the encap variable.
The following example shows the commands used to establish a PVC between a logical interface (VP tunnel) on ATM 4/1/1.99 and ATM 3/0/0.
Use the following show atm vc command to display all VCs on an interface.
Use the show atm vc command to display detailed information about a specific connection.
The following example deletes the ATM transit point-to-point PVC previously configured.
atm connection-traffic-table-row
To create a permanent virtual path (PVP), use the atm pvp interface configuration command. Use the long form of the atm pvp command to create a permanent virtual path connection (PVPC). Use the short form of the atm pvp command to create a permanent virtual path link (PVPL). Use the no form of this command to remove the specified PVP.
Specified as p2p | p2mp-root | p2mp-leaf. The default is p2p.
ATM virtual path identifier (VPI) of this PVP, in the range from 1 through 255. The VPI is an 8-bit field in the header of the ATM cell. The VPI value is unique only on a single interface, not throughout the ATM network (it has local significance only).
Usage parameter control, specified as pass | tag | drop, the default is pass. The upc option can be set to tag or drop only under the following conditions:
Connection traffic table row index in the received direction. The connection-traffic table row should be configured before using atm pvc command. Refer to the atm connection-traffic-table-row command for information on configuring the rx-cttr. The default is 1.
Connection traffic table row index in the transmitted direction. The connection-traffic table row should be configured before using atm pvc command. Refer to the atm connection-traffic-table-row command for information on configuring the tx-cttr. The default is 1.
This command does not apply to the CPU port or logical port (VP tunnel).
The commands are used to create or delete the following types of ATM connections on a switch:
The following example configures an ATM PVP from ATM 4/1/1 to ATM 4/1/2.
Use the show atm vp command to display details about the ATM. The following is an example of ATM 4/1/2.
To create a VP tunnel on a physical interface, enter the interface configuration mode for the switch, then specify the PVP and create the tunnel. The following example shows the commands used to create a tunnel on ATM 4/1/1.
Use the show atm interface command to display the interface information about ATM 4/1/1.99.
atm connection-traffic-table-row
To change individual QOS objectives assigned to SVC setup messages entering the switch via UNI version 3 interfaces, use the atm qos uni3-default global configuration command. To return all objective values for a service category to the default, use the no form of this command.
This command changes the individual QOS objectives used in establishing CBR or VBR SVCs. The QOS objectives are as follows:
These objectives can be set differently for each of the three service categories: CBR, VBR-RT, and VBR-NRT (VBR-NRT only uses CLR0). All UNI 3.0 or 3.1 SVC requests received for a particular service category uses the configured values. These objectives are signaled across a continuous sequence of PNNI hops, starting at the source switch.
In the following example, the cbr MaxCTD objective is set to 1000 microseconds.
To specify a static route to a reachable address prefix, use the atm route global configuration command. To delete a static route, use the no form of this command.
The internal keyword should be used when a static route is configured to an address prefix representing an attached end system (for example, in place of an ILMI address registration).
The type of static route should be exterior, and the internal keyword should not be present when a static route is configured to an address prefix representing end systems attached to a different switch or network.
The following example shows how to configure a static route on interface ATM 1/2/1 to the address prefix 47.8 of 12 bits in length.
The following example shows how to configure a static route on interface ATM 1/2/1 to the address prefix 47.88 of 14 bits in length.
show atm iisp prefix
To start the PNNI configuration mode, use the atm router pnni global configuration command.
This command has no arguments or keywords.
Use this command to start global PNNI configuration mode.
The following example shows using the atm router pnni global configuration command to change to ATM router PNNI configuration mode.
To set the limits on the number of cells simultaneously allowed in the switch memory by type of output queue, use the atm service-category-limit global configuration command. To set to the default value of 65535, use the no form of this command.
In the following example, the maximum number of abr and ubr cells allowed into the switch-fabric at one time is limited to 45,000.
To set the current port snooping configuration and actual register values for the highest ATM interface, use the atm snoop interface atm interface configuration command.
Interface configuration. Applies to the Snoop Test Port.
The atm snoop interface atm subcommand applies only if the previously specified port is the highest system port residing on card 4 and subcard 1 (which has been shutdown). If so, this enables it as the Snoop Test Port. Cells transmitted from the Snoop Test Port are copies of cells from a single direction of a monitored port.
When in snoop mode, any prior permanent virtual connections to the Snoop Test Port remain in the down state.
The port number of the test port depends on the card type. Table 1-10 defines the Snoop Test Port number for various interfaces:
Table 1-10 ATM Snoop Port Numbers
The following example configures the highest port in the snoop mode to monitor port card 1, subcard 0, and port 2 in the transmit direction starting from the configuration mode.
To create a soft PVC on the switch, use the atm soft-vc interface configuration command.
Usage parameter control, specified as pass | tag | drop, the default is pass. The upc option can be set to tag or drop only under the following conditions:
Intelligent packet discard option, specified as on | off. The default is on.
Connection traffic table row index in the received direction. The cttr should be configured before using atm pvc command. Refer to the atm connection-traffic-table-row command for information on configuring the rx-cttr. The default is 1.
Connection traffic table row index in the transmitted direction. The cttr should be configured before using atm pvc command. Refer to the atm connection-traffic-table-row command for information on configuring the tx-cttr. The default is 1.
Specifies the slow call retry frequency in seconds. The default is 60 seconds.
Obtain the destination port address before configuring a soft PVC by using one of the following commands on the destination switch:
The following list identifies reasons the creation of a soft PVC is unsuccessful:
The following example shows how a user at the destination switch displays the address of the destination port.
show atm interface
To create a soft PVP on the switch, use the atm soft-vp interface configuration command.
Usage parameter control, specified as pass | tag | drop, the default is pass. The upc option can be set to tag or drop only under the following conditions:
Connection traffic table row index in the received direction. The cttr should be configured before using atm soft-vp command. Refer to the atm connection-traffic-table-row command for information on configuring the rx-cttr. The default is 1.
Connection traffic table row index in the transmitted direction. The cttr should be configured before using atm soft-vp command. Refer to the atm connection-traffic-table-row command for information on configuring the tx-cttr. The default is 1.
Slow call re-try frequency in seconds. The default is 60 seconds.
Obtain the destination port address before configuring a soft PVP by using one of the following commands.
The following list identifies reasons why the creation of a soft PVP is unsuccessful:
The following example shows how a user at the destination switch displays the address of the destination port.
At the source switch, create a soft PVP with the VP of 150, the destination port address of 47.0091.8100.0000.0003.be59.ed00.4000.0c82.0010.00, and the destination vpi of 160.
show atm interface
To change the Sustained Cell Rate Margin Factor (SCRMF), use the atm sustained-cell-rate-margin-factor global configuration command. SCRMF dictates the weight given to peak-cell-rate (PCR) in computing the bandwidth used by VBR connections. To assign the default value to SCRMF, use the no form of this command.
The following equation is used in CAC of VBR connections to define the bandwidth requested.
In the following example, the SCRMF of the switch is set to 35 percent.
To change the intended Usage Parameter Control (UPC) mode to use on the cell-flow received into the switch-fabric for SVCs on an interface, use the atm svc-upc-intent interface configuration command. Any change in this parameter is applied to SVCs subsequently established on the interface. To assign the default value to the parameter, use the no form of this command.
This configuration parameter determines the UPC to use for SVCs if the interface is UNI Network-side. For other interface types, the value used is pass.
This command does not apply to the CPU interface or logical interfaces.
In the following example, the intended UPC for SVCs on an interface is set to tagging.
To configure an ATM address template alias, use the atm template-alias global configuration command. To delete the specified alias, use the no form of this command.
Address templates are pattern forms that match one or more ATM addresses. They can be simple, single ATM addresses matching themselves or containing wildcards, prefixes, and suffixes, allowing a single template to match many addresses.
The simplest address template matches a single address, as shown in this example:
Wildcard digits, which can match any value, are indicated with asterisks (*). The following template matches the above address and any other 12-byte address that starts with 47.0005.1234.5678:
The following template matches any address of any length and begins with the prefix 47.0005.1234.5678:
In other cases, matching a suffix of the address is also important, such as when matching system IDs. The following template matches any address ending with the suffix 0000.0c01.2345.00:
You might want to match addresses on a single-bit granularity, rather than half-byte (4-bit or nibble) granularity.
This pattern matching is supported by allowing the hex digits that represent four bits to be replaced by groups of four binary bits, represented by the numbers 0 and 1. These four binary digits are enclosed within parentheses. The following template matches any address that starts with 47.0005 followed by the binary bits 10. The final two binary bits in the nibble can be either 0 or 1 and are represented with asterisks.
Use this command to define aliases for commonly referenced address templates. The use of these aliases reduces the chances for typographical error in the creation of ATM filter sets.
The following example shows setting ATM template aliases.
show running-config
To get status for an SVC, use the atmsig status EXEC command.
Run this command to display status on a particular SVC. The virtual connections are numbered per vpi and vci interface, and they must be specified by the interface port number.
The following example gets status for SVC 0 32 on ATM interface 4/0/0.
To configure an ATM User-Network Interface (UNI) on the specified physical or logical port, use the atm uni interface configuration command.
Before using this command, the interface must be administratively shut down and autoconfiguration mode has to be disabled.
Configure a network-side private ATM UNI with maxvc = 1000, on card 3, subcard 1, and port 1.
Configure a user-side public ATM UNI on card 1, subcard 1, and port 3.
atm connection-traffic-table-row
To define an ATM map statement for a PVC, use the atm-vc map-list configuration command in conjunction with the map-list global configuration command. The no form of this command removes the address.
No map statements are defined.
This command is required with the map-list command when you are configuring an SVC.
In the following example, a map list named ATM includes two map statements for protocol addresses being mapped.
To configure the switch to execute a command or list of commands automatically when a user connects to a particular line, use the autocommand line configuration command.
Automatic responses are not configured.
This command applies to all ASP interfaces.
The following example forces an automatic connection to a host named host21 (which could be an IP address). In addition, the UNIX UUCP application specifies TCP socket 25, and the /stream switch enables a raw TCP stream with no Telnet control sequences.
Note This command or some of its parameters might not function as expected in the
LightStream 1010 ATM switch environment.
To configure a line to start an ARA, Point-to-Point Protocol (PPP), or SLIP session, use the autoselect line configuration command. Use the no form of this command to disable this function on a line.
This command eliminates the need for users to enter an EXEC command to start an ARA, PPP, or SLIP session.
The autoselect command configures the switch to identify the type of connection being requested. For example, when a user on a Macintosh running ARA selects the Connect button, the switch automatically starts an ARA protocol session. If, on the other hand, the user is running SLIP or PPP and uses the autoselect ppp or autoselect slip command, the switch automatically starts a PPP or SLIP session, respectively. This command is appropriate for lines used to make different types of connections.
A line that does not have autoselect configured regards an attempt to open a connection as noise. When the switch does not respond, the user client then times out.
Note After the modem connection is established, a Return is required to evoke a response such as
getting the username prompt. You might need to update your scripts to include this requirement.
Additionally, let the activation character default to Return, and the exec-character-bits default to 7.
If you change these defaults, the application does not recognize the activation request.
The following example enables ARA on a line.
The following example enables PPP on a line.
The following example enables ARA on a line and allows users with a modified CCL script or an unmodified script to login.
arp (interface)
To allow an auto FERF to be inserted when an incoming alarm is received, use the auto-ferf interface configuration command. Applies to DS3/E3 interfaces only; red applies to DS3 only.
auto-ferf los.
show controllers
To allow default summary addresses to be generated based on the switch's ATM address, use the auto-summary node-level subcommand. To remove the default summary addresses, use the no form of this command.
This command has no arguments or keywords.
ATM router PNNI node-level configuration.
By default, each PNNI node advertises 13-byte summary address prefixes based on the switch address or addresses. The summary address prefix or prefixes cover all end system addresses determined via ILMI address registration from the ILMI address prefix or prefixes, based on each switch's address. They do not cover end-system addresses determined via ILMI address registration from per-interface ILMI address prefixes (configured using the atm prefix command). Using the no form of this command causes PNNI to advertise all end-system addresses separately (unless other summary addressees matching the end system addresses were configured).
For more information, refer to the LightStream 1010 ATM Switch Software Configuration Guide.
The following script shows how to access the auto-summary node-level subcommand.
atm address
Keyword
Description
Examples
Related Commands
aaa new-model
arp timeout
aaa authentication enable default
no aaa authentication enable default method1 [...[method4]] Syntax Description
Default
Command Mode
Usage Guideline
Keyword
Description
Example
Related Commands
aaa authorization
aaa new-model
enable password
aaa authentication local-override
no aaa authentication local-override Syntax Description
Default
Command Mode
Usage Guideline
Example
Related Commands
aaa authentication enable default
aaa authentication login
aaa authentication ppp
aaa new-model
aaa authentication login
no aaa authentication login {default | list-name} method1 [...[method4]] Syntax Description
Default
Command Mode
Usage Guideline
Keyword
Description
Examples
Related Commands
aaa new-model
login authentication
aaa authentication ppp
no aaa authentication ppp {default | list-name} method1 [...[method4]] Syntax Description
Default
Command Mode
Usage Guideline
Keyword
Description
Example
Related Commands
aaa new-model
ppp authentication
aaa authorization
no aaa authorization {network | connection | exec | command level} Syntax Description
Default
Command Mode
Usage Guideline
Keyword
Description
Examples
Related Commands
aaa new-model
no aaa new-model Syntax Description
Default
Command Mode
Usage Guideline
Example
Related Commands
aaa authentication enable default
aaa authentication local-override
aaa authentication login
aaa authorization
access-class
no access-class access-list-number {in | out} Syntax Description
Default
Command Mode
Usage Guidelines
Examples
Related Command
access-enable
Syntax Description
Command Mode
Usage Guidelines
Example
Related Commands
autocommand
access-list (extended)
destination-wildcard [precedence precedence] [tos tos] [log]
no access-list access-list-number
destination-wildcard [icmp-type [icmp-code] | icmp-message] [precedence precedence]
[tos tos] [log]
[operator port [port]] destination destination-wildcard
[operator port [port]] [established] [precedence precedence] [tos tos] [log]
[operator port [port]] destination destination-wildcard
[operator port [port]] [precedence precedence] [tos tos] [log] Syntax Description
Default
Command Mode
Usage Guidelines
Examples
Switch(config)# access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.0.0 0.0.255.255 established
Related Commands
access-list (standard)
ip access-group
logging console
priority-list default
queue-list interface
show access-lists
show ip access-lists
access-list (standard)
no access-list access-list-number Syntax Description
Default
Command Mode
Usage Guidelines
Examples
Related Commands
access-list (extended)
ip access-group
priority-list default
queue-list interface
show access-lists
show ip access-lists
access-template
Syntax Description
Command Mode
administrative-weight
no administrative-weight Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Commands
show atm pnni interface
show atm pnni node
alias
no alias mode [alias-name] Syntax Description
Defaults
Command Alias
Original Command
Command Mode
Usage Guidelines
Argument Options
Mode
Example
Related Command
arp (global)
no arp ip-address hardware-address type [alias] Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Command
arp (interface)
no arp {arpa | probe | snap} Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Command
arp timeout
no arp timeout seconds Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Command
async-bootp
no async-bootp Syntax Description
Default
Command Mode
Usage Guidelines
Examples
Related Command
atm abr-mode
no atm abr-mode Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Command
atm access-group
no atm access-group name [in | out] Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Commands
atm filter-set
atm template-alias
show atm filter-expr
show atm filter-set
atm address
no atm address address-template Syntax Description
Default
Command Mode
Usage Guidelines
Related Commands
auto-summary
show atm address
atm address-registration
no atm address-registration Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Command
atm arp-server
no atm arp-server [self [time-out minutes] | nsap nsap-address] Syntax Description
Default
Command Mode
Usage Guidelines
Related Command
atm auto-configuration
no atm auto-configuration Syntax Description
Default
Command Mode
Usage Guidelines
Related Commands
atm backward-max-burst-size-clp0
Syntax Description
Default
Command Mode
Usage Guidelines
Example
atm backward-max-burst-size-clp1
Syntax Description
Default
Command Mode
Usage Guidelines
Example
atm backward-peak-cell-rate-clp0
Syntax Description
Default
Command Mode
Usage Guidelines
Example
atm backward-peak-cell-rate-clp1
Syntax Description
Default
Command Mode
Usage Guidelines
Example
atm backward-sustainable-cell-rate-clp0
Syntax Description
Default
Command Mode
Usage Guidelines
Example
atm backward-sustainable-cell-rate-clp1
Syntax Description
Default
Command Mode
Usage Guidelines
Example
atm cac
atm cac link-sharing max-bandwidth {cbr | vbr} {receive | transmit} percent
atm cac link-sharing min-bandwidth {cbr | vbr} {receive | transmit} percent
no atm cac link-sharing max-bandwidth {cbr | vbr} {receive | transmit}
no atm cac link-sharing min-bandwidth {cbr | vbr} {receive | transmit}
no atm cac best-effort-limit
atm cac max-sustained-cell-rate {receive | transmit} rate
atm cac max-tolerance {cbr | vbr | abr | ubr} {receive | transmit} cell-count
no atm cac max-sustained-cell-rate {receive | transmit}
no atm cac max-tolerance {cbr | vbr | abr | ubr} {receive | transmit} Syntax Description
Default
Command Mode
Usage Guidelines
atm cac max-peak-cell-rate
atm cac max-sustained-cell-rate
atm cac max-tolerance Examples
Related Command
atm connection-traffic-table-row
cell-count]
atm connection-traffic-table-row [index row-index] {vbr-rt | vbr-nrt} peak-cell-rate
rate sustained-cell-rate rate [tolerance cell-count]
atm connection-traffic-table-row [index row-index ] abr peak-cell-rate rate
[tolerance cell-count]
atm connection-traffic-table-row [index row-index] ubr [peak-cell-rate rate
[tolerance cell-count]]
no atm connection-traffic-table-row row-index Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Commands
atm pvp
show atm connection-traffic-table
atm filter-expr
atm filter-expr name not term
atm filter-expr name term and term
atm filter-expr name term or term
atm filter-expr name term xor term
no atm filter-expr name Syntax Description
Default
Command Mode
Usage Guidelines
Example
Switch(config)# atm filter-expr atm_filter_expr2 source atm_filter_set1 and destination atm_filter_set2
Related Command
atm filter-set
no atm filter-set name Syntax Description
Default
Command Mode
Usage Guidelines
Example
Switch(config)# atm filter-set filter_set1 permit 47.0091.8100.0000.0003.bbe4.aa01.4000.0c80.0000.64
atm forward-max-burst-size-clp0
Syntax Description
Default
Command Mode
Usage Guidelines
Example
atm forward-max-burst-size-clp1
Syntax Description
Default
Command Mode
Usage Guidelines
Example
atm forward-peak-cell-rate-clp0
Syntax Description
Default
Command Mode
Usage Guidelines
Example
atm forward-peak-cell-rate-clp1
Syntax Description
Default
Command Mode
Usage Guidelines
Example
atm forward-sustainable-cell-rate-clp0
Syntax Description
Default
Command Mode
Usage Guidelines
Example
atm forward-sustainable-cell-rate-clp1
Syntax Description
Default
Command Mode
Usage Guidelines
Example
atm idle-timeout
Syntax Description
Default
Command Mode
Usage Guidelines
atm iisp
Syntax Description
Command Mode
Usage Guidelines
Examples
Related Commands
atm nni
atm uni
show atm iisp prefix
show atm interface
shutdown
atm ilmi-enable
no atm ilmi-enable Syntax Description
Default
Command Mode
Usage Guidelines
Related Commands
atm ilmi-keepalive
no atm ilmi-keepalive Syntax Description
Default
Command Mode
Usage Guideline
Example
Related Commands
show atm ilmi-status
atm lecs-address
Syntax Description
Default
Command Mode
Usage Guidelines
Related Commands
show atm ilmi-configuration
atm lecs-address-default
Syntax Description
Default
Command Mode
Usage Guidelines
Related Commands
show atm ilmi-configuration
atm link-distance
no atm link-distance Syntax Description
Default
Command Mode
Usage Guidelines
Related Command
atm maxvc-number
Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Commands
atm pvc
show atm interface
shutdown
atm maxvci-bits
Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Commands
atm maxvc-number
atm pvc
show atm interface
shutdown
atm maxvp-number
Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Commands
atm pvp
show atm interface
shutdown
atm maxvpi-bits
Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Commands
atm maxvp-number
atm pvp
show atm interface
shutdown
atm multipoint-signaling
no atm multipoint-signaling Syntax Description
Default
Command Mode
Usage Guidelines
atm nni
Syntax Description
Command Mode
Usage Guidelines
Example
Related Commands
atm iisp
atm uni
show atm interface
shutdown
atm nsap (map-list)
[aal5mux]
no protocol protocol-address atm-nsap atm-nsap-address [class class-name] [broadcast]
[aal5mux] Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Command
atm oam
no atm oam [ais] [end-loopback] [max-limit] [rdi] [seg-loopback]
no atm oam [vpi [vci]] [ais] [end-loopback] [max-limit] [rdi] [seg-loopback] Syntax Description
Command Mode
Interface configuration.
Usage Guidelines
Examples
atm oam max-limit
no atm oam max-limit Syntax Description
Command Mode
atm oam loopback-timer
no atm oam loopback-timer Syntax Description
Default
Command Mode
Usage Guidelines
Example
atm output-queue
no atm output-queue [force] {cbr | vbr-rt | vbr-nrt | abr-ubr} max-size Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Commands
show atm interface
show atm interface rm
atm output-threshold
atm output-threshold {cbr | vbr-rt | vbr-nrt | abr | ubr} efci efci-thresh-num
atm output-threshold abr relative-rate abr-thresh-num
no atm output-threshold discard disc-thresh-num
no atm output-threshold efci efci-thresh-num
no atm output-threshold abr relative-rate abr-thresh-num Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Command
atm over-subscription-factor
no atm over-subscription-factor Syntax Description
Default
Command Mode
Usage Guidelines
Interface Type
Default Max Size CBR Queue
Default Max Size VBR-RT Queue
Example
Related Command
atm pacing
no atm pacing Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Command
atm pnni admin-weight
no atm pnni admin-weight service-category Syntax Description
Default
Command Mode
Usage Guidelines
Related Commands
show atm pnni interface
atm pnni link-selection
transmit-speed-maximize]
no atm pnni link-selection Syntax Description
Default
Command Mode
Usage Guidelines
Related Command
atm pnni node
no atm pnni node Syntax Description
Default
Command Mode
Usage Guidelines
Related Commands
atm prefix
no atm prefix Syntax Description
Command Mode
Usage Guidelines
Example
Related Commands
show atm ilmi-status
show atm pnni prefix
show running-config
atm pvc
interface atm card-B/subcard-B/port-B[.vpt #] vpi-B vci-B [cast-type type-B] [upc upc-B]
[encap aal-encap]
atm pvc vpi vci [cast-type type] [upc upc] [pd pd] [rx-cttr index] [tx-cttr index]
no atm pvc vpi vci Syntax Description
Defaults
Command Mode
Usage Guidelines
Examples
Related Commands
atm pvp
show atm interface
show atm vc
atm pvp
card-B/subcard-B/port-B vpi-B [cast-type type-B] [upc upc-B]
atm pvp vpi [cast-type type] [upc upc] [rx-cttr index] [tx-cttr index]
no atm pvp vpi Syntax Description
Defaults
Command Mode
Usage Guidelines
Examples
Related Commands
atm pvc
show atm interface
show atm vp
atm qos uni3-default
atm qos uni3-default {cbr | vbr-rt} peak-to-peak-cell-delay-variation {microseconds | any}
atm qos uni3-default {cbr | vbr-rt | vbr-nrt} max-cell-loss-ratio {loss-ratio | any}
no atm qos uni3-default {cbr | vbr-rt | vbr-nrt} Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Command
atm route
no atm route addr-prefix atm {card/subcard/port [.vpt# ] } [ internal ] Syntax Description
Default
Command Mode
Usage Guidelines
Examples
Related Commands
show atm pnni prefix
atm router pnni
no atm router pnni Syntax Description
Command Mode
Usage Guidelines
Example
Related Command
atm service-category-limit
no atm service-category-limit {cbr | vbr-rt | vbr-nrt | abr-ubr} Syntax Description
Default
Command Mode
Usage Guidelines
Warning
Setting a service-category-limit to 0 causes the connection requests for the associated service categories to be rejected.
Example
Related Command
atm snoop
Syntax Description
Default
Command Mode
Usage Guidelines
Interface
Port Number
Example
Related Command
atm soft-vc
[rx-cttr index][tx-cttr index] [slow-retry-interval value] Syntax Description
Default
Command Mode
Usage Guidelines
Example
Switch(config-if)# atm soft-vc 100 200 dest-address 47.0091.8100.0000.0003.be59.ed00.4000.0c82.1000.05 100 200
Related Commands
show atm status
show atm vc
atm soft-vp
[slow-retry-interval value] Syntax Description
Default
Command Mode
Usage Guidelines
Example
Switch(config-if)# atm soft-vp 150 dest-address 47.0091.8100.0000.0003.be59.ed00.4000.0c82.0010.00 160
Related Commands
show atm status
show atm vp
atm sustained-cell-rate-margin-factor
no atm sustained-cell-rate-margin-factor Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Command
atm svc-upc-intent
no atm svc-upc-intent Syntax Description
Command Mode
Default
Usage Guidelines
Example
Related Command
atm template-alias
no atm template-alias Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Commands
write terminal
atmsig status
Syntax Description
Command Mode
Usage Guidelines
Example
Related Command
atm uni
Syntax Description
Default
Command Mode
Usage Guidelines
Examples
Related Commands
atm iisp
atm nni
show atm interface
shutdown
atm-vc (map-list)
no protocol protocol-address atm-vc vci [class class-name] [broadcast] [aal5mux] Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Command
autocommand
no autocommand Syntax Description
Default
Command Mode
Usage Guidelines
Example
autoselect
no autoselect Syntax Description
Default
Command Mode
Usage Guidelines
Examples
Related Commands
ppp authentication chap
ppp authentication pap
ppp use-tacacs
auto-ferf
no auto-ferf alarmtype Syntax Description
Default
auto-ferf oof.
auto-ferf red.
auto-ferf ais.
auto-ferf lcd (applies to non-plcp mode only).
Command Mode
Related Commands
show running-config
write terminal
auto-summary
no auto-summary Syntax Description
Default
Command Mode
Usage Guidelines
Example
Related Commands
atm prefix
show atm pnni prefix
summary-address
Posted: Fri Jan 24 03:05:25 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.