|
Table Of Contents
System Commands
This chapter describes the command line interface (CLI) commands that you use to manage and monitor aspects of the Broadband Access Center (BAC) Device Provisioning Engine (DPE).
The system commands that affect the entire DPE are:
• disable
• enable
• exit
• help
• password
• show
– show cpu
– show ip
• uptime
aaa authentication
Use this command to configure the CLI to perform local user (login) authentication, or remote TACACS+ user authentication. This setting applies to all Telnet and console CLI interfaces.
TACACS+ is a TCP-based protocol that supports centralized access control for large numbers of network devices and user authentication for the DPE CLI. Through the use of TACACS+, a DPE supports multiple users, with each username, and the login and enable passwords configured at the TACACS+ server.
Syntax Description
aaa authentication mode
mode specifies either:
•local—In this mode, user authentication is enabled via a local login.
•tacacs—In this mode, the CLI sequentially attempts a TACACS+ exchange with each server in the TACACS+ server list. The attempts continue for a specified number of retries. If the end of the server list is reached before a successful protocol exchange occurs, the local authentication mode is automatically entered. In this manner, you can gain access to the CLI even if the TACACS+ service is completely unavailable.
Note TACACS+ authentication prompts you for your TACACS+ configured username and password; local authentication, however, prompts only for the local configured password.
Defaults
The CLI user's login authentication is, by default, enabled in the local mode.
Examples
dpe# aaa authentication tacacs
% OK
disable
Use this command to exit from the enabled mode on the DPE. Once the disable mode is activated, only those commands that allow viewing the system configuration are available on the CLI.
Note Use this command only when the DPE CLI is in the enable mode.
Syntax Description
No keywords or arguments.
Examples
dpe# disable
dpe>
enable
Use this command to enter the DPE in the enabled mode. Viewing system configuration does not require the enabled mode; however, only in the enabled mode can you change system configuration, state, and data.
After entering the command, you are prompted to enter the local, configured, enable password. For information on setting the password for the enable mode, see enable password.
Syntax Description
No keywords or arguments.
Examples
dpe> enable
Password:
dpe#
enable password
Use this command to change the local password for accessing the DPE in the enabled mode. You can change the enable password only in the enabled mode.
Once the password is changed, all users who, from that point onward, attempt to enter into the enabled mode are required to use the new password.
Note This command does not change the login password; it only changes the local enable password.
Syntax Description
When entering the enable password command, you can provide the password on the command line or when prompted.
enable password password
password—Specifies the local configured password currently in effect or, optionally, provides a new password. If this parameter is omitted, you are prompted for the password.
Examples
Note In these examples, please note the different password messages that might appear.
Example 1
dpe# enable password
New enable password:
Retype new enable password:
Password changed successfully.
This result occurs when you are prompted to enter the password, and the password is changed successfully.
Example 2
dpe# enable password
New enable password:
Retype new enable password:
Sorry, passwords do not match.
This result occurs when the password is entered incorrectly.
Example 3
dpe# enable password cisco
Password changed successfully
This result occurs when you enter the password without being prompted, and the password is changed successfully.
exit
Use this command to close a Telnet connection to the DPE and return to the login prompt. After running this command, a message indicates that the Telnet connection has been closed.
Syntax Description
No keywords or arguments.
Examples
dpe# exit
% Connection closed.
help
Use this command to display a help screen to assist you in using the DPE CLI. If you need help on a particular command, or to list all available commands, enter command ? or ?, respectively.
After entering the command, a screen prompt appears to explain how you can use the help function.
Command Types
Two types of help are provided:
1. Full help is available when you are ready to enter a command argument, such as show ?, and describes each possible argument.
2. Partial help is provided when you enter an abbreviated argument and want to know what arguments match the input; for example, show c?.
Syntax Description
No keywords or arguments.
Examples
Note In these examples, please note the different help messages that might appear.
Example 1
dpe# help
Help may be requested at any point in a command by entering a question mark '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Two styles of help are provided:
1. Full help is available when you are ready to enter a command argument (e.g. "show ?") and describes each possible argument.
2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. "show c?").
This result occurs when you use the help command.
Example 2
dpe# show ?
bundles Shows the archived bundles.
clock Shows the current system time.
commands Shows the full command hierarchy.
cpu Shows the current CPU usage.
device-config Show device configuration.
disk Shows the current disk usage.
dpe Shows the status of the DPE process if started.
files Shows files in DPE cache.
hostname Shows the system hostname.
ip Shows IP configuration details.
log Shows recent log entries.
memory Shows the current memory usage.
running-config Shows the appliance configuration.
version Shows DPE version.
This result occurs when you invoke the full help function for a command; in this instance, show ?.
Example 3
dpe# show c?
clock commands cpu
dpe# show clock
Sat Jul 15 01:43:19 EDT 2006
This result occurs when you invoke the partial help function for arguments of a command; in this instance, show clock.
password
Use this command to change the local system password, which you use to access the DPE and is different from the one used to access the enabled mode on the DPE. The system password is changed automatically for future logins by using the administrator account.
Note The changes that you introduce through this command take effect for new users, but users who are currently logged on are not disconnected.
If TACACS+ user authentication is used, the local system password is used only if the DPE is unable to communicate with a TACACS+ server.Syntax Description
password password
password—Identifies the new DPE password.
Examples
Example 1
dpe# password
New password:
Retype new password:
Password changed successfully.
This result occurs when you are prompted for the password, and the password is changed successfully.
Example 2
dpe# password
New password:
Retype new password:
Sorry, passwords do not match.
This result occurs when the password is entered incorrectly.
Example 3
dpe# password cisco
Password changed successfully.
This result occurs when the password is changed (using an approach easier for scripting).
show
Use the show command to view information related to specific DPE functions. Table 2-1 lists the various keywords that you can use in conjunction with the show command.
tacacs-server host
Use this command to add a TACACS+ server to the end of the TACACS+ client's list of TACACS+ servers. When TACACS+ authentication is enabled, the client attempts user login authentication to each server sequentially in the list until a successful authentication exchange is executed, or the list is exhausted. If the list is exhausted, the client automatically falls back into the local authentication mode (using the local system password).
Optionally, an encryption key can be specified for each TACACS+ server. If this encryption key is used, it must match the key configured at the specified TACACS+ server. Omitting the encryption key disables TACACS+ encryption.
To remove a TACACS+ server from the list of TACACS+ servers in the CLI, use the no form of this command. For more information, see no tacacs-server host.
Syntax Description
tacacs-server host host [key encryption-key]
•host—Specifies either the IP address or the hostname of the TACACS+ server.
•encryption-key—Identifies the actual encryption key.
Examples
Example 1
This example adds a TACACS+ server, by using its IP address (10.0.1.1), but without encryption.
dpe# tacacs-server host 10.0.1.1
% OK
Example 2
This example adds a TACACS+ server, by using its IP address (10.0.1.1) with an encryption key (hg667YHHj).
dpe# tacacs-server host 10.0.1.1 key hg667YHHj
% OK
Example 3
This example adds a TACACS+ server, by using its hostname (tacacs1.cisco.com), but without encryption.
dpe# tacacs-server host tacacs1.cisco.com
% OK
Example 4
This example adds a TACACS+ server, by using its hostname (tacacs1.cisco.com) with an encryption key (hg667YHHj).
dpe# tacacs-server host tacacs1.cisco.com key hg667YHHj
% OK
no tacacs-server host
Use this command to remove a TACACS+ server from the list of TACACS+ servers in the CLI.
Syntax Description
no tacacs-server host host
host—Specifies the IP address or the hostname of the TACACS+ server.
Examples
Example 1
This example removes a TACACS+ server by using its IP address.
dpe# no tacacs-server host 10.0.1.1
% OK
Example 2
This example removes a TACACS+ server by using its hostname.
dpe# no tacacs-server host tacacs1.abc.com
% OK
tacacs-server retries
Use this command to set the number of times the TACACS+ protocol exchanges are retried before the TACACS+ client considers a specific TACACS+ server unreachable. When this limit is reached, the TACACS+ client moves to the next server in its TACACS+ server list, or falls back into local authentication mode if the TACACS+ list has been exhausted.
Syntax Description
tacacs-server retries value
value—Specifies a dimensionless number within the range of 1 and 100 inclusive.
Note This value applies to all TACACS+ servers.
Defaults
The number of times the TACACS+ protocol exchanges is retried before the TACACS+ client considers a specific TACACS+ server unreachable is, by default, set to 2.
Examples
dpe# tacacs-server retries 10
% OK
tacacs-server timeout
Use this command to set the maximum time that the TACACS+ client waits for a TACACS+ server response before it considers the protocol exchange to have failed.
Syntax Description
tacacs-server timeout value
value—Specifies the duration that the CLI waits. This value must be within the range of 1 to 300 seconds.
Note This value applies to all TACACS servers.
Defaults
The maximum time that the CLI waits for a TACACS+ server response before it times out is, by default, 5 seconds.
Examples
dpe# tacacs-server timeout 10
% OK
uptime
Use this command to identify how long the system has been operational. This information is useful when determining how frequently the device is rebooted. It is also helpful when checking the reliability of the DPE when it is in a stable condition.
Syntax Description
No keywords or arguments.
Examples
dpe# uptime
11:42pm up 72 day(s), 8:02, 1 user, load average: 0.00, 0.02, 0.02
Posted: Thu Aug 31 21:34:02 PDT 2006
All contents are Copyright © 1992--2006 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.