|
|
To enable AAA accounting of requested services for billing or security purposes when using TACACS+, use the aaa accounting global configuration command. Use the no form of this command to disable accounting.
Syntax Description
| system | Performs accounting for all system-level events not associated with users, such as reloads. |
| network | Runs accounting for all network-related service requests, including SLIP, PPP, PPP NCPs, and ARAP. |
| connection | Runs accounting for outbound Telnet and rlogin. |
| exec | Runs accounting for EXECs (user shells). This keyword might return user profile information such as autocommand information. |
| command | Runs accounting for all commands at the specified privilege level. |
| level | The command level that should be accounted for. Valid entries are 0-15. |
| start-stop | Sends a start record accounting notice at the beginning of a process and a stop record at the end of a process. The start accounting record is sent in the background. The requested user process begins even if the start accounting record was received by the accounting server. |
| wait-start | As in start-stop, sends both a start and a stop accounting record to the accounting server. However, if you use the wait-start keyword, the requested user service does not begin until the start accounting record is acknowledged. A stop accounting record is also sent. |
| stop-only | Sends a stop record accounting notice at the end of the requested user process. |
| tacacs+ | Mandatory. Enables the TACACS-style accounting. |
Default
AAA accounting is not enabled.
Command Mode
Global configuration.
Usage Guideline
The aaa accounting command allows you to set start-stop accounting for any or all of the functions listed in "Syntax Description." For minimal accounting control, issue the stop-only keyword, which sends a stop record accounting notice at the end of the requested user process. For additional accounting control, you can issue the start-stop command, where TACACS+ sends a start accounting notice at the beginning of the requested process and a stop accounting notice at the end of the process. You can further control access and accounting by issuing the wait-start command, which ensures that the start notice is received by the TACACS+ server before granting the user's process request. Accounting is done only to the TACACS+ server.
Examples
In the following example, accounting is set for outbound Telnet and rlogin, and both a start and stop accounting notice is sent to the TACACS+ server.
Switch(config)# aaa accounting connection start-stop tacacs+
In the following example, accounting is set for privilege level 15 commands, with a wait-start restriction.
Switch(config)# aaa accounting command 15 wait-start tacacs+
Related Commands
aaa authorization
aaa new-model
To enable an AAA authentication method for AppleTalk Remote Access (ARA) users using TACACS+, use the aaa authentication arap global configuration command. Use the no form of this command to disable this authentication.
Syntax Description
| default | Uses the listed methods that follow this argument as the default list of methods when a user logs in. |
| list-name | Character string used to name the following list of authentication methods tried when a user logs in. |
| method | One of the keywords described in Table 1-1. |
Default
If the default list is not set, only the local user database is checked. This version has the same effect as the following command.
Switch(config)# aaa authentication arap default local
Command Mode
Global configuration.
Usage Guideline
The list names and default that you set with the aaa authentication arap command are used with the arap authentication command. These lists can contain up to four authentication methods that are used when a user tries to log in with ARA.
Create a list by entering the aaa authentication arap list-name method command, where list-name is any character string used to name this list (such as MIS-access). The method argument identifies the list of methods the authentication algorithm tries in the given sequence. You can enter up to four methods, which are described in Table 1-1.
To create a default list that is used if no list is specified in the arap authentication command, use the default keyword followed by the methods to be used in default situations.
The additional methods of authentication are used only if the previous method returns an error but not if it fails.
Use the show running-config command to view lists of authentication methods.
Table 1-1 : AAA Authentication ARAP Method Descriptions
| Keyword | Description |
|---|---|
| if-needed | Does not authenticate if the user has already been authenticated on a TTY line. |
| line | Uses the line password for authentication. |
| local | Uses the local username database for authentication. |
| tacacs+ | Uses TACACS+ authentication. |
Examples
The following example creates a list called MIS-access, which first tries TACACS+ authentication and no others.
Switch(config)# aaa authentication arap MIS-access tacacs+ none
The following example creates the same list but sets it as the default list that is used for all ARA protocol authentications if no other list is specified.
Switch(config)# aaa authentication arap default tacacs+ none
Related Commands
aaa authentication local-override
aaa new-model
arp timeout
aaa authentication enable default
To enable AAA authentication to determine if a user can access the privileged command level with TACACS+, use the aaa authentication enable default global configuration command. Use the no form of this command to disable this authorization method.
Syntax Description
| method | At least one and up to four of the keywords described in Table 1-2. |
Default
If the default list is not set, only the enable password is checked. This version has the same effect as the following command.
Switch(config)# aaa authentication enable default enable
On the console, the enable password is used if it exists. If no password is set, the process succeeds anyway.
Command Mode
Global configuration.
Usage Guideline
Use the aaa authentication enable default command to create a series of authentication methods that are used to determine if a user can access the privileged command level. You can specify up to four authentication methods. Method keywords are described in Table 1-2. The additional methods of authentication are used only if the previous method returns an error but not if it fails. To specify that the authentication should succeed even if all methods return an error, specify none as the final method in the command line.
If a default authentication routine is not set for a function, the default is none and no authentication is performed. Use the show running-config command to view currently configured lists of authentication methods.
Table 1-2 : AAA Authentication Enable Default Method Descriptions
| Keyword | Description |
|---|---|
| enable | Uses the enable password for authentication. |
| line | Uses the line password for authentication. |
| none | Uses no authentication. |
| tacacs+ | Uses TACACS+ authentication. |
Example
The following example creates an authentication list that first tries to contact a TACACS+ server. If no server can be found, AAA tries to use the enable password. If this attempt also returns an error (because no enable password is configured on the server), the user is allowed access with no authentication.
Switch(config)# aaa authentication enable default tacacs+ enable none
Related Commands
aaa authentication local-override
aaa authorization
aaa new-model
enable password
aaa authentication local-override
To have the LightStream 1010 ATM switch check the local user database for authentication before attempting another form of authentication, use the aaa authentication local-override global configuration command. Use the no form of this command to disable the override.
Syntax Description
This command has no arguments or keywords.
Default
Override is disabled.
Command Mode
Global configuration.
Usage Guideline
This command is useful when you want to configure an override to the normal authentication process for certain personnel, such as system administrators.
When this override is set, the user is always prompted for the username. The system then checks to see if the entered username corresponds to a local account. If the username does not correspond to one in the local database, login proceeds with the methods configured with other aaa commands (such as aaa authentication login). When using this command that
Username:
is fixed as the first prompt.
Example
The following example enables AAA authentication override.
Switch(config)# aaa authentication local-override
Related Commands
aaa authentication arap
aaa authentication enable default
aaa authentication login
aaa authentication ppp
aaa new-model
To set AAA authentication at login when using TACACS+, use the aaa authentication login global configuration command. Use the no form of this command to disable AAA authentication.
Syntax Description
| default | Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in. |
| list-name | Character string used to name the following list of authentication methods tried when a user logs in. |
| method | At least one and up to four of the keywords described in Table 1-3. |
Default
If the default list is not set, only the local user database is checked. This version has the same effect as the following command:
Switch(config)# aaa authentication login default local
Command Mode
Global configuration.
Usage Guideline
The default and optional list names that you create with the aaa authentication login command are used with the login authentication command.
Create a list by entering the aaa authentication list-name method command, where list-name is any character string used to name this list (such as MIS-access). The method argument identifies the list of methods the authentication algorithm tries, in the given sequence. Method keywords are described in Table 1-3.
To create a default list that is used if no list is assigned to a line with the login authentication command, use the default argument followed by the methods you want in default situations.
The additional methods of authentication are used only if the previous method returns an error but not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
If authentication is not specifically set for a line, the default is to deny access---no authentication is performed. Use the show running-config command to view currently configured lists of authentication methods.
Table 1-3 : AAA Authentication Login Method Descriptions
| Keyword | Description |
|---|---|
| enable | Uses the enable password for authentication. |
| line | Uses the line password for authentication. |
| local | Uses the local username database for authentication. |
| none | Uses no authentication. |
| tacacs+ | Uses TACACS+ authentication. |
Examples
The following example creates an AAA authentication list called MIS-access. This authentication first tries to contact a TACACS+ server. If no server is found, TACACS+ returns an error, and AAA tries to use the enable password. If this attempt also returns an error (because no enable password is configured on the server), the user is allowed access with no authentication.
Switch(config)# aaa authentication login MIS-access tacacs+ enable none
The following example creates the same list but sets it as the default list that is used for all login authentications if no other list is specified.
Switch(config)# aaa authentication login default tacacs+ enable none
Related Commands
aaa authentication local-override
aaa new-model
login authentication
To specify one or more AAA authentication methods for use on serial interfaces running Point-to-Point (PPP) when using TACACS+, use the aaa authentication ppp global configuration command. Use the no form of this command to disable authentication.
Syntax Description
| default | Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in. |
| list-name | Character string used to name the following list of authentication methods tried when a user logs in. |
| method | At least one and up to four of the keywords described in Table 1-4. |
Default
If the default list is not set, only the local user database is checked. This version has the same effect as the following command:
Switch(config)# aaa authentication ppp default local
Command Mode
Global configuration.
Usage Guideline
The lists that you create with the aaa authentication ppp command are used with the ppp authentication command. These lists contain up to four authentication methods that are used when a user tries to log in to the serial interface.
Create a list by entering the aaa authentication ppp list-name method command, where list-name is any character string used to name this list, such as MIS-access. The method argument identifies the list of methods the authentication algorithm tries in the given sequence. You can enter up to four methods. Method keywords are described in Table 1-4.
The additional methods of authentication are only used if the previous method returns an error but not if it fails. Specify none as the final method in the command line to have authentication succeed even if all methods return an error.
If authentication is not specifically set for a function, the default is none and no authentication is performed. Use the show running-config command to view lists of authentication methods.
Table 1-4 : AAA Authentication PPP Method Descriptions
| Keyword | Description |
|---|---|
| if-needed | Does not authenticate if user has already been authenticated on a TTY line. |
| local | Uses the local username database for authentication. |
| none | Uses no authentication. |
| tacacs+ | Uses TACACS+ authentication. |
Example
The following example creates an AAA authentication list called MIS-access for serial lines that use PPP. This authentication first tries to contact a TACACS+ server. If this action returns an error, the user is allowed access with no authentication.
Switch(config)# aaa authentication MIS-access ppp tacacs+ none
Related Commands
aaa authentication local-override
aaa new-model
ppp authentication
To set parameters that restrict a user's network access based on TACACS+ authorization, use the aaa authorization global configuration command. To disable authorization for a function, use the no form of this command.
Syntax Description
| network | Performs authorization for all network-related service requests, including SLIP, PPP, PPP NCPs, and ARA protocol. |
| connection | Runs authorization for outbound Telnet and rlogin. |
| exec | Runs authorization to determine if the user is allowed to run an EXEC shell. This keyword might return user profile information such as autocommand information. |
| command | Runs authorization for all commands at the specified privilege level. |
| level | Specific command level that should be authorized. Valid entries are 0 through 15. |
| methods | Table 1-5 lists the methods keywords. |
Default
Authorization is disabled for all actions (equivalent to the keyword none).
Command Mode
Global configuration.
Usage Guideline
Currently, only the IP protocols are supported. Use the aaa authorization command to create a list of one and up to four authorization methods that can be used when a user accesses the specified function.
The additional methods of authorization are only used if the previous method returns an error but not if it fails. Specify none as the final method in the command line to have authorization succeed even if all methods return an error.
Table 1-5 : AAA Authorization Method Descriptions
| Keyword | Description |
|---|---|
| tacacs+ | Requests authorization information from the TACACS+ server. |
| if-authenticated | Allows the user to access the requested function if the user is authenticated. |
| none | No authorization is performed. |
| local | Uses the local database for authorization. |
If authorization is not specifically set for a function, the default is none and no authorization is performed.
The authorization command causes a request packet containing a series of attribute value pairs to be sent to the TACACS daemon as part of the authorization process. The daemon can perform the following:
Table 1-6 describes attribute value pairs associated with the aaa authorization command. Registered users can find more information about TACACS+ and attribute pairs on Cisco Connection Online.
Table 1-6 : Attribute Value Pairs for Authorization
| Attribute Value | Description |
|---|---|
| service=arap | Authorization for AppleTalk Remote Access is being requested. Currently, only the IP protocols are supported. |
| service=shell | Authorization for EXEC startup and command authorization is being requested. Currently, only the IP protocols are supported. |
| service=ppp | Authorization for PPP is being requested. Currently, only the IP protocols are supported. |
| service=slip | Authorization for SLIP is being requested. |
| protocol=lcp | Authorization for LCP is being requested (lower layer of PPP). Currently, only the IP protocols are supported. |
| protocol=ip | Used with service=slip and service=ppp to indicate which protocol layer is being authorized. |
| protocol=ipx | Used with service=ppp to indicate which protocol layer is being authorized. |
| protocol=atalk | Used with service=ppp or service=arap to indicate which protocol layer is being authorized. Currently, only the IP protocols are supported. |
| protocol=vines | Used with service=ppp for VINES over PPP. Currently, only the IP protocols are supported. |
| protocol=unknown | Used for undefined or unsupported conditions. Currently, only the IP protocols are supported. |
| cmd=x | Used with service=shell, if cmd=NULL, this is an authorization request to start an EXEC. If cmd is not NULL, this is a command authorization request and contains the name of the command being authorized. For example, cmd=telnet. |
| cmd-arg=x | Used with service=shell. When performing command authorization, the name of the command is given by a cmd=x pair for each argument listed. For example, cmd-arg=archie.sura.net. |
| acl=x | Used with service=shell and service=arap. For ARA, this pair contains an access list number. For service=shell, this pair contains an access class number. For example, acl=2. |
| inacl=x | Used with service=ppp and protocol=ip. Contains an IP input access list for SLIP or PPP/IP. For example, inacl=2. |
| outacl=x | Used with service=ppp and protocol=ip. Contains an IP output access list for SLIP or PPP/IP. For example, outacl=4. |
| addr=x | Used with service=slip, service=ppp, and protocol=ip. Contains the IP address that the remote host should use when connecting via SLIP or PPP/IP. For example, addr=172.30.23.11. |
| routing=x | Used with service=slip, service=ppp, and protocol=ip. Equivalent in function to the /routing flag in SLIP and PPP commands. Can either be true or false. For example, routing=true. |
| timeout=x | Used with service=arap. The number of minutes before an ARA session disconnects. For example, timeout=60. |
| autocmd=x | Used with service=shell and cmd=NULL. Specifies an autocommand to be executed at EXEC startup. For example, autocmd=telnet foo.com. |
| noescape=x | Used with service=shell and cmd=NULL. Specifies a noescape option to the username configuration command. Can be either true or false. For example, noescape=true. |
| nohangup=x | Used with service=shell and cmd=NULL. Specifies a nohangup option to the username configuration command. Can be either true or false. For example. nohangup=false. |
| priv-lvl=x | Used with service=shell and cmd=NULL. Specifies the current privilege level for command authorization as a number from 0 to 15. For example, priv-lvl=15. |
| zonelist=x | Used with service=arap. Specifies an AppleTalk zonelist for ARA. For example, zonelist=5. |
| addr-pool=x | Used with service=ppp and protocol=ip. Specifies the name of a local pool from which to get the address of the remote host. |
Examples
The following example specifies that TACACS+-style of authorization is used for all network-related requests. If this authorization method returns an error (if the TACACS+ server cannot be contacted), no authorization is performed and the request is successful.
Switch(config)# aaa authorization network tacacs+ none
The following example specifies that TACACS+-style of authorization is run for level 15 commands. If this authorization method returns an error (if the TACACS+ server cannot be contacted), no authorization is performed and the request succeeds.
Switch(config)# aaa authorization command 15 tacacs+ none
Related Commands
To enable the AAA access control model that includes TACACS+, issue the aaa new-model global configuration command. Use the no form of this command to disable this functionality.
Syntax Description
This command has no arguments or keywords.
Default
AAA/TACACS+ is not enabled.
Command Mode
Global configuration.
Usage Guideline
This command enables the AAA access control system and TACACS+. If you initialize this functionality and later decide to use TACACS or extended TACACS, issue the no version of this command and then enable the version of TACACS you want to use.
Example
The following example initializes AAA and TACACS+.
Switch(config)# aaa new-model
Related Commands
aaa accounting
aaa authentication enable default
aaa authentication local-override
aaa authentication login
aaa authorization
To restrict incoming and outgoing connections between a particular virtual terminal line (into a Cisco device) and the addresses in an access list, use the access-class line configuration command. To remove access restrictions, use the no form of this command.
Syntax Description
| access-list-number | Number of an access list. This is a decimal number from 1 through 99. |
| in | Restricts incoming connections between a particular Cisco device and the addresses in the access list. |
| out | Restricts outgoing connections between a particular Cisco device and the addresses in the access list. |
Default
No access lists are defined.
Command Mode
Line configuration.
Usage Guidelines
Remember to set identical restrictions on all the virtual terminal lines because a user can connect to any of them.
To display the access lists for a particular terminal line, use the show line EXEC command and specify the line number.
Examples
The following example defines an access list that permits only hosts on network 192.89.55.0 to connect to the virtual terminal ports on the switch.
Switch(config)# access-list 12 permit 192.89.55.0 0.0.0.255 line 1 5 access-class 12 in
The following example defines an access list that denies connections to networks other than network 36.0.0.0 on terminal lines 1 through 5.
Switch(config)# access-list 10 permit 36.0.0.0 0.255.255.255 line 1 5 access-class 10 out
Related Command
To create a temporary access list entry, use the access-enable privileged EXEC command.
Syntax Description
| host | Enables a specific host. |
| timeout | Sets the maximum idle time to expire the current entry. |
Command Mode
Privileged EXEC.
access-enable
To enable the router to create a temporary access list entry in a dynamic access list, use the
access-enable EXEC command.
access-enable [host] [timeout minutes]
Syntax Description
host
(Optional) Tells the software to enable access only for the host from which the
Telnet session originated. If not specified, the software allows all hosts on the
defined network to gain access. The dynamic access list contains the network mask
to use for enabling the new network.
timeout
minutes
(Optional) Specifies an idle timeout for the temporary access list entry. If the access
list entry is not accessed within this period, it is automatically deleted and requires
the user to authenticate again. The default is for the entries to remain permanently. It
is recommended that this value equal the idle timeout set for the WAN connection.
Command Mode
EXEC
Usage Guidelines
This command enables the lock-and-key access feature.
You should always define either an idle timeout (with the timeout keyword in this command) or an
absolute timeout (with the timeout keyword in the access-list command). Otherwise, the
temporary access list entry will remain, even after the user has terminated his session.
Example
The following example causes the software to create a temporary access list entry and tells the
software to enable access only for the host from which the Telnet session originated. If the access
list entry is not accessed within 2 minutes, it is deleted.
autocommand access-enable host timeout 2
Related Commands
A dagger (†) indicates that the command is documented outside this chapter.
access-list (extended) †
autocommand †
Currently, this command only supports the IP host. To define an extended IP access list, use the extended version of the access-list global configuration command. To remove the access lists, use the no form of this command.
For ICMP, you can also use the following syntax:
For TCP, you can also use the following syntax:
For UDP, you can also use the following syntax:
Syntax Description
| access-list-number | Number of an access list. This is a decimal number from 100 through 199. |
| deny | Denies access if the conditions are matched. |
| permit | Permits access if the conditions are matched. |
| protocol | Name or number of an Internet protocol. It can be one of the keywords eigrp, gre, icmp, igrp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range 0 through 255 representing an IP protocol number. To match any Internet protocol, including ICMP, TCP, and UDP, use the keyword ip. Some protocols allow further qualifiers described below. |
| source | Number of the network or host from which the packet is being sent. There are three alternative ways to specify the source:
|
| source-wildcard | Wildcard bits to be applied to source. There are three ways to specify the source wildcard:
|
| destination | Number of the network or host to which the packet is being sent. There are three ways to specify the destination:
|
| destination-wildcard | Wildcard bits to be applied to the destination. There are three ways to specify the destination wildcard:
|
| precedence precedence | (Optional) Packets can be filtered by precedence level, as specified by a number from 0 to 7 or by name as listed in the section "Usage Guidelines." |
| tos tos | (Optional) Packets can be filtered by type of service level, as specified by a number from 0 to 15 or by name as listed in the section "Usage Guidelines." |
| icmp-type | (Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255. |
| icmp-code | (Optional) ICMP packets which are filtered by ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255. |
| icmp-message | (Optional) ICMP packets can be filtered by an ICMP message type name or ICMP message type and code name. The possible names are found in the section "Usage Guidelines." |
| igmp-type | (Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the section "Usage Guidelines." |
| operator | (Optional) Compares source or destination ports. Possible operands include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).
If the operator is positioned after the source and source-wildcard, it must match the source port. If the operator is positioned after the destination and destination-wildcard, it must match the destination port. The range operator requires two port numbers. All other operators require one port number. |
| port | (Optional) The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535. TCP port names are listed in the section "Usage Guidelines." TCP port names can only be used when filtering TCP. UDP port names are listed in the section "Usage Guidelines." UDP port names can only be used when filtering UDP.
TCP port names can only be used when filtering TCP. UDP port names can only be used when filtering UDP. |
| established | (Optional) For the TCP protocol only: Indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection. |
| log | (Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)
The message includes the access list number; whether the packet was permitted or denied; the protocol, whether it was TCP, UDP, ICMP or a number; and, if appropriate, the source and destination addresses and source and destination port numbers. The message is generated for the first packet that matches the entry and then at 5-minute intervals, including the number of packets permitted or denied in the prior 5-minute interval. |
Default
An extended access list defaults to a list that denies everything. An extended access list is terminated by an implicit deny statement.
Command Mode
Global configuration.
Usage Guidelines
You can use access lists to control the transmission of packets on an interface, control virtual terminal line access, and restrict contents of routing updates. The switch stops checking the extended access list after a match occurs.
Fragmented IP packets, other than the initial fragment, are immediately accepted by any extended IP access list. Extended access lists used to control virtual terminal line access or restrict contents of routing updates must not match against the TCP source port, the type of service value, or the packet's precedence.
The following is a list of precedence names:
The following is a list of type of service (TOS) names:
The following is a list of ICMP message-type names and ICMP message-type and code names:
The following is a list of TCP port names that can be used instead of port numbers. Refer to the current Assigned Numbers RFC to find a reference to these protocols. Port numbers corresponding to these protocols can also be found by entering a
?
in the place of a port number.
The following is a list of UDP port names that can be used instead of port numbers. Refer to the current Assigned Numbers RFC to find a reference to these protocols. Port numbers corresponding to these protocols can also be found by entering a
?
in the place of a port number.
Examples
In the following example, serial interface 0 is part of a Class B network with the address 128.88.0.0, and the mail host's address is 128.88.1.2. The keyword established is used only for the TCP protocol to indicate an established connection. A match occurs if the TCP datagram has the ACK or RST bits set, which indicate that the packet belongs to an existing connection.
Switch(config)# access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.0.0 0.0.255.255 established access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.1.2 0.0.0.0 eq 25 interface serial 0 ip access-group 102 in
The following example also permit DNS packets and ICMP echo and echo reply packets.
Switch(config)# access-list 102 permit tcp any 128.88.0.0 0.0.255.255 established Switch(config)# access-list 102 permit tcp any host 128.88.1.2 eq smtp Switch(config)# access-list 102 permit tcp any any eq domain Switch(config)# access-list 102 permit udp any any eq domain Switch(config)# access-list 102 permit icmp any any echo Switch(config)# access-list 102 permit icmp any any echo-reply
Related Commands
access-class
access-list (standard)
ip access-group
logging console
priority-list default
queue-list interface
show access-lists
show ip access-lists
To define a standard IP access list, use the standard version of the access-list global configuration command. To remove a standard access list, use the no form of this command.
Syntax Description
| access-list-number | Number of an access list. This is a decimal number from 1 through 99. |
| deny | Denies access if the conditions are matched. |
| permit | Permits access if the conditions are matched. |
| source | Number of the network or host from which the packet is being sent. There are two ways to specify the source:
|
| source-wildcard | (Optional) Wildcard bits to be applied to the source. There are two alternative ways to specify the source wildcard:
|
Default
The access list defaults to an implicit deny statement for everything. The access list is always terminated by an implicit deny statement for everything.
Command Mode
Global configuration.
Usage Guidelines
Plan your access conditions carefully, and be aware of the implicit deny statement at the end of the access list.
You can use access lists to control the transmission of packets on an interface, control virtual terminal line access, and restrict the contents of routing updates.
Use the show access-lists EXEC command to display the contents of all access lists.
Use the show ip access-list EXEC command to display the contents of one access list.
Examples
The following example of a standard access list allows access for only those hosts on the three specified networks. The wildcard bits apply to the host portions of the network addresses. Any host with a source address that does not match the access list statements is rejected.
Switch(config)# access-list 1 permit 192.5.34.0 0.0.0.255 Switch(config)# access-list 1 permit 128.88.0.0 0.0.255.255 Switch(config)# access-list 1 permit 36.0.0.0 0.255.255.255 ! (Note: all other access implicitly denied)
To specify a large number of individual addresses more easily, you can omit the wildcard if it is all zeros. This means the following two configuration commands have the same effect.
Switch(config)# access-list 2 permit 36.48.0.3 Switch(config)# access-list 2 permit 36.48.0.3 0.0.0.0
Related Commands
access-class
access-list (extended)
ip access-group
priority-list interface
queue-list interface
show access-lists
show ip access-lists
To create a temporary access list entry, use the access-template privileged EXEC command.
Syntax Description
| host | Enables a specific host. |
| timeout | Sets the maximum idle time to expire the current entry. |
Command Mode
Privileged EXEC.
access-template
To manually place a temporary access list entry on a router to which you are connected, use the
access-template EXEC command.
access-template [access-list-number] [dynamic-name] [source] [destination] [timeout
minutes]
Syntax Description
access-list-number
Number of the dynamic access list.
dynamic-name
(Optional) Name of a dynamic access list.
source
(Optional) Source address in a dynamic access list. The keywords host and
any are allowed. All other attributes are inherited from the original
access-list entry.
destination
(Optional) Destination address in a dynamic access list. The keywords host
and any are allowed. All other attributes are inherited from the original
access-list entry.
timeout minutes
(Optional) Specifies a maximum time limit for each entry within this
dynamic list. This is an absolute time, from creation, that an entry can reside
in the list. The default is an infinite time limit and allows an entry to remain
permanently.
Command Mode
EXEC
Usage Guidelines
This command provides a way to enable the lock-and-key access feature.
You should always define either an idle timeout (with the timeout keyword in this command) or an
absolute timeout (with the timeout keyword in the access-list command). Otherwise, the dynamic
access list will remain, even after the user has terminated the session.
Example
In the following example, the software enables IP access on incoming packets in which the source
address is 171.69.1.129 and the destination address is 172.21.52.12. All other source and
destination pairs are discarded.
access-template 101 payroll host 171.69.1.129 host 172.21.52.12 timeout 2
Related Commands
A dagger (†) indicates that the command is documented outside this chapter.
access-list (extended) †
autocommand †
clear access-template †
To configure the mode of default administrative weight assignment for PNNI interfaces, use the administrative-weight ATM router PNNI configuration command. To return to the default value, use the no form of this command.
Syntax Description
| linespeed | The default value of the administrative weight is based on the linespeed or Maxcr of an interface. The administrative weights for linespeed are based on the default. |
| uniform | The uniform keyword assigns the weight of 5040 to interfaces that were not configured. |
Default
uniform.
Command Mode
ATM router PNNI configuration.
Usage Guidelines
Administrative weight is used as the primary routing metric to minimize use of network resources. In the absence of other constraints, this causes PNNI routing to minimize the number of hops. Basing administrative weight on linespeed allows path selection to prefer paths along higher bandwidth interfaces. Higher speed links have lower administrative weights and are preferred during routing. The value set in this command becomes the default for the atm pnni admin-weight command.
For more information, refer to the LightStream 1010 ATM Switch Software Configuration Guide.
Example
The following script shows how to access the administrative-weight ATM router PNNI configuration command.
Switch# configure terminal Switch(config)# atm router pnni Switch(config-atm-router)# administrative-weight uniform
Related Commands
atm pnni admin-weight
show atm pnni interface
show atm pnni node
To create a command alias, use the alias global configuration command. Use the no alias command to delete all aliases in a command mode or to delete a specific alias, and to revert to the original command syntax.
Syntax Description
| mode | Command mode of the original and alias commands. See Table 1-7 for a list of options for this argument. |
| alias-name | Command alias. |
| alias-command-line | Original command syntax. |
Defaults
Default aliases are in EXEC mode, as follows:
| Command Alias | Original Command |
|---|---|
| h | help |
| lo | logout |
| p | ping |
| r | resume |
| s | show |
| w | where |
Command Mode
Global configuration.
Usage Guidelines
You can use simple words or abbreviations as aliases. The aliases in the Default section are predefined. They can be turned off using the no alias command.
Table 1-7 shows the acceptable options for the mode argument in the alias global configuration command.
Table 1-7 : Mode Argument Options
| Argument Options | Mode |
|---|---|
| configuration | Global configuration |
| controller | Controller configuration |
| exec | EXEC |
| interface | Interface configuration |
| line | Line configuration |
| map-class | Map class configuration |
| map-list | Map list configuration |
| route-map | Route map configuration |
| router | Switch configuration |
See the summary of command modes in the user interface chapter in the Router Products Configuration Guide for more information about command modes.
When you use online help, command aliases are indicated by an asterisk (*). In the following example, the first entry (
logout
) represents the current alias, and the other aliases are listed to show the options available.
Switch# lo? *lo=logout lock login logout
When you use online help, aliases that contain spaces (for example, Telnet device.cisco.com 25) are displayed as follows.
Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# alias exec device-mail Telnet device.cisco.com 25 Switch(config)# end Switch# device-mail? *device-mail="Telnet device.cisco.com 25"
When you use online help, the alias is expanded and replaced with the original command, as shown in the following example with the td alias.
Switch(config)# alias exec td trace device Switch(config)# ^Z Switch# t? *td="trace device" Telnet terminal test tn3270 trace
To list only commands and omit aliases, begin your input line with a space. In the following example, the alias td is not shown because there is a space before the t? command line.
Switch# t? Telnet terminal test tn3270 trace
As with commands, you can use online help to display the arguments and keywords that can follow a command alias. In the following example, the alias td is created to represent the command telnet device. The /debug and /line switches can be added to telnet device to modify the command.
Switch(config)# alias exec td telnet device
Switch(config)# ^Z
Switch# td ?
/debug Enable telnet debugging mode
/line Enable telnet line mode
...
whois Whois port
<cr>
Switch# telnet device
You must enter the complete syntax for the alias command. Partial syntax for aliases are not accepted. In the following example, the parser does not recognize the command t as indicating the alias td.
Switch# t % Ambiguous command: "t"
Example
In the following example, the alias fixmyrt is created for the EXEC-mode command clear ip route 198.92.116.16.
Switch(config)# alias exec fixmyrt clear ip route 198.92.116.16
Related Command
To add a permanent entry in the ARP cache, use the arp global configuration command. To remove an entry from the ARP cache, use the no form of this command.
Syntax Description
| ip-address | IP address in four-part dotted-decimal format corresponding to the local data interface address. |
| hardware-address | Local data interface address (a 48-bit address). |
| type | Encapsulation description. For Ethernet interfaces, this is typically the arpa keyword. |
| alias | (Optional) Indicates that the switch should respond to ARP requests as if it were the owner of the specified address. |
Default
No entries are permanently installed in the ARP cache.
Command Mode
Global configuration.
Usage Guidelines
The switch uses ARP cache entries to translate 32-bit IP addresses into 48-bit hardware addresses.
Because most hosts support dynamic resolution, you generally do not need to specify static ARP cache entries.
Example
The following is an example of a static ARP entry for a typical Ethernet host.
Switch(config)# arp 192.31.7.19 0800.0900.1834 arpa
Related Command
show arp
To control the interface-specific handling of IP address resolution into 48-bit Ethernet, use the arp interface configuration command. To disable an encapsulation type, use the no form of this command.
Syntax Description
| arpa | Standard Ethernet-style ARP (RFC 826). |
| probe | HP Probe protocol for IEEE-802.3 networks. |
| snap | ARP packets conforming to RFC 1042. |
Default
Standard Ethernet-style ARP.
Command Mode
Interface configuration.
Usage Guidelines
Arguments to the arp command are not mutually exclusive. Each command enables or disables a specific type of ARP. For example, if you enter the arp arpa command followed by the arp probe command, the switch sends three packets (two for probe and one for arpa) each time it needs to discover a MAC address.
The arp probe command allows the switch to use the Probe protocol (in addition to ARP) whenever attempting to resolve an IEEE-802.3 or Ethernet local data interface address. The subset of Probe that performs address resolution is called Virtual Address Request and Reply. Using Probe, the switch communicates transparently with Hewlett-Packard IEEE-802.3 hosts using this type of data encapsulation.
The show interfaces EXEC command displays the type of ARP being used on a particular interface. To remove all nonstatic entries from the ARP cache, use the clear arp-cache privileged EXEC command.
Example
The following example enables probe services.
Switch(config)# interface ethernet 2/0/0 Switch(config-if)# arp probe
Related Command
To configure how long an entry remains in the ARP cache, use the arp timeout interface configuration command. To restore the default value, use the no form of this command.
Syntax Description
| seconds | Time, in seconds, that an entry remains in the ARP cache. A value of 0 means that entries are never cleared from the cache. |
Default
14400 seconds (4 hours).
Command Mode
Interface configuration that is not valid for ATM interfaces. Only applies to interfaces in the ASP.
Usage Guidelines
This command is ignored when issued on interfaces that do not use ARP. The show interfaces EXEC command displays the ARP timeout value. The value follows the "Entry Timeout:" heading, as shown in the following show interfaces display.
Switch(configif)# Switch# ARP type: ARPA, PROBE, Entry Timeout: 14400 sec
Example
The following example sets the ARP timeout to 12000 seconds to allow entries to time out more quickly than the default.
Switch(config)# interface ethernet 2/0/0 Switch(config-if)# arp timeout 12000
Related Command
To configure extended BOOTP requests for asynchronous interfaces as defined in RFC 1084, use the async-bootp global configuration command. Use the no form of this command to restore the default.
Syntax Description
| tag | Item being requested; expressed as filename, integer, or IP dotted-decimal address. See Table 1-8 for possible values. |
| :hostname | (Optional) This entry applies only to the host specified. The argument :hostname accepts both an IP address and a logical host name. |
| data | List of IP addresses entered in dotted-decimal notation or as logical host names, as a number, or as a quoted string. |
Table 1-8 : Async-BOOTP Tag Keywords
| Keyword | Description |
|---|---|
| bootfile | Specifies use of a server boot file from which to download the boot program. Use the optional :hostname and data arguments to specify the filename. |
| subnet-mask mask | Dotted-decimal address specifying the network and local subnetwork mask (as defined by RFC 950). |
| time-offset offset | Signed 32-bit integer specifying the time offset of the local subnetwork in seconds from Universal Coordinated Time (UTC). |
| gateway address | Dotted-decimal address specifying the IP addresses of gateways for this subnetwork. A preferred gateway should be listed first. |
| time-server address | Dotted-decimal address specifying the IP address of time servers (as defined by RFC 868). |
| IEN116-server address | Dotted-decimal address specifying the IP address of name servers (as defined by IEN 116). |
| DNS-server address | Dotted-decimal address specifying the IP address of Domain Name Servers (as defined by RFC 1034). |
| log-server address | Dotted-decimal address specifying the IP address of an MIT-LCS UDP log server. |
| quote-server address | Dotted-decimal address specifying the IP address of Quote of the Day servers (as defined in RFC 865). |
| lpr-server address | Dotted-decimal address specifying the IP address of Berkeley UNIX Version 4 BSD servers. |
| impress-server address | Dotted-decimal address specifying the IP address of Impress network image servers. |
| rlp-server address | Dotted-decimal address specifying the IP address of Resource Location Protocol (RLP) servers (as defined in RFC 887). |
| hostname name | The name of the client, which might or might not be domain-qualified, depending on the site. |
| bootfile-size value | A 2-octet value specifying the number of 512-octet (byte) blocks in the default boot file. |
Default
If not extended, BOOTP commands are entered and the switch software generates a gateway and subnet mask appropriate for the local network.
Command Mode
Global configuration.
Usage Guidelines
Use the EXEC command show async-bootp to list the configured parameters. Use the no async-bootp command to clear the list.
Examples
The following example illustrates how to specify different boot files---one for a PC and one for a Macintosh. With this configuration, a BOOTP request from the host on 128.128.1.1 results in a reply listing the boot filename as pcboot. A BOOTP request from the host named mac results in a reply listing the boot filename as macboot.
Switch(config)# async-bootp bootfile:128.128.1.1 "pcboot" Switch(config)# async-bootp bootfile:mac "macboot"
The following example specifies a subnet mask of 255.255.0.0.
Switch(config)# async-bootp subnet-mask 255.255.0.0
The following example specifies a negative time offset of the local subnetwork of -3600 seconds.
Switch(config)# async-bootp time-offset -3600
The following example specifies the IP address of a time server.
Switch(config)# async-bootp time-server 128.128.1.1
Related Command
Use the atm abr-mode command on ABR connections to select efci marking, relative-rate marking, or both. To assign the default value to ABR mode, use the no form of this command.
Syntax Description
| efci | When cells arrive on ABR connections to a congested (as indicated by efci threshold) output queue on the interface, the efci bit in the cell header is set. |
| relative-rate | When a backward RM-cell is received on an ABR connection on an interface (from outside the switch), its congestion-bit is set if the forward-direction interface abr-ubr output-queue is congested (as indicated by the abr relative-rate threshold). |
| all | Indicates both efci and relative-rate modes of congestion notification. |
Default
relative-rate.
Command Mode
Global configuration.
Usage Guidelines
This global configuration command changes the global type of notification used on ABR connections to send a congestion alert to the end stations. This change can be made if the switch connects to a network or end station that uses the new technique. The use of all causes both efci and relative-rate marking to be used.
If the ABR/UBR output queue of the forward-direction interface of the connection is congested, using the relative-rate argument marks a backward RM cell on an ABR connection when it is queued to the ABR/UBR output queue of the backward-direction interface.
Example
In the following example, the abr mode of the switch is set to efci.
Switch(config)# atm abr-mode efci
Related Command
To subscribe an interface or subinterface to an existing ATM address pattern-matching filter expression, use the atm access-group interface configuration command. To delete an address access filter subscription on a specified interface of subinterface, use the no form of this command.
Syntax Description
| name | The filter expression or filter set.
· in Indicates you should apply the filter to incoming SETUP message. · out Indicates you should apply the filter to outgoing SETUP message. |
Default
Out.
Command Mode
Interface configuration.
Usage Guidelines
This command affects ATM signalling SETUP requests received or transmitted by the switch on an interface.
You should use the atm filter-set command prior to using this command. Filter sets and expressions are described in this manual in the descriptions for the atm filter-expr, atm filter-set, and atm template-alias global configuration commands.
Each interface has only one access group. If you create a new access group, it overrides any existing group.
Example
The following is sample output from the atm access-group command.
Switch(config-if)# atm access-group atm_filter_expr1 in Switch(config-if)# atm access-group atm_filter_expr2 out
Related Commands
atm filter-expr
atm filter-set
atm template-alias
show atm filter-expr
show atm filter-set
To assign a 20-byte ATM address to the switch, use the atm address command. To delete a specific ATM address, use the no form of this command.
Syntax Description
| address-template | The address template can be a full 20-byte address or a partial 13-byte prefix followed by an ellipsis (...). When a partial address is assigned, this command automatically sets one of the switch's 6-byte MAC addresses in the ESI part and puts a 0 in the sector part. |
Default
When no atm address has been configured, an autoconfigured ATM address is assigned. Refer to the LightStream 1010 ATM Switch User Guide for more information.
Command Mode
Global configuration.
Usage Guidelines
You can have multiple ATM addresses. When you delete the most current address, the next address becomes available.
In autoconfiguration mode, the switch establishes an address according to the format specified in the software configuration guide.
The first 13-byte prefix of this address is used by ILMI to assign addresses to end stations connected to the UNI ports (unless there is a prefix assigned per port). PNNI also summarizes this prefix automatically in reachable address advertisements. Refer to the auto-summary command for more information.
For two switches to belong to the same PNNI peer group, they need to have the same peer group identifier. Peer group identifiers must be prefixes of private ATM addresses, which means the organization that administers the peer group has assignment authority over that prefix (refer to the LightStream 1010 ATM Switch Software Configuration Guide for more information).
In autoconfiguration mode all switches have the same peer group identifier based on the first 7 bytes of the autoconfigured ATM address.
The first 13-byte prefix is also used to automatically generate ATM addresses for each ATM interface that can be used for soft PVCs and PVPs to identify the destination ATM interface.
Related Commands
atm prefix
auto-summary
show atm address
To enable the switch to engage in address registration with the Interim Local Management Interface (ILMI), use the atm address-registration interface configuration command. To disable ILMI address registration functions, use the no form of this command.
Syntax Description
This command has no keywords or arguments.
Default
Enabled.
Command Mode
Interface configuration.
Usage Guidelines
This command does not apply to the CPU interface.
This command enables a switch to register its address with the ILMI when specific events occur, such as incoming SNMP traps or incoming new network prefixes.
Example
The following example disables an ATM address-registration on ATM interface 1/0/0.
Switch(config)# interface atm 1/0/0 Switch(config-if)# no atm address-registration
Related Command
To identify an ATM Address Resolution Protocol (ARP) server for the IP network or set time-to-live (TTL) values for entries in the ATM ARP table, use the arp-server interface configuration command.
Syntax Description
| self | (Optional) Specifies the current switch as the ATM ARP server. |
| time-out minutes | (Optional) Number of minutes a destination entry listed in the ATM ARP server's ARP table is kept before the server takes any action to verify or time out the entry. |
| nsap nsap-address | (Optional) Network service access point (NSAP) address of an ATM ARP server. |
Default
The ARP server process is disabled. The default timeout value is 20 minutes.
Command Mode
Interface configuration.
Usage Guidelines
If an NSAP address is specified, the ARP client on this interface uses the specified host as an ARP server.
Multiple ATM ARP servers can be specified by repeating the command. The no option is used to remove the definition of an ATM ARP server. If self is specified, this interface acts as the ARP server for the logical IP network.
The ATM ARP server takes one of the following actions if a destination listed in the server's ARP table expires:
This implementation follows RFC 1577, Classical IP over ATM.
Related Command
To enable or disable the autolink, use the atm auto-configuration interface command command. To disable this feature, use the no form of this command.
Syntax Description
This command has no arguments or keywords.
Default
Enabled.
Command Mode
Interface configuration.
Usage Guidelines
This feature determines the role the local interface has (such as user/network) on the UNI. This feature is activated automatically when an interface comes up with or without a reset.
Use the shutdown command before using this command to shut down the interface.
Related Command
atm backward-max-burst-size-clp0
To change the maximum number of high-priority cells coming from the destination to the source at the burst level on the switched virtual circuit (SVC), use the atm backward-max-burst-size-clp0 map-class configuration command. The no form of this command restores the default.
Syntax Description
| cell-count | Maximum number of high-priority cells coming from the destination switch at the burst level. |
Default
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
Command Mode
Map-class configuration.
Usage Guidelines
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp0 indicates this command affects only cells with a cell loss priority (CLP) of 0 (high-priority cells).
Example
The following example sets the maximum number of high-priority cells coming from the destination switch at the burst level to 800 cells.
Switch(config)# map-class atm 1/0/0 Switch(config-map-class)# atm backward-max-burst-size-clp0 800
atm backward-max-burst-size-clp1
To change the maximum number of low-priority cells coming from the destination to the source at the burst level on the SVC, use the atm backward-max-burst-size-clp1 map-class configuration command. The no form of this command restores the default value.
Syntax Description
| cell-count | Maximum number of low-priority cells coming from the destination at the burst level. |
Default
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
Command Mode
Map-class configuration.
Usage Guidelines
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp1 indicates that this command affects only cells with a cell loss priority (CLP) of 1 (low-priority cells).
Example
The following example sets the maximum number of low-priority cells coming from the destination switch at the burst level to 100,000.
Switch(config)# map-class atm 1/0/0 Switch(config-map-class)# atm backward-max-burst-size-clp1 100000
atm backward-peak-cell-rate-clp0
To change the peak rate of high-priority cells coming from the destination to the source on the SVC, use the atm backward-peak-cell-rate-clp0 map-class configuration command. The no form of this command restores the default.
Syntax Description
| rate | Maximum rate in kilobits per second (Kbps) that this SVC can receive high-priority cells from the destination switch. Maximum upper range is 155,000 Kbps. |
Default
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
Command Mode
Map-class configuration.
Usage Guidelines
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp0 indicates that this command affects only cells with a cell loss priority (CLP) of 0 (high-priority cells).
Example
The following example sets the peak rate for high-priority cells from the destination switch to 8000 Kbps.
Switch(config)# map-class atm 1/0/0 Switch(config-map-class)# atm backward-peak-cell-rate-clp0 8000
atm backward-peak-cell-rate-clp1
To change the peak rate of low-priority cells coming from the destination to the source on the SVC, use the atm backward-peak-cell-rate-clp1 map-class configuration command. The no form of this command restores the default.
Syntax Description
| rate | Maximum rate in kilobits per second (Kbps) that this SVC can receive low-priority cells from the destination switch. Maximum upper range is 155,000 Kbps. |
Default
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
Command Mode
Map-class configuration.
Usage Guidelines
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp1 indicates this command affects only cells with a cell loss priority (CLP) of 1 (low-priority cells).
Example
The following example sets the peak rate for low-priority cells from the destination switch to 7000 Kbps.
Switch(config)# map-class atm 1/0/0 Switch(config-map-class)# atm backward-peak-cell-rate-clp1 7000
atm backward-sustainable-cell-rate-clp0
To change the sustainable rate of high-priority cells coming from the destination to the source on the SVC, use the atm backward-sustainable-cell-rate-clp0 map-class configuration command. The no form of this command restores the default.
Syntax Description
| rate | Sustainable rate in kilobits per second (Kbps) that this SVC can receive high-priority cells from the destination switch. Maximum upper range is 155,000 Kbps. |
Default
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
Command Mode
Map-class configuration.
Usage Guidelines
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp0 indicates this command affects only cells with a cell loss priority (CLP) of 0 (high-priority cells).
Example
The following example sets the sustainable rate for high-priority cells from the destination switch to 800 Kbps.
Switch(config)# map-class atm 1/0/0 Switch(config-map-class)# atm backward-sustainable-cell-rate-clp0 800
atm backward-sustainable-cell-rate-clp1
To change the sustainable rate of low-priority cells coming from the destination to the source on the SVC, use the atm backward-sustainable-cell-rate-clp1 map-class configuration command. The no form of this command restores the default value.
Syntax Description
| rate | Sustainable rate in kilobits per second (Kbps) that this SVC can receive low-priority cells from the destination. Maximum upper range is 155,000 Kbps. |
Default
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
Command Mode
Map-class configuration.
Usage Guidelines
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp1 indicates this command affects only cells with a cell loss priority (CLP) of 1 (low-priority cells).
Example
The following example sets the sustainable rate for low-priority cells from the destination switch to 700 kbps.
Switch(config)# map-class atm 1/0/0 Switch(config-map-class)# atm backward-sustainable-cell-rate-clp1 700
To change the resource management interface controlled link sharing parameters, use the atm cac link command. To reset the parameter values to the default, use the no form of this command.
To change the best-effort interface connection limit, use the atm cac best-effort-limit command. To disable the best-effort limit, use the no form of this command.
To change the interface maximum for individual traffic parameters allowed on connection setup, use the following command. To reset the maximum value to the default value, use the no form of the command.
Syntax Description
| receive | The configured parameter applies to the flow of traffic into the switch on the interface (or to the CPU on the CPU interface). |
| transmit | The configured parameter applies to the flow of traffic out of the switch on the interface (or from the CPU on the CPU interface). |
| percent | The percent of interface bandwidth, from 0 to 95 percent. |
| cbr | The constant bit rate connection. |
| vbr | The variable bit rate connection. |
| abr | The available bit rate connection. |
| ubr | The unspecified bit rate connection. |
| rate | A positive integer, measured in kilobits per second, in the range of 0 through 910533065. |
| conn-value | The number of best-effort connections allowed on the interface (0 through 32768). |
| cell-count | The limit parameter used in the GCRA policing algorithm (cell-count expresses cell times in the range 0 through 2147483647). |
Default
No link-sharing, best-effort limits, or parameter limits.
Command Mode
Interface configuration.
Usage Guidelines
The atm cac commands provide the ability to tune parameters used in the Connection Admission Control functions performed by Resource Management. The three types of parameters, which are configured per interface, are described in Table 1-9. Any changes made to these parameters only affect subsequent connection setups.
Table 1-9 : Connection Admission Control Interface Parameters
| Parameter | Description |
|---|---|
| controlled link sharing | Specifies the minimum and maximum bandwidth that can be allocated to guaranteed service (CBR or VBR) connections. Maxima can be specified for CBR, VBR, and the aggregate of CBR and VBR. Minima can be specified for CBR and VBR. These parameters, for a direction, are interrelated as follows (assuming these parameters are defined):
|
| traffic parameter limits | Specifies maximum traffic parameters (peak-cell-rate, etc.) that are allowed on VC setup. These can be specified independently by service category and traffic direction. |
| best-effort connection limits | A limit on the total number of ABR and UBR connections on the interface. |
For UBR connections, cell rate is not checked in CAC. By specifying a peak-cell-rate limit, CAC rejects connections that exceed the limit.
This following commands are a subset of the interface configuration and are supported for the subinterface configuration.
The following command is not supported for the subinterface configuration.
Example
In the following example, a peak-cell-rate traffic parameter limit of 3001 Kbps is defined for ABR connections in the receive direction on the interface.
Switch(config-if)# atm cac max-peak-cell-rate abr receive 3001
In the following example, the maximum bandwidth that can be allocated to VBR connections in the transmit direction on the interface is limited to 61 percent of the total bandwidth.
Switch(config-if)# atm cac link-sharing max-bandwidth vbr transmit 61
In the following example, the number of best-effort connections allowed on the interface is limited to 200.
Switch(config-if)# atm cac best-effort-limit 200
Related Command
atm connection-traffic-table-row
To create a table entry, use the atm connection-traffic-table-row global configuration command. To delete an entry, use the no form of this command.
Syntax Description
| row-index | Is an integer in the range of 1 through 1073741823. |
| rate | Is a positive integer, measured in kilobits per second, in the range of 0 through 910533065. |
| cell-count | Is used with tolerance and is the limit parameter used in the GCRA policing algorithm. It is an integer, with a range of 0 through 2147483647. The tolerance is expressed in cell-times (2.72 microseconds at 155.2 Mbps). For peak-cell-rate policing on cbr and ubr connections, the tolerance value is CDVT. For sustained-cell-rate policing on vbr-rt and vbr-nrt connections, the tolerance value is the Maximum Burst Size. |
Default
Rows 1 through 6 in the table are predefined.
Command Mode
Global configuration.
Usage Guidelines
This command sets up the traffic characteristics used in PVC definition. The characteristics are stored as rows of a table. The row index is referenced when a PVC is created using the atm pvc interface command.
When the atm connection-traffic-table-row command is issued, without the index clause, software uses a free row-index, which is displayed to the user if the command is successful.
When the tolerance parameter is not specified in the creation of a row, a default value is chosen by software to use if UPC is enabled.
For ubr only, specifying peak-cell-rate is optional.
Six connection traffic table rows are defined by default and are numbered 1-6. Row 1 is the default row used by the atm pvc command if no rows are explicitly specified. Rows 2-6 are used for well-known vcs on a vp tunnel subinterface, depending on the service category of the underlying vp. Default rows cannot be deleted.
Example
In the following example, a cbr Connection Traffic Table row is defined with index 200 and a peak-cell-rate of 7743 Kbps.
Switch(config)# atm connection-traffic-table-row index 200 cbr peak-cell-rate 7743
Related Commands
atm pvc
atm pvp
show atm connection-traffic-table
To configure an ATM address filter that matches patterns, use the atm filter-expr global configuration command. To delete the specified filter, use the no form of this command.
Syntax Description
| name | The name of the pattern-matching filter expression. |
| term | Can be any of the following:
· a previously defined address pattern-matching expression · source <filter-set name> ---filter set applied to calling-party address · destination <filter-set name> ---filter set applied to called-party address |
Default
Permit.
Command Mode
Global configuration.
Usage Guidelines
The first form listed defines a simple filter expression that is pattern-matched only if the pattern given by term is matched.
The second form defines a filter expression that is pattern-matched only if the pattern given by term is not matched.
The third form defines a filter expression that is pattern-matched if either of the patterns given by the two terms are matched.
The fourth form defines a filter expression that is pattern-matched only if both of the patterns given by the two terms are matched.
The fifth form defines a filter expression that is pattern-matched only if one of the patterns, but not both, given by the two terms is matched.
For commands with two terms, that is, commands using logical operators or, and, and xor, the evaluation sequence is from left to right of the expression. Further, for commands using logical operators or and and, the evaluation for the second term is conducted only when necessary, that is, the evaluation for the second term is omitted if the truth or falsehood can already be concluded from the evaluation for the first term.
Example
The following is sample output from the atm filter-expr command.
Switch(config)# atm filter-expr atm_filter_expr1 not source atm_filter_set1 Switch(config)# atm filter-expr atm_filter_expr2 source atm_filter_set1 and destination atm_filter_set2
Related Command
To configure an ATM address filter set, use the atm filter-set global configuration command. To delete the specified filter set, use the no form of this command.
Syntax Description
| name | The name of the filter set. |
| permit | Permission to accept an incoming call or forward an outgoing call on an interface/subinterface if the address pattern-matching succeeds. |
| deny | Denial to accept an incoming call or forward an outgoing call on an interface or subinterface if the address pattern-matching succeeds. |
| template | An ATM address, address template, or an ATM address template alias. |
Default
Permit.
Command Mode
Global configuration.
Usage Guidelines
If neither permit nor deny is specified, permit is assumed. If an address does not match any of the filter set entries, an implicit "deny" is returned as the permit/deny action of the filter set.
Example
The following is an example of the atm filter-set command.
Switch(config)# atm filter-set filter_set1 permit 47.0091.8100.0000.0003.bbe4.aa01.4000.0c80.0000.64 Switch(config)# atm filter-set filter_set3 deny 47.840F... Switch(config)# no atm filter-set filter_set3
atm forward-max-burst-size-clp0
To change the maximum number of high-priority cells going from the source to the destination at the burst level on the SVC, use the atm forward-max-burst-size-clp0 map-class configuration command. The no form of this command restores the default value.
Syntax Description
| cell-count | Maximum number of high-priority cells going from the source switch at the burst level. |
Default
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
Command Mode
Map-class configuration.
Usage Guidelines
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp0 indicates this command affects only cells with a cell loss priority (CLP) of 0 (high-priority cells).
Example
The following example sets the maximum number of high-priority cells going from the source switch at the burst level to 100,000.
Switch(config)# map-class atm 1/0/0 Switch(config-map-class)# atm forward-max-burst-size-clp0 100000
atm forward-max-burst-size-clp1
To change the maximum number of low-priority cells going from the source to the destination at the burst level on the SVC, use the atm forward-max-burst-size-clp1 map-class configuration command. The no form of this command restores the default value.
Syntax Description
| cell-count | Maximum number of low-priority cells going from the source switch at the burst level. |
Default
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
Command Mode
Map-class configuration.
Usage Guidelines
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp1 indicates this command affects only cells with a cell loss priority (CLP) of 1 (low-priority cells).
Example
The following example sets the maximum number of low-priority cells going from the source switch at the burst level to 100,000.
Switch(config)# map-class atm 1/0/0 Switch(config-map-class)# atm forward-max-burst-size-clp1 100000
atm forward-peak-cell-rate-clp0
To change the peak rate of high-priority cells going from the source to the destination on the SVC, use the atm forward-peak-cell-rate-clp0 map-class configuration command. The no form of this command restores the default value.
Syntax Description
| rate | Maximum rate in kilobits per second (kbps) that this SVC can send high-priority cells from the source switch. Maximum upper range is 155,000 kbps. |
Default
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
Command Mode
Map-class configuration.
Usage Guidelines
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp0 indicates this command affects only cells with a cell loss priority (CLP) of 0 (high-priority cells).
Example
The following example sets the peak high-priority cell rate from the source switch to 1000 Kbps.
Switch(config)# map-class atm 1/0/0 Switch(config-map-class)# atm forward-peak-cell-rate-clp0 1000
atm forward-peak-cell-rate-clp1
To change the peak rate of low-priority cells coming from the source to the destination on the SVC, use the atm forward-peak-cell-rate-clp1 map-class configuration command. The no form of this command restores the default value.
Syntax Description
| rate | Maximum rate in kilobits per second (kbps) that this SVC can send low-priority cells from the source. Maximum upper range is 155,000 kbps. |
Default
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
Command Mode
Map-class configuration.
Usage Guidelines
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp1 indicates this command affects only cells with a cell loss priority (CLP) of 1 (low-priority cells).
Example
The following example sets the peak low-priority cell rate from the source switch to 100,000 kbps.
Switch(config)# map-class atm 1/0/0 Switch(config-map-class)# atm forward-peak-cell-rate-clp1 100000
atm forward-sustainable-cell-rate-clp0
To change the sustainable rate of high-priority cells coming from the source to the destination on the SVC, use the atm forward-sustainable-cell-rate-clp0 map-class configuration command. The no form of this command restores the default value.
Syntax Description
| rate | Sustainable rate in kilobits per second (kbps) that this SVC can send high-priority cells from the source. Maximum upper range is 155,000 kbps. |
Default
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
Command Mode
Map-class configuration.
Usage Guidelines
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp0 indicates this command affects only cells with a cell loss priority (CLP) of 0 (high-priority cells).
Example
The following example sets the sustainable rate for high-priority cells from the source switch to 100,000 kbps.
Switch(config)# map-class atm 1/0/0 Switch(config-map-class)# atm forward-sustainable-cell-rate-clp0 100000
atm forward-sustainable-cell-rate-clp1
To change the sustainable rate of low-priority cells coming from the source to the destination on the SVC, use the atm forward-sustainable-cell-rate-clp1 map-class configuration command. The no form of this command restores the default value.
Syntax Description
| rate | Sustainable rate in kilobits per second (kbps) that this SVC can send low-priority cells from the source. Maximum upper range is 155,000 kbps. |
Default
-1. The switch does not request this quality of service (QOS) parameter of the ATM switch, so the switch provides a "best effort service." The switch drops cells if there is not enough buffer space.
Command Mode
Map-class configuration.
Usage Guidelines
This command defines a quality of service (QOS) parameter for the SVC connection.
The keyword clp1 indicates that this command affects only cells with a cell loss priority (CLP) of 1 (low-priority cells).
Example
The following example sets the sustainable rate for low-priority cells from the source switch to 100,000 kbps.
Switch(config)# map-class atm 1/0/0 Switch(config-map-class)# atm forward-sustainable-cell-rate-clp1 100000
To change the idle timer for SVCs on an interface that will cause the SVCs to disconnect when inactive for a specified interval, use the atm idle-timeout interface configuration command. To return to the default setting, use the no form of this command.
Syntax Description
| seconds | Number of seconds the SVC can be inactive before disconnecting. Setting seconds to 0 disables idle timeouts. |
Default
300 seconds.
Command Mode
Interface configuration. This command applies only to the CPU interface (ATM 2/0/0).
Usage Guidelines
To disable idle timeouts entirely, set the value of seconds to zero.
To configure ATM IISP (Interim Interswitch Signaling Protocol) on the specified physical or logical (VP tunnel) port, use the atm iisp interface configuration command.
Syntax Description
| side | Specified as user | network. The default is network. |
| ver | Specified as 3.0 or 3.1. |
Command Mode
Interface configuration.
Usage Guidelines
Refer to the LightStream 1010 ATM Switch Software Configuration Guide for more information about this command.
Before using this command the interface must be administratively shut down and autoconfiguration mode has to be disabled.
Example
Configure an IISP interface (user-side, version 3.0 or 3.1) with maximum vci-bits is 12, on card 3, subcard 1, and port 2.
Switch# interface atm 3/1/2 Switch# shutdown Switch# no atm auto-configuration Switch(config-if)# atm iisp side user ver 3.0 Switch(config-if)# atm maxvci-bits 12 Switch(config-if)# no shutdown
Configure IISP (network-side) on logical interface and uses the defaults for this command.
Switch(config-if)# interface atm 4/1/3.100 Switch# shutdown Switch# no atm auto-configuration Switch(config-if)# atm iisp Switch(config-if)# no shutdown
Related Commands
atm connection-traffic-table-row
atm nni
atm uni
show atm iisp prefix
show atm interface
shutdown
To enable the ILMI on a port, use the atm ilmi-enable interface configuration command. To disable the ILMI, use the no form of this command.
Syntax Description
This command has no arguments or keywords.
Default
Enabled.
Command Mode
Interface configuration.
Usage Guidelines
This command does not apply to the CPU interface.
The ILMI is enabled by default; however, if the peer does not support ILMI, you should turn off the ILMI using this command. When you use the no form of this command, the switch is disabled only after restart.
Related Commands
To change the number of seconds an ILMI keepalive polls the UME, use the atm ilmi-keepalive interface configuration command. To disable ILMI keepalive, use the no form of this command.
Syntax Description
| t | Number of seconds the UME is polled. The minimum is 3 seconds. |
Default
Enabled, 5 seconds.
Command Mode
Interface configuration.
Usage Guideline
This command does not apply to the CPU interface.
When the ILMI is enabled, the ILMI keepalives are sent if the interface is a UNI or PNNI interface.
Example
The following example enables ILMI keepalive for the ATM interface 1/0/0.
Switch(config)# interface atm 1/0/0 Switch(config-if)# atm ilmi-keepalive 6
Related Commands
atm address-registration
show atm ilmi-status
To configure the LECS address advertised by the switch to the end system, use the atm lecs-address interface configuration command.
Syntax Description
| lecsaddress | Address of the LAN Emulation configuration server. |
| sequence # | Sequence number of the LECS. |
Default
If the LECS address is not configured on an interface, the LECS address that was configured using the atm-lecs-address-default global configuration command is used by default.
Command Mode
Interface configuration.
Usage Guidelines
The LECS address is provided by the switch to directly connected LANE Clients over the ILMI. LECS addresses can be configured on both interface and global levels. The globally configured address is sent to a port only if there is no LECS address configured on that port. The sequence number provides the position of this address in the ordered LECS address table.
Related Commands
atm lecs-address-default
show atm ilmi-configuration
To configure the LECS address advertised by the switch to the end system, use the atm lecs-address-default global configuration command.
Syntax Description
| lecsaddress | Address of the LAN Emulation configuration server. |
| sequence # | Sequence number of the LECS. |
Default
None.
Command Mode
Global configuration.
Usage Guidelines
The LECS address is provided by the switch to directly connected LANE Clients over the ILMI. LECS addresses can be configured on both interface and global levels. The globally configured address is sent to a port only if there is no LECS address configured on that port. The sequence number provides the position of this address in the ordered LECS address table.
Related Commands
atm lecs-address
show atm ilmi-configuration
To alter the propagation delay component of the cell-transfer delay offered by an interface, use the atm link-distance command. To reset the propagation delay to the default value, use the no form of this command.
Syntax Description
| p-value | Specified in units of kilometers (which is then divided by the speed of light in kps to derive a propagation delay in microseconds (0-65535)). |
Default
Value is 0.
Command Mode
Interface configuration.
Usage Guidelines
The cell-transfer delay is used for the resource connection admission control of a CBR or VBR-RT connection.
This resource management command is supported for interface and subinterface configurations and when interface metrics are provided to PNNI routing.
Related Command
To configure the maximum number of ATM virtual channels (VC) supported on the ATM interface, use the atm maxvc-number interface configuration command. To restore the default value, use the no form of this command.
Syntax Description
| max_vc_no | Maximum number of supported virtual channels. |
Default
32768 virtual channels.
Command Mode
Interface configuration.
Usage Guidelines
Before using this command, the interface must be administratively shut down.
Example
The following example sets the maximum number of ATM virtual channels supported on interface ATM 0/0/0 to 8000.
Switch(config)#interface atm 0/0/0 Switch(config-if)#shutdown Switch(config-if)#atm maxvc-number 8000
Related Commands
atm maxvci-bits
atm pvc
show atm interface
shutdown
To configure the maximum number of active bits of virtual channel identifier (VCI) supported on an ATM interface, use the atm maxvci-bits interface configuration command. To restore the default value, use the no form of this command.
Syntax Description
| max_vci_bits | Maximum number of active bits supported on an ATM interface. |
Default
14 bits.
Command Mode
Interface configuration.
Usage Guidelines
Before using this command, the interface must be administratively shut down and autoconfiguration mode has to be disabled.
Example
The following example sets the maximum number of active VCI bits to 10 for interface ATM 0/0/0.
Switch(config)#interface atm 0/0/0 Switch(config-if)#shutdown Switch(config-if)#no atm auto-configuration Switch(config-if)#maxvci-bits 10
Related Commands
atm connection-traffic-table-row
atm maxvc-number
atm pvc
show atm interface
shutdown
To configure the maximum number of ATM virtual paths (VP) supported on an ATM interface, use the atm maxvp-number interface configuration command. To restore the default value, use the no form of this command.
Syntax Description
| max_vp_no | Maximum number of supported virtual paths. |
Default
255 virtual paths.
Command Mode
Interface configuration.
Usage Guidelines
Before using this command, the interface must be administratively shut down.
Example
The following example sets the maximum number of ATM virtual paths supported on interface atm 0/0/1 to 128.
Switch(config)# interface atm 0/0/1 Switch(config-if)# shutdown Switch(config-if)# atm maxvp-number 128
Related Command
atm maxvpi-bits
atm pvp
show atm interface
shutdown
To configure the maximum number of active bits of virtual path identifier (VPI) supported on an ATM interface, use the atm maxvpi-bits interface configuration command. To restore the default value, use the no form of this command.
Syntax Description
| max_vpi_bits | Maximum number of active vpi bits supported on an ATM interface. |
Default
8 bits.
Command Mode
Interface configuration.
Usage Guidelines
Before using this command, the interface must be administratively shut down and autoconfiguration mode has to be disabled.
Example
The following example sets the maximum number of active VPI bits to 6 for interface ATM 0/0/0.
Switch(config)# interface atm 0/0/0 Switch(config-if)# shutdown Switch(config-if)# no atm auto-configuration Switch(config-if)# maxvpi-bits 6
Related Commands
atm connection-traffic-table-row
atm maxvp-number
atm pvp
show atm interface
shutdown
To enable point-to-multipoint signaling to the ATM switch, use the atm multipoint-signaling interface configuration command. To disable point-to-multipoint signaling to the ATM switch, use the no form of this command.
Syntax Description
This command has no keywords and arguments.
Default
Interface configuration.
Command Mode
Interface configuration.
Usage Guidelines
This command only applies to the CPU and IP interface. If multipoint signaling is enabled, the switch uses existing static map entries that have the broadcast keyword set to establish multipoint calls. One call is established for each logical subnet of each protocol.
All destinations are added to the call. One multicast packet is sent to the ATM switch for each multipoint call. The ATM switch replicates the packet to all destinations.
To configure an ATM Network Network Interface (NNI) on the specified physical or logical (VP tunnel) port, use the atm nni interface configuration command.
Syntax Description
This command has no keywords or arguments.
Command Mode
Interface configuration.
Usage Guidelines
Before using this command, the interface must be administratively shut down and autoconfiguration mode has to be disabled.
Example
Configure an ATM NNI on logical port card 4, subcard 1, and port 3 and the VPI is 99.
Switch(config-if)# interface atm 4/1/3.99 Switch(config-if)# shutdown Switch(config-if)# no atm auto-configuration Switch(config-if)# atm nni
Related Commands
atm connection-traffic-table-row
atm iisp
atm uni
show atm interface
shutdown
To define an ATM map statement for an SVC, use the atm-nsap map-list configuration subcommand in conjunction with the map-list global configuration subcommand. The no form of this command removes the address.
Syntax Description
| protocol | Specified as the keyword ip. |
| protocol-address | Destination address that is being mapped to this SVC. |
| atm-nsap-address | Destination ATM NSAP address. Must be exactly 40 hexadecimal digits long and in the correct dotted format. |
| class class-name | (Optional) Name of a table that contains encapsulation-specific parameters. Such a table can be shared between maps that have the same encapsulation. |
| broadcast | (Optional) Indicates this map entry is to be used when the corresponding protocol sends broadcast packets to the interface. |
| aal5mux | (Optional) Use aal5mux encapsulation. The default is snap. |
Default
No map statements are defined.
Command Mode
Map-list configuration.
Usage Guidelines
This command is required with the map-list command when you are configuring an SVC.
Example
In the following example, a map list is named atmsvc includes one map statement for a destination address being mapped.
Switch(config)# map-list atm 1/0/0 Switch(config-map-list)# map-list atmsvc ip 172.21.97.17 atm-nsap AB.CDEF.01.234567.890A.BCDE.F012.3456.7890.1234.12 class qos
Related Command
The following atm oam command globally configures the OAM, AIS, RDI, and loopback operation.
The following atm oam command configures the OAM, AIS, RDI, and loopback modules at the interface configuration level for a connection specified by vpi and vci.
Syntax Description
| ais | AIS operation. |
| rdi | RDI operation. |
| seg-loopback | Segment loopback. |
| end-loopback | End-to-end OAM loopback. |
| card/sub-card/port [.vpt#] | Card, subcard, port, and tunnel number for the ATM interface. |
| vpi | (Optional) Virtual path identifier. |
| vci | (Optional) Virtual channel identifier. |
| max-limit | Maximum number of OAMs supported. |
Command Mode
Global configuration.
Interface configuration.
Usage Guidelines
To enable or disable OAM operations on VP connection, only specify the vpi value. To enable or disable VC connections, you must specify both vpi and vci values.
In interface and subinterface command modes, vpt configuration is supported.
Examples
The following example globally enables AIS, RDI, and segment loopback operators for all interfaces.
Switch(config)# atm oam seg-loopback ais rdi
The following example enables end-loopback on vpi 50 vci 100 on ATM 3/0/0.
Switch(config)# interface atm 3/0/0 Switch(config-if)# atm oam 50 100 end-loopback
The following example enables or disables the OAM, AIS, RDI, and loopback operation to a specified connection.
Switch(config-if)# no atm oam 12 100 Switch(config-if)# atm oam 19 rdi Switch(config-if)# atm oam 100 200 ais rdi Switch(config-if)# atm oam 34 89 seg-loopback end-to
To set the maximum number of OAM connections that can be configured per switch, use the atm oam max-count global configuration command.
Syntax Description
| number | Number of maximum OAM configured connections allowed per switch. The range is 1 to 3200. |
Command Mode
Global configuration.
To change the loopback interval use the atm oam loopback-timer interface configuration command. Use the no for of this command to disable this feature.
Syntax Description
| vpi [vci] | Specifies the virtual path identifier and virtual channel identifier. |
Default
5 seconds.
Command Mode
Interface configuration.
Usage Guidelines
This command is only intended for use with atm oam seg-loopback and atm oam end-loopback.
Example
The following example shows changing the loopback timer interval to 10 seconds.
Switch(config-if) atm oam 50 100 Switch(config-if) atm loopback-timer 10
To change the output queue maximum queue size, use the atm output-queue interface configuration command. To reset the maximum queue size to the default value, use the no form of this command.
Syntax Description
| size-num | Queue size in cells, 256 to 65250. For installation in hardware, the number provided is rounded up to the next value available in the hardware. The configured and installed values are both displayed using the show atm interface command. |
Default
Varies by physical interface type, queue, and for abr-ubr or vbr-nrt queues, by the value of Over Subscription Factor (OSF).
Command Mode
Interface configuration.
Usage Guidelines
The force argument indicates that the change should be made even if it results in losing data on the interface queue (the queue must be momentarily disabled to change the threshold). This command without the force argument only changes the threshold if the interface is down. An error message is displayed and the command does not take effect if the interface is up and the force argument is not present.
This command is not supported for the subinterface configuration and does not apply to the CPU interface.
Example
In the following example, the maximum size of the vbr-nrt output queue is set to a minimum of 512 cells. This can be set even if the interface is up.
Switch(config-if)# atm output-queue force cbr max-size 512
Related Commands
atm over-subscription-factor
show atm interface rm
To change the output queue thresholds, use the atm output-threshold interface configuration command. To reset the threshold to the default value, use the no form of this command.
Syntax Description
| disc-thresh-num | Number 12, 25, 37, 50, 62, 75, 87, or 100 indicating the percentage of queue-full. Using 100 disables the threshold. |
| efci-thresh-num | Number 12, 25, 50, or 100, indicating the percentage of queue-full using 100 disables the threshold. |
| abr-thresh-num | Number 12, 25, 37, 50, 62, 75, 87, or 100 indicating the percentage of queue-full. Using 100 disables the threshold. |
| efci | When cells arrive on connections to a congested (as indicated by efci threshold) output queue on the interface, the efci bit in the cell header is set. |
| relative-rate | When a backward RM-cell is received on an ABR connection on the interface (from outside the switch), its congestion-bit is set if the interface abr-ubr output-queue is congested (as indicated by the abr relative-rate threshold). |
| discard | When a cell arrives at a congested output queue (as indicated by discard-threshold), it is eligible for clp discard (or EPD if EPD is enabled on the connection). |
Default
For all service categories discard is 87 percent and efci is 25 percent. The abr relative-rate is 25 percent.
Command Mode
Interface configuration.
Usage Guidelines
This command is not supported for the subinterface configuration. This command does not apply to the CPU interface.
Example
In the following example, the discard threshold of the VBR-NRT queue is set to 87 percent of the maximum queue size.
Switch(config-if)# atm output-threshold vbr-nrt discard 87
Related Command
To set the OSF use, the atm over-subscription-factor global configuration command. To assign the default value to OSF, use the no form of this command.
Syntax Description
| o-value | A unit free number in the range 1 through 32. |
Default
Value is 8.
Command Mode
Global configuration.
Usage Guidelines
The OSF number is a positive integer in the range from 1 through 32. This command is used to determine the initial port queue size. OSF is used to size the vbr-nrt and abr-ubr queues.
The resizing of queues can be overridden by ATM output-queues commands. Changes to atm over-subscription-factor only take place during start-up.
The sizing of vbr-nrt and abr-ubr queues isdetermined by the following equations.
size (vbr-nrt) = .25 * ((osf * 2048) - DefaultSize (cbr) - DefaultSize (vbr-rt)) size (vbr-ubr) = .75 * ((osf * 2048) - DefaultSize (cbr) - DefaultSize (vbr-rt))
The default size of the cbr and vbr queues vary by interface type as defined in the following list:
| Interface Type | Default Max Size CBR Queue | Default Max Size VBR-RT Queue |
|---|---|---|
| SONET | 256 | 256 |
| DS3/E3 | 256 | 512 |
Example
In the following example, the over-subscription-factor of the switch is set to 15. This does not take effect in resizing ubr and vbr-nrt queues unless the configuration is written to NVRAM and the switch is restarted.
Switch(config)# atm over-subscription-factor 15
Related Command
To enable or change the artificial limitation on interface output rate, use the atm pacing interface configuration command. To disable output pacing, use the no form of this command.
Syntax Description
| r-value | Bit rate in thousand bits per second (kbps). |
Default
No pacing.
Command Mode
Interface configuration.
Usage Guidelines
The force argument indicates that the change should be made even if it results in an output cell-rate that does not provide sufficient bandwidth for guaranteed service on the transmit flow of the interface. An error message is displayed and the command does not take effect if the change impacts guaranteed bandwidth and the force argument is not present.
This command is not supported for the subinterface configuration and does not apply to the CPU interface.
Example
In the following example, the transmit cell-rate of the interface is limited to the closest value possible in hardware, greater than 30,000 kbps. If the amount of bandwidth allocated to cbr and vbr connections in the transmit direction on the interface is greater than 30,000 kbps, the command fails.
Switch(config-if)# atm pacing 30000
Related Command
To specify the administrative weight of the ATM PNNI interface, use the atm pnni admin-weight interface configuration command. To return to the default values, use the no form of this command.
Syntax Description
| number | The administrative weight value assigned to the interface (1 to 1000000). Refer to the administrative-weight command for default values. |
| service-category | The keywords are CBR, VBR-RT, VBR-NRT, ABR, UBR, or all. |
Default
Determined by the mode set by administrative-weight command.
Command Mode
Interface configuration.
Usage Guidelines
This command does not apply to the CPU interface and applies only the NNI interface.
Use this command to manually set the administrative weight of an interface. Changing the administrative weight of an interface to a larger value might cause calls to be routed away from the interface.
Related Commands
administrative-weight
show atm pnni interface detail
To configure a method for selecting a link out to multiple links to the same neighbor, use the atm pnni link-selection interface configuration command. To return to the default value, use the no form of this command.
Syntax Description
| admin-weight-minimize | Transmits call on the interface with the lowest administrative weight. |
| blocking-minimize | Minimizes subsequent call blocking. |
| load-balance | Balances calls across parallel links. |
| transmit-speed-maximize | Transmits calls on highest speed parallel link. |
Default
blocking-minimize.
Command Mode
Interface configuration.
Usage Guidelines
This command does not apply to the CPU interface. This command only affects CBR and VBR calls. Load balancing is always used for UBR calls.
Link selection applies whenever the port specified in the Designated Transit List (DTL) is zero and there are multiple interfaces to the next node.
When multiple parallel links are configured inconsistently, the order of precedence of configured values is admin-weight-minimize, blocking-minimize, transmit-speed-maximize, and load-balance. For example is any links is configured as admin-weight-minimize, that becomes the default for the entire link group.
Related Command
To specify which PNNI node in the switch runs on an interface when the interface runs PNNI, use the atm pnni node node-level subcommand. To return to the default value, use the no form of this command.
Syntax Description
| node-index | An integer, from 1 through 255, identifying the PNNI node running on this switch. Currently only a single lowest-level node with node index 1 is supported. |
Default
Node index 1.
Command Mode
ATM router PNNI node level configuration.
Usage Guidelines
This command does not apply to the CPU interface. Currently node index 1 is the only valid value. Refer to the node command for more information.
By default, PNNI node 1 automatically runs on all PNNI interfaces and does not turn PNNI on or off for this interface. See the atm auto-configuration command and the atm nni commands for more information on the interface type.
Related Commands
atm auto-configuration
atm nni
To configure an ATM address prefix for an ATM interface, use the atm prefix interface configuration command. To reset the default values, use the no form of this command.
Syntax Description
| 13-byte prefix | Prefix of the ATM. |
Command Mode
Interface configuration.
Usage Guidelines
This command is used to assign an address prefix to a specific interface that is different from the admin prefix of the switch. PNNI advertises this prefix as an internal reachable address. ILMI assigns the prefix to end systems attached to this interface.
Example
The following example shows how to set an ATM prefix.
Switch(config)# interface atm 3/1/0 Switch(config-if)# atm prefix 47123456789012345678112233
Related Commands
show atm iisp prefix
show atm ilmi-status
show running-config
To create a permanent virtual channel (PVC), use the atm pvc interface configuration command. Use the long form of the atm pvc command to create a permanent virtual channel connection (PVCC). Use the short form of the atm pvc command to create a permanent virtual channel link (PVCL). To remove the specified PVC, use the no form of this command.
Syntax Description
| type | Specified as p2p | p2mp-root | p2mp-leaf. The default is p2p. |
| vpi | ATM virtual path identifier (VPI) of this PVC, in the range from 0 through 255. The VPI is an 8-bit field in the header of the ATM cell. The VPI value is unique only on an interface, not throughout the ATM network (it has local significance only). |
| vci | ATM virtual channel identifier (VCI) of this PVC, in the range of 32 through 65535. The VCI is a 16-bit field in the header of the ATM cell. The VCI value is unique only on a single interface, not throughout the ATM network (it has local significance only). |
| pd | Intelligent packet discard option. Specified as on | off. The default is off. |
| vpt # | Specifies the virtual path tunnel number. |
| encap | ATM adaptation layer (AAL) and encapsulation type and applies only to terminating connections. When aal5mux is specified, a protocol is required. Possible values are as follows:
· aal5lane (a LAN Emulation-type virtual connection). · aal5mux decnet (a MUX-type virtual connection).
|
| upc | Usage parameter control, specified as pass | tag | drop; the default is pass. The upc option can be set to tag or drop only under the following conditions:
· The ATM interface in UNI on the network side. · The ATM interface is not the CPU port (ATM 2/0/0) or a logical port (VP tunnel). · The connection is not the leaf of a point-to-multipoint connection. |
| rx-cttr | Connection traffic table row index in the received direction. The connection-traffic table row should be configured before using atm pvc command. Refer to the atm connection-traffic-table-row command for information on configuring the rx-cttr. The default is 1. |
| tx-cttr | Connection traffic table row index in the transmitted direction. The connection-traffic table row should be configured before using atm pvc command. Refer to the atm connection-traffic-table-row command for information on configuring the tx-cttr. The default is 1. |
| card/subcard/port | Card, subcard, and port number for the ATM interface. |
| inarp minutes | Specifies how often Inverse ARP datagrams are sent on this virtual connection and applies only to terminating connections. The default value is 15 minutes. Note: This applies only to terminating connections. |
Defaults
See individual commands.
Command Mode
Interface configuration.
Usage Guidelines
The commands are used to create or delete the following types of ATM connections on a switch:
When setting UBR connections the tx-cttr and the rx-cttr fields are not needed, but these fields are required when setting up a CBR or VBR connection. Refer to the atm connection-traffic-table-row command for information on configuring in the connection traffic table specified by index.
Examples
The following example shows how to set up a UBR PVC connection between interface ATM 4/0/0 and 4/0/1 with a vpi of 0 and a vci of 40.
Switch(config)# interface atm 4/0/0 Switch(config-if)# atm pvc 0 40 interface atm 4/0/1 0 40
The following example shows a display using the encap variable.
Switch(config-if)# atm pvc 100 200 interface atm 2/0/0 0 344 encap ? aal5lane AAL5+LANE Encapsulation aal5mux AAL5+MUX Encapsulation aal5snap AAL5+LLC/SNAP Encapsulation
The following example shows the commands used to establish a PVC between a logical interface (VP tunnel) on ATM 4/1/1.99 and ATM 3/0/0.
Switch(config)# interface atm 4/1/1.99 Switch(config-subif)# atm pvc 99 100 interface atm 3/0/0 0 89 Switch(config-subif)# end
Use the following show atm vc command to display all VCs on an interface.
Switch# show atm vc interface ATM4/1/1.99 %SYS-5-CONFIG_I: Configured from console by consolevc interface atm 4/1/1.99 Interface VPI VCI Type X-Interface X-VPI X-VCI Status ATM4/1/1.99 99 3 PVC ATM2/0/0 0 59 UP ATM4/1/1.99 99 4 PVC ATM2/0/0 0 60 UP ATM4/1/1.99 99 5 PVC ATM2/0/0 0 56 UP ATM4/1/1.99 99 16 PVC ATM2/0/0 0 57 UP ATM4/1/1.99 99 18 PVC ATM2/0/0 0 58 UP ATM4/1/1.99 99 100 PVC ATM3/0/0 0 89 DOWN
Use the show atm vc command to display detailed information about a specific connection.
Switch# show atm vc interface atm 4/1/1.99 99 100 Interface: ATM4/1/1.99 VPI = 99 VCI = 100 Status: DOWN Last-status-change-time: 1 Connection-type: PVC Cast-type: point-to-point Packet-discard-option: enabled Usage-Parameter-Control (UPC): pass Number of OAM-configured connections: 0 OAM-configuration: disabled OAM-states: Not-applicable Cross-connect-interface: ATM3/0/0 Cross-connect-VPI = 0 Cross-connect-VCI = 89 Cross-connect-UPC: pass Cross-connect OAM-configuration: disabled Cross-connect OAM-state: Not-applicable Rx cells: 0, Tx cells: 0 Rx connection-traffic-table-index: 1 Rx service-category: UBR (Unspecified Bit Rate) Rx pcr-clp01: 0 Rx scr-clp01: none Rx tolerance: none Tx connection-traffic-table-index: 1 Tx service-category: UBR (Unspecified Bit Rate) Tx pcr-clp01: 0 Tx scr-clp01: none Tx tolerance: none
The following example deletes the ATM transit point-to-point PVC previously configured.
Switch(config-if)# interface atm 1/1/1 Switch(config-if)# no atm pvc 50 100
Related Commands
atm connection-traffic-table-row
atm pvp
show atm interface
show atm vc
To create a permanent virtual path (PVP), use the atm pvp interface configuration command. Use the long form of the atm pvp command to create a permanent virtual path connection (PVPC). Use the short form of the atm pvp command to create a permanent virtual path link (PVPL). Use the no form of this command to remove the specified PVP.
Syntax Description
| type | Specified as p2p | p2mp-root | p2mp-leaf. The default is p2p. |
| vpi | ATM virtual path identifier (VPI) of this PVP, in the range from 1 through 255. The VPI is an 8-bit field in the header of the ATM cell. The VPI value is unique only on a single interface, not throughout the ATM network (it has local significance only). |
| upc | Usage parameter control, specified as pass | tag | drop, the default is pass. The upc option can be set to tag or drop only under the following conditions:
· The ATM interface in UNI on the network side. · The ATM interface is not the CPU port (ATM 2/0/0) or a logical port (VP tunnel). · The connection is not the leaf of a point-to-multipoint connection. |
| rx-cttr | Connection traffic table row index in the received direction. The connection-traffic table row should be configured before using atm pvc command. Refer to the atm connection-traffic-table-row command for information on configuring the rx-cttr. The default is 1. |
| tx-cttr | Connection traffic table row index in the transmitted direction. The connection-traffic table row should be configured before using atm pvc command. Refer to the atm connection-traffic-table-row command for information on configuring the tx-cttr. The default is 1. |
| card/subcard/port | Card, subcard, and port number for the ATM interface. |
Defaults
See individual commands.
Command Mode
Interface configuration.
Usage Guidelines
This command does not apply to the CPU port or logical port (VP tunnel).
The commands are used to create or delete the following types of ATM connections on a switch:
Examples
The following example configures an ATM PVP from ATM 4/1/1 to ATM 4/1/2.
Switch(config)# interface atm 4/1/1 Switch(config-if)#atm pvp 99 upc drop rx-cttr 37 tx-cttr 37 interface atm 4/1/1 88 upc tag
Use the show atm vp command to display details about the ATM. The following is an example of ATM 4/1/2.
Switch# show atm vp interface atm 4/1/2 8 Interface: ATM4/1/2 VPI = 8 Status: UP Last-status-change-time: 0 Connection-type: PVP Cast-type: point-to-point Usage-Parameter-Control (UPC): pass Number of OAM-configured connections: 0 OAM-configuration: disabled OAM-states: Not-applicable Cross-connect-interface: ATM4/1/1 Cross-connect-VPI = 9 Cross-connect-UPC: pass Cross-connect OAM-configuration: disabled Cross-connect OAM-state: Not-applicable Rx cells: 0, Tx cells: 0 Rx connection-traffic-table-index: 1 Rx service-category: UBR (Unspecified Bit Rate) Rx pcr-clp01: 0 Rx scr-clp01: none Rx tolerance: none Tx connection-traffic-table-index: 1 Tx service-category: UBR (Unspecified Bit Rate) Tx pcr-clp01: 0 Tx scr-clp01: none Tx tolerance: none
To create a VP tunnel on a physical interface, enter the interface configuration mode for the switch, then specify the PVP and create the tunnel. The following example shows the commands used to create a tunnel on ATM 4/1/1.
Switch(config)# interface atm 4/1/1 Switch(config-if)# atm pvp 99 Switch(config-if)# interface atm 4/1/1.99
Use the show atm interface command to display the interface information about ATM 4/1/1.99.
Switch# show atm interface atm 4/1/1.99 Interface: ATM4/1/1.99 Interface Status: UP Auto-configuration: enabled Auto-configuration status: waiting for response from peer Port-type: VP TUNNELING Interface-type: NNI, Interface-side: Network Uni-type: not applicable, Uni-version: not applicable Max-VPI-bits: 8, Max-VCI-bits: 14 Max-VP: 0, Max-VC: 32768 Number of PVC: 5 Number of SVC: 0 Number of SoftVC: 0 Total number of connections: 5 ATM Address for Soft VC: 48.0011.2233.4455.6677.8899.0011.4000.0c82.1010.63
Related Commands
atm connection-traffic-table-row
atm pvc
show atm interface
show atm vp
To change individual QOS objectives assigned to SVC setup messages entering the switch via UNI version 3 interfaces, use the atm qos uni3-default global configuration command. To return all objective values for a service category to the default, use the no form of this command.
Syntax Description
| microseconds | Integer number, which represents time in microseconds, in the range 0 through 16777214. |
| loss-ratio | Positive integer in the range of 1 through 15. This represents 10 - (loss-ratio). |
| any | Indicates the QOS-value is not considered in the set up of the connection. |
Default
any.
Command Mode
Global configuration.
Usage Guidelines
This command changes the individual QOS objectives used in establishing CBR or VBR SVCs. The QOS objectives are as follows:
These objectives can be set differently for each of the three service categories: CBR, VBR-RT, and VBR-NRT (VBR-NRT only uses CLR0). All UNI 3.0 or 3.1 SVC requests received for a particular service category uses the configured values. These objectives are signaled across a continuous sequence of PNNI hops, starting at the source switch.
Example
In the following example, the cbr MaxCTD objective is set to 1000 microseconds.
Switch(config)# atm qos uni3-default cbr max-cell-transfer-delay 1000
Related Command
To specify a static route to a reachable address prefix, use the atm route global configuration command. To delete a static route, use the no form of this command.
Syntax Description
| card/subcard/port | Card, subcard, and port number for the ATM interface. |
| addr-prefix | Specifies the address prefix. The address prefix has a maximum length of 19 bytes. By default, each character in the prefix is 4 bits long. To specify a part of a prefix in bits, use parens () to enclose binary numbers. The asterisk (*) wildcard character means "don't care." Wildcard character ellipses (...) after a prefix means "match any destination address that starts with the prefix." |
| .vpt# | Specifies an interface that represents a virtual path tunnel. |
| internal | Specifies an internal static route to an internal reachable address prefix. By default, a static route to an exterior reachable address prefix is created. The default is external. |
| remote-node-id | Specifies the ID number for the remote node. |
| pnni-port-id | Specifies the ID number for the PNNI port. |
Default
See individual commands.
Command Mode
Global configuration.
Usage Guidelines
The internal keyword should be used when a static route is configured to an address prefix representing an attached end system (for example, in place of an ILMI address registration).
The type of static route should be exterior, and the internal keyword should not be present when a static route is configured to an address prefix representing end systems attached to a different switch or network.
Example
The following example shows how to configure a static route on interface ATM 1/2/1 to the address prefix 47.8 of 12 bits in length.
Switch(config)# atm route 47.8... atm 1/2/1
The following example shows how to configure a static route on interface ATM 1/2/1 to the address prefix 47.88 of 14 bits in length.
Switch(config)# atm route 47.8(10*)... atm 1/2/1
Related Commands
show atm iisp prefix
show atm pnni prefix
To start the PNNI configuration mode, use the atm router pnni global configuration command.
Syntax Description
This command has no arguments or keywords.
Command Mode
Global configuration.
Usage Guidelines
Use this command to start global PNNI configuration mode.
Example
The following example shows using the atm router pnni global configuration command to change to ATM router PNNI configuration mode.
Switch(config)# atm router pnni Switch(config-atm-router)#
Related Command
To set the limits on the number of cells simultaneously allowed in the switch memory by type of output queue, use the atm service-category-limit global configuration command. To set to the default value of 65535, use the no form of this command.
Syntax Description
| l-value | Integer in the range from 0 through 65535, specified in units of cells. |
Default
65535.
Command Mode
Global configuration.
Usage Guidelines
Example
In the following example, the maximum number of abr and ubr cells allowed into the switch-fabric at one time is limited to 45,000.
Related Command
To set the current port snooping configuration and actual register values for the highest ATM interface, use the atm snoop interface atm interface configuration command.
Syntax Description
Default
Receive.
Command Mode
Interface configuration. Applies to the Snoop Test Port.
Usage Guidelines
The atm snoop interface atm subcommand applies only if the previously specified port is the highest system port residing on card 4 and subcard 1 (which has been shutdown). If so, this enables it as the Snoop Test Port. Cells transmitted from the Snoop Test Port are copies of cells from a single direction of a monitored port.
When in snoop mode, any prior permanent virtual connections to the Snoop Test Port remain in the down state.
The port number of the test port depends on the card type. Table 1-10 defines the Snoop Test Port number for various interfaces:
Table 1-10 : ATM Snoop Port Numbers
Example
The following example configures the highest port in the snoop mode to monitor port card 1, subcard 0, and port 2 in the transmit direction starting from the configuration mode.
Related Command
To create a soft PVC on the switch, use the atm soft-vc interface configuration command.
Syntax Description
Default
See individual commands.
Command Mode
Interface configuration.
Usage Guidelines
Obtain the destination port address before configuring a soft PVC by using one of the following commands on the destination switch:
The following list identifies reasons the creation of a soft PVC is unsuccessful:
Example
The following example shows how a user at the destination switch displays the address of the destination port.
Related Commands
show atm interface
To create a soft PVP on the switch, use the atm soft-vp interface configuration command.
Syntax Description
Default
See individual commands.
Command Mode
Interface configuration.
Usage Guidelines
Obtain the destination port address before configuring a soft PVP by using one of the following commands.
The following list identifies reasons why the creation of a soft PVP is unsuccessful:
Example
The following example shows how a user at the destination switch displays the address of the destination port.
At the source switch, create a soft PVP with the VP of 150, the destination port address of 47.0091.8100.0000.0003.be59.ed00.4000.0c82.0010.00, and the destination vpi of 160.
Related Commands
show atm interface
atm sustained-cell-rate-margin-factor
To change the Sustained Cell Rate Margin Factor (SCRMF), use the atm sustained-cell-rate-margin-factor global configuration command. SCRMF dictates the weight given to peak-cell-rate (PCR) in computing the bandwidth used by VBR connections. To assign the default value to SCRMF, use the no form of this command.
Syntax Description
Default
1 percent.
Command Mode
Global configuration.
Usage Guidelines
The following equation is used in CAC of VBR connections to define the bandwidth requested.
Example
In the following example, the SCRMF of the switch is set to 35 percent.
Related Command
To change the intended Usage Parameter Control (UPC) mode to use on the cell-flow received into the switch-fabric for SVCs on an interface, use the atm svc-upc-intent interface configuration command. Any change in this parameter is applied to SVCs subsequently established on the interface. To assign the default value to the parameter, use the no form of this command.
Syntax Description
Command Mode
Interface configuration.
Default
pass.
Usage Guidelines
This configuration parameter determines the UPC to use for SVCs if the interface is UNI Network-side. For other interface types, the value used is pass.
This command does not apply to the CPU interface or logical interfaces.
Example
In the following example, the intended UPC for SVCs on an interface is set to tagging.
Related Command
To configure an ATM address template alias, use the atm template-alias global configuration command. To delete the specified alias, use the no form of this command.
Syntax Description
Default
No alias list is defined.
Command Mode
Global configuration.
Usage Guidelines
Address templates are pattern forms that match one or more ATM addresses. They can be simple, single ATM addresses matching themselves or containing wildcards, prefixes, and suffixes, allowing a single template to match many addresses.
The simplest address template matches a single address, as shown in this example:
Wildcard digits, which can match any value, are indicated with asterisks (*). The following template matches the above address and any other 12-byte address that starts with 47.0005.1234.5678:
The following template matches any address of any length and begins with the prefix 47.0005.1234.5678:
In other cases, matching a suffix of the address is also important, such as when matching system IDs. The following template matches any address ending with the suffix 0000.0c01.2345.00:
You might want to match addresses on a single-bit granularity, rather than half-byte (4-bit or nibble) granularity.
This pattern matching is supported by allowing the hex digits that represent four bits to be replaced by groups of four binary bits, represented by the numbers 0 and 1. These four binary digits are enclosed within parentheses. The following template matches any address that starts with 47.0005 followed by the binary bits 10. The final two binary bits in the nibble can be either 0 or 1 and are represented with asterisks.
Use this command to define aliases for commonly referenced address templates. The use of these aliases reduces the chances for typographical error in the creation of ATM filter sets.
Example
The following example shows setting ATM template aliases.
Related Commands
show running-config
To get status for an SVC, use the atmsig status EXEC command.
Syntax Description
Command Mode
EXEC.
Usage Guidelines
Run this command to display status on a particular SVC. The virtual connections are numbered per vpi and vci interface, and they must be specified by the interface port number.
Example
The following example gets status for SVC 0 32 on ATM interface 4/0/0.
Related Command
To configure an ATM User-Network Interface (UNI) on the specified physical or logical port, use the atm uni interface configuration command.
Syntax Description
Default
See individual commands.
Command Mode
Interface configuration.
Usage Guidelines
Before using this command, the interface must be administratively shut down and autoconfiguration mode has to be disabled.
Examples
Configure a network-side private ATM UNI with maxvc = 1000, on card 3, subcard 1, and port 1.
Configure a user-side public ATM UNI on card 1, subcard 1, and port 3.
Related Commands
atm connection-traffic-table-row
To define an ATM map statement for a PVC, use the atm-vc map-list configuration command in conjunction with the map-list global configuration command. The no form of this command removes the address.
Syntax Description
Default
No map statements are defined.
Command Mode
Map-list configuration.
Usage Guidelines
This command is required with the map-list command when you are configuring an SVC.
Example
In the following example, a map list named ATM includes two map statements for protocol addresses being mapped.
Related Command
To configure the switch to execute a command or list of commands automatically when a user connects to a particular line, use the autocommand line configuration command.
Syntax Description
Default
Automatic responses are not configured.
Command Mode
Line configuration.
Usage Guidelines
This command applies to all interface on ASP.
Example
The following example forces an automatic connection to a host named host21 (which could be an IP address). In addition, the UNIX UUCP application specifies TCP socket 25, and the /stream switch enables a raw TCP stream with no Telnet control sequences.
To configure a line to start an ARA, Point-to-Point Protocol (PPP), or SLIP session, use the autoselect line configuration command. Use the no form of this command to disable this function on a line.
Syntax Description
Default
arap.
Command Mode
Line configuration.
Usage Guidelines
This command eliminates the need for users to enter an EXEC command to start an ARA, PPP, or SLIP session.
The autoselect command configures the switch to identify the type of connection being requested. For example, when a user on a Macintosh running ARA selects the Connect button, the switch automatically starts an ARA protocol session. If, on the other hand, the user is running SLIP or PPP and uses the autoselect ppp or autoselect slip command, the switch automatically starts a PPP or SLIP session, respectively. This command is appropriate for lines used to make different types of connections.
A line that does not have autoselect configured regards an attempt to open a connection as noise. When the switch does not respond, the user client then times out.
Examples
The following example enables ARA on a line.
The following example enables PPP on a line.
The following example enables ARA on a line and allows users with a modified CCL script or an unmodified script to login.
Related Commands
arp (interface)
To allow an auto FERF to be inserted when an incoming alarm is received, use the auto-ferf interface configuration command. Applies to DS3/E3 interfaces only; red applies to DS3 only.
Syntax Description
Default
no auto-ferf los.
Command Mode
Interface configuration.
Related Commands
show controllers
To allow default summary addresses to be generated based on the switch's ATM address, use the auto-summary node-level subcommand. To remove the default summary addresses, use the no form of this command.
Syntax Description
This command has no arguments or keywords.
Default
Enabled.
Command Mode
ATM router PNNI node-level configuration.
Usage Guidelines
By default, each PNNI node advertises 13-byte summary address prefixes based on the switch address or addresses. The summary address prefix or prefixes cover all end system addresses determined via ILMI address registration from the ILMI address prefix or prefixes, based on each switch's address. They do not cover end-system addresses determined via ILMI address registration from per-interface ILMI address prefixes (configured using the atm prefix command). Using the no form of this command causes PNNI to advertise all end-system addresses separately (unless other summary addressees matching the end system addresses were configured).
For more information, refer to the LightStream 1010 ATM Switch Software Configuration Guide.
Example
The following script shows how to access the auto-summary node-level subcommand.
Related Commands
atm address
Copyright 1988-1996 © Cisco Systems Inc.
Switch(config)# atm service-category-limit abr-ubr 45000
monitored_port
Card, subcard, and port number for the ATM interface to be monitored. The port can be any port except the CPU port or the test port itself.
dir
Is specified as receive or transmit and determines the direction of the cell traffic to monitor. The default is receive.
Interface
Port Number
oc3
4/1/3
oc12
4/1/0
ds3/e3
Not supported
Switch(config)# interface atm 4/1/3
Switch(config-if)# shutdown
Switch(config-if)# atm snoop interface atm 1/0/2 direction transmit
Switch(config-if)# no shutdown
[rx-cttr index][tx-cttr index] [slow-retry-interval value]
vpi_s
Source VPI number.
vci_s
Source VCI number.
address
ATM address for the destination port.
vpi_d
Destination VPI number.
vci_d
Destination VCI number.
upc
Usage parameter control, specified as pass | tag | drop, the default is pass. The upc option can be set to tag or drop only under the following conditions:
· The ATM interface in UNI on the network side.
· The ATM interface is not the CPU port (ATM 2/0/0) or a logical port (VP tunnel).
· The connection is not the leaf of a point-to-multipoint connection.
pd
Intelligent packet discard option, specified as on | off. The default is on.
rx-cttr
Connection traffic table row index in the received direction. The cttr should be configured before using atm pvc command. Refer to the atm connection-traffic-table-row command for information on configuring the rx-cttr. The default is 1.
tx-cttr
Connection traffic table row index in the transmitted direction. The cttr should be configured before using atm pvc command. Refer to the atm connection-traffic-table-row command for information on configuring the tx-cttr. The default is 1.
slow-retry-interval
Specifies the slow call retry frequency in seconds. The default is 60 seconds.
Switch# show atm address
Switch Address(es):
47.0091810000000003BE59ED00.0003BE59ED00.00 active
Soft VC Address(es):
47.0091.8100.0000.0003.be59.ed00.4000.0c81.0000.00 ATM2/0/0
47.0091.8100.0000.0003.be59.ed00.4000.0c81.8000.00 ATM3/0/0
47.0091.8100.0000.0003.be59.ed00.4000.0c81.8010.00 ATM3/0/1
47.0091.8100.0000.0003.be59.ed00.4000.0c81.8020.00 ATM3/0/2
47.0091.8100.0000.0003.be59.ed00.4000.0c81.8030.00 ATM3/0/3
47.0091.8100.0000.0003.be59.ed00.4000.0c82.1000.00 ATM4/1/0
47.0091.8100.0000.0003.be59.ed00.4000.0c82.1000.05 ATM4/1/0.5
47.0091.8100.0000.0003.be59.ed00.4000.0c82.1010.00 ATM4/1/1
47.0091.8100.0000.0003.be59.ed00.4000.0c82.1020.00 ATM4/1/2
47.0091.8100.0000.0003.be59.ed00.4000.0c82.1030.00 ATM4/1/3
ILMI Switch Prefix(es):
47.0091.8100.0000.0003.be59.ed00
ILMI Configured Interface Prefix(es):
LECS Address(es):
At the source switch, create a soft pvc with
src vpi = 100,
src vci = 200,
dest port address = 47.0091.8100.0000.0003.be59.ed00.4000.0c82.1000.0,
dest vpi = 100
dest vci = 200
Switch(config-if)# atm soft-vc 100 200 dest-address 47.0091.8100.0000.0003.be59.ed00.4000.0c82.1000.05 100 200
show atm status
show atm vc
[slow-retry-interval value]
vpi_s
Source VPI number.
address
ATM address for the destination port.
vpi_d
Destination VPI number.
upc
Usage parameter control, specified as pass | tag | drop, the default is pass. The upc option can be set to tag or drop only under the following conditions:
· The ATM interface in UNI on the network side.
· The ATM interface is not the CPU port (ATM 2/0/0) or a logical port (VP tunnel).
· The connection is not the leaf of a point-to-multipoint connection.
rx-cttr
Connection traffic table row index in the received direction. The cttr should be configured before using atm soft-vp command. Refer to the atm connection-traffic-table-row command for information on configuring the rx-cttr. The default is 1.
tx-cttr
Connection traffic table row index in the transmitted direction. The cttr should be configured before using atm soft-vp command. Refer to the atm connection-traffic-table-row command for information on configuring the tx-cttr. The default is 1.
slow-retry-interval
Slow call re-try frequency in seconds. The default is 60 seconds.
Switch# show atm interface atm 4/0/1
Interface: ATM4/0/1
Interface Status: DOWN
Auto-configuration: enabled
Auto-configuration status: waiting for response from peer
Port-type: External
Interface-type: UNI, Interface-side: User
Uni-type: Public, Uni-version: V3.0
Max-VPI-bits: 8, Max-VCI-bits: 14
Max-VP: 255, Max-VC: 32768
Number of PVP: 0 Number of SVP: 0 Number of SoftVP: 0
Number of PVC: 3 Number of SVC: 0 Number of SoftVC: 0
Number of logical port (VP-tunnel): 0
Total number of connections: 3
Input cells: 0, Output cells: 0
5 minute input rate: 0 bits/sec, 0 cells/sec
5 minute output rate: 0 bits/sec, 0 cells/sec
ATM Address for Soft VC: 47.0091.8100.0000.0003.be59.ed00.4000.0c82.0010.00
Switch(config-if)# atm soft-vp 150 dest-address 47.0091.8100.0000.0003.be59.ed00.4000.0c82.0010.00 160
show atm status
show atm vp
no atm sustained-cell-rate-margin-factor
s-value
Percent value that dictates the weighting of PCR with respect to sustained-cell-rate (SCR) in computing the bandwidth used in CAC of VBR connections.
bandwidth = (SCRMF * (PCR-SCR))/100 + SCR
Switch(config)# atm sustained-cell-rate-margin-factor 35
no atm svc-upc-intent
pass
Cells received on the interface are passed to the switching fabric with no change, regardless of their conformance to the traffic contract.
tag
Cells received on the interface violating the traffic contract have their CLP bit set prior to entering the switching fabric.
drop
Cells received on the interface violating the traffic contract are dropped.
Switch(config-if)# atm svc-upc-intent tag
no atm template-alias
name
Name for the template alias.
template
ATM address template, which can be a single ATM address that matches itself or that contains wildcards and/or prefixes or suffixes, allowing a single template to match many addresses. The symbols used for wildcards, prefixes, and suffixes are as follows:
· an asterisk (*) to match any single 4-bit nibble in the address.
· an ellipsis (...) to match any number of leading or trailing 8-bit hexadecimal digits in the address.
· an asterisk (*) to match any single binary digit in a 4-bit nibble in the address, where the 4 binary bits are enclosed within parentheses.
Switch(config)# 47.0005.1234.5678.9abc.def0.00
Switch(config)# 47.0005.1234.5678.****.****.**
Switch(config)# 47.0005.1234.5678...
Switch(config)# ...0000.0c01.2345.00
Switch(config)# 47.0005.(10**)...
Switch(config)# atm template-alias atm_addr1 47.1328...
Switch(config)# atm template-alias atm_addr2 47.0012.(10**)...
Switch(config)# atm template-alias atm_addr3 ...1234.(01*1)
write terminal
card/subcard/port
Card number, subcard number, and port number of the ATM.
vpi
Virtual path identifier of an SVC.
vci
Virtual channel identifier of an SVC.
Switch# atmsig status atm 4/0/0 0 32
side
Specified as user | network. The default is network.
ver
Specified as 3.0 or 3.1
type
Specified as private | public. The default is private.
Switch# interface atm 3/1/1
Switch(config-if)# shutdown
Switch(config-if)# no atm auto-configuration
Switch(config-if)# atm uni
Switch(config-if)# atm maxvc-number 1000
Switch# interface atm 1/1/3
Switch(config-if)# shutdown
Switch(config-if)# no atm auto-configuration
Switch(config-if)# atm uni type public side user
atm iisp
atm nni
show atm interface
shutdown
no protocol protocol-address atm-vc vci [class class-name] [broadcast] [aal5mux]
protocol
Is the keyword ip.
protocol-address
Destination address being mapped to this PVC.
vci
31 < vci < 2**14 - 1 (with default max-VCI bits that is 14)
class class-name
(Optional) Name of a table that contains encapsulation-specific parameters. Such a table can be shared between maps that have the same encapsulation.
broadcast
(Optional) Indicates this map entry is to be used when the corresponding protocol sends broadcast packets to the interface.
aal5mux
(Optional) Use aal5mux encapsulation. Default is snap.
Switch(config)# map-list atm 1/0/0
Switch(config-map-list)# map-list atm
ip 172.21.168.112 atm-vc 99
no autocommand
command
Any appropriate EXEC command, including the host name and any switches that occur with the EXEC command.
Switch(config-line)# line vty 4
autocommand connect host21 uucp /stream
no autoselect
arap
Configures the switch so an ARA session can start up automatically.
ppp
Configures the switch so a PPP session can start up automatically.
slip
Configures the switch so a SLIP session can start up automatically.
during-login
The user receives a username and/or password prompt without pressing the Return key. After the user logs in, the autoselect function begins.
Switch(config)# line 3
Switch(config-line)# arap enable
Switch(config-line)# autoselect arap
Switch(config)# line 7
Switch(config-line)# autoselect ppp
Switch(config)# line 3
Switch(config-line)# arap enable
Switch(config-line)# autoselect arap
Switch(config-line)# autoselect during-login
Switch(config-line)# arap noguest if-needed
ppp authentication chap
ppp authentication pap
ppp use-tacacs
no auto-ferf alarmtype
alarmtype
Defined as los, oof, red, ais, or lcd.
no auto-ferf oof.
no auto-ferf red.
no auto-ferf ais.
no auto-ferf lcd.
show running-config
write terminal
no auto-summary
Switch# configure terminal
Switch(config)# atm router pnni
Switch(config-atm-router)# node 1
Switch(config-pnni-node)# auto-summary
atm prefix
show atm pnni prefix
summary-address
