|
|
This appendix summarizes the Cisco ESSE command line interface (CLI) commands. When you make a configuration change using these commands, the system configuration is updated immediately.
This appendix contains the following sections:
The CLI uses the following conventions:
Do not confuse the Cisco ESSE's CLI with the IOS CLI. Though they are similar, they are not the same thing.
Access to CLI commands is controlled by your user account privilege level. Users with privilege level 15 can use all commands. Users with privilege level 0 can use only a subset of the commands. The command descriptions in this appendix are organized by privilege level. For more information about user accounts and privileges, see the "Administering User Accounts" section.
The user interface provides several types of responses to incorrect command entries:
Command not found.Incomplete command. Invalid input.In addition, some commands have command-specific error messages that notify you that a command is valid, but that it cannot run correctly.
The CLI provides a command history feature. To display previously entered commands, press the Up Arrow key. After pressing the Up Arrow key, you can press the Down Arrow key to display the commands in reverse order. To run a command, press the Enter key while the command is displayed on the command line. You can also edit commands before pressing the Enter key.
You can obtain help using the following methods:
Table C-1 summarizes all commands available on the Cisco ESSE, and tells you where to find full descriptions. Look at the full description of all commands that you are not familiar with before using them.
| Command | Privilege Level | Summary Description | Location of Full Description |
|---|---|---|---|
15 | Enables secure remote authentication | ||
15 | Backs up the Cisco ESSE | ||
15 | Sets the configuration for all backup and restore operations | ||
15 | Configures the CDP | ||
15 | Sets the Cisco ESSE date and time | ||
151 | Erases the configuration in Flash memory and reload the device | ||
0 | Logs user out of the Cisco ESSE | ||
15 | Displays IP address of a known domain name | ||
N/A2 | Checks and repairs the file system | ||
| Implements port filtering on the Cisco ESSE | ||
0 | Displays online help for the CLI | ||
15 | Changes the system hostname | ||
15 | Allows the Cisco ESSE to function without a DNS server | ||
15 | Configures an Ethernet interface | ||
15 | Defines a default domain name | ||
15 | Specifies the address of up to three DNS servers for name and address resolution | ||
15 | Lists all current backups at the configured site | ||
15 | Translates a DNS name to its IP address or an IP address to its DNS name | ||
15 | Configures the NTP and allows the system clock to be synchronized by a time server | ||
0 | Sends ICMP echo_request packets for diagnosing basic network connectivity | ||
151 | Reboots the system | ||
15 | Restores a backed-up configuration | ||
15 | Creates a user account with root access | ||
15 | Adds a route through a gateway device | ||
15 | Lists, starts, or stops management services. | ||
0 | Display help for the command show | ||
15 | Displays the type of authentication used for secure CLI access | ||
15 | Displays the type of authentication used for secure HTTP access | ||
15 | Displays the current backup and restore configuration | ||
0 | Displays the messages logged during the last system boot | ||
15 | Displays the nearest neighbor of the Cisco ESSE on the network | ||
15 | Displays the CDP configuration | ||
0 | Displays the system date and time in UTC | ||
15 | Displays the system configuration | ||
0 | Displays the system domain name | ||
15 | Displays imported host files | ||
0 | Displays information about the system network interface | ||
0 | Displays information about processes running on the system | ||
15 | Displays the routes currently configured | ||
15 | Displays the type of SSH enabled | ||
15 | Displays syslog information | ||
15 | Displays information necessary for Cisco's Technical Assistance Center to assist you | ||
0 | Displays information about the current software on the system | ||
15 | Shuts down the system in preparation for powering it off | ||
15 | Configures an SNMP agent | ||
15 | Enables Secure Shell (SSH) 1, SSH 2, or both SSH 1 and SSH 2 | ||
15 | Configures Telnet access | ||
0 | Displays the network route to a specified host and identifies faulty gateways | ||
15 | Creates a new user account or changes an account's properties |
Command descriptions in this document and in the CLI help-system use the following conventions:
This section describes the privilege level 0 commands.
To log out of the system, use the exit command.
exitThis command has no arguments or keywords.
The following command logs you out of the system:
# exit
To display online help for the CLI, use the help command.
helpThis command has no arguments or keywords.
Use the help command to display online help for the CLI. A list of the CLI commands and their syntax is displayed.
The following command displays online help for the CLI:
# help
To send ICMP echo_request packets for diagnosing basic network connectivity, use the ping command.
ping ? | [-c count] [-i wait] [-s packetsize] [-n] {hostname | ip-address}? | Displays help for the command |
c | Sets the number of echo packets to send |
count | Number of echo packets to send |
i | Sets the amount of time to wait between sending each packet |
wait | Amount of time to wait between sending each packet, in seconds; The default is 1 |
s | Sets the size of each echo packet. |
packetsize | The size of each echo packet, in bytes; The default is 56. |
hostname | Host name of system to ping |
ip-address | IP address of system to ping |
n | disables reverse DNS lookup |
To use this command with the hostname argument, you must have DNS configured on the system. To force the time-out of a nonresponsive host or to eliminate a loop cycle, press Ctrl-C.
This command sends four echo packets to the host 209.165.200.224 with a wait time of
5 seconds between each packet:
ping -c 4 -i 5 209.165.200.224
PING 209.165.200.224 (209.165.200.224) from 209.165.201.0 : 56(84) bytes of data.
64 bytes from dns-sj1.cisco.com (209.165.200.224): icmp_seq=0 ttl=246 time=16.3 ms
64 bytes from dns-sj1.cisco.com (209.165.200.224): icmp_seq=1 ttl=246 time=2.0 ms
64 bytes from dns-sj1.cisco.com (209.165.200.224): icmp_seq=2 ttl=246 time=2.1 ms
64 bytes from dns-sj1.cisco.com (209.165.200.224): icmp_seq=3 ttl=246 time=2.1 ms
To display help for the command show, use the show ? command.
This command has no arguments or keywords.
Use the show ? command to display help for the command show. A list of the command's options and usage appears.
The show command major options are described separately in this appendix. See the "Related Commands" section for a list of these major options.
This command displays help for the command show:
# show ?
show
auth-cli - Display CLI authentication
information.
auth-http - Display HTTP authentication
information.
backupconfig - Display host and account information
for the backup/restore commands.
bootlog - Displays the boot time information.
cdp-neighbor - Displays the next hop CDP
connection.
cdp-run - Displays the current CDP configuration.
clock - Displays the current date and time.
config[uration] - Displays the configuration of the
system.
interfaces - Displays the interfaces information.
proc[ess] - Displays the active process
statistics.
route - Displays the current IP routing
table.
syslog [page] | include MatchString [MatchString]]
- Displays the system syslog
information.
ssh-version - Display the allow versions for ssh.
tech [page] - Show system information for
Tech-Support.
version - System hardware and software
status.
show auth-cli
show auth-http
show backupconfig
show bootlog
show cdp-neighbor
show cdp-run
show clock
show config
show domain-name
show interfaces
show process
show route
show ssh-version
show syslog
show tech
show version
 |
Note Many of the above commands are privilege level 15 |
To display the system date and time in Coordinated Universal Time (UTC), use the show clock command.
show clockThis command has no arguments or keywords.
Use the show clock command to display the system date and time. For more information about the system time, see the "Setting System Date and Time" section.
This command displays the system date and time:
# show clock
12:43:47 Jun 20 2001
clock
ntp server
To display the system domain name, use the show domain-name command.
show domain-nameThis command has no arguments or keywords.
This command displays the system domain name:
# show domain-name
cisco.com
To display information about the system network interface, use the show interfaces command.
show interfacesThis command has no arguments or keywords.
This command displays information about system network interfaces:
# show interfaces
eth0 Link encap:Ethernet HWaddr 00:02:B3:35:FD:CC
inet addr:209.165.200.224 Bcast:209.165.201.0 Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:80309 errors:0 dropped:0 overruns:0 frame:0
TX packets:22451 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:5 Base address:0xef00 Memory:d0c7e000-d0c7ec40
interface
To display information about processes running on the system, use the show process command.
show process [page]page | Displays command output one screen at a time. Press the Return key to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt. |
This command displays information about processes running on the system:
# show process page
PID PPID ELAPSED SZ STARTED TTY COMMAND
1 0 4-20:04:35 277 Fri Jun 15 16:54:03 2001 ? init
2 1 4-20:04:35 0 Fri Jun 15 16:54:03 2001 ? kflushd
3 1 4-20:04:35 0 Fri Jun 15 16:54:03 2001 ? kupdate
4 1 4-20:04:35 0 Fri Jun 15 16:54:03 2001 ? kpiod
5 1 4-20:04:35 0 Fri Jun 15 16:54:03 2001 ? kswapd
6 1 4-20:04:28 0 Fri Jun 15 16:54:10 2001 ? kreiserfsd
81 1 4-20:04:25 0 Fri Jun 15 16:54:13 2001 ? kreiserfsd
82 1 4-20:04:25 0 Fri Jun 15 16:54:13 2001 ? kreiserfsd
83 1 4-20:04:25 0 Fri Jun 15 16:54:13 2001 ? kreiserfsd
84 1 4-20:04:25 0 Fri Jun 15 16:54:13 2001 ? kreiserfsd
85 1 4-20:04:24 0 Fri Jun 15 16:54:14 2001 ? kreiserfsd
199 1 4-20:04:23 290 Fri Jun 15 16:54:15 2001 ? watchdog
213 1 4-20:04:23 342 Fri Jun 15 16:54:15 2001 ? idled
402 1 4-20:04:17 290 Fri Jun 15 16:54:21 2001 ? syslogd
411 1 4-20:04:17 360 Fri Jun 15 16:54:21 2001 ? klogd
517 1 4-20:04:15 327 Fri Jun 15 16:54:23 2001 ? crond
531 1 4-20:04:15 286 Fri Jun 15 16:54:23 2001 ? inetd
540 1 4-20:04:14 585 Fri Jun 15 16:54:24 2001 ? sshd
585 1 4-20:04:09 842 Fri Jun 15 16:54:29 2001 ? dmgtd.lnx
-----------more-----------
To display information about the current software on the system, use the show version command.
show versionThis command has no arguments or keywords.
This command displays the current software on the system:
# show version
Copyright (c) 1999-2000 by Cisco Systems, Inc.
Build Version (166) Mon Jun 11 16:56:23 PDT 2001
Uptime: 4 days 20 hours 6 mins
Linux/UID32 version 2.2.16-13bipsec.uid32 (gcc version egcs1
To display the network route to a specified host and identify faulty gateways, use the traceroute command.
traceroute ? | [-f first_ttl] [-m max_ttl] [-w waittime] host [packetlength]? | Displays help for the command |
-f | (Optional) Sets the time-to-live used in the first outgoing probe packet |
first_ttl | Time-to-live value of the first outgoing probe packe; the default is 1 hop |
-m | (Optional) Sets the maximum time-to-live (maximum number of hops) used in outgoing probe packets |
max_ttl | Maximum time-to-live for outgoing probe packets; the default is 30 hops |
-w | (Optional) Sets the time to wait for a response to a probe, in seconds |
waittime | Time to wait for a response to a probe, in seconds; the default is 5 |
host | Name or IP address of host to which to connect |
packetlength | (Optional) The length of the packet to send, in bytes; the default and minimum value is 40 |
Use the traceroute command to trace the network route to a specified host and identify faulty gateways. The command displays a list of the hosts that receive probe packets as they travel to the destination host, in the order that the receiving hosts receive the packets. Asterisks (*) appear as the list entry for hosts that do not respond to probing correctly.
This command displays the network route to the host otherhost with a packet time-to-live value of 2, a wait time of 5 seconds, and 50-byte packets:
# traceroute -m 20 -w 10 cisco.com 50
traceroute to example.com (209.165.200.224), 20 hops max, 50 byte packets
1 ex1.com (209.165.200.225) 0.981 ms 0.919 ms 0.926 ms
2 ex2.com (209.165.200.254) 1.528 ms 0.747 ms 0.661 ms
3 ex3.com (209.165.200.255) 0.887 ms 0.770 ms 0.744 ms
4 ex4.com (209.165.201.0) 0.932 ms 0.789 ms 0.679 ms
5 ex5.com (209.165.201.1) 1.066 ms 1.052 ms 0.983 ms
6 ex6.com (209.165.201.30) 1.472 ms 1.247 ms 1.847 ms
7 ex7.com(209.165.201.31) 1.738 ms 1.424 ms 1.658 ms
8 ex8.com (209.165.202.128) 3.728 ms 2.429 ms 2.804 ms
9 ex9.com (209.165.202.129) 6.283 ms 5.499 ms 3.285 ms
10 ex10.com (209.165.202.158) 9.926 ms 73.463 ms 3.895 ms
11 ex11.com (209.165.202.159) 70.967 ms * 47.106 ms
This section describes the privilege level 15 commands. Only users with privilege level 15 can run them.
Use the auth command to enable secure remote authentication.
auth {cli | http} {local | tacacs secret server1 [server2] | radius secret server1 [server2] | nt domain pdc [bdc]}cli | Enables authentication using the CLI |
http | Enables authentication using HTTP |
local | Enables local authentication |
tacacs | Enables authentication using the Terminal Access Controller Access Control System (TACACS) |
radius | Enables authentication using Remote Dial-In User Service (RADIUS) |
nt | Enables authentication from an NT domain controller |
secret | Shared secret code of server |
server1 | IP address or DNS name of server from which authentication will occur |
server2 | IP address or DNS name of optional secondary server from which authentication could occur |
domain | NT domain name |
pdc | Name of the Primary Domain Controller (PDC) |
bdc | Name of the Backup Domain Controller (BDC) |
This command enables secure remote authentication from a remote server, using TACACS.
auth http tacacs tr5e43 209.165.200.224
Use the backup command to backup the Cisco ESSE.
backup [test]test | Tests the configured backup hostname, username, password, and directory |
To backup the Cisco ESSE, use the backup command. To configure the backup location, use the backupconfig command.
The following command backs up the Cisco ESSE:
backup
backupconfig
listbackup
restore
show backupconfig
Use the backupconfig command to set the configuration for all backup and restore operations. To clear the backup and restore configuration information, use the no backupconfig command.
backupconfig {hostname} {username} {password} [directory]hostname | IP address of the host system |
username | Username of host system |
password | Password of the host system |
directory | Path to specific backup directory, if different from user's default directory |
To set the configuration for all backup and restore operations, use the backup command.
The following command will configure the backup and restore operations to backup to and restore from host 209.165.200.224, set the username to user1, and set the password to pass:
backupconfig 209.165.200.224 user1 pass
The following command clears all backup and restore configuration information:
no backupconfig
backup
listbackup
restore
show backupconfig
Use the cdp command to configure the Cisco Discovery Protocol
cdp {run [port] | timer seconds | holdtime seconds}run | start CDP |
timer | set CDP packets retransmission time |
holdtime | set CDP packet info hold time |
port | Ethernet port on which CDP will be enabled; acceptable values are eth0-15 |
seconds | amount of time, in seconds, that the system takes to either transmit the CDP packet information or to hold another system's CDP packet information |
Cisco Discovery Protocol (CDP) is a protocol by which one Cisco device can recognize, and be recognized by, another Cisco device. The run command starts the system sending out signals to the other systems. The timer command sets the amount of time, in seconds, that these signals are sent. The holdtime sets the amount of time a system will recognize another system without receiving a signal. For example, if your system's holdtime is set to 30 seconds, and another system that has already been recognized by yours does not send a signal within that 30 seconds, your system will cease to recognize it. If you are using the no cdp command, the timer and holdtime commands set their respective values to the default value.
This command sets the cdp packet's retransmission time at 10 seconds.
# cdp timer 10
This command sets the cdp packet's retransmission to its default time.
# no cdp timer
To set the system date and time, use the clock command.
clock {? | set hh:mm:ss month day year}? | Displays help for the command |
set | Sets the system clock |
hh:mm:ss | Current time (for example, 13:32:02) |
month | Current month; you can enter full month names or abbreviations that include at least the first 3 characters of the month name (for example, jan, feb, mar) |
day | Day of the month (for example, 1 to 31) |
year | Current year (for example, 2002) |
To set the date and time, use the set option.
If you configure the system to use Network Time Protocol (NTP), you do not need to set the system clock manually using the clock command.When setting the clock, enter the current time in Coordinated Universal Time (UTC).
For more information about the system time, see the "Setting System Date and Time" section.
This command sets the date and time:
# clock set 13:32:00 apr 22 2000
ntp server
show clock
To erase the configuration in Flash memory and reload the device, use the erase config command.
erase configThis command has no arguments or keywords.
Use this command to erase the configuration in Flash memory and reload the device.
When you enter the command, you are prompted for confirmation. Enter yes to confirm, or press Enter to accept the default response no.
 |
Caution When you confirm this command, the system configuration is erased and the system reboots automatically. The system will not operate until you reconfigure it. |
When the system reboots, you must reconfigure it with the setup program. For information about using the setup program, see "Installing and Configuring the Cisco ESSE."
|
Note When the system erases the configuration, it is disconnected from the network because the network interface configuration is erased. To continue working on the system you must use the system console. |
This command erases the system configuration:
# erase config
This will erase your configuration, return device t
o factory defaults, and reload the device
Do you want to continue?[no]:yes
To implement port filtering on the Cisco ESSE, use the firewall command.
firewall port [public | private] | [icmp telnet ssh snmp https 1741]eth <0-5> | Port to be configured; acceptable values are eth0-5 |
public | Denies access via ICMP, Telnet, SNMP, and the HTTP 1741 port |
private | Denies no access |
icmp | Denies Internet Control Message Protocol (ICMP) ping messages |
telnet | Denies incoming Telnet connections |
ssh | Denies incoming SSH connections |
snmp | Denies incoming SNMP requests |
https | Denies all connections to the SSL HTTP port |
1741 | Denies all connections to the HTTP 1741 port |
Use the firewall command to implement port filtering on the Cisco ESSE. To configure an Ethernet port for secured public access, use the public option. To configure an Ethernet port for local access, via a LAN or VLAN, use the private option. To disable ICMP, Telnet, SSH, SNMP, HTTPS, or to deny connections to the SSL HTTP port or the HTTP 1741 port, use its corresponding option.
The following is an example of a secure Ethernet port configuration:
firewall eth0 public ssh 1741
firewall eth1 private
Use the gethostbyname command to display the IP address of a known domain name.
gethostbyname hosthost | Domain name of host |
This command displays the IP address of example.com.
# gethostbyname example.com
209.165.200.224
To change the system hostname, use the hostname command.
hostname ? | name? | Displays help for the command |
name | New hostname for the Cisco ESSE; the name is case sensitive and can be from 1 to 22 alphanumeric characters |
The following example changes the hostname to sandbox:
# hostname sandbox
To allow the Cisco ESSE to function without a DNS server, use the import command.
import ? | {host hostname ipaddress} | {hosts ftp-host username password path}? | Displays help for the command |
host | Maps one IP address to a hostname |
hostname | Hostname to map IP address to |
hosts | Imports host files from ftp accessible host |
ipaddress | IP address to map Hostname to |
password | Password used to access ftp accessible host |
path | Path to ftp accessible host |
ftp-host | IP address of ftp accessible host |
username | username use to access ftp accessible host |
The import command allows the Cisco ESSE to function without a DNS server by importing the necessary host files. To map a single hostname to an IP address, use the host option. To import host files from an external, FTP-accessible, server, use the hosts option.
This command imports host files from the ftp accessible server ftpserver_1. the FTP server Ftpserver_1 has the username admin, the password pass, and the path /ftpserver_1/hosts.
import hosts ftpserver_1 admin pass /ftpserver_1/hosts
To configure an Ethernet interface, use the interface command.
interface ? | port {[up | down] | ipaddress netmask [default-gateway address] [up | down]}? | Displays help for the command |
eth <0-5> | Name of the interface port to be configured; acceptable values are eth0-5. |
up | Enables the interface (the default) |
| If you include the ipaddress parameter and want to enable the interface in the same command, either enter the up parameter after ipaddress and its required parameters, or do not specify the up or down parameters (up is the default) |
down | Disables the interface |
| If you include the ipaddress parameter and want to disable the interface in the same command, enter the down parameter after ipaddress and its required parameters |
ipaddress | The IP address of the interface |
netmask | The netmask of the interface IP address |
default-gateway | Changes the IP address of the default gateway that connects the Cisco ESSE to the network |
address | The gateway IP address |
When you enter the interface command, the interface that you specify is enabled by default. If you want to disable an enabled interface or leave a disabled interface disabled, you must specify the down option.
Use the interface command to configure an Ethernet interface.
If you change the IP address or hostname, follow these steps to ensure that applications using the system can connect to it correctly:
Step 1 Stop and restart management services by entering:
# services stop
# services start
Step 2 Verify that management applications that use the system can still connect to it.
Step 3 Reconnect any applications that cannot connect to it using the system's new IP address or hostname.
This command disables the Ethernet 1interface:
# interface eth1 down
This command sets the Ethernet 0 IP address, netmask, and gateway IP address:
# interface eth0 209.165.200.224 255.255.255.224 default-gateway 209.165.201.31 up
To define a default domain name, use the ip domain-name command. To remove the default domain name, use the no form of the command.
ip ? | domain-name name? | Displays help for the ip command |
name | Domain name (e.g. cisco.com) |
Use this command to define a default domain name.
A default domain name allows the system to resolve any unqualified host names. Any IP hostname that does not contain a domain name will have the configured domain name appended to it. This appended name is resolved by the DNS server and then added to the host table. A DNS server must be configured on the system for hostname resolution to work correctly. To do this, use the ip name-server command.
This command defines the default domain name cisco.com:
# ip domain-name cisco.com
This command removes the default domain name:
# no ip domain-name
ip name-server
To specify the address of up to three name servers for name and address resolution, use the ip name-server command. To disable a name server, use the no form of the command.
ip ? | name-server ip-address? | Displays help for the ip command |
ip-address | Name server IP address (maximum of 3) |
For proper resolution of hostname to IP address or IP address to hostname, the Cisco ESSE uses DNS servers. Use the ip name-server command to point the system to a specific DNS server. You may configure up to three servers.
If you attempt to configure a fourth name server, the following error message appears:
# Name-server table is full.
The system must have a functional DNS server configured to function correctly. If it does not, in most cases it will not correctly process requests from management applications that use it. If the system cannot obtain DNS services from the network, Telnet connections to the system will fail or Telnet interaction with the system will become extremely slow. For more information, refer to the "Cannot Connect to System with Telnet, or Telnet Interaction Is Slow" section.
This command assigns a name server for the system to use for DNS name to address resolution:
# ip name-server 209.165.200.224
This command disables the name server; the system will not use it for name to address resolution:
# no ip name-server 209.165.200.224
ip domain-name
Use the listbackup command to list all current backups at the configured site.
listbackupThis command has no arguments or keywords.
The following command lists all current backups at the configured site:
listbackup
ex1_06042001_170640: Hostname: ex1 Date: 06042001 time: 1700
ex1_06052001_124543: Hostname: ex1 Date: 06052001 time: 1243
ex1_06052001_155148: Hostname: ex1 Date: 06052001 time: 1558
ex1_06202001_145704: Hostname: ex1 Date: 06202001 time: 1454
backup
backupconfig
restore
show backupconfig
To translate a DNS name to its IP address or an IP address to its DNS name, use the nslookup command.
nslookup {? | {dns-name | ip-address}}? | Displays help for the command |
dns-name | DNS name of a host on the network |
ip-address | IP address of a host on the network |
The following command translates the DNS name hostname to its IP address:
# nslookup hostname
Server: dns.ex1.com
Address: 209.165.200.224
Name: ex1.com
Address: 209.165.201.0
To configure the Network Time Protocol (NTP) and allow the system clock to be synchronized by a time server, use the ntp server command. To disable this function, use the no form of this command.
ntp server ? | ip-address? | Displays help for the command |
ip-address | IP address of the NTP time server providing clock synchronization |
Use the ntp server command to synchronize the system clock with the specified NTP server. If you configure multiple NTP servers, the system will synchronize with the first working NTP server it finds. There is no limit to the number of NTP servers that you can configure.
The ntp server command validates the NTP server that you specify. The possible results are:
# 19 Jan 00:43:48 ntpdate[1437]: step time server 209.165.200.224 offset 999.257304
# 19 Jan 00:43:40 ntpdate[1431]: no server suitable for synchronization found
# 19 Jan 00:43:58 ntpdate[1265]: Can't adjust the time of day: Invalid argument.
Follow these steps to remove the command and configure NTP correctly:
Step 1 Remove the ntp server command from the configuration by entering the no form of the command. For example:
# no ntp server ip-address
Where ip-address is the IP address of the NTP server.
Step 2 Set the system clock to a time that is behind the time on the NTP server using the clock set command. For more information about the clock command, see the "clock" section.
Step 3 Enter the ntp server command again to configure the NTP server on the system. For example:
# ntp server ip-address
This command configures the system to use an NTP server:
# ntp server 209.165.201.0
This command configures the system to stop using the NTP server:
# no ntp server 209.165.201.0
clock
To reboot the system, use the reload command.
reload [?]? | Displays help for the command |
Use the reload command to reboot the system.
You are prompted to verify the reload. Enter yes to confirm or no to cancel the reload.
|
Caution All processes running on the system stop when you run the reload command. The Cisco ESSE will not respond while it is reloading. |
This command reboots the system:
# reload
shutdown
Use the restore command to restore a backed up configuration of the Cisco ESSE.
restore {restore name}restore name | Name of backup to be used to restore the Cisco ESSE |
To restore a configuration, use the restore command. If you use the restore command all current domains, roles, users, and discovery configuration information will be erased.
|
Note The system will automatically reboot after a user runs the restore command from either the CLI or the GUI. |
The following command will restore a backed up configuration:
restore backup1
backup
backupconfig
listbackup
show backupconfig
To enable root access, use the rootenable command.
rootenableTo disable root access, use the no rootenable command.
no rootenableThis command has no arguments or keywords.
To enable root access, enter the command rootenable. The Cisco ESSE will prompt you for a password, and will ask for a confirmation of that password. Root access is the highest level of access available and is intended for troubleshooting only. Where privilege level 15 allows you access to all CLI commands, root access allows you access to the entire machine. Root access is available to only one user, and is by default set to off. For those users who will need it, an administrator (privilege level 15) can enable it by entering the command rootenable; the system will then prompt you for the password twice.
To use root access, log off and log back on at the console with the root access password. If you forget the password, enter the command erase config. This will completely erase your current configuration, and allow you to create a new password. If you leave root access idle for 20 minutes, you are automatically logged off.
|
Caution Root access is intended for troubleshooting purposes only. Do not use this function to add additional software. Doing so could severely hamper the performance of the appliance and void your support contract. |
This command enables root access:
# rootenable
To add a route through a gateway device, use the route command. To delete a route, use the no version of the command.
route {network address} netmask {network netmask} gateway {gateway address}netmask | Sets value of the network netmask |
gateway | Sets the IP address of the router or gateway |
network address | IP address of the network |
network netmask | Value of the network netmask |
gateway address | IP address of router or gateway |
The following command adds a route:
route 209.165.201.0 netmask 255.255.255.224 gateway 209.165.200.224
The following command deletes the above route:
no route 209.165.201.0 netmask 255.255.255.224
To list, start, or stop the management services running on the system, use the services command.
services [status | start | stop]status | Displays the management services status |
start | Starts the management services |
stop | Stops the management services |
Use this command to start, stop, or view status of the management services running on the system.
Management services are the software installed on the system by network management applications. Use this command to stop and restart the management services if the system is not responding correctly to a management application. This should cause the services to reset and function properly again.
This command stops management services:
# services stop
This command starts management services:
# services start
This command shows services status:
# services status
Process= HSECollector
State = Running but busy flag set
Pid = 588
RC = 0
Signo = 0
Start = 06/15/01 16:54:32
Stop = Not applicable
Core = Not applicable
Info = HSECollector started.
Process= HSEANIServer
State = Running but busy flag set
Pid = 589
RC = 0
Signo = 0
Start = 06/15/01 16:54:32
-----------more-----------
show process
To display the type of authentication used for secure CLI access, use the show auth-cli command.
show auth-cliThis command has no arguments or keywords.
This command and response shows that the Cisco ESSE's local authentication is being used for the CLI:
# show auth-cli
local
To display the type of authentication used for secure HTTP access, use the show auth-http command.
show auth-httpThis command has no arguments or keywords.
This command and response shows that the Cisco ESSE's local authentication is being used for the CLI:
# show auth-http
local
Use the show backupconfig command to display the current backup and restore configuration.
This command has no arguments or keywords.
To display the current backup and restore configuration, use the show backupconfig command. If the backup configuration has not been set, the host and username fields display NONE.
The following command displays the current backup and restore configuration:
# show backupconfig
Hostname: 209.165.201.0
Username: user1
backup
backupconfig
listbackup
restore
To display the messages logged during the last system boot, use the show bootlog command.
show bootlog [page]page | Displays command output one screen at a time. Press the Return key to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt. |
This command displays the messages logged during the last system boot:
# show bootlog page
Linux/UID32 version 2.2.16-13bipsec.uid32 (gcc version egcs1
Console: colour VGA+ 80x25
Calibrating delay loop... 1133.77 BogoMIPS
start low memory: 0xc0001000 i386_endbase: 0xc009f000
addresses range:: 0xc0f00000 0xc1000000
start memory: c04f8000 end_memory: d0000000
Memory: 257688k/262144k available (988k kernel code, 416k reserved, 2992k data,)
Dentry hash table entries: 262144 (order 9, 2048k)
Buffer cache hash table entries: 262144 (order 8, 1024k)
Page cache hash table entries: 65536 (order 6, 256k)
vmdump: setting dump_execute() as dump_function_ptr ...
VFS: Diskquotas version dquot_6.4.0 initialized
CPU: Intel Pentium III (Coppermine) stepping 06
Checking 386/387 coupling... OK, FPU using exception 16 error reporting.
Checking 'hlt' instruction... OK.
POSIX conformance testing by UNIFIX
mtrr: v1.35a (19990819) Richard Gooch (rgooch@atnf.csiro.au)
PCI: PCI BIOS revision 2.10 entry at 0xfda95
PCI: Using configuration type 1
-----------more-----------
reload
To display the Cisco ESSE nearest neighbor on the network, use the show cdp-neighbor command.
show cdp-neighborThis command has no arguments or keywords.
This command shows the nearest neighbor on the network.
# show cdp-neighbor
cdp neighbor device: Switch
device type: cisco WS-C2924-XL
port: FastEthernet0/12
address: 209.165.201.0
To display the Cisco Discovery Protocol (CDP) configuration, use the show cdp-run command.
show cdp-runThis command has no arguments or keywords.
This command displays the CDP configuration:
# show cdp-run
CDP protocol is enabled ...
broadcasting interval is every 60 seconds.
time-to-live of cdp packets is 180 seconds.
CDP is enabled on port eth0.
To display the system configuration, use the show config command.
show configThis command has no arguments or keywords.
This command displays the system configuration:
# show config
hostname ex1
interface ethernet0 209.165.201.0 255.255.255.224 default-gateway 209.165.202.128
interface ethernet1 down
interface ethernet2 down
interface ethernet3 down
interface ethernet4 down
interface ethernet5 down
ip domain-name embu-doc
ip name-server 209.165.202.158
username admin epassword ************* privilege 15
To display an imported host file, use the show import command.
show import hostshosts | Name of server that host files were imported from |
This command displays the imported host file
show import ftpserver_1
To display the routes currently configured, use the show route command.
show routeThis command has no arguments or keywords.
This command displays the currently configured routes
# show route
Destination Gateway Genmask Flags Metric Ref Use Iface
209.165.200.224 0.0.0.0 255.255.255.224 UH 0 0 0 eth0
209.165.200.225 0.0.0.0 255.255.255.224 U 0 0 0 eth0
209.165.200.254 0.0.0.0 255.255.255.224 U 0 0 0 lo
209.165.202.128 0.0.0.0 255.255.255.224 UG 0 0 0 eth0
To display the type of SSH enabled, use the ssh-version command.
show ssh-versionThis command has no arguments or keywords.
This command displays the type of SSH that is enabled:
# show ssh-version
SSH1, SSH2
To display syslog information, use the show syslog command.
show syslog [page] [include matchstring1 [matchstring2]]page | Displays command output one screen at a time. Press the Return key to display the next output screen. Press Ctrl-c to exit paged output and return to the command prompt |
include | Filters the command output to display only the records that contain the specified string of characters |
matchstring | String of characters to search for in the command output |
matchstring2 | (Optional) Another string of characters to search for in the command output |
Use this command to display syslog information.
To filter the command output to include only the records that contain the specified string(s) of characters, use the include option with one or two character strings to search for. If you include two strings, the command outputs only those records that contain both character strings.
This command displays syslog information:
# show syslog
Jun 20 16:04:23 embu-doc-hse syslogd 1.3-3: restart.
Jun 20 16:04:23 embu-doc-hse syslog: syslogd startup succeeded
Jun 20 16:04:23 embu-doc-hse kernel: klogd 1.3-3, log source = /proc/kmsg start.
Jun 20 16:04:23 embu-doc-hse kernel: Inspecting /boot/System.map-2.2.16-13bipse2
Jun 20 16:04:23 embu-doc-hse syslog: klogd startup succeeded
-----------more-----------
interface
To display information necessary for Cisco's Technical Assistance Center to assist you, use the show tech command.
show tech [page]page | Displays command output one screen at a time. Press the Return key to display the next output screen. Press Ctrl-C to exit paged output and return to the command prompt. |
This command displays system information necessary for Cisco's Technical Assistance Center to assist you.
# show tech page
/bin/cat: /var/log/secure: Permission denied
Copyright (c) 1999-2000 by Cisco Systems, Inc.
Build Version (166) Mon Jun 11 16:56:23 PDT 2001
Linux/UID32 version 2.2.16-13bipsec.uid32 (gcc version egcs1
Uptime: 0 days 18 hours 35 mins
2 Ethernet interfaces
hostname embu-doc-hse
interface ethernet0 209.165.200.224 255.255.255.224 default-gateway 209.165.202.128
ip name-server 209.165.201.0
username admin epassword ************* privilege 15
eth0 Link encap:Ethernet HWaddr 00:02:B3:35:FD:CC
inet addr:209.165.200.224 Bcast:209.165.201.31 Mask:255.255.255.224
-----------more-----------
To shut down the system in preparation for powering it off, use the shutdown command.
shutdown [?]? | Displays help for the command |
Use this command to shut down the Cisco ESSE in preparation for powering it down. All processes running on the Cisco ESSE will stop, and it will not respond until you power it down and back up.
You are prompted to verify the shutdown. Enter yes to continue, or no to cancel the shutdown.
|
Caution Never power the system off without running the shutdown command first. Doing so can destroy data and prevent the system from booting. |
This command shuts down the system:
# shutdown
reload
To configure an simple network management protocol (SNMP) agent, use the snmp-server command.
snmp-server {community community-name [RO|RW] | location sysLocation-info | contact sysContact-info}community | sets the community strings that permit access to the SNMP |
community-name | the community name string |
RO | read only |
RW | read / write. |
location | sets the system location string |
sysLocation-info | the location string |
contact | sets the contact string |
sysContact-info | the contact string |
This command sets an SNMP contact string:
# snmp-server contact Dial System Operator at Beeper # 27345
Use the ssh-version command to enable Secure Shell (SSH) 1, SSH 2, or both SSH 1 and SSH 2.
ssh-version {ssh1 | ssh2 | both}ssh1 | Enables SSH 1 |
ssh2 | Enables SSH 2 |
both | Enables both SSH 1 and SSH2 |
This command enables ssh1:
ssh-version ssh1
To configure Telnet access, use the telnetenable command.
telnetenable {enable [ip-addresses | domains] | disable | status}enable | Enables Telnet access to the system |
disable | Disables Telnet access to the system |
status | Displays current access status |
ip-addresses | IP addresses of systems allowed Telnet access; if this argument is used, no other machines will be allowed access; multiple IP address are allowed. |
domains | Domains of systems allowed Telnet access; if this argument is used, machines with domains other than the specified domain will be denied Telnet access. Multiple domains are allowed. |
The default is disable.
To enable Telnet access to the system for all IP source addresses, use the telnetenable enable command alone. To enable specific IP addresses, use the telnetenable enable command followed by the IP addresses.
This command enables Telnet for all IP source addresses:
# telnetenable enable
To create a new user account or change an account's properties, use the username command. Use the no form of the command to remove a user account.
username ? | name password password [privilege {0 | 15}]? | Displays help for the command |
name | Name of the user account to create or remove |
password | Specifies a password for the account |
password | The password for the account |
privilege | (Optional) Specifies the account privilege level |
0 | Gives the account level 0 privileges. This is the default |
15 | Gives the account level 15 privileges |
Use the username command to change the properties of a user account. To assign a user CLI privilege level 15, use the username command. You cannot assign CLI privilege level 15 through the web interface. Use the no form of the command to remove a user account. The default privilege level is 0 if you do not provide the privilege option.
For more information about managing user accounts and privilege levels, refer to the "Administering User Accounts" section.
This command creates a user account named user1 with password password1 and privilege level 15:
# username user1 password password1 privilege 15
This command removes the user account:
# no username user1
This section describes the commands that are available when the system is booted from the maintenance image. For more information about the maintenance image, refer to the "Using the Maintenance Image" section.
This command is identical to the level 15 erase config command. For a description, see the "erase config" section.
To check and repair the filesystem, use the fsck command.
fsckThis command has no arguments or keywords.
Use the fsck command to check and repair the filesystem. The command might prompt you for confirmation before making certain repairs.
The following command checks and repairs the filesystem:
#fsck
This command is identical to the level 15 reload command. For a description, see the "reload" section.
Posted: Wed Sep 4 22:20:23 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.