|
|
To specify that the configuration server ATM address is computed by the LightStream 1010 ATM switch automatic method, use the lane auto-config-atm-address interface configuration command. To remove the previously assigned ATM address, use the no form of this command.
This command has no keywords or arguments.
This command only applies to the CPU interface.
When applied to a subinterface, this command causes the LANE client on the subinterface to use the automatically assigned ATM address (rather than the ATM address provided by the ILMI) to locate the configuration server.
Multiple commands that assign ATM addresses to the LANE configuration server can be issued on the same interface to assign different ATM addresses to the configuration server. Commands that assign ATM addresses to the LANE configuration server include lane auto-config-atm-address, lane config-atm-address, and lane fixed-config-atm-address.
The following example specifies that the configuration server's ATM address is assigned by using the automatic method.
To specify an ATM address—and thus override the automatic ATM address assignment—for the broadcast-and-unknown server on the specified subinterface, use the lane bus-atm-address interface configuration command. To remove the ATM address previously specified for the broadcast-and-unknown server on the specified subinterface and thus revert to the automatic address assignment, use the no form of this command.
Automatic ATM address assignment.
This command only applies to the CPU interface.
This command gives the client the ATM address of the broadcast-and-unknown server. The client will use this address rather than sending LE ARP requests for the broadcast address.
When applied to a selected interface but with a different ATM address than was used previously, this command replaces the broadcast-and-unknown server's ATM address.
ATM Addresses. A LANE ATM address has the same syntax as an NSAP (but it is not a network-level address):
Address Templates. LANE ATM address templates can use two types of wildcards: an asterisk (*) to match any single character and an ellipsis (...) to match any number of leading or trailing characters.
The values of the digits that are replaced by wildcards come from the automatic ATM assignment method.
In LANE, a prefix template explicitly matches the prefix but uses wildcards for the ESI and selector fields. An ESI template explicitly matches the ESI field but uses wildcards for the prefix and selector.
In the Cisco implementation of LANE, the prefix corresponds to the switch, the ESI corresponds to the ATM interface, and the Selector field corresponds to the specific subinterface of the interface.
The following example uses an ESI template to specify the part of the ATM address corresponding to the interface; the remaining values in the ATM address come from automatic assignment.
The following example uses a prefix template to specify the part of the ATM address corresponding to the switch; the remaining values in the ATM address come from automatic assignment.
To activate a LANE client on the specified subinterface, use the lane client interface configuration command. To remove a previously activated LANE client on the subinterface, use the no form of this command.
This command only applies to the CPU interface.
If a lane client command has already been entered on the subinterface for a different emulated LAN, the client initiates termination procedures for that emulated LAN and joins the new emulated LAN.
If you do not provide an elan-name value, the client contacts the server to find which emulated LAN to join. If you do provide an emulated LAN name, the client consults the configuration server to ensure that no conflicting bindings exist.
To specify an ATM address—and thus override the automatic ATM address assignment—for the LANE client on the specified subinterface, use the lane client-atm-address interface configuration command. To remove the ATM address previously specified for the LANE client on the specified subinterface and thus revert to the automatic address assignment, use the no form of this command.
Automatic ATM address assignment.
This command only applies to the CPU interface.
Use of this command on a selected subinterface but with a different ATM address than was used previously, replaces the LANE client's ATM address.
ATM Addresses. A LANE ATM address has the same syntax as an NSAP (but it is not a network-level address):
Address Templates. LANE ATM address templates can use two types of wildcards: an asterisk (*) to match any single character and an ellipsis (...) to match any number of leading or trailing characters. The wildcard characters come from the automatically assigned ATM address.
In LANE, a prefix template explicitly matches the ATM address prefix but uses wildcards for the ESI and selector fields. An ESI template explicitly matches the ESI field but uses wildcards for the prefix and selector.
In the LightStream 1010 ATM switch implementation of LANE, the prefix corresponds to the switch, the ESI corresponds to the ATM interface, and the Selector field corresponds to the specific subinterface of the interface.
For a discussion of the Cisco method for automatically assigning ATM addresses, refer to the "Configuring LAN Emulation" chapter in the Router Products Configuration Guide.
The following example uses an ESI template to specify the part of the ATM address corresponding to the interface; the remaining parts of the ATM address come from automatic assignment.
The following example uses a prefix template to specify the part of the ATM address corresponding to the switch; the remaining parts of the ATM address come from automatic assignment.
To specify that the fixed configuration server ATM address assigned by the ATM Forum will be used, use the lane fixed-config-atm-address interface configuration command.
This command has no keywords and arguments.
No specific ATM address or method is set.
This command only applies to the CPU interface.
When applied to a subinterface, this command causes the LANE client on the subinterface to use that ATM address (rather than the ATM address provided by the ILMI) to locate the configuration server.
Multiple commands that assign ATM addresses to the LANE configuration server can be issued on the same interface in order to assign different ATM addresses to the LANE configuration server. Commands that assign ATM addresses to the LANE configuration server include lane auto-config-atm-address, lane config-atm-address, and lane fixed-config-atm-address.
To add a static entry to the LE ARP table of the LANE client configured on the specified subinterface, use the lane le-arp interface configuration command. To remove a static entry from the LE ARP table of the LANE client on the specified subinterface, use the no form of this command.
No static address bindings are provided.
This command only applies to the CPU interface.
This command only adds or removes a static entry binding a MAC address to an ATM address. It does not add or remove dynamic entries. Removing the static entry for a specified ATM address from an LE ARP table does not release Data Direct virtual channel connections (VCC) established to that ATM address. However, clearing a static entry clears any fast-cache entries that were created from the MAC address-to-ATM address binding.
Static LE ARP entries are not aged and are not removed automatically.
To remove dynamic entries from the LE ARP table of the LANE client on the specified subinterface, use the clear lane le-arp command.
To associate an ATM address, and optionally a LANE client ID, with a PVC previously created on the specified subinterface, use the lane pvc interface configuration command. To remove a prior entry, use the no form of this command.
No PVC is created. No virtual channel descriptor (VCD), ATM address, and LANE client ID are provided for PVCs.
This command only applies to the CPU interface.
Ordinarily, switched virtual circuits (SVCs) are used instead of PVCs for communication within emulated LANs, and unique LANE client IDs are assigned dynamically by the LANE server. This command is used only when PVCs are used.
Use this command to configure a LANE client when PVCs are used instead of SVCs for Data Direct circuits between LANE clients; this command identifies the ATM address of the LANE client at the other end of the virtual circuit. In this case, do not use the lec-id argument.
Use this command also to configure a LANE server when PVCs are used instead of SVCs for the Server Direct VCC with a LANE client on the other end and that LANE client is configured to use this PVC as its Client Direct VCC. Use the lec-id argument only when a LANE server is being configured on the specified subinterface.
To create the PVC, use the atm pvc command. The vcd value in the lane pvc command must match a vcd value in an atm pvc command.
Use of the lane pvc command on a LANE client and the lane register command on a LANE server enable the use of PVCs, instead of SVCs alone, for LANE.
If you use PVCs for the Control Direct VCCs, you must also use PVCs for the Control Distribute VCCs. If you use PVCs for the Multicast Send VCCs, you must also use PVCs for the Multicast Forward VCCs.
To specify an ATM address—and thus override the automatic ATM address assignment—for the LANE server on the specified subinterface, use the lane server-atm-address interface configuration command. To remove the ATM address previously specified for the LANE server on the specified subinterface and thus revert to the automatic address assignment, use the no form of this command.
The LANE client finds the LANE server by consulting the configuration server.
This command only applies to the CPU interface.
This command also instructs the LANE client configured on this subinterface to reach the LANE server by using the specified ATM address instead of the ATM address provided by the configuration server.
When used on a selected subinterface, but with a different ATM address than was used previously, this command replaces the LANE server's ATM address.
ATM Addresses. A LANE ATM address has the same syntax as an NSAP (but it is not a network-level address):
Address Templates. LANE ATM address templates can use two types of wildcards: an asterisk (*) to match any single character and an ellipsis (...) to match any number of leading or trailing characters. The values of characters replaced by wildcards come from automatic ATM address assignment.
In LANE, a prefix template explicitly matches the prefix but uses wildcards for the ESI and selector fields. An ESI template explicitly matches the ESI field but uses wildcards for the prefix and selector.
In the LightStream 1010 ATM switch implementation of LANE, the prefix corresponds to the switch, the ESI corresponds to the ATM interface, and the Selector field corresponds to the specific subinterface of the interface.
For a discussion of the Cisco method for automatically assigning ATM addresses, refer to the "Configuring LAN Emulation" chapter of the Router Products Configuration Guide.
The following example uses an ESI template to specify the part of the ATM address corresponding to the interface; the remaining parts of the ATM address come from automatic assignment.
The following example uses a prefix template to specify the part of the ATM address corresponding to the switch; the remaining part of the ATM address come from automatic assignment.
To set the line build out, use the lbo interface configuration command.
The lbo command applies on DS3 interfaces.
To set the terminal screen length, use the length line configuration command.
Not all commands recognize the configured screen length. For example, the show terminal command assumes a screen length of 24 lines or more. In this environment, if you specify 0, you receive everything. The switch software uses the value of this command to determine when to pause during multiple-screen output.
The following example illustrates how to disable the screen pause function on the console terminal.
To configure a console port line, auxiliary port line, or virtual terminal lines, use the line global configuration command.
To include one of the optional type keywords (aux, console, or vty), the line number is treated as a relative line number. If you enter the line command without an optional type keyword, the line number is treated as an absolute line number. Absolute line numbers increment consecutively and can be difficult to manage on large systems.
You can set communication parameters, specify autobaud connections, or configure terminal operating parameters, for any of the terminal lines on the switch.
The relative line number of the auxiliary port must be 0. See the modem line configuration command to set up modem support on the auxiliary port. The absolute line number of the auxiliary port is 1.
Virtual terminal lines are used to allow remote access to the switch. A virtual terminal line is not associated with either the console or auxiliary port. You can address a single line or a consecutive range of lines with the line command. You receive an error message if you forget to include the necessary line number.
The following example starts configuration for virtual terminal lines 0 to 4.
The following example configures the auxiliary port with a line speed of 2400 baud and enables the EXEC.
To change the length of time for which data is used to compute load statistics, use the load-interval interface configuration command. Use the no form of this command to revert to the default setting.
This command only applies to the interfaces on the ASP card: Ethernet 2/0/0 or ATM 2/0/0. To load computations to be more reactive to short bursts of traffic rather than averaged over 5-minute periods, shorten the length of time over which load averages are computed.
If the load interval is set to 30 seconds, new data is used for load calculations over a 30-second period. This data is used to compute load statistics, including input rate in bits and packets per second, output rate in bits and packets per second, load, and reliability.
Load data is gathered every 5 seconds on the switch. This data is used for a weighted average calculation in which more-recent load data has more weight in the computation than older load data. If the load interval is set to 30 seconds, the average is computed for the last 30 seconds of load data.
The load-interval command enables you to change the default interval of 5 minutes to a shorter or longer period of time. If you change it to a shorter period of time, the input and output statistics that are displayed when you use the show interfaces command are more current and is based on instantaneous data, rather than reflecting an average load over a longer period of time.
This command is often used for dial backup purposes to increase or decrease the likelihood of a backup interface being implemented, but it can be used on any interface.
In the following example, the default 5-minute average is set to a 30-second average. A burst in traffic that does not trigger a dial backup for an interface configured with the default 5-minute interval might trigger a dial backup for this interface that is set for a shorter, 30-second interval.
To record the location of a serial device, use the location line configuration command. The no form of this command removes the description.
Locations of serial devices are not recorded.
The location command enters information about the device location and status. Use the EXEC command show users all to display the location information.
The following example identifies the location of the console.
To prevent access to your session while keeping your connection open, use the lock EXEC command.
This command has no keywords or arguments.
The server product honors session time-outs on a locked line. You must clear the line to remove this feature. The system administrator must set the line up to allow use of the temporary locking feature. To regain access to your sessions, re-enter your password.
To log messages to a syslog server host, use the logging global configuration command. The no form of this command deletes the syslog server with the specified address from the list of syslogs.
No messages are logged to a syslog server host.
This command identifies a syslog server host to receive logging messages. By issuing this command more than once, you build a list of syslog servers that receive logging messages.
The following example logs messages to a host named mccarty.
logging trap
service timestamps
To log messages to an internal buffer, use the logging buffered global configuration command. The no form of this command cancels the use of the buffer and writes messages to the console terminal, which is the default.
This command has no arguments or keywords.
The switch displays all messages to the console terminal.
This command copies logging messages to an internal buffer instead of writing them to the console terminal. The buffer is circular in nature, so newer messages overwrite older messages.
To display the messages that are logged in the buffer, use the EXEC command show logging. The first message displayed is the oldest message in the buffer.
The following example illustrates how to enable logging to an internal buffer.
To limit messages logged to the console based on severity, use the logging console global configuration command. The no form of this command disables logging to the console terminal.
Limits the logging of messages displayed on the console terminal to the named level. See Table 10-1 for a list of the level keywords. |
Specifying a level causes messages at that level and numerically lower levels to be displayed at the console terminal.
The EXEC command show logging displays the addresses and levels associated with the current logging setup, as well as any other logging statistics.
Table 10-1 Error Message Logging Priorities
| Level Name | Level | Description | Syslog Definition |
|---|---|---|---|
The effect of the log keyword with the IP access list (extended) command depends on the setting of the logging console command. The log keyword takes effect only if the logging console level is set to 6 or 7. If you change the default to a level lower than 6 and specify the log keyword with the IP access list (extended) command, no information is logged or displayed.
The following example changes the level of messages displayed to the console terminal to alerts, which means alerts and emergencies are displayed.
access-list (extended)
logging facility
show logging
To configure the syslog facility in which error messages are sent, use the logging facility global configuration command. To revert to the default of local7, use the no form of this command.
Syslog facility. See Table 10-2 for the facility-type keywords. |
Table 10-2 describes the acceptable options for the facility-type keyword.
Table 10-2 Logging Facility Facility-Type Keywords
| Keyword | Description |
|---|---|
The following example configures the syslog facility to kernel.
To limit messages logged to the terminal lines (monitors) based on severity, use the logging monitor global configuration command. This command limits the logging messages displayed on terminal lines other than the console line to messages with a level at or above level. The no form of this command disables logging to terminal lines other than the console line.
One of the level keywords listed in Table 10-1. |
Specifying a level causes messages at that level and at numerically lower levels to be displayed to the monitor.
The following example specifies that only messages of the levels errors, critical, alerts, and emergencies be displayed on terminals.
terminal monitor
To control logging of error messages, use the logging on global configuration command. This command enables or disables message logging to all destinations except the console terminal. The no form of this command enables logging to the console terminal only.
This command has no arguments or keywords.
The switch logs messages to the console terminal.
The following example shows how to direct error messages to the console terminal only.
To synchronize unsolicited messages and debug output with solicited switch output and prompts for a specific console port line, auxiliary port line, or virtual terminal line, use the logging synchronous line configuration command. Use the no form of this command to disable synchronization of unsolicited messages and debug output.
This feature is turned off by default.
If you do not specify a severity level, the default value of 2 is assumed.
If you do not specify the maximum number of buffers to be queued, the default value of 20 is assumed.
When synchronous logging of unsolicited messages and debug output is turned on, unsolicited switch output is displayed on the console or printed after solicited switch output is displayed or printed. Unsolicited messages and debug output are displayed on the console after the prompt for user input is returned. This is to keep unsolicited messages and debug output from being interspersed with solicited switch output and prompts. After the unsolicited messages are displayed, the console displays the user prompt again.
When specifying a severity level number, consider that for the logging system, low numbers indicate greater severity, and high numbers indicate lesser severity.
When a terminal line's message-queue limit is reached, new messages are dropped from the line although these messages might be displayed on other lines. If messages are dropped, the notice "%SYS-3-MSGLOST number-of-messages due to overflow" follows any messages that are displayed. This notice is displayed only on the terminal that lost the messages. It is not sent to any other lines, any logging servers, or the logging buffer.
| Caution By configuring abnormally large message-queue limits and setting the terminal to "terminal monitor" on a terminal that is accessible to intruders, you expose yourself to "denial of service" attacks. An intruder could carry out the attack by putting the terminal in synchronous output mode, making a Telnet connection to a remote host, and leaving the connection idle. This could cause large numbers of messages to be generated and queued, and these messages would consume all available RAM. Although unlikely to occur, you should guard against this type of attack through proper configuration. |
The following example identifies line 4 and enables synchronous logging for line 4 with a severity level of 6. Then the example identifies another line, line 2, enables synchronous logging for line 2 with a severity level of 7, and specifies a maximum number of buffers to be 70000.
To limit messages logged to the syslog servers based on severity, use the logging trap global configuration command. The command limits the logging of error messages sent to syslog servers to only those messages at the specified level. The no form of this command disables logging to syslog servers.
One of the level keywords listed in Table 10-1. |
The EXEC command show logging displays the addresses and levels associated with the current logging setup. The command output also includes ancillary statistics.
Table 10-1 lists the syslog definitions that correspond to the debugging message levels. Additionally, there are four categories of messages generated by the software, as follows:
Use the logging and logging trap commands to send messages to a UNIX syslog server.
The following example logs messages to a host named james.
To enable password checking at login, use the login line configuration command. Use the no form of this command to disable password checking and allow connections without a password.
By default, virtual terminals require a password. If you do not set a password for a virtual terminal, it responds to attempted connections by displaying an error message and closing the connection.
If you specify login without the local or tacacs option, authentication is based on the password specified with the password line configuration command.
Note This command cannot be used with Authentication, Authorization, and Accounting (AAA)/TACACS+. Use the login authentication command instead.
The following example sets the password letmein on virtual terminal line 4.
The following example illustrates how to enable the TACACS-style user ID and password-checking mechanism.
enable password
password
username
To enable AAA/TACACS+ authentication for logins, use the login authentication line configuration command. Use the no form of this command to return to the default.
| Caution If you use a list-name value that has not been configured with the aaa authentication login command, the logins on this line are disabled. |
Login authentication uses the default set with aaa authentication login command. If no default is set, the local user database is checked. No authentication is performed on the console.
This command is a per-line command used with AAA and specifies the name of a list of TACACS+ authentication processes to try at login. If no list is specified, the default list is used (whether or not it is specified in the command line). You create defaults and lists by using the aaa authentication login command. Note that entering the no version of login authentication has the same effect as entering the command with the default argument.
Before issuing this command, create a list of authentication processes by using the global configuration aaa authentication login command.
The following example specifies that the default AAA authentication is to be used on line 4.
The following example specifies that the AAA authentication list called MIS-access is to be used on line 7.
To exit from the EXEC mode, use the logout EXEC command.
This command has no keywords or arguments.
To enable a diagnostic, diagnostic-path, line, cell, payload, or pif, loopback on the physical device associated with a port, use the loopback interface configuration command. To remove the loop, use the no form of this command.
The cell and payload loopbacks are the only available DS3/ES3 interfaces. Diagnostic-path is only available for OC12 interface to loop the payload.
To show interfaces currently in loopback operation, use the show interface EXEC command. To isolate problems in the field use the diagnostic or line options.
The following example configures diagnostic loopback on the atm 3/1/0 line.
show controllers
show interface
Posted: Thu Jan 23 21:02:39 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.