cc/td/doc/product/rtrmgmt/bac/bac30
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table Of Contents

System Commands

aaa authentication

disable

enable

enable password

exit

help

password

show

tacacs-server host

no tacacs-server host

tacacs-server retries

tacacs-server timeout

uptime


System Commands

This chapter describes the command line interface (CLI) commands that you use to manage and monitor aspects of the Broadband Access Center (BAC) Device Provisioning Engine (DPE).

The system commands that affect the entire DPE are:

aaa authentication

disable

enable

enable password

exit

help

password

show

show clock

show commands

show cpu

show disk

show files

show ip route

show ip

show memory

show running-config

show version

tacacs-server host

no tacacs-server host

tacacs-server retries

tacacs-server timeout

uptime

aaa authentication

Use this command to configure the CLI to perform local user (login) authentication, or remote TACACS+ user authentication. This setting applies to all Telnet and console CLI interfaces.

TACACS+ is a TCP-based protocol that supports centralized access control for large numbers of network devices and user authentication for the DPE CLI. Through the use of TACACS+, a DPE supports multiple users, with each username, and the login and enable passwords configured at the TACACS+ server.

Syntax Description

aaa authentication mode

mode specifies either:

local—In this mode, user authentication is enabled via a local login.

tacacs—In this mode, the CLI sequentially attempts a TACACS+ exchange with each server in the TACACS+ server list. The attempts continue for a specified number of retries. If the end of the server list is reached before a successful protocol exchange occurs, the local authentication mode is automatically entered. In this manner, you can gain access to the CLI even if the TACACS+ service is completely unavailable.

Note TACACS+ authentication prompts you for your TACACS+ configured username and password; local authentication, however, prompts only for the local configured password.

Defaults

The CLI user's login authentication is, by default, enabled in the local mode.

Examples

dpe# aaa authentication tacacs
% OK

disable

Use this command to exit from the enabled mode on the DPE. Once the disable mode is activated, only those commands that allow viewing the system configuration are available on the CLI.

Note Use this command only when the DPE CLI is in the enable mode.

Syntax Description

No keywords or arguments.

Examples

dpe# disable
dpe>

enable

Use this command to enter the DPE in the enabled mode. Viewing system configuration does not require the enabled mode; however, only in the enabled mode can you change system configuration, state, and data.

After entering the command, you are prompted to enter the local, configured, enable password. For information on setting the password for the enable mode, see enable password.

Syntax Description

No keywords or arguments.

Examples

dpe> enable
Password:
dpe#

enable password

Use this command to change the local password for accessing the DPE in the enabled mode. You can change the enable password only in the enabled mode.

Once the password is changed, all users who, from that point onward, attempt to enter into the enabled mode are required to use the new password.

Note This command does not change the login password; it only changes the local enable password.

Syntax Description

When entering the enable password command, you can provide the password on the command line or when prompted.

enable password password

password—Specifies the local configured password currently in effect or, optionally, provides a new password. If this parameter is omitted, you are prompted for the password.

Examples

Note In these examples, please note the different password messages that might appear.

Example 1

dpe# enable password
New enable password:
Retype new enable password:
Password changed successfully.

This result occurs when you are prompted to enter the password, and the password is changed successfully.

Example 2

dpe# enable password
New enable password:
Retype new enable password:
Sorry, passwords do not match.

This result occurs when the password is entered incorrectly.

Example 3

dpe# enable password cisco
Password changed successfully

This result occurs when you enter the password without being prompted, and the password is changed successfully.

exit

Use this command to close a Telnet connection to the DPE and return to the login prompt. After running this command, a message indicates that the Telnet connection has been closed.

Syntax Description

No keywords or arguments.

Examples

dpe# exit
% Connection closed.

help

Use this command to display a help screen to assist you in using the DPE CLI. If you need help on a particular command, or to list all available commands, enter command ? or ?, respectively.

After entering the command, a screen prompt appears to explain how you can use the help function.

Command Types

Two types of help are provided:

1. Full help is available when you are ready to enter a command argument, such as show ?, and describes each possible argument.

2. Partial help is provided when you enter an abbreviated argument and want to know what arguments match the input; for example, show c?.

Syntax Description

No keywords or arguments.

Examples

Note In these examples, please note the different help messages that might appear.

Example 1

dpe# help
Help may be requested at any point in a command by entering a question mark '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Two styles of help are provided:
1. Full help is available when you are ready to enter a command argument (e.g. "show ?") and describes each possible argument.
2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. "show c?").

This result occurs when you use the help command.

Example 2

dpe# show ?
bundles Shows the archived bundles.
clock Shows the current system time.
commands Shows the full command hierarchy.
cpu Shows the current CPU usage.
device-config Show device configuration.
disk Shows the current disk usage.
dpe Shows the status of the DPE process if started.
files Shows files in DPE cache.
hostname Shows the system hostname.
ip Shows IP configuration details.
log Shows recent log entries.
memory Shows the current memory usage.
running-config Shows the appliance configuration.
version Shows DPE version.

This result occurs when you invoke the full help function for a command; in this instance, show ?.

Example 3

dpe# show c?
clock commands cpu
dpe# show clock
Sat Jul 15 01:43:19 EDT 2006

This result occurs when you invoke the partial help function for arguments of a command; in this instance, show clock.

password

Use this command to change the local system password, which you use to access the DPE and is different from the one used to access the enabled mode on the DPE. The system password is changed automatically for future logins by using the administrator account.

Note The changes that you introduce through this command take effect for new users, but users who are currently logged on are not disconnected.
If TACACS+ user authentication is used, the local system password is used only if the DPE is unable to communicate with a TACACS+ server.

Syntax Description

password password

password—Identifies the new DPE password.

Examples

Example 1

dpe# password
New password:
Retype new password:
Password changed successfully.

This result occurs when you are prompted for the password, and the password is changed successfully.

Example 2

dpe# password
New password:
Retype new password:
Sorry, passwords do not match.

This result occurs when the password is entered incorrectly.

Example 3

dpe# password cisco
Password changed successfully.

This result occurs when the password is changed (using an approach easier for scripting).

show

Use the show command to view information related to specific DPE functions. Table 2-1 lists the various keywords that you can use in conjunction with the show command.

Table 2-1 List of show Commands 

Command Usage
Syntax Description
Returned Values and Examples

show clock

Shows the current system time and date

No keywords or arguments.

dpe# show clock

Mon Jun 16 04:21:25 EDT 2006

show commands

Depending on the connection mode in use (enabled or disabled), displays all available DPE commands.

No keywords or arguments.

Example 1

dpe> show commands
> enable
> exit
> help
> show bundles
> show clock
> show commands
> show cpu
> show disk
> show dpe
> show dpe config
> show files
> show hostname
> show ip
> show ip route
> show log
> show log last <1..9999>
> show memory
> show running-config
> show version
> uptime

This result occurs in the disabled mode.

Note The output presented in these examples is trimmed.

Example 2

dpe# show commands
> aaa authentication local
> aaa authentication tacacs
> clear bundles
> clear cache
> debug dpe cache
> debug dpe connection
> debug dpe dpe-server
> debug dpe statistics
> debug on
> debug service cwmp 1 client-auth-all
> debug service cwmp 1 client-auth-failures
> debug service cwmp 1 extension
> debug service cwmp 1 firmware
[more]

This result occurs in the enabled mode.

show cpu

Identifies CPU usage for the device on which the DPE is running. After the command is entered, CPU activities and statistics appear.

No keywords or arguments.

When you enter show cpu, the DPE returns per-processor statistics, as defined for the following headers, in tabular form:

Note Unless otherwise noted, all values are events per second.

CPU—Processor ID.

minf—Minor faults.

mjf—Major faults.

xcal—Inter-processor cross-calls.

intr—Interrupts.

ithr—Interrupts as threads (not counting clock interrupt).

csw—Context switches.

icsw—Involuntary context switches.

migr—Thread migrations (to another processor).

smtx—Spins on mutexes.

srw—Spins on readers' or writers' lock.

syscl—System calls.

usr—User time (percent).

sys—System time (percent).

wt—Wait time (percent).

idl—Idle time (percent).

show disk

Identifies the disk that the DPE is currently using. Once the command is entered, the disk drive statistics appear.

No keywords or arguments.

When you enter show disk, the DPE returns values for the following headers:

Filesystem—Indicates path of the file system.

Size—Indicates size of the file system (Kb).

Used—Indicates used disk space (Kb).

Avail—Indicates available disk space (Kb).

Capacity—Indicates capacity of the disk (percent).

Mounted on—Indicates the resources on which the filesystem is mounted. Resources are usually directories.

show files

Identifies the external files cached at the DPE.

No keywords or arguments

dpe# show files
The list of files currently in DPE cache
filename size
sample-firmware-image.bin 4239368
DPE caching 1 external files.
Listing the first 1 files, 0 files omitted

show hostname

Displays the DPE hostname

No keywords or arguments.
dpe# show hostname
hostname = BAC_host

show ip

Shows the current general IP settings of the DPE. These are the settings used when the DPE is rebooted.

No keywords or arguments.

dpe# show ip
hostname = BAC_host
domainname = abc.com
gateway = 10.10.20.10

show ip route

Shows the IP routing table of the DPE, including any custom routes. The default gateway is indicated by the G flag in the flags column.

No keywords or arguments.

When you enter show ip route, the DPE returns the routing table with values for the following headers:

Destination—Indicates the destination network or destination host.

Mask—Indicates the subnet mask associated with the route.

Gateway—Indicates the address of the outgoing interface.

Device—Indicates the network interfaces used for the route.

Mxfrg—Indicates the Path Maximum Transfer Unit.

Rtt—Indicates the time (in minutes) remaining before the route expires.

Ref—Indicates the current number of active uses for the route.

Flg—Indicates the state of the route, which could be:

U—Up.

H—To a host rather than to a network.

G—To a gateway.

Out—Identifies the number of packets sent out from this interface or route.

In/Fwd—Identifies the number of packets received through this interface or route.

show memory

Identifies how much current memory and swap space are available on the device running the DPE.

No keywords or arguments.

When you enter show memory, the DPE returns values for the following headers:

kthr—Indicates the number of kernel threads in each of the three following states:

r—Run queue.

b—Processes blocked while waiting for I/O.

w—Idle processes that have been swapped.

memory—Indicates usage of virtual and real memory. This could be:

swap—Free, unreserved swap space (Kb).

free—Free memory (Kb).

page—Indicates page faults and paging activity (units per second).

re—Displays pages reclaimed from the free list.

mf—Displays minor faults.

pi—Displays pages in memory (Kb/s).

po—Displays pages out of memory (Kb/s).

fr—Displays activity of the page scanner that has been freed (Kb/s).

de—Displays pages freed after writes (Kb/s).

sr—Displays the number of pages that have been scanned (pages).

disk—Indicates the number of disk operations per second. The S columns represent different disks on the system.

faults—Indicates the trap or interrupt rates (per second).

/in: Interrupts

sy: System calls

cs: Context switches

cpu—Indicates the usage of CPU time.

us—User time (percent)

sy—System time (percent)

id—Idle time (percent)

show running-config

Displays the current configuration of the DPE. All the configuration options appear by using the actual commands which set the options.

No keywords or arguments.

dpe# show running-config
dpe port 49186
dpe rdu-server server_x.cisco.com 49187
service cwmp 1 client-auth digest
service cwmp 1 enabled true
service cwmp 1 port 7547
service cwmp 1 ssl cipher all-cipher-suites

Note The output presented in this example is trimmed.

show version

Identifies the current version of DPE software.

No keywords or arguments.

dpe# show version
Version: BAC 3.0 (bac_30_S_000000000000)


tacacs-server host

Use this command to add a TACACS+ server to the end of the TACACS+ client's list of TACACS+ servers. When TACACS+ authentication is enabled, the client attempts user login authentication to each server sequentially in the list until a successful authentication exchange is executed, or the list is exhausted. If the list is exhausted, the client automatically falls back into the local authentication mode (using the local system password).

Optionally, an encryption key can be specified for each TACACS+ server. If this encryption key is used, it must match the key configured at the specified TACACS+ server. Omitting the encryption key disables TACACS+ encryption.

To remove a TACACS+ server from the list of TACACS+ servers in the CLI, use the no form of this command. For more information, see no tacacs-server host.

Syntax Description

tacacs-server host host [key encryption-key]

host—Specifies either the IP address or the hostname of the TACACS+ server.

encryption-key—Identifies the actual encryption key.

Examples

Example 1

This example adds a TACACS+ server, by using its IP address (10.0.1.1), but without encryption.

dpe# tacacs-server host 10.0.1.1
% OK

Example 2

This example adds a TACACS+ server, by using its IP address (10.0.1.1) with an encryption key (hg667YHHj).

dpe# tacacs-server host 10.0.1.1 key hg667YHHj
% OK

Example 3

This example adds a TACACS+ server, by using its hostname (tacacs1.cisco.com), but without encryption.

dpe# tacacs-server host tacacs1.cisco.com
% OK

Example 4

This example adds a TACACS+ server, by using its hostname (tacacs1.cisco.com) with an encryption key (hg667YHHj).

dpe# tacacs-server host tacacs1.cisco.com key hg667YHHj
% OK

no tacacs-server host

Use this command to remove a TACACS+ server from the list of TACACS+ servers in the CLI.

Syntax Description

no tacacs-server host host

host—Specifies the IP address or the hostname of the TACACS+ server.

Examples

Example 1

This example removes a TACACS+ server by using its IP address.

dpe# no tacacs-server host 10.0.1.1
% OK

Example 2

This example removes a TACACS+ server by using its hostname.

dpe# no tacacs-server host tacacs1.abc.com
% OK

tacacs-server retries

Use this command to set the number of times the TACACS+ protocol exchanges are retried before the TACACS+ client considers a specific TACACS+ server unreachable. When this limit is reached, the TACACS+ client moves to the next server in its TACACS+ server list, or falls back into local authentication mode if the TACACS+ list has been exhausted.

Syntax Description

tacacs-server retries value

value—Specifies a dimensionless number within the range of 1 and 100 inclusive.

Note This value applies to all TACACS+ servers.

Defaults

The number of times the TACACS+ protocol exchanges is retried before the TACACS+ client considers a specific TACACS+ server unreachable is, by default, set to 2.

Examples

dpe# tacacs-server retries 10
% OK

tacacs-server timeout

Use this command to set the maximum time that the TACACS+ client waits for a TACACS+ server response before it considers the protocol exchange to have failed.

Syntax Description

tacacs-server timeout value

value—Specifies the duration that the CLI waits. This value must be within the range of 1 to 300 seconds.

Note This value applies to all TACACS servers.

Defaults

The maximum time that the CLI waits for a TACACS+ server response before it times out is, by default, 5 seconds.

Examples

dpe# tacacs-server timeout 10
% OK

uptime

Use this command to identify how long the system has been operational. This information is useful when determining how frequently the device is rebooted. It is also helpful when checking the reliability of the DPE when it is in a stable condition.

Syntax Description

No keywords or arguments.

Examples

dpe# uptime
11:42pm up 72 day(s), 8:02, 1 user, load average: 0.00, 0.02, 0.02

hometocprevnextglossaryfeedbacksearchhelp

Posted: Thu Aug 31 21:34:02 PDT 2006
All contents are Copyright © 1992--2006 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.