System Commands

This chapter describes the command-line interface (CLI) commands that you can use to manage and monitor the Prime Cable Provisioning Device Provisioning Engine (DPE).

If you run these commands on an unlicensed DPE, a message similar to this one appears:

This DPE is not licensed. Your request cannot be serviced. Please check with your system administrator for a DPE license.
 

The commands described in this chapter are:

Command
Description
CLI Mode
Required Privileges
Login
Enable
PRIV_DPE_
READ
PRIV_DPE_UPDATE
PRIV_
DPE_
SECURITY
PRIV_
DEVICE_READ

aaa authentication

Configures user authentication, authorization, and accounting services.

 

P

P

P

P

 

disable

Exits the enable mode.

 

P

P

P

 

 

enable

Accesses the enable mode.

P

 

P

P

 

 

exit

Closes a Telnet connection to the DPE.

P

P

P

 

 

 

help

Displays a usage screen that assists you in using the commands on the CLI.

P

P

P

 

 

 

password

Changes the local system password, using which you can access the DPE.

 

P

P

P

P

 

show clock

Displays the current system time and date.

P

P

P

 

 

 

show commands

Displays all available commands on the CLI.

P

P

P

 

 

 

show disk

Identifies the disk that the DPE is currently using.

P

P

P

 

 

 

show hostname

Displays the hostname of the DPE.

P

P

P

 

 

 

show ip

Displays the current general IP settings configured on the DPE.

P

P

P

 

 

 

show ip route

Displays the IP routing table of the DPE.

P

P

P

 

 

 

show memory

Displays the current memory and swap space that are available on the DPE server.

P

P

P

 

 

 

show running-config

Displays the current configuration on the DPE.

P

P

P

 

 

 

show tftp files

Displays the files that are stored in the DPE cache.

 

P

P

P

 

 

show version

Displays the current version of DPE software.

P

P

P

 

 

 

tacacs-server host

Adds the TACACS+ server host address to the list of hosts.

 

P

P

P

P

 

no tacacs-server host

Removes the TACACS+ server host address from the list of hosts.

 

P

P

P

P

 

tacacs-server retries

The maximum number of times the TACACS+ client tries to connect with the TACACS+ server.

 

P

P

P

P

 

tacacs-server timeout

Sets the maximum length of time that the TACACS+ client waits for a response from the TACACS+ server.

 

P

P

P

P

 

radius-server host

Adds the RADIUS server host address to the list of hosts.

 

P

P

P

P

 

no radius-server host

Removes the RADIUS server host address from the list of hosts.

 

P

P

P

P

 

radius-server retries

The maximum number of times the RADIUS client tries to connect with the RADIUS server.

 

P

P

P

P

 

radius-server timeout

Sets the maximum length of time that the RADIUS client waits for a response from the RADIUS server.

 

P

P

P

P

 

uptime

Shows the time during which the system is operational.

P

P

P

 

 

 

aaa authentication

Use the aaa authentication command to configure the CLI for user authentication, authorization, and accounting services using the local login or remote TACACS+ or RADIUS servers. This setting applies to all Telnet and console CLI interfaces.

 
Syntax Description

aaa authentication { tacacs | radius}

  • tacacs —In this mode, the CLI server sequentially attempts a TACACS+ exchange with each server in the TACACS+ server list. The attempts continue for a specified number of retries. If the CLI reaches the end of the server list without a successful protocol exchange, a message is displayed indicating that the servers were not reachable. The CLI again prompts for the username and password. Enter the local CLI admin username and password to gain access to the CLI even if the TACACS+ service is unavailable.
  • radius —In this mode, user authentication is performed via RADIUS server. The RADIUS server authentication details are similar to TACACS+ server. Cisco AV-pair needs to be configured in the RADIUS server to support DPE CLI RADIUS authentication. Cisco IOS/PIX 6.x is the RADIUS server that supports Cisco AV-pair in the Access Control Server (ACS) server. The Cisco AV-pair attribute value is:

cp:groups=<group-name>

For example:

cp:groups=Administrators

note.gif

Noteblank.gif When you telnet to DPE CLI, you are prompted to enter the username and password. You can either enter the username and password of the local DPE CLI admin user or a user configured in TACACS or Radius. At any given time, either of the TACACS or Radius server is enabled.


 
Defaults

AAA authentication is always enabled for the local admin user, even when RADIUS or TACACS+ is not configured.

Examples

This result occurs when you enable user authentication in the TACACS+ mode.

bac_dpe# aaa authentication tacacs
% OK

 

This result occurs when you enable user authentication in the radius mode.

bac_dpe# aaa authentication radius
% OK

 

disable

Use the disable command to exit the enable mode on the DPE. Once you exit the enable mode, you can view only those commands that relate to system configuration.

 
Syntax Description

No keywords or arguments.

 
Defaults

No default behavior or values.

Examples

bac_dpe# disable
bac_dpe>

enable

Use the enable command to access the DPE in the enable mode. You need not access the enable mode to view the system configuration; however, only in this mode can you change the system configuration, state, and data.

You must have the PRIV_DPE_UPDATE privilege to enter the enable mode using enable command.

 
Syntax Description

No keywords or arguments.

 
Defaults

The default password to access the enable mode is changeme.

Examples

bac_dpe> enable
bac_dpe#

 

This result occurs if you do not have the PRIV_DPE_UPDATE privilege.

bac_dpe# enable
Sorry, insufficient privileges.

exit

Use the exit command to close a Telnet connection to the DPE and return to the login prompt. After running this command, a message indicates that the Telnet connection has been closed.

 
Syntax Description

No keywords or arguments.

 
Defaults

No default behavior or values.

Examples

This result occurs when you have accessed the CLI by specifying the hostname of the DPE.

bac_dpe# exit
% Connection closed.
Connection to 10.10.2.10 closed by foreign host.

 

This result occurs when you have accessed the CLI without specifying the hostname.

bac_dpe# exit
% Connection closed.
Connection to 0 closed by foreign host.

 

This result occurs when the Telnet connection closes because the CLI has been idle and the timeout period expired.

bac_dpe#
% Connection timed out.
Connection to 0 closed by foreign host.

help

Use the help command to display a help screen that can assist you in using the DPE CLI. If you need help on a particular command, or to list all available commands, enter command ? or ?, respectively.

Once you enter the command, a screen prompt appears to explain how you can use the help function.

System_Commands-2.jpg
Command Types

Two types of help are available:

1.blank.gif Full help is available when you are ready to enter a command argument, such as show ?, and describes each possible argument.

2.blank.gif Partial help is available when you enter an abbreviated argument and want to know what arguments match the input; for example, show c?.

 
Syntax Description

No keywords or arguments.

 
Defaults

No default behavior or values.

Examples

This result occurs when you use the help command.

bac_dpe# help
Help may be requested at any point in a command by entering a question mark '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
 
1) Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument.
 
2) Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. "show c?").

 

This result occurs when you invoke the full help function for a command; for example, show ?.

note.gif

Noteblank.gif The help command output differs depending on the mode–login or enable–in which you run the command.


bac_dpe# show ?
 
bundles Shows the archived bundles.
clock Shows the current system time.
commands Shows the full command hierarchy.
device-config Show device configuration
disk Shows the current disk usage.
dpe Shows the status of the DPE process if started.
hostname Shows the system hostname.
ip Shows IP configuration details.
log Shows recent log entries.
memory Shows the current memory usage.
running-config Shows the DPE configuration.
tftp Shows TFTP details.
version Shows DPE version.

 

This result occurs when you invoke the partial help function for arguments of a command; for example, show clock.

bac_dpe# show c?
clock commands cpu
bac_dpe# show clock
Thu Oct 25 01:20:14 EDT 2007

password

Use the password command to change the local system password, which you use to access the DPE. The system password is changed automatically for future logins and for FTP access.

note.gif

Noteblank.gif The changes that you introduce through this command take effect for new users, but users who are currently logged in are not disconnected.


 
Syntax Description

password password

password —Identifies the new DPE password.

 
Defaults

The default password for accessing the DPE is changeme.

Examples

This result occurs when you change the password without being prompted (using an approach easier for scripting).

bac_dpe# password password2
Password changed successfully.

 

This result occurs when you are prompted for the password, and the password is changed successfully.

bac_dpe# password
New password: <password1>
Retype new password: <password1>
Password changed successfully.

 

This result occurs when you enter an incorrect password.

bac_dpe# password
New password: <password1>
Retype new password: <paswsord1>
Sorry, passwords do not match.

show

Use the show command to view system settings and status. Table 2-1 lists the keywords that you can use with this command.

note.gif

Noteblank.gif To view the output for show disk, show ip, show ip route, and show memory on Linux, see man mpstat.


 

Table 2-1 List of show Commands

Command
Description

show clock

Displays the current system time and date.

Syntax Description

No keywords or arguments.

Defaults

No default behavior or values.

Example

This result occurs when you run the show clock command:

bac_dpe# show clock
Thu Oct 25 01:20:14 EDT 2007

show commands

Displays all commands on the DPE depending on the mode (login or enable) in which you access the CLI.

Syntax Description

No keywords or arguments.

Defaults

No default behavior or values.

Examples

This result occurs in the login mode.

bac_dpe> show commands
> enable
> exit
> help
> show bundles
> show clock
> show commands
> show device-config duid <DUID>
> show device-config mac <mac-address>
> show disk
> show dpe
> show dpe config
> show hostname
> show ip
> show ip route
> show log
> show log last <1..9999>
> show log run
> show memory
> show running-config
> show version
> uptime
 

Note The output presented in these examples is trimmed.

This result occurs in the enable mode.

bac_dpe# show commands
> aaa authentication radius
> aaa authentication tacacs
> clear bundles
> clear cache
> clear logs
> debug dpe cache
> debug dpe connection
> debug dpe dpe-server
> debug dpe event-manager
> debug dpe exceptions
> debug dpe framework
> debug dpe messaging
> debug on
> debug service packetcable 1 netsnmp
> debug service packetcable 1 registration
> debug service packetcable 1 registration-detail
> debug service packetcable 1 snmp
> debug service tftp 1 <ipv4|ipv6>
> disable
> [more]
 
To view the commands that flow beyond your screen, place the cursor at the [more] prompt and press Spacebar.

 

Identifies the disk that the DPE is currently using. Once you enter the command, disk drive statistics appear.

show disk

Syntax Description

No keywords or arguments.

Defaults

No default behavior
or values.

show hostname

Displays the hostname configured for the DPE.

Syntax Description

No keywords or arguments.

Defaults

No default behavior
or values.

Example
bac_dpe# show hostname
hostname = bac_dpe.example.com

show ip

Displays the current general IP settings configured on the DPE. The DPE uses these settings when it reboots.

For specific interface settings, use the show interface commands.

Syntax Description

No keywords or arguments.

Defaults

No default behavior
or values.

show ip route

Displays the IP routing table of the DPE, including any custom routes. The default gateway is indicated by the G flag in the flags column.

 

Syntax Description

No keywords or arguments.

Defaults

No default behavior
or values.

show memory

Displays the current memory and swap space that are available on the device running the DPE.

 

Syntax Description

No keywords or arguments.

Defaults

No default behavior
or values.

show running-config

Displays the current configuration on the DPE.

Syntax Description

No keywords or arguments.

Defaults

No default behavior or values.

Example
bac_dpe# show running-config
dpe port 49186
dpe provisioning-group primary default
dpe rdu-server bacdev2-t5220-1-d8 49187
dpe shared-secret <value is set>
log level 5-notification
no debug all
no debug dpe cache
no debug dpe connection
no debug dpe device-config-compression
no debug dpe device-config-compression-details
no debug dpe device-config-decompression
no debug dpe device-config-decompression-details
no debug dpe dpe-server
no debug dpe event-manager
no debug dpe exceptions
no debug dpe framework
no debug dpe messaging
no debug service packetcable 1 netsnmp
no debug service packetcable 1 registration
no debug service packetcable 1 registration-detail
no debug service packetcable 1 snmp
no dpe docsis emic-shared-secret
no dpe docsis shared-secret
no dpe provisioning-group secondary
no service packetcable 1 snmp key-material
radius-server retries 3
radius-server timeout 3
service tftp 1 ipv4 verify-ip
service tftp 1 ipv6 verify-ip
snmp-server community baccread ro
snmp-server community baccwrite rw
snmp-server contact <unknown>
snmp-server location <unknown>
snmp-server udp-port 8001
tacacs-server retries 2
tacacs-server timeout 5

show tftp files

Displays the files that are stored in the DPE cache.

You cannot use this command to display the files that are stored in the local directory.

Syntax Description

No keywords or arguments.

Defaults

The default is 500.

Example

This result occurs when you run the show tftp files command:

bac_dpe# show tftp files
 
The list of TFTP files currently in DPE cache
 
filename size
 
bronze.cm 310
gold.cm 310
silver.cm 310
unprov.cm 310
unprov_11.cm 320
unprov_30.cm 264
unprov_30v4.cm 152
unprov_30v6.cm 196
unprov_packet_cable.bin 333
unprov_wan_man.cfg 72
 
 
DPE caching 10 external files.
Listing the first 10 files, 0 files omitted

show version

Displays the current version of DPE software.

Syntax Description

No keywords or arguments.

Defaults

No default behavior or values.

Example

This result occurs when you run the show version command:

bac_dpe# show version
Version: BAC 5.1 (BAC_LNX_TRUNK_20121203_2231_1128)

tacacs-server

Use the tacacs-server command to configure user authentication settings in TACACS+. Table 2-2 lists the keywords that you can use with this command.

 

Table 2-2 List of tacacs-server Commands

Command
Description

tacacs-server host

Adds the TACACS+ server host address to the list of hosts. When you enable TACACS+ authentication, the client attempts to authenticate the user with the first reachable server. If the authentication succeeds the user is allowed to log in depending on the privileges obtained from the user group specified in the CISCO AV Pair (cp:groups). If the first server is not reachable, then the next server in the list is attempted till the list exhausts.

To remove a TACACS+ server from the list of TACACS+ servers in the CLI, use the no form of this command. See no tacacs-server host.

Syntax Description

tacacs-server host host [ key encryption-key ]

  • host —Specifies the IP address or the hostname of the TACACS+ server.
  • encryption-key —Identifies the encryption key (optional).
Defaults

No default behavior or values.

Examples

This result occurs when you add a TACACS+ server using its IP address (10.0.1.1) without encryption.

bac_dpe# tacacs-server host 10.0.1.1
% OK

This result occurs when you add a TACACS+ server using its IP address (10.0.1.1) and an encryption key (hg667YHHj).

bac_dpe# tacacs-server host 10.0.1.1 key hg667YHHj
% OK

This result occurs when you add a TACACS+ server using its hostname (tacacs1.cisco.com) without encryption.

bac_dpe# tacacs-server host tacacs1.example.com
% OK

This result occurs when you add a TACACS+ server using its hostname (tacacs1.cisco.com) and an encryption key (hg667YHHj).

bac_dpe# tacacs-server host tacacs1.example.com key hg667YHHj
% OK

no tacacs-server host

Removes the TACACS+ server host address from the list of hosts.

To add a TACACS+ server, see tacacs-server host.

Syntax Description

no tacacs-server host host

host— Specifies either the IP address or the hostname of the TACACS+ server.

Defaults

No default behavior or values.

Examples

This result occurs when you remove a TACACS+ server using its IP address.

bac_dpe# no tacacs-server host 10.0.1.1
% OK

This result occurs when you remove a TACACS+ server using its hostname.

bac_dpe# no tacacs-server host tacacs1.example.com
% OK

tacacs-server retries

Sets the maximum number of times the TACACS+ protocol exchange is tried before the TACACS+ client considers a specific TACACS+ server unreachable. When this limit is reached, the TACACS+ client moves to the next server in its TACACS+ server list till the list has been exhausted.

Syntax Description

tacacs-server retries value

value —Specifies a dimensionless number from 1 to 100. This value applies to all TACACS+ servers.

Defaults

The default is 3.

Example

This result occurs when you configure retry value for TACACS+ server:

bac_dpe# tacacs-server retries 10
% OK

tacacs-server timeout

Sets the maximum length of time that the TACACS+ client waits for a response from the TACACS+ server before it considers the protocol exchange to
have failed.

Syntax Description

tacacs-server timeout value

value— Specifies the maximum length of time that the TACACS+ client waits for a TACACS+ server response. This value must be from 1 to 300 seconds, and applies to all TACACS+ servers.

Defaults

The default is 5 seconds.

Example

This result occurs when you configure timeout value for TACACS+ server:

bac_dpe# tacacs-server timeout 10
% OK

radius-server

Use the radius-server command to configure user authentication settings in RADIUS. Table 2-3 lists the keywords that you can use with this command.

 

Table 2-3 List of radius-server Commands

Command
Description

radius-server host

Adds the RADIUS server host address to the list of hosts. When you enable RADIUS authentication, the client attempts to authenticate the user with the first reachable server. If the authentication succeeds, the user is allowed to login depending on the privileges obtained from the user group specified in the CISCO AV Pair (cp:groups). If the first server is not reachable then the next server in the list is attempted till the list exhausts.

The order of the commands that appears in show run is the order in which they are contacted.

To remove a RADIUS server from the list of RADIUS servers in the CLI, use the no form of this command. See no radius-server host.

Syntax Description

radius-server host host [ key encryption-key ]
[port port-number]

  • host —Specifies the IP address or the hostname of the RADIUS server.
  • encryption-key —Identifies the encryption key (optional).
  • port-number—Identifies the port number (optional).
Defaults

No default behavior or values.

Examples

This result occurs when you add a RADIUS server using its IP address with key and port number.

bac_dpe# radius-server host 10.10.10.10 key secret port 1812
% OK

no radius-server host

Removes the RADIUS server host address from the list of hosts.

For details about adding a RADIUS server, see radius-server host.

Syntax Description

no radius-server host host

host— Specifies either the IP address or the hostname of the RADIUS server.

Defaults

No default behavior or values.

Examples

This result occurs when you remove a RADIUS server using its IP address:

bac_dpe# no radius-server host 10.10.10.10

% OK

radius-server retries

Sets the maximum number of times the RADIUS protocol exchange is tried before the RADIUS client considers a specific RADIUS server unreachable. When this limit is reached, the RADIUS client moves to the next server in its RADIUS server list till the list has been exhausted.

Syntax Description

radius-server retries value

value —Specifies a dimensionless number from 1 to 10. This value applies to all RADIUS servers.

Defaults

The default is 3.

Example

This result occurs when you configure retry value for RADIUS server:

bac_dpe# radius-server retries 10
% OK

radius-server timeout

Sets the maximum length of time that the RADIUS client waits for a response from the RADIUS server before it considers the protocol exchange to
have failed.

Syntax Description

radius-server timeout value

value— Specifies maximum length of time that the RADIUS client waits for a RADIUS server response. This value must be from 1 to 30 seconds, and applies to all RADIUS servers.

Defaults

The default is
3 seconds.

Example

This result occurs when you configure timeout value for RADIUS server:

bac_dpe# radius-server timeout 5
% OK

uptime

Use the uptime command to identify how long the system has been operational. This information is useful for determining how frequently the device is rebooted. It is also helpful when checking the reliability of the DPE when it is in a stable condition.

 
Syntax Description

No keywords or arguments.

 
Defaults

No default behavior or values.

Examples

bac_dpe# uptime
1:47am up 496 day(s), 8:49, 1 user, load average: 0.14, 0.07, 0.06