System Commands
This chapter describes the command-line interface (CLI) commands that you can use to manage and monitor the Prime Cable Provisioning Device Provisioning Engine (DPE).
If you run these commands on an unlicensed DPE, a message similar to this one appears:
This DPE is not licensed. Your request cannot be serviced. Please check with your system administrator for a DPE license.
The commands described in this chapter are:
aaa authentication
Use the aaa authentication command to configure the CLI for user authentication, authorization, and accounting services using the local login or remote TACACS+ or RADIUS servers. This setting applies to all Telnet and console CLI interfaces.
Syntax Description
aaa authentication { tacacs | radius}
- tacacs —In this mode, the CLI server sequentially attempts a TACACS+ exchange with each server in the TACACS+ server list. The attempts continue for a specified number of retries. If the CLI reaches the end of the server list without a successful protocol exchange, a message is displayed indicating that the servers were not reachable. The CLI again prompts for the username and password. Enter the local CLI admin username and password to gain access to the CLI even if the TACACS+ service is unavailable.
- radius —In this mode, user authentication is performed via RADIUS server. The RADIUS server authentication details are similar to TACACS+ server. Cisco AV-pair needs to be configured in the RADIUS server to support DPE CLI RADIUS authentication. Cisco IOS/PIX 6.x is the RADIUS server that supports Cisco AV-pair in the Access Control Server (ACS) server. The Cisco AV-pair attribute value is:
Note When you telnet to DPE CLI, you are prompted to enter the username and password. You can either enter the username and password of the local DPE CLI admin user or a user configured in TACACS or Radius. At any given time, either of the TACACS or Radius server is enabled.
Defaults
AAA authentication is always enabled for the local admin user, even when RADIUS or TACACS+ is not configured.
Examples
This result occurs when you enable user authentication in the TACACS+ mode.
This result occurs when you enable user authentication in the radius mode.
disable
Use the disable command to exit the enable mode on the DPE. Once you exit the enable mode, you can view only those commands that relate to system configuration.
Syntax Description
Defaults
Examples
enable
Use the enable command to access the DPE in the enable mode. You need not access the enable mode to view the system configuration; however, only in this mode can you change the system configuration, state, and data.
You must have the PRIV_DPE_UPDATE privilege to enter the enable mode using enable command.
Syntax Description
Defaults
Examples
This result occurs if you do not have the PRIV_DPE_UPDATE privilege.
exit
Use the exit command to close a Telnet connection to the DPE and return to the login prompt. After running this command, a message indicates that the Telnet connection has been closed.
Syntax Description
Defaults
Examples
This result occurs when you have accessed the CLI by specifying the hostname of the DPE.
This result occurs when you have accessed the CLI without specifying the hostname.
This result occurs when the Telnet connection closes because the CLI has been idle and the timeout period expired.
help
Use the help command to display a help screen that can assist you in using the DPE CLI. If you need help on a particular command, or to list all available commands, enter command ? or ?, respectively.
Once you enter the command, a screen prompt appears to explain how you can use the help function.
Command Types
Two types of help are available:
1. Full help is available when you are ready to enter a command argument, such as show ?, and describes each possible argument.
2. Partial help is available when you enter an abbreviated argument and want to know what arguments match the input; for example, show c?.
Syntax Description
Defaults
Examples
This result occurs when you use the help command.
This result occurs when you invoke the full help function for a command; for example, show ?.
Note The help command output differs depending on the mode–login or enable–in which you run the command.
This result occurs when you invoke the partial help function for arguments of a command; for example, show clock.
password
Use the password command to change the local system password, which you use to access the DPE. The system password is changed automatically for future logins and for FTP access.
Note The changes that you introduce through this command take effect for new users, but users who are currently logged in are not disconnected.
Syntax Description
Defaults
Examples
This result occurs when you change the password without being prompted (using an approach easier for scripting).
This result occurs when you are prompted for the password, and the password is changed successfully.
This result occurs when you enter an incorrect password.
show
Use the show command to view system settings and status. Table 2-1 lists the keywords that you can use with this command.
Note To view the output for show disk, show ip, show ip route, and show memory on Linux, see man mpstat.
tacacs-server
Use the tacacs-server command to configure user authentication settings in TACACS+. Table 2-2 lists the keywords that you can use with this command.
|
|
|
---|---|---|
Adds the TACACS+ server host address to the list of hosts. When you enable TACACS+ authentication, the client attempts to authenticate the user with the first reachable server. If the authentication succeeds the user is allowed to log in depending on the privileges obtained from the user group specified in the CISCO AV Pair (cp:groups). If the first server is not reachable, then the next server in the list is attempted till the list exhausts. To remove a TACACS+ server from the list of TACACS+ servers in the CLI, use the no form of this command. See no tacacs-server host. |
||
|
|
|
This result occurs when you add a TACACS+ server using its IP address (10.0.1.1) without encryption. This result occurs when you add a TACACS+ server using its IP address (10.0.1.1) and an encryption key (hg667YHHj). This result occurs when you add a TACACS+ server using its hostname (tacacs1.cisco.com) without encryption. This result occurs when you add a TACACS+ server using its hostname (tacacs1.cisco.com) and an encryption key (hg667YHHj). |
||
Removes the TACACS+ server host address from the list of hosts. To add a TACACS+ server, see tacacs-server host. |
||
host— Specifies either the IP address or the hostname of the TACACS+ server. |
|
|
This result occurs when you remove a TACACS+ server using its IP address. This result occurs when you remove a TACACS+ server using its hostname. |
||
Sets the maximum number of times the TACACS+ protocol exchange is tried before the TACACS+ client considers a specific TACACS+ server unreachable. When this limit is reached, the TACACS+ client moves to the next server in its TACACS+ server list till the list has been exhausted. |
||
value —Specifies a dimensionless number from 1 to 100. This value applies to all TACACS+ servers. |
|
|
This result occurs when you configure retry value for TACACS+ server: |
||
Sets the maximum length of time that the TACACS+ client waits for a response from the TACACS+ server before it considers the protocol exchange to |
||
value— Specifies the maximum length of time that the TACACS+ client waits for a TACACS+ server response. This value must be from 1 to 300 seconds, and applies to all TACACS+ servers. |
|
|
This result occurs when you configure timeout value for TACACS+ server: |
radius-server
Use the radius-server command to configure user authentication settings in RADIUS. Table 2-3 lists the keywords that you can use with this command.
|
|
|
---|---|---|
Adds the RADIUS server host address to the list of hosts. When you enable RADIUS authentication, the client attempts to authenticate the user with the first reachable server. If the authentication succeeds, the user is allowed to login depending on the privileges obtained from the user group specified in the CISCO AV Pair (cp:groups). If the first server is not reachable then the next server in the list is attempted till the list exhausts. The order of the commands that appears in show run is the order in which they are contacted. To remove a RADIUS server from the list of RADIUS servers in the CLI, use the no form of this command. See no radius-server host. |
||
radius-server host host [ key encryption-key ] |
|
|
This result occurs when you add a RADIUS server using its IP address with key and port number. |
||
Removes the RADIUS server host address from the list of hosts. For details about adding a RADIUS server, see radius-server host. |
||
host— Specifies either the IP address or the hostname of the RADIUS server. |
|
|
This result occurs when you remove a RADIUS server using its IP address: |
||
Sets the maximum number of times the RADIUS protocol exchange is tried before the RADIUS client considers a specific RADIUS server unreachable. When this limit is reached, the RADIUS client moves to the next server in its RADIUS server list till the list has been exhausted. |
||
value —Specifies a dimensionless number from 1 to 10. This value applies to all RADIUS servers. |
|
|
This result occurs when you configure retry value for RADIUS server: |
||
Sets the maximum length of time that the RADIUS client waits for a response from the RADIUS server before it considers the protocol exchange to |
||
value— Specifies maximum length of time that the RADIUS client waits for a RADIUS server response. This value must be from 1 to 30 seconds, and applies to all RADIUS servers. |
|
|
This result occurs when you configure timeout value for RADIUS server: |
uptime
Use the uptime command to identify how long the system has been operational. This information is useful for determining how frequently the device is rebooted. It is also helpful when checking the reliability of the DPE when it is in a stable condition.