AOS R13.12.0 Command Reference Guide

ADTRAN Operating System (AOS)
AOS Version R13.12.0

Command Reference Guide
60000CRG0-35AV
November 2021
Trademarks Command Reference Guide
Trademarks
Any brand names and product names included in this manual are trademarks, registered trademarks,
service marks, or trade names of their respective holders.
To the Holder of this Manual

The contents of this manual are current as of the date of publication. ADTRAN reserves the right to change
the contents without prior notice.
In no event will ADTRAN be liable for any special, incidental, or consequential damages or for
commercial losses even if ADTRAN has been advised thereof as a result of issue of this publication.
Be advised that certain security risks are inherent in the use of any telecommunications or networking
equipment, including but not limited to, toll fraud, Denial of Service (DoS) attacks, loss or theft of data,
and the unauthorized or illegal use of said equipment. ADTRAN OFFERS NO WARRANTIES, EITHER
EXPRESSED OR IMPLIED, REGARDING THE PREVENTION, DETECTION, OR DETERRENCE
OF TOLL FRAUD, NETWORKING ATTACKS, OR UNAUTHORIZED, ILLEGAL, OR IMPROPER
USE OF ADTRAN EQUIPMENT OR SOFTWARE. THEREFORE, ADTRAN IS NOT LIABLE FOR
ANY LOSSES OR DAMAGES RESULTING FROM SUCH FRAUD, ATTACK, OR IMPROPER USE,
INCLUDING, BUT NOT LIMITED TO, HUMAN AND DATA PRIVACY, INTELLECTUAL
PROPERTY, MATERIAL ASSETS, FINANCIAL RESOURCES, LABOR AND LEGAL COSTS.
Ultimately, the responsibility for securing your telecommunication and networking equipment rests with
you, and you are encouraged to review documentation regarding available security measures, their
configuration and implementation, and to test such features as is necessary for your network.
Software Licensing Agreement

Each ADTRAN product contains a single license for ADTRAN supplied software. Pursuant to the
Licensing Agreement, you may: (a) use the software on the purchased ADTRAN device only and (b) keep
a copy of the software for backup purposes. This Agreement covers all software installed on the system, as
well as any software available on the ADTRAN website. In addition, certain ADTRAN systems may
contain additional conditions for obtaining software upgrades.
901 Explorer Boulevard

P.O. Box 140000
Huntsville, AL 35814-4000
Phone: (256) 963-8000
www.adtran.com
60000CRG0-35AV
All Rights Reserved.
Printed in the U.S.A.
2 Copyright © 2021 ADTRAN, Inc. 60000CRG0-35AV

Command Reference Guide Conventions
Conventions
Notes provide additional useful information.
Cautions signify information that could prevent service interruption.
Warnings provide information that could prevent damage to the equipment or

endangerment to human life.
Service and Warranty

For information on the service and warranty of ADTRAN products, visit the ADTRAN website at
http://www.adtran.com/support.
Export Statement
An Export License is required if an ADTRAN product is sold to a Government Entity outside of the EU+8
(Austria, Australia, Belgium, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary,
Ireland, Italy, Japan, Luxembourg, Netherlands, New Zealand, Norway, Poland, Portugal, Spain, Sweden,
Switzerland and the United Kingdom). This requirement is per DOC/BIS ruling G030477 issued 6/6/03.
This product also requires that the Exporter of Record file a semi-annual report with the BXA detailing the
information per EAR 740.17(5)(e)(2).
DOC - Department of Commerce

BIS - Bureau of Industry and Security
BXA - Bureau of Export Administration
60000CRG0-35AV Copyright © 2021 ADTRAN, Inc. 3

Table of Contents Command Reference Guide
Table of Contents
Reference Guide Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
AOS Unit Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Introduction to Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Command Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Command Set Access Path Quick Reference Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
System Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Basic Mode Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Common Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Enable Mode Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Global Configuration Mode Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1141
Application Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1976

Network Sync Application Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1977
Y.1731 Application Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1982
Interface Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2004

Line Interface Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2005
Line (Console) Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2006
Line (SSH) Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2023
Line (Telnet) Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2039
Physical Interface Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2056
ADSL Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2057
BRI Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2064
Cellular Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2090
DDS Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2106
DSX-1 Interface Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2114
E1 Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2124
Ethernet Interface Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2141
FDL Interface Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2342
FXO Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2349
FXS Interface Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2360
G.703 Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2379
HSSI Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2386
Modem Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2390

Command Reference Guide Table of Contents
PRI Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2396

Serial Interface Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2417
SHDSL Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2426
T1 Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2448
VDSL Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2480
Virtual Interface Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2482
ATM Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2483
ATM Subinterface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2487
BVI Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2578
Demand Interface Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2621
Frame Relay Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2712
Frame Relay Subinterface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2733
HDLC Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2873
Loopback Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2953
Port Channel Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3019
PPP Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3045
Tunnel Interface Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3196
VLAN Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3341
VLAN Database Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3346
VLAN Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3355
Wireless Interface Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3478
NetVanta 150 AP Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3479
NetVanta 150 Radio Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3495
NetVanta 150 VAP Interface Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3518
NetVanta 160 Series AP Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3535
NetVanta 160 Series Radio Interface Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3552
NetVanta 160 Series VAP Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3570
Carrier Ethernet Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3582

EFM NIM2 Ethernet Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3583
MEF EFM Group Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3584
MEF Ethernet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3589
MEF EVC Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3659
MEF EVC Map Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3663
MEF Policer Policy Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3669
Carrier Ethernet Services Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3675
Carrier Ethernet EFM Group Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3676
Carrier Ethernet EVC Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3685
Carrier Ethernet EVC Map Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3690

Carrier Ethernet Policer Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3704

Carrier Ethernet Queue Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3713
Carrier Ethernet Shaper Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3721
Carrier Ethernet Terminal Loopback Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3724
Facility MAC Swap Loopback Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3727
System Control EVC Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3730
System Management EVC Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3828
Y.1731 Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3907
One-Way Frame Delay Monitoring Session Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . 3908
Two-Way Frame Delay Monitoring Session Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . 3912
Single-Ended Frame Loss Monitoring Session Command Set . . . . . . . . . . . . . . . . . . . . . . . . . 3920
Single-Ended Synthetic Frame Loss Monitoring Session Command Set . . . . . . . . . . . . . . . . . 3927
Y.1731 Local MEP Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3935
Y.1731 MEG Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3953
Routing Protocol Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3961

BGP Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3962
AS Path List Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3963
BGP Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3966
BGP Address Family Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3986
BGP AF Neighbor Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4007
BGP Neighbor Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4026
Community List Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4043
Network Monitoring Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4046
Network Monitor Probe Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4047
Network Monitor Probe Responder Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4074
Network Monitor Track Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4083
OSPFv2 and OSPFv3 Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4104
Router OSPFv2 Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4105
Router OSPFv3 Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4126
Router OSPFv3 IPv6 Address Family. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4138
Routing Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4152
Route Map Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4153
Router PIM Sparse Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4186
Router RIP Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4190
VRRPv3 Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4206
Security and Services Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4218

Access Control Lists and Access Control Policies Command Sets . . . . . . . . . . . . . . . . . . . . . . . . 4219
Hardware ACL and Access Map Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4220
IPv4 Access Control List Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4237

Command Reference Guide Table of Contents
IPv4 Access Control Policy Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4263

IPv6 Access Control List Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4281
IPv6 Access Control Policy Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4311
DHCP Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4320
DHCPv4 Pool Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4321
DHCPv6 Pool Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4345
DHCPv6 Server Pool Host Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4368
Services Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4375
Counter Profile Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4376
Desktop Auditing Local Policy Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4380
Dynamic Counter Configuration Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4387
Ethernet OAM CFM Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4390
Mail Agent Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4408
Network Sync Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4419
Over-Temperature Protection Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4431
Packet Capture Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4435
Quality of Service Map Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4449
RADIUS Group Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4483
Security Monitor Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4488
TACACS+ Group Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4492
Top Traffic Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4495
Voice Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4501

Voice Accounts Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4502
Voice Line Account Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4503
Voice Loopback Account Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4531
Voice User Account Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4549
Voice Groups Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4637
Voice Call Pickup Group Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4638
Voice ISDN Group Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4641
Voice Operator Group Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4649
Voice Paging Group Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4665
Voice Ring Group Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4670
Voice Trunk Group Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4689
Voice Services Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4699
Auto Attendant Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4700
Call Coverage Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4703
Call Queuing Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4707
FindMe-FollowMe Action Script Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4729
FindMe-FollowMe Contact Group Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4737

HMR Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4747

HMR Intercept Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4797
MGCP Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4806
Music on Hold Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4838
Proxy User Template Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4841
SIP Proxy Monitor Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4851
SIP Server Monitor Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4861
SIP TLS Profile Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4866
SRTP Profile Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4874
Voice CODEC List Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4879
Voice CoS Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4883
Voicemail CoS Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4922
VQM Reporter Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4931
Voice Trunks Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4944
Voice Analog Trunk Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4945
Voice ISDN Trunk Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4994
Voice SIP Trunk Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5038
Voice T1 Trunk Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5137
VPN Parameter Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5193

Certificate Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5194
CA Profile Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5195
Certificate Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5207
Crypto Map Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5211
Crypto Map IKE Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5212
IPv4 Crypto Map Manual Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5230
IPv6 Crypto Map Manual Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5240
IPsec Profile Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5246
IKE Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5255
IKE Client Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5256
IKE Policy Attributes Command Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5260
IKE Policy Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5266

Command Reference Guide Reference Guide Introduction
REFERENCE GUIDE INTRODUCTION

This manual provides information about connecting your product, using the ADTRAN Operating System’s
(AOS) command line interface (CLI), and executing the commands available with the NetVanta series
units and certain Total Access series units.
If you are new to the AOS CLI, please take a few moments to review the information provided in the
sections which follow.
If you are already familiar with ADTRAN NetVanta and Total Access units and looking for information on
a specific command or group of commands, please proceed to Command Descriptions on page 27 of this
guide.
AOS UNIT INTRODUCTION
External Parts
To connect and use your new AOS unit, first familiarize yourself with the external features of the unit. For
products that have a serial port, it can be located on either the back or front of the unit. If available, this
port is marked CONSOLE and connects the unit directly to your PC via a standard DB-9 serial cable.
Other features vary from unit to unit, but include power connections, physical interface connections, and
status LEDs along the front that indicate the status of your unit. For a more detailed description of your
particular product, please refer to the appropriate hardware installation guide available online at
https://supportcommunity.adtran.com.
Internal Parts
In order to fully understand product operation and receive the full benefit of the included guides, you
should be familiar with the unit’s internal parts, which can be divided into five main categories.
1. ROM - Read Only Memory
Read only memory (ROM) is a permanent form of memory stored in chips within the unit and houses
information used by the AOS unit on initial startup. Examples of information stored in ROM are the
Power-On Self Test, which initializes upon boot up and checks the unit’s functionality; the Bootstrap
Startup Program, which actually starts the unit; and the basic form of the AOS software.
2. Flash Memory
Flash memory is memory located in a memory chip that is not only erasable, but also reprogrammable,
allowing for software upgrades without chip removal. The flash memory in your unit contains the full
AOS and can be used to house copies of the configuration files and application images that are used at
initial unit startup.

Internal Parts Command Reference Guide
3. CompactFlash® Memory
CompactFlash memory (where available) is memory located on a CompactFlash memory card that is
erasable and reprogrammable, allowing software upgrades without chip removal. The CompactFlash
memory in your unit can be used to house copies of the configuration files and application images that
are used at initial unit startup.
4. RAM - Random Access Memory
Random Access Memory (RAM) is the computer memory that functions as the working memory of
your AOS unit. When the unit is on, the RAM provides memory for caching, packet buffering, holding
routing tables, and housing the running operating system. When the unit is first powered on, RAM
executes the application codes from flash memory and the startup configurations from nonvolatile
random access memory (NVRAM), and when the unit is powered off or reset, RAM loses all data.
5. NVRAM - Nonvolatile Random Access Memory
NVRAM is the general name for any RAM that does not lose its information at power down (for
example, flash memory). In this case, NVRAM has a separate memory function than the flash memory
and is used to house the unit’s startup configurations.
6. Interfaces
Interface is the term used to describe how your unit connects with its outside environment. There are a
variety of interface categories, as well as interface types. Interface categories include line interfaces,
physical interfaces, virtual, and wireless interfaces.
• Line interfaces describe the way you are communicating with your unit (for example, by console
or Telnet).
• Physical interfaces describe the way your unit is physically connected to other units or devices (for
example, via Ethernet, T3, serial, or asymmetric digital subscriber line (ADSL)).
• Virtual interfaces describe the way your unit receives information, whether by Frame Relay,
Point-to-Point Protocol (PPP), virtual local area network (VLAN), or asynchronous transfer mode
(ATM), to name a few.
• Wireless interfaces describe the way your unit receives or transmits information without a physical
connection. The connectivity is provided through a radio transmission. There are multiple
components to a wireless local area network (WLAN) which include access points (APs), radio
interfaces, and virtual access points (VAPs).
The user can configure a unit’s interfaces through the interface command sets (refer to Configuration
Command Sets on page 16).

Command Reference Guide Introduction to Command Line Interface
INTRODUCTION TO COMMAND LINE INTERFACE

The CLI is a method used to communicate with your AOS unit. While it describes the method used to
communicate, such as by console or Telnet, it also refers to the way information is passed to the unit. As a
text-based user interface, the CLI prompts you to input commands line by line when you interface with the
AOS unit (hence the name command line interface).
Introduction to Commands
The most important part is understanding that your commands make the AOS unit function. The right
commands lead to a fully functioning unit, whereas improperly entered or forgotten commands prevent the
unit from functioning. To properly use commands, you must understand what function you want the AOS
unit to complete and what syntax the unit understands as instructions. Each command has its own role
within the operating system, and it is the responsibility of the operator to become familiar with specific
commands and command sets.
How Commands Function

Commands are composed of two main parts. The most important part is the command itself, or the
command word. Most command words are short and straightforward (for example, do, exit, or configure).
Command words are entered immediately after the command prompt in the CLI.
The second part of a command is its argument. An argument is a specification that modifies the command.
In the command show flash, show is the command word and flash is the argument because it modifies the
command show. Commands can have any number of arguments, depending upon the action required of the
unit, and in some instances you have a choice of arguments to use.
Optionally, some commands use variables with the argument to specify information relevant only to your
AOS unit. These variables are identified with the greater-than (<) and less-than symbols (>). The
description of the information required is contained within the symbols and displayed in italics. For
example, the following command provides the command clock, argument set, and includes the variables
<time>, <day>, <month>, and <year>:
clock set <time> <day> <month> <year>
AOS Command System
ADTRAN products, training tools, and manuals follow a specific system for entering and referencing
commands. Items that are typed in bold are the required commands and arguments for a certain action. In
the following documentation, you will see commands in bold after an example prompt. They look similar
to this:
>enable
#configure terminal
(config)#line telnet 4
(config-telnet4)#

How Commands Function Command Reference Guide
In the example above, the characters >, #, (config)#, and (config-telnet4)# are the prompts after which
commands are entered. In this example, the words in bold (enable, configure terminal, and line telnet 4)
are the entire commands and constitute what should be typed after the prompt. It is important to pay
attention to the prompt you are given when communicating with your unit, because certain commands only
work in certain modes, which are signified by the prompt. The different prompts and modes are discussed
later in this guide.
In certain commands, you are given a choice of arguments. If this is the case, the manual or guide will
place the argument in brackets separated by a vertical bar (|) between your choices as seen in this example:
#show [flash | cflash]
Again, remember the # is your prompt, the command word is show, and your choices of arguments are
flash and cflash.
Certain commands require you to enter your own information which are called variables. Information
within a command line that pertains to your personal unit is set off with the greater-than (<) and less-than
symbols (>). The description of the information required is contained within the greater-than and less-than
symbols and is displayed in italics. For example:
#copy <file source location> <config-file> tftp
In this case, # is your prompt, the command word is copy, the information needed from you is the source
location of the file you want to copy (<file source location>) and the configuration file type
(<config-file>), and tftp indicates the location to which to copy the file.

Command Reference Guide Using the CLI
USING THE CLI

This portion of the Command Reference Guide introduces you to the basic concepts and strategies
associated with using the AOS CLI.
Connecting the Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Accessing the CLI from Your PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Understanding Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Understanding Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Configuration Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Using CLI Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Searching for Commands in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Performing Common CLI Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Understanding CLI Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Connecting the Unit

For the initial use, the unit should be connected to a PC with VT100 terminal emulation program. To
connect the unit, simply connect a DB-9 straight-through male-to-female serial cable to the CONSOLE
port and to your PC.
Accessing the CLI from Your PC

All products using the AOS are initially accessed using a PC with VT100 terminal emulation program
(such as HyperTerminal or PuTTY) and console port cable. If you don’t have a VT100 terminal emulation
program, you can download PuTTY from the Internet.
Emulation Settings
Once you have connected to the unit, adjust the program settings as follows:
• 9600 baud
• 8 data bits
• No parity
• 1 stop bit
• No flow control
If you are using a VT100 terminal emulation program, name your new connection and set up the new
connection. Verify COM 1 is the type of connection you are using. Once you have entered the program
settings and applied them, you should be presented with a terminal window with which to interface with
your unit.

Understanding Command Modes Command Reference Guide
Unit Boot Up
After configuring your PC, provide power to the AOS unit and turn it on. The AOS unit begins the boot up
process, which includes the following:
• The Power-On Self Test runs. This test checks the unit hardware for normal operation. The
hardware includes the central processing unit (CPU), the memory, and the interfaces.
• The Bootstrap Startup Program (factory set in the ROM) runs.
• The Bootstrap Startup Program is read by the unit to discover the proper source for the operating
system image.
• The operating system image is loaded into RAM.
• The configuration file saved in NVRAM is loaded into RAM, where it is accessed by the unit and
then executed one line at a time.
If no configuration file is found in NVRAM (there will not be one found on initial setup), you are
presented with the following prompt on your PC’s VT100 terminal emulation screen:
Session Now Available

Press RETURN to get started
After pressing return, a prompt appears for communication with your unit.
Understanding Command Modes

As you begin communication, you should understand the command modes. Just as there are different
levels of commands in the CLI, there are different modes for commands within AOS itself. Each command
mode enables the user to access more commands, and make more changes in the unit’s configuration.
The CLI has four command modes: Basic, Enable, Application, and Global. The four command modes are
organized in a four-tiered hierarchy with Basic at the bottom, then Enable, then Application, and Global at
the top.
Basic Mode
Interaction with your unit begins at the Basic mode. The commands supported at this command tier are
limited, as is interaction with the unit itself. The Basic mode prevents users without access to the higher
tiered commands from changing the preferred configurations of the unit. The following table describes the
Basic mode.
Mode Access By... Mode Prompt Accessible Commands

Basic Beginning an AOS session > • Display system information
• Perform traceroute and ping
functions
• Open a Telnet session
For more information on the Basic mode, please refer to Basic Mode Command Set on page 45.

Command Reference Guide Understanding Command Modes
Enable Mode
Enable mode is one step up from the Basic mode. ADTRAN suggests that a password be required to access
the Enable mode. Refer to the quick start guides shipped with your unit and located online at
https://supportcommunity.adtran.com for more information on configuring a password.
From the Enable mode, you can access the configurations of your product, as well as handle how your unit
boots and runs, among other things. The following table describes the Enable mode.
Mode Access By.... Mode Prompt Accessible Commands

Enable Entering enable while in the # • Manage the startup and running
Basic mode as follows: configurations
>enable • Enable and disable debug
commands
• View show command output
• Enter any of the configuration modes
For more information regarding the Enable command set, refer to the Enable Mode Command Set on page
94.
Global Mode
The Global mode is the highest level tier within AOS. The Global mode allows the user to make changes
regarding the entire product system. All of your system’s configurations are accessed through the Global
mode. From this level, you can access not only line configurations, router configurations, and interface
configurations, but also any other configurations or parameters on your system. The following table
describes the Global mode.
Mode Access By... Mode Prompt Accessible Commands

Global Entering config while at the (config)# • Set the system’s Enable-level
Enable mode as follows: password(s)
>enable • Configure the system global IP
# parameters
#config • Configure the SNMP parameters
• Enter any of the configuration modes
For more information on the Global mode, refer to Global Configuration Mode Command Set on page
1141.

Understanding Configurations Command Reference Guide
Application Mode
The Application mode is accessed from the Enable mode. Enable mode access is necessary to access the
Application mode. This mode is used to configure applications on the AOS unit, such as Y.1731 or
network synchronization (Network Sync). The following table describes the Application mode.
Mode Access By.... Mode Prompt Accessible Commands

Application Entering application while (app)# • Configure the Y.1731 application
in the Enable mode as • Configure the Network Sync
follows: application
>enable
#application
For more information on the Application mode, refer to Application Command Sets on page 1976.
Understanding Configurations
Configurations are the means by which you set up your unit and system according to your personal
requirements and preferences. You must configure your unit to work within your network, based on your
hardware and communication systems.
All configurations are accessed through the Global Configuration mode. By typing in config at the Enable
mode prompt, you will be ready to specify the configuration you want to access.
For each configuration, enter the word or phrase that correlates with the system you are configuring. There
are different command sets for each type of configuration. These command sets are detailed in the
following section.
Configuration Command Sets

The configuration command sets are broken down into categories of similar functions. For example, all
commands pertaining to configuring the interfaces are grouped together, as are commands for configuring
routing, configuring security and services, and so on. The following sections introduce each category of
command sets and the command subsets organized within them in this guide. For a complete list of
command sets and their reference pages, refer to Command Descriptions on page 27.

Command Reference Guide Configuration Command Sets
Interface Command Sets
Interface commands configure the physical and virtual interfaces in which you communicate with your
device. Not all AOS units have all of the interface types explained in this section. Wireless interfaces are
also included for the units that support it. The following table gives an example of the each interface
command set. For a more detailed description, refer to Command Descriptions on page 27.
Command Accessed By... Sample Prompt With This Set You Can...
Set
Line Specifying a line (console, (config-con0)# • Gain initial access to the unit before
Interface Telnet, SSH) at the Global configuring network settings
Configuration mode prompt • Configure the console or terminal
as follows: settings (data rate, login password,
>enable etc.)
#config terminal • Create Telnet logins and specify their
(config)#line console 0 parameters (login password, etc.)
Physical Specifying an interface at the (config-adsl0/1)# • Configure the parameters of your
Interface Global Configuration mode physical connections
prompt as follows: • Configure your physical network
>enable
#config terminal
(config)#interface adsl 0/1
Virtual Specifying an interface at the (config-fr 1)# • Determine the parameters of
Interface Global Configuration mode information flow
prompt as follows: • Configure your unit’s methods for
>enable communicating with other devices
#config terminal • Configure network protocols; such as
(config)#interface ATM, Frame Relay, PPP, VLAN, etc.
frame-relay 1
Wireless Specifying a wireless (config-dot11ap 1)# • Configure your unit’s wireless
Interface interface at the Global parameters; wireless access points
Configuration mode prompt (APs), access point radios, and
as follows: virtual access points (VAPs)
>enable • Configure how your wireless network
#config terminal will integrate with your wired network
(config)#interface dot11ap 1
ap-type nv16x
Carrier Ethernet Command Sets
Carrier Ethernet interfaces consist of virtual interfaces that are only available on specific AOS products
used to interface with Metro Ethernet network (MEN) and carrier Ethernet technologies. In this guide,
commands pertaining to these virtual interfaces are listed in their own section to separate them from the
more commonly used interfaces. The Carrier Ethernet section is divided into EFM NIM 2 Ethernet, Carrier
Ethernet Services, and Y.1731. Each section has been further divided into additional sections containing
command sets for specific configuration functions dealing with each of these technologies.

Configuration Command Sets Command Reference Guide
Ethernet in the First Mile (EFM) NIM2 Ethernet command sets pertain to the Metropolitan Ethernet Forum
(MEF) Ethernet interface which functions as the user-network interface (UNI) in AOS products with the
second-generation EFM network interface modules (NIMs). The MEF Ethernet interface is a virtual
interface used by AOS products to interface with the MEN and carrier Ethernet technologies. The MEF
Ethernet interface is used as the Layer 2 and 3 wide-area network (WAN) interface.
Carrier Ethernet Services command sets pertain to the MEF Ethernet virtual connection (EVC) which
connects two endpoints (for example, the EFM group and the MEF Ethernet interface) and passes Ethernet
service frames through these endpoints.
Y.1731 command sets pertain to EFM configurations on the AOS device that use the Y.1731 protocol. The
Y.1731 commands allow you to configure how your unit will behave as it employs Y.1731 EFM over your
network.
The following table gives an example of the carrier Ethernet commands. For a more detailed listing of
commands, refer to Command Descriptions on page 27.
Command Set Accessed By... Sample Prompt With This Set You Can...
EFM NIM2 Specifying a MEF interface at (config-mef- • Configure the MEF Ethernet
Ethernet the Global Configuration mode ethernet 0/1)# interface
prompt as follows: • Configure EFM bonding
>enable groups to provide EFM
#configure terminal capabilities across WAN
(config)#interface interfaces
mef-ethernet 0/1 • Configure EVC attributes
• Set parameters for policer
policies to limit outbound traffic
bandwidth
• Configure EVC map attributes
and associate with an EVC
and a UNI

Command Reference Guide Configuration Command Sets
Carrier Ethernet Specifying an EVC from the (config-evc-DATA) • Create and configure EVCs
Services Global Configuration mode # • Configure EFM groups.
prompt as follows: • Configure EVC queues,
>enable policer policy, map and
#configure terminal shaper.
(config)#evc DATA • Configure the system control
(config-evc-DATA)# EVC
• Set parameters for inband IP
network interface for system
management and control
Y.1731 Specifying which Y.1731 (config-y1731-meg • Specify the MEF traffic shaper
feature you wish to configure at MEG1)# rate
the Global Configuration mode • Specify the interface to which
prompt as follows: the MEF shaper is applied
>enable • Configure the Y.1731
#configure terminal maintenance entity group
(config)#ethernet y1731 meg (MEG) and Y.1731 local MEG
char-string MEG1 endpoint (MEP)
(config-y1731-meg MEG1)# • Specify the frame delay, frame
loss, and traffic shaper
settings for Y.1731 traffic
• Use Show commands related
to Y.1731 settings
Routing Protocol Command Sets
The routing command sets serve two functions. Routing commands not only address the manner in which
your unit routes and disseminates information, but they also provide an additional level of security for your
network. Routing commands include parameters, such as AS path list, community list, and network
monitoring, and they determine whether your unit routes via Routing Information Protocol (RIP), open
shortest path first (OSPF), or protocol-independent multicast (PIM) sparse.
The following table gives an example of the routing command sets. For a complete list of routing
commands, refer to the Command Descriptions on page 27.
Routing Specifying which routing (config-ospf)# • Determine which devices are
parameter you wish to set at compatible with your network
the Global Configuration mode • Determine how your unit
prompt as follows: routes traffic and information
>enable • Configure network monitoring
#config probes, tracks, and
(config)#router ospf responders
• Configure the unit’s route map

Configuration Command Sets Command Reference Guide
Security and Services Command Sets
The security and services command sets provide methods for you to configure additional security for your
unit, as well as determine the types of services you want your unit to perform. Included in these command
sets are quality of service (QoS) maps, Dynamic Host Configuration Protocol (DHCP) pools, and route
map configurations.
The following table includes an example of the security and services commands. For a more detailed
listing of the command sets, refer to Command Descriptions on page 27.
Command Accessed By... Sample Prompt With This Set You Can...
Set
Security and Specifying the service you (config-sg-radius)# • Map the quality of a variety of
Services would like to perform at the services
Global Configuration mode • Set the parameters for the DHCP
prompt as follows: • Configure access control lists (ACL)
>enable and access control policies (ACP) for
#config network security
(config)#aaa group server • Configure security services for
radius myServer Radius and Tacacs+ Groups.
Voice Command Sets
Voice command sets configure all aspects of voice functionality within your network. These commands
only pertain to AOS devices that support voice as part of their feature set.
The following table describes the different voice command subsets and explains briefly each command set.
For a more detailed description, refer to Command Descriptions on page 27.
Voice Accounts Specifying the voice account (config-4444)# • Set parameters for user
you would like to configure at accounts, line accounts, and
the Global Configuration mode loopback accounts
prompt as follows: • Specify the behaviors and
>enable permissions of these accounts
#config within the voice network
(config)#voice user 4444
Voice Groups Specifying the voice group you (config-1234)# • Set parameters for ring groups,
would like to configure at the operator groups, trunk groups,
Global Configuration mode paging groups, and more
prompt as follows: • Specify the behaviors and
>enable permissions of voice groups,
#config as well as define the members
(config)#voice ring-group of the groups
1234

Command Reference Guide Using CLI Shortcuts
Voice Services Specifying the voice service (config-aa1212)# • Set parameters for class of
you would like to configure at service (CoS) on the voice
the Global Configuration mode network
prompt as follows: • Configure voice features
>enable (voicemail, auto attendant,
#config Music on Hold, Find Me Follow
(config)#voice autoattendant Me, etc)
Example 1212 • Use voice quality monitoring
reporters
• Specify the behaviors and
permissions of voice features
within the network
Voice Trunks Specifying the voice trunk type (config-t01)# • Set parameters for analog
you would like to configure at trunks, T1 trunks, Session
the Global Configuration mode Initiation Protocol (SIP) trunks,
prompt as follows: and more
>enable • Specify the behaviors and
#config permissions of these trunks
(config)#voice trunk t01
Virtual Private Network Parameter Command Sets
The virtual private network (VPN) parameter command sets deal with the encryption and security on your
private network. To allow you the utmost in security, the VPN parameter commands allow you to
configure how your unit will behave as it communicates with other devices. VPN command sets allow you
to configure Internet key exchange (IKE) parameters, crypto parameters, and certificate parameters.
The following table gives an example of the VPN parameter commands. For a more detailed listing of
commands, refer to Command Descriptions on page 27.
VPN Parameters Specifying which parameter (config-cert- • Determine how your unit
you wish to set at the Global chain)# authenticates communication
Configuration mode prompt as • Set the parameters for keeping
follows: your unit secure
>enable
#config
(config)#crypto ca certificate
chain MyProfile
Using CLI Shortcuts

The AOS CLI provides several shortcuts to help you configure your AOS product more easily. See the
following table for descriptions.

Using CLI Shortcuts Command Reference Guide
Shortcut Description
Up arrow key To redisplay a previously entered command, use the up arrow key. Continuing to
press the up arrow key cycles through all commands entered, starting with the most
recent command.
<Tab> key Pressing the <Tab> key after entering a partial (but unique) command will complete
the command, display it on the command prompt line, and wait for further input.
? The AOS CLI contains help to guide you through the configuration process. Using the
question mark, do any of the following:
Display a list of all subcommands in the current mode. For example:
(config-t1 1/1)#coding ?
ami - Alternate Mark Inversion
b8zs - Bipolar Eight Zero Substitution
Display a list of available commands beginning with certain letter(s). For example:
(config)#ip d?
default-gateway dhcp-server domain-lookup domain-name domain-proxy
Obtain syntax help for a specific command by entering the command, a space, and
then a question mark (?). The AOS CLI displays the range of values and a brief
description of the next parameter expected for that particular command. For example:
(config-eth 0/1)#mtu ?
<64-1500> - MTU (bytes)
<Ctrl + A> Jump to the beginning of the displayed command line. This shortcut is helpful when
using the no form of commands (when available). For example, pressing <Ctrl + A>
at the following prompt will place the cursor directly after the #:
(config-eth 0/1)#ip address 192.33.55.6
<Ctrl + E> Jump to the end of the displayed command line. For example, pressing <Ctrl + E> at
the following prompt will place the cursor directly after the 6:
(config-eth 0/1)#ip address 192.33.55.6

<Ctrl + U> Clears the current displayed command line. The following provides an example of the
<Ctrl + U> feature:
(config-eth 0/1)#ip address 192.33.55.6 (Press <Ctrl + U> here)

(config-eth 0/1)#
auto finish You need only enter enough letters to identify a command as unique. For example,
entering int t1 1/1 at the Global Configuration mode prompt provides you access to
the configuration parameters for the specified T1 interface. Entering interface t1 1/1
would work as well, but is not necessary.

Command Reference Guide Searching for Commands in the CLI
Searching for Commands in the CLI

The AOS CLI contains several thousand commands, accessible through various command modes and
command sets. Finding a specific command, particularly if you do not know the command set in which the
command is located, or the entire syntax of the command, can be difficult. To make it easier to find
specific commands in the CLI, an algorithmic search tool is provided. This search tool scans the entire CLI
for the command you specify, scanning all command modes and sets, and displays the commands that
match the specified criteria. This feature can be more useful than the ? CLI shortcut because it gives the
entire syntax of the matching commands, and the search is not limited to the currently active command set.
To search for a command in the CLI, enter the find <input> command at the Enable mode prompt. The
<input> parameter is a text string of the command for which you are searching, for example, sip proxy.
The following example tells the CLI to search for all commands that match sip pr. The output displays the
matching commands and their associated command set(s).
>enable
#find sip pr
Searching....Found 4 commands
Root : clear sip proxy
Root : debug sip proxy
Root (2) : show sip proxy
configterminal (3) : sip proxy
The above example displays all commands in the CLI that match sip pr, combining any results that are
similar. Note the (2) in the Root command set, indicating two commands with similar syntax in the Enable
mode match the criteria, and the (3) in the configterminal command set, indicating three commands with
similar syntax in the Global Configuration mode match the search criteria. Command search results are
considered to be similar based on three criteria: they are in the same command set (Root or configterminal
in the previous example), they use the same root command (show sip proxy or sip proxy in the previous
example), and they meet the search criteria (both match sip proxy in the previous example). Search results
are combined by default, but you can optionally choose to display all commands by entering the
find /no suppress <input> command for your search. For example, to list all commands that match sip pr,
enter the command as follows (note the difference in the command output from the previous example):
>enable
#find /no suppress sip pr
Searching...Found 7 commands
Root : show running-config sip proxy
Root : show sip proxy
configterminal : sip prefer
configterminal : sip privacy
configterminal : sip proxy

Performing Common CLI Functions Command Reference Guide
In addition to specifying that search results are not combined, you can also limit search results to the active
command set by entering the find /current-set <input> command. The optional current set parameter
limits the search to the current active command set. For example, if you were searching for packet capture
commands, and searched all of the CLI, the search returns 13 available matching commands. If you limit
the search to the Enable mode only, using the /current-set parameter, the search returns only the two
packet capture commands available in the Enable mode (note that similar commands are combined in the
search results by default; entering the optional /no-suppress parameter in addition to /current-set
parameter will display all matching commands in the set).
>enable
#find /current-set packet-capture
Searching... Found 2 commands
debug packet-capture
show packet-capture : (2)
Wildcards can also be used when searching for commands in the CLI. Wildcards can be beneficial when
you do not know the entire syntax of the command you are looking for. Use the * character to specify the
search matches anything in place of the *. Enter the command as follows to search using wildcards:
>enable
#find sip*tcp
voice-trunk-sip (2) : sip-server primary * tcp
configterminal (4) : sip tcp
configterminal : voip name-service host * sip tcp
Performing Common CLI Functions

The following table contains descriptions of common CLI commands.
Command Description
exit The exit command exits the current command set and returns to the previous
command set. For example, when entering exit in the Global Configuration
mode, you will be returned to the Enable mode.
>enable
#configure terminal
(config)#exit
>
Your location in the CLI hierarchy determines the command set you will return
to when entering this command. If you enter exit in the Enable mode you will
exit the CLI completely.

Command Reference Guide Performing Common CLI Functions
Command Description
end The end command exits the current command set and returns to the Enable
mode, no matter what your current location is in the CLI hierarchy. For
example, when entering end in the T1 Interface Configuration mode, you are
returned to the Enable mode prompt.
>enable
#configure terminal
(config)#interface t1 1/1
(config-t1 1/1)#end
>
do The do command provides a way to execute commands in other command
sets without having to exit the current command set. The following example
shows the do command used to view the Frame Relay interface configuration
while in the T1 interface command set:
(config-t1 1/1)#do show interfaces fr 7
no shutdown To activate an interface, enter no shutdown from the interface configuration
mode. For example, the following command activates the T1 1/1 interface:
(config-t1 1/1)#no shutdown t1 1/1
no To disable a feature or return a command to its default setting, enter no
before the command. The following example disables the voice debug
messages.
>no debug voice

copy running-config Entering this command in the Enable mode saves changes made to the
startup-config configuration. This command copies your changes to the unit’s NVRAM. Once
the save is complete, the changes are retained even if the unit is shut down or
suffers a power outage.
show running config Entering this command in the Enable mode displays the current configuration.
debug Use the debug commands in the Enable mode to troubleshoot problems you
may be experiencing on your network. These commands provide additional
information to help you better interpret possible problems. For information on
specific debug commands, refer to the debug section beginning on page 284.
undebug all Entering this command in the Enable mode turns off any active debug
commands.
The overhead associated with the debug command takes up a large portion of your AOS
product’s resources, and at times can halt other processes. It is best to use the debug
command only during times when the network resources are in low demand (nonpeak
hours, weekends, etc.).

Understanding CLI Error Messages Command Reference Guide
Understanding CLI Error Messages

The following table lists and defines some of the more common error messages given in the CLI.
Message Helpful Hints

%Ambiguous command The command may not be valid in the current command mode, or you
%Unrecognized command may not have entered enough correct characters for the command to be
recognized. Try using the ? command to determine your error. Refer to
Using CLI Shortcuts on page 21 for more information.
%Invalid or incomplete The command may not be valid in the current command mode, or you
command may not have entered all of the pertinent information required to make
the command valid. Try using the ? command to determine your error.
Refer to Using CLI Shortcuts on page 21 for more information.
%Invalid input detected at The error in command entry is located where the caret (^) mark appears.
“^” marker Enter a question mark at the prompt. The system displays a list of
applicable commands or gives syntax information for the entry.

Command Reference Guide Command Descriptions
COMMAND DESCRIPTIONS
This portion of the guide provides a detailed listing of all available commands for the AOS CLI (organized
by command set). Each command listing contains pertinent information, including the default value, a
description of all subcommand parameters, functional notes for using the command, and a brief technology
review. To search for information on a group of commands within a particular command set, use the linked
references given below:
System Command Sets

Basic Mode Command Set on page 45
Common Commands on page 74
Enable Mode Command Set on page 94
Global Configuration Mode Command Set on page 1141
Application Command Sets

Network Sync Application Command Set on page 1977
Y.1731 Application Command Set on page 1982

Line Interface
Line (Console) Interface Command Set on page 2006
Line (SSH) Interface Command Set on page 2023
Line (Telnet) Interface Command Set on page 2039
Physical Interface
ADSL Interface Command Set on page 2057
BRI Interface Command Set on page 2064
Cellular Interface Command Set on page 2090
DDS Interface Command Set on page 2106
DSX-1 Interface Command Set on page 2114
E1 Interface Command Set on page 2124
Ethernet Interface Command Set on page 2141
FDL Interface Command Set on page 2342
FXO Interface Command Set on page 2349
FXS Interface Command Set on page 2360
G.703 Interface Command Set on page 2379
HSSI Interface Command Set on page 2386
Modem Interface Command Set on page 2390
PRI Interface Command Set on page 2396
Serial Interface Command Set on page 2417
SHDSL Interface Command Set on page 2426
T1 Interface Command Set on page 2448
VDSL Interface Command Set on page 2480

Carrier Ethernet Command Sets Command Reference Guide
Virtual Interface
ATM Interface Command Set on page 2483
ATM Subinterface Command Set on page 2487
BVI Interface Command Set on page 2578
Demand Interface Command Set on page 2621
Frame Relay Interface Command Set on page 2712
Frame Relay Subinterface Command Set on page 2733
HDLC Interface Command Set on page 2873
Loopback Interface Command Set on page 2953
Port Channel Interface Command Set on page 3019
PPP Interface Command Set on page 3045
Tunnel Interface Command Set on page 3196
VLAN Command Set on page 3341
VLAN Database Command Set on page 3346
VLAN Interface Command Set on page 3355
Wireless Interface
NetVanta 150 AP Interface Command Set on page 3479
NetVanta 150 Radio Interface Command Set on page 3495
NetVanta 150 VAP Interface Command Set on page 3518
NetVanta 160 Series AP Interface Command Set on page 3535
NetVanta 160 Series Radio Interface Command Set on page 3552
NetVanta 160 Series VAP Interface Command Set on page 3570

EFM NIM2 Ethernet
MEF EFM Group Command Set on page 3584
MEF Ethernet Interface on page 3589
MEF EVC Command Set on page 3659
MEF EVC Map Command Set on page 3663
MEF Policer Policy Command Set on page 3669
Carrier Ethernet Services
Carrier Ethernet EFM Group Command Set on page 3676
Carrier Ethernet EVC Command Set on page 3685
Carrier Ethernet EVC Map Command Set on page 3690
Carrier Ethernet Policer Command Set on page 3704
Carrier Ethernet Queue Command Set on page 3713
Carrier Ethernet Shaper Command Set on page 3721
Carrier Ethernet Terminal Loopback Command Set on page 3724
Facility MAC Swap Loopback Command Set on page 3727
System Control EVC Command Set on page 3730
System Management EVC Command Set on page 3828

Command Reference Guide Routing Protocol Command Sets
Y.1731
One-Way Frame Delay Monitoring Session Command Set on page 3908
Two-Way Frame Delay Monitoring Session Command Set on page 3912
Single-Ended Frame Loss Monitoring Session Command Set on page 3920
Single-Ended Synthetic Frame Loss Monitoring Session Command Set on page 3927
Y.1731 MEG Command Set on page 3953
Y.1731 Local MEP Command Set on page 3935

BGP
AS Path List Command Set on page 3963
BGP Command Set on page 3966
BGP Address Family Command Set on page 3986
BGP AF Neighbor Command Set on page 4007
BGP Neighbor Command Set on page 4026
Community List Command Set on page 4043
Network Monitoring
Network Monitor Probe Command Set on page 4047
Network Monitor Probe Responder Command Set on page 4074
Network Monitor Track Command Set on page 4083
OSPFv2 and OSPFv3
Router OSPFv2 Command Set on page 4105
Router OSPFv3 Command Set on page 4126
Router OSPFv3 IPv6 Address Family on page 4138
Routing
Route Map Command Set on page 4153
Router PIM Sparse Command Set on page 4186
Router RIP Command Set on page 4190
VRRPv3 Command Set on page 4206

Access Control Lists and Policies
Hardware ACL and Access Map Command Set on page 4220
IPv4 Access Control List Command Set on page 4237
IPv4 Access Control Policy Command Set on page 4263
IPv6 Access Control List Command Set on page 4281
IPv6 Access Control Policy Command Set on page 4311
DHCP
DHCPv4 Pool Command Set on page 4321
DHCPv6 Pool Command Set on page 4345
DHCPv6 Server Pool Host Command Set on page 4368
Services
Counter Profile Configuration Command Set on page 4376

Voice Command Sets Command Reference Guide
Desktop Auditing Local Policy Command Set on page 4380

Dynamic Counter Configuration Command Set on page 4387
Ethernet OAM CFM Command Set on page 4390
Mail Agent Command Set on page 4408
Network Sync Command Set on page 4419
Over-Temperature Protection Command Set on page 4431
Packet Capture Command Set on page 4435
Quality of Service Map Command Set on page 4449
RADIUS Group Command Set on page 4483
Security Monitor Command Set on page 4488
TACACS+ Group Command Set on page 4492
Top Traffic Command Set on page 4495
Voice Command Sets

Voice Accounts
Voice Line Account Command Set on page 4503
Voice Loopback Account Command Set on page 4531
Voice User Account Command Set on page 4549
Voice Groups
Voice Call Pickup Group Command Set on page 4638
Voice ISDN Group Command Set on page 4641
Voice Operator Group Command Set on page 4649
Voice Paging Group Command Set on page 4665
Voice Ring Group Command Set on page 4670
Voice Trunk Group Command Set on page 4689
Voice Services
Auto Attendant Command Set on page 4700
Call Coverage Command Set on page 4703
Call Queuing Command Set on page 4707
FindMe-FollowMe Action Script Command Set on page 4729
FindMe-FollowMe Contact Group Command Set on page 4737
HMR Command Set on page 4747
HMR Intercept Command Set on page 4797
MGCP Command Set on page 4806
Music on Hold Command Set on page 4838
Proxy User Template Command Set on page 4841
SIP Proxy Monitor Command Set on page 4851
SIP Server Monitor Command Set on page 4861
SIP TLS Profile Command Set on page 4866
SRTP Profile Command Set on page 4874
Voice CODEC List Command Set on page 4879
Voice CoS Command Set on page 4883
Voicemail CoS Command Set on page 4922
VQM Reporter Command Set on page 4931

Command Reference Guide VPN Parameter Command Sets
Voice Trunks
Voice Analog Trunk Command Set on page 4945
Voice ISDN Trunk Command Set on page 4994
Voice SIP Trunk Command Set on page 5038
Voice T1 Trunk Command Set on page 5137
VPN Parameter Command Sets

Certificate
CA Profile Command Set on page 5195
Certificate Command Set on page 5207
Crypto Map
Crypto Map IKE Command Set on page 5212
IPv4 Crypto Map Manual Command Set on page 5230
IPv6 Crypto Map Manual Command Set on page 5240
IPsec Profile Command Set on page 5246
IKE
IKE Client Command Set on page 5256
IKE Policy Attributes Command Set on page 5260
IKE Policy Command Set on page 5266

Command Set Access Path Quick Reference Guide Command Reference Guide
COMMAND SET ACCESS PATH QUICK REFERENCE GUIDE
Application Command Sets
Command Set Sample Access Path For Full Command

List, See...
Network Sync Application >enable page 1977
#application
(app)#
Y.1731 Application >enable page 1982
#application
(app)#ethernet y1731 meg char-string MEG1 3
100
(app-y1731 100)#

Line Interface Command Set Access Paths

List, See...
Console (config)#line console 0 page 2006
(config-con 0)#
SSH (config)#line ssh 0 4 page 2023
(config-ssh0-4)#
Telnet (config)#line telnet 0 4 page 2039
(config-telnet0-4)#
Physical Interface Command Set Access Paths

List, See...
ADSL (config)#interface adsl 0/1 page 2057
(config-adsl 0/1)#
BRI (config)#interface bri 1/2 page 2064
(config-bri 1/2)#
Cellular (config)#interface cellular 1/1 page 2090
(config-cellular 1/1)#
DDS (config)#interface dds 1/1 page 2106
(config-dds 1/1)#
DSX-1 (config)#interface t1 1/2 page 2114
(config-t1 1/2)#
E1 (config)#interface e1 1/1 page 2124
(config-e1 1/1)#
Ethernet (config)#interface ethernet 0/1 page 2141
(config-eth 0/1)#

Command Reference Guide Interface Command Sets

List, See...
Ethernet Subinterface (config)#interface ethernet 0/1.1 page 2141
(config-eth 0/1.1)#
Ethernet Subinterface for (config)#interface ethernet 0/1.1 page 2141
Layer 3 Services (config-eth 0/1.1)#
Gigabit Ethernet (config)#interface gigabit-ethernet 0/3 page 2141
(config-giga-eth 0/3)#
Gigabit Switchport (config)#interface gigabit-switchport 0/3 page 2141
(config-giga-swx 0/3)#
Switchport (config)#interface switchport 0/1 page 2141
(config-swx 0/1)#
Range of Ethernet (config)#interface range ethernet 0/1, 0/8 page 2141
Interfaces (config-eth 0/1, 0/8)#
(in this example, eth 0/1
through eth 0/8)
10 Gigabit Switchport (config)#interface xgigabit-switchport 0/3 page 2141
(config-xgiga-swx 0/3)#
FDL (config)#interface fdl 1/1 page 2342
(config-fdl 1/1)#
FXO (config)#interface fxo 0/1 page 2349
(config-fxo 0/1)#
FXS (config)#interface fxs 2/1 page 2360
(config-fxs 2/1)#
G.703 (config)#interface e1 1/2 page 2379
(config-e1 1/2)#
HSSI (config)#interface hssi 1/1 page 2386
(config-hssi 1/1)#
Modem (config)#interface modem 1/2 page 2390
(config-modem 1/2)#
PRI (config)#interface pri 2 page 2396
(config-pri 2)#
Serial (config)#interface serial 1/1 page 2417
(config-ser 1/1)#
SHDSL (config)#interface shdsl 1/1 page 2426
(config-shdsl 1/1)#
T1 (config)#interface t1 1/1 page 2448
(config-t1 1/1)#
(config-t3 1/1)#
(config-t4 0/1)#
VDSL ((config)#interface vdsl 1/1 page 2480
(config-vdsl 1/1)#

Interface Command Sets Command Reference Guide
Virtual Interface Command Set Access Paths

List, See...
ATM (config)#interface atm 1 page 2483
(config-atm 1)#
ATM Subinterface (config)#interface atm 1.1 page 2487
(config-atm 1.1)#
BVI (config)#bridge irb page 2578
(config)#interface bvi 1
(config-bvi 1)#
Demand (config)#interface demand 1 page 2621
(config-demand 1)#
Frame Relay (config)#interface frame-relay 1 page 2712
(config-fr 1)#
Frame Relay Subinterface (config)#interface frame-relay 1.16 page 2733
(config-fr 1.16)#
HDLC (config)#interface hdlc 1 page 2873
(config-hdlc 1)#
Loopback (config)#interface loopback 1 page 2953
(config-loop 1)#
Port Channel (config)#interface port-channel 1 page 3019
(config-p-chan1)#
PPP (config)#interface ppp 1 page 3045
(config-ppp 1)#
Tunnel (config)#interface tunnel 1 gre ip page 3196
(config-tunnel 1)#
VLAN Configuration (config)#vlan 1 page 3341
(config-vlan 1)#
VLAN Database (config)#vlan database page 3346
(vlan)#
VLAN Interface (config)#interface vlan 1 page 3355
(config-interface-vlan 1)#
Wireless Interface Command Set Access Paths

List, See...
Access Point, (config)#interface dot11ap 1 ap-type nv150 page 3479
NetVanta 150 (config-dot11ap 1)#
Access Point, (config)#interface dot11ap 1 ap-type 16x page 3535
NetVanta 160 (config-dot11ap 1)#

Command Reference Guide Carrier Ethernet Command Sets

List, See...
Radio, (config)#interface dot11ap 1/1 page 3495 (for
NetVanta 150 or 160 (config-dot11ap 1/1-bg)# NetVanta 150), or
page 3552 (for
NetVanta 160)
Virtual Access Point, (config)#interface dot11ap 1/1.1 page 3518 (for
NetVanta 150 or 160 (config-dot11ap 1/1.1-bg)# NetVanta 150), or
page 3570 (for
NetVanta 160)

EFM NIM2 Ethernet Interfaces Command Set Access Paths

List, See...
MEF EFM Group (config)#interface efm-group 1 page 3584
(config-efm-group 1)#
MEF Ethernet (config)#interface mef-ethernet 0/1 page 3589
(config-mef-ethernet 0/1)#
MEF Ethernet (config)#interface mef-ethernet 0/1.1 page 3589
Subinterface (config-mef-ethernet 0/1.1)#
MEF EVC (config)#mef evc DATA page 3659
(config-evc-DATA)#
MEF EVC Map (config)#mef evc-map Map1 page 3663
(config-evc-map-Map1)#
MEF Policer Policy (config)#mef policer Policy1 page 3669
(config-policer-Policy1)#
Carrier Ethernet Services Command Set Access Paths

List, See...
Carrier Ethernet EFM (config)#interface efm-group 1/1 page 3676
Group (config-efm-group 1/1)#
Carrier Ethernet EVC (config)#evc DATA page 3685
(config-evc-DATA)#
Carrier Ethernet EVC Map (config)#evc-map Map1 page 3690
Carrier Ethernet Policer (config)#policer Policy1 page 3704
Policy (config-policer-Policy1)#
Carrier Ethernet Queue (config)#queue interface efm-group 1 3 page 3713
(config-queue 3)#
Carrier Ethernet Shaper (config)#shaper SHAPER1 0 page 3721
(config-shaper shaper1 0)#

Carrier Ethernet Command Sets Command Reference Guide

List, See...
Carrier Ethernet Terminal (config)#ethernet loopback terminal page 3724
Loopback TERMINAL 0
(config-eth-lbk-term TERMINAL 0)#
Facility MAC Swap (config)#ethernet loopback facility FACILITY 0 page 3727
Loopback (config-eth-lbk-fac FACILITY 0)#
System Control EVC (config)#system-control-evc page 3730
(config-system-ctrl-evc)#
System Management EVC (config)#system-management-evc page 3828
(config-system-mgmt-evc)#
Y.1731 Interfaces Command Set Access Paths

List, See...
One-Way Frame Delay (config)#ethernet y1731 meg char-string MEG1 page 3908
Monitoring Session (config-y1731-meg MEG1)#local-mep 3
MEP 3 created
(config-y1731-mep3)#frame-delay one-way 500
priority 1
(config-y1731-frame-delay)#
Two-Way Frame Delay (config)#ethernet y1731 meg char-string MEG1 page 3912
MEP 3 created
(config-y1731-mep3)#frame-delay two-way 500
priority 1
(config-y1731-frame-delay)#
Single-Ended Frame Loss (config)#ethernet y1731 meg char-string MEG1 page 3920
MEP 3 created
(config-y1731-mep3)#frame-loss single-ended
500 priority 1
(config-y1731-frame-loss)#
Single-Ended Synthetic (config)#ethernet y1731 meg char-string MEG1 page 3927
Frame Loss Monitoring (config-y1731-meg MEG1)#local-mep 3
Session MEP 3 created
(config-y1731-mep3)#frame-loss synthetic
single-ended 500 priority 1
(config-y1731-frame-loss)#
Y.1731 Local MEP (config)#ethernet y1731 meg char-string MEG1 page 3935
(config-y1731-meg MEG1)#local-mep 3
MEP 3 created
(config-y1731-mep3)#
Y.1731 MEG (config)#ethernet y1731 meg char-string MEG1 page 3953
(config-y1731-meg MEG1)#

Command Reference Guide Routing Protocol Command Sets

BGP Command Set Access Paths

List, See...
AS Path List (config)#ip as-path-list MyList page 3963
(config-as-path-list)#
BGP (config)#router bgp 1 page 3966
(config-bgp)#
BGP Address Family (config-bgp)#address-family ipv4 page 3986
(config-bgp-ipv4)#
BGP Address Family (config-bgp-ipv4)#neighbor 192.22.15.101 page 4007
Neighbor (config-bgp-ipv4-neighbor)#
BGP Neighbor (config-bgp)#neighbor 192.22.15.101 page 4026
(config-bgp-neighbor)#
Community List (config)#ip community-list listname page 4043
(config-comm-list)#
Network Monitoring Command Set Access Paths

List, See...
Network Monitor Probe (config)#probe probe1 icmp-echo page 4047
(config-probe-probe1)#
Network Monitor Probe (config)#probe responder twamp page 4074
Responder (config-responder-twamp)#
Network Monitor Track (config)#track track1 page 4083
(config-track-track1)#
OSPFv2 and OSPFv3 Command Set Access Paths

List, See...
OSPFv2 (config)#router ospf page 4105
(config-ospf)#
OSPFv3 (config)#router ospfv3 5 page 4126
(config-ospfv3)#
OSPFv3 IPv6 AF (config)#router ospfv3 5 page 4126
(config-ospfv3)#address-family ipv6 unicast
(config-ospfv3-ipv6)#

Security and Services Command Sets Command Reference Guide
Routing Command Set Access Paths

List, See...
Route Map (config)#route-map MyMap permit 100 page 4153
(config-route-map)#
PIM Sparse (config)#router pim-sparse page 4186
(config-pim-sparse)#
RIP (config)#router rip page 4190
(config-rip)#
VRRPv3 (config)#interface eth 0/1 page 4206
(config-eth 0/1)#vrrpv3 15 address-family ipv6
(config-if-vrrpv3 15)#

Access Control Lists and Policies Command Set Access Paths

List, See...
Hardware ACL and (config)#ip hw-access-list extended Trusted page 4220
Access Map (config-ext-ip-hw-nacl)#
IPv4 Access Control (config)#ip access-list standard MATCHALL page 4237
List (config-std-nacl)#
IPv4 Access Control (config)#ip policy-class PRIVATE page 4263
Policy (config-policy-class)#
IPv6 Access Control (config)#ipv6 access-list standard MATCHALLv6 page 4281
List (config-std6-nacl)#
IPv6 Access Control (config)#ipv6 policy-class PRIVATEv6 page 4311
Policy (config-policy6-class)#

Command Reference Guide Security and Services Command Sets
DHCP Command Set Access Paths

List, See...
DHCPv4 Pool (config)#ip dhcp pool MyPool page 4321
(config-dhcp)#
DHCPv6 Pool (config)#ipv6 dhcp pool MyPool page 4345
(config-dhcpv6)#
DHCPv6 Server Pool (config)#ipv6 dhcp pool MYPOOL page 4368
(config-dhcpv6)#host client-identifier F2A4C9
(config-dhcpv6-host)#
Services Command Set Access Paths

List, See...
Counter Profile (config)#counter-profile 0/1 page 4376
(config-count-prof 0/1)#
Desktop Auditing Local (config)#desktop-auditing local-policy page 4380
Policy (desktop-audit-policy)#
Dynamic Counter (config)#dynamic-counter 0/1 page 4387
(config-dyn-count 0/1)#
Ethernet OAM CFM (config)#ethernet cfm domain domain1 level 6 page 4390
(config-ecfm-domain)#
Mail Agent (config)#mail-client myagent page 4408
(config-mail-client-myagent)#
Network Sync (config)#network-sync page 4419
(config-ntwk-sync)#
Over-Temperature (config)#over-temperature protection page 4431
Protection config-over-temp-protection)#
Packet Capture (config)#packet-capture 1CAPTURE standard page 4435
(config-packet-capture-1CAPTURE)#
QoS Map (config)#qos map VOICEMAP 10 page 4449
(config-qos-map)#
RADIUS Group (config)#aaa group server radius RADAuthgroup page 4483
(config-sg-radius)#
Security Monitor (config)#ip security monitor page 4488
(config-secmon)#
TACACS+ Group (config)#aaa group server tacacs+ page 4492
TACAuthgroup
(config-sg-tacacs+)#
Top Traffic (config)#ip flow top-talkers page 4495
(config-top-talkers)#

Voice Command Sets Command Reference Guide
Voice Command Sets

Voice Accounts Command Set Access Paths

List, See...
Voice Line Account (config)#voice line sales page 4503
(config-sales)#
Voice Loopback Account (config)#voice loopback 5555 page 4531
(config-LB-5555)#
Voice User Account (config)#voice user 4444 page 4549
(config-4444)#
Voice Groups Command Set Access Paths

List, See...
Voice Call Pickup (config)#voice pickup-group Sales page 4638
Group (config-Sales)#
Voice ISDN Group (config)#isdn-group 1 page 4641
(config-isdn-group 1)#
Voice Operator Group (config)#voice operator-group page 4649
(config-operator-group)#
Voice Paging Group (config)#voice paging-group 8956 page 4665
(config-8956)#
Voice Ring Group (config)#voice ring-group 1234 page 4670
(config-1234)#
Voice Trunk Group (config)#voice grouped-trunk TestGroup page 4689
(config-TestGroup)#
Voice Services Command Set Access Paths

List, See...
Auto Attendant (config)#voice autoattendant Example 1212 page 4700
(config-aa1212)#
Call Coverage (config)#voice coverage Evening page 4703
(config-gch)#
Call Queuing (config)#voice queue 6407 page 4707
(config-6407)#
FindMe-FollowMe Action (config)#voice user 4444 page 4729
Script (config-4444)#script Business
(config-4444-sc-Business)#
FindMe-FollowMe (config)#voice user 4444 page 4737
Contact Group (config-4444)#contact-group 1
(config-4444-cg-1)#

Command Reference Guide Voice Command Sets

List, See...
Header Manipulation (config)#hmr policy POLICY1 page 4747
Rules (HMR) (config-policy-POLICY1)#
HMR Intercept (config)#hmr intercept page 4797
(config-hmr-intercept)#
MGCP (config)#voice mgcp-endpoint 1 page 4806
(config-mgcp-1)#
Music on Hold (config)#voice music-on-hold player moh1 page 4838
(config-moh1)#
Proxy User Template (config)#ip sip proxy user-template Set1 page 4841
(config-template-Set1)#
SIP Proxy Monitor (config)#sip proxy sip-server monitor page 4851
Configuring New Proxy Monitor.
(config-proxy-monitor)#
SIP Server Monitor (config)#voice trunk t01 type sip page 4861
(config-T01)#sip-server monitor
Configuring SIP Server Monitor.
(config-sip-server-monitor)#
SIP TLS Profile (config)#tls-profile TLSPROFILE1 page 4866
(config-tls-profile-TLSPROFILE1)#
SRTP Profile (config)#tls-profile SRTPPROFILE1 page 4874
(config-srtp-profile-SRTPPROFILE1)#
Voice CODEC List (config)#voice codec-list List1 page 4879
(config-codec)#
Voice CoS (config)#voice class-of-service set1 page 4883
(config-cos-set1)#
Voicemail CoS (config)#voice mail class-of-service class1 page 4922
(config-vm-class1)#
Voice Quality Monitoring (config)#ip rtp quality-monitoring reporter page 4931
Reporter Reporter1
(config-rtp-reporter-Reporter1)#
Voice Trunks Command Set Access Paths

List, See...
Voice Analog Trunk (config)#voice trunk t01 type analog supervision page 4945
DPT dpt
(config-t01)#
Ground Start (GS) ground-start
(config-t01)#

VPN Parameter Command Sets Command Reference Guide

List, See...
Loop Start (LS) loop-start
(config-t01)#
Voice ISDN Trunk (config)#voice trunk t01 type isdn page 4994
(config-t01)#
Voice SIP Trunk (config)#voice trunk t01 type sip page 5038
(config-t01)#
Voice T1 Trunk Feature (config)#voice trunk t01 type t1-rbs supervision page 5137
Group D fgd role user
(config-t01)#
Voice T1 Trunk Ground (config)#voice trunk t01 type t1-rbs supervision page 5137
Start (GS) ground-start role user
(config-t01)#
Voice T1 Trunk (config)#voice trunk t01 type t1-rbs supervision page 5137
Immediate immediate role [network | user]
(config-t01)#
Voice T1 Trunk (config)#voice trunk t01 page 5137
(config-t01)#
Voice T1 Trunk Loop (config)#voice trunk t01 type t1-rbs supervision page 5137
Start (LS) loop-start role user
(config-t01)#
Voice T1 Trunk Wink (config)#voice trunk t01 type t1-rbs page 5137
Role supervision wink role [network | user]
(config-t01)#
VPN Parameter Command Sets

Certificate Command Set Access Paths

List, See...
CA Profile (config)#crypto ca profile MyProfile page 5195
(ca-profile)#
Certificate (config)#crypto ca certificate chain MyProfile page 5207
(config-cert-chain)#
Crypto Map Command Set Access Paths

List, See...
Crypto Map IKE (config)#crypto map MapMap 10 ipsec-ike page 5212
(config-crypto-map)#

Command Reference Guide VPN Parameter Command Sets

List, See...
IPv4 Crypto Map Manual (config)#ip crypto map Map-Name 10 page 5230
ipsec-manual
IPv6 Crypto Map Manual (config)#ipv6 crypto map Man-Name 10 page 5240
ipsec-manual
(config-crypto6-map)#
IPsec Profile (config)#ip crypto ipsec profile PROFILE1 page 5246
(config-crypto-profile)#
IKE Command Set Access Paths

List, See...
IKE Client (config)#crypto ike client configuration pool page 5256
ConfigPool1
(config-ike-client-pool)#
IKE Policy Attributes (config)#crypto ike policy 1 page 5260
(config-ike)#attribute 10
(config-ike-attribute)#
IKE Policy (config)#crypto ike policy 1 page 5266
(config-ike)#

SYSTEM COMMAND SETS

This section includes the following command sets:
• Basic Mode Command Set on page 45

• Common Commands on page 74
• Enable Mode Command Set on page 94
• Global Configuration Mode Command Set on page 1141

Command Reference Guide Basic Mode Command Set
BASIC MODE COMMAND SET
To activate the Basic mode, simply log in to the unit. The following prompt displays:
>
The following command is common to multiple command sets and is covered in a centralized section of
this guide. For more information, refer to the section listed below:
exit on page 83
All other commands for this command set are described in this section in alphabetical order.
enable on page 46
logout on page 47
ping on page 48
ping ethernet on page 52
ping ipv6 on page 55
ping stack-member <number> on page 58
ping twamp on page 59
show clock on page 62
show snmp on page 63
show version on page 64
telnet <ip address> on page 65
traceroute on page 67
traceroute ethernet on page 69
traceroute ipv6 on page 72

Basic Mode Command Set Command Reference Guide
enable
Use the enable command (at the Basic Command mode prompt) to enter the Enable Command mode. Use
the disable command to exit the Enable Command mode. Refer to disable on page 481 for more
information.
Syntax Description
No subcommands.
Default Values
No default values are necessary for this command.
Command History
Release 1.1 Command was introduced.
Functional Notes
The Enable Command mode provides access to operating and configuration parameters and should be
password protected to prevent unauthorized use. Use the enable password command (found in the
Global Configuration mode) to specify an Enable Command mode password. If the password is set,
access to the Enable Commands (and all other “privileged” commands) is only granted when the correct
password is entered. Refer to enable password <password> on page 1262 for more information.
Usage Examples
The following example enters the Enable Command mode and defines an Enable Command mode
password:
>enable
#configure terminal
(config)#enable password ADTRAN
At the next login, the following sequence must occur:
>enable
Password: ******
#

logout
Use the logout command to terminate the current session and return to the login screen.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example shows the logout command being executed in the Basic mode:
>logout
Session now available
Press RETURN to get started.

ping
Use the ping command (at the Enable mode prompt) to verify IPv4 network connectivity. For information
on how to verify IPv6 network connectivity, refer to ping ipv6 on page 55. Variations of this command
include:
ping
ping [ip] <ipv4 address | hostname>
ping [ip] <ipv4 address | hostname> <interface>
ping [ip] <ipv4 address | hostname> data <string>
ping [ip] <ipv4 address | hostname> df-bit [0 |1]
ping [ip] <ipv4 address | hostname> dscp [<value> | afxx | csx | default | ef]
ping [ip] <ipv4 address | hostname> repeat <number>
ping [ip] <ipv4 address | hostname> size <value>
ping [ip] <ipv4 address | hostname> source <ipv4 address>
ping [ip] <ipv4 address | hostname> timeout <value>
ping [ip] <ipv4 address | hostname> tos <value>
ping [ip] <ipv4 address | hostname> verbose
ping [ip] <ipv4 address | hostname> wait <interval>
ping [ip] vrf <name> <ipv4 address | hostname>
ping [ip] vrf <name> <ipv4 address | hostname> <interface>
ping [ip] vrf <name> <ipv4 address | hostname> data <string>
ping [ip] vrf <name> <ipv4 address | hostname> df-bit [0 |1]
ping [ip] vrf <name> <ipv4 address | hostname> dscp [<value> | afxx | csx | default | ef]
ping [ip] vrf <name> <ipv4 address | hostname> repeat <number>
ping [ip] vrf <name> <ipv4 address | hostname> size <value>
ping [ip] vrf <name> <ipv4 address | hostname> source <ipv4 address>
ping [ip] vrf <name> <ipv4 address | hostname> timeout <value>
ping [ip] vrf <name> <ipv4 address | hostname> tos <value>
ping [ip] vrf <name> <ipv4 address | hostname> verbose
ping [ip] vrf <name> <ipv4 address | hostname> wait <interval>
After specifying the target IPv4 address to ping, the other parameters can be entered in
any order. Use the ? after each specified subcommand for a valid list of arguments and
settings.
Syntax Description
ip Optional. Specifies an IPv4 ping.
<interface> Optional. Specifies the egress interface when pinging an IPv4 address.
Interfaces are specified in the <interface type> <slot/port | interface id>
format. For example, for an Ethernet interface, use eth 0/1. Type ping
<ipv4 address | hostname> ? to display a list of valid interfaces.

<ipv4 address | hostname> Optional. Specifies the IPv4 address or host name of the system to ping.
IPv4 addresses should be expressed in dotted decimal notation (for
example, 10.10.10.1). Entering the ping command with no specified
Internet Protocol version 4 (IPv4) address prompts the user with
parameters for a more detailed ping configuration. Refer to Functional
Notes (below) for more information.
data <string> Optional. Specifies an alphanumerical string to use (the ASCII equivalent)
as the data pattern in the ECHO_REQ packets.
df-bit 0 Optional. Specifies that the Don’t Fragment (DF) bit in the IP header is not
set.
df-bit 1 Optional. Specifies setting the DF bit in the IP header. This will prevent the
ping packets from being fragmented along the way.
dscp Optional. Specifies the differentiated services code point (DSCP) value.
<value> Optional. Valid range is decimal 0 to 63. The value can also be specified in
hexadecimal by adding a 0x prefix to the number.
afxx Optional. Specifies the assured forwarding (AF) class and subclass for the
DSCP value. Select from: 11 (001010), 12 (001100), 13 (001110), 21
(010010), 22 (010100), 23 010110), 31 (011010), 32 (011100), 33 (011110),
41 (100010), 42 (100100), or 43 (100110).
csx Optional. Specifies the class selector (CS) value for the DSCP value. Valid
range for x is 0 to 7.
default Optional. Specifies default (000000) DSCP value.
ef Optional. Specifies expedited forwarding (EF) (101110) for the DSCP value.
repeat <number> Optional. Specifies the number of loopback messages to be sent. Range is
1 to 1024.
size <value> Optional. Specifies the datagram size (in bytes) of the ping packet. Valid
range is 1 to 1448 bytes.
source <ipv4 address> Optional. Specifies the IPv4 address to use as the source address in the
ECHO_REQ (or interface) packets. The source IPv4 address must be a
valid address local to the router on the specified virtual routing and
forwarding (VRF) instance.
timeout <value> Optional. Specifies the timeout period after which the ping is considered
unsuccessful. Valid range is 1 to 60 seconds.
tos <value> Optional. Specifies the type of service (ToS). The <value> can be specified
as decimal (0 to 255) or as hexidecimal.
verbose Optional. Enables detailed messaging.
vrf <name> Optional. Specifies the VRF where the IPv4 address exists.
wait <interval> Optional. Specifies a minimum time to wait between sending test packets.
Valid range is 100 to 60000 milliseconds.
Default Values
By default, the data pattern is set to abcd.

By default, the repeat is set to 5.
By default, the size value is set to 100 bytes.
By default, the timeout value is set to 2 seconds.
By default, the wait value is set to 100 milliseconds.
Command History
Release 16.1 Command was expanded to include the vrf parameter.
Release 17.2 Command was expanded to include the verbose and wait parameters, also
changes were made to the repeat and timeout values.
Release 17.4 Command was expanded to include the count and interval parameters.
The repeat and wait parameters were removed.
Release A4.01 Command was expanded to return the wait parameter.
Release 18.3 Command was expanded to include the optional ip and <interface>
parameters.
Release R11.1.0 Functional Notes were enhanced to explain parameter behaviour with
multiple entries.
Functional Notes
The ping command can be issued from both the Basic and Enable modes.
The ping command helps diagnose basic IPv4 network connectivity using the Packet Internet Groper
program to repeatedly bounce Internet Control Message Protocol version 4 (ICMPv4) ECHO_REQ
packets off a system (using a specified IPv4 address). AOS allows executing a standard ping request to a
specified IP address, or provides a set of prompts to configure a more specific ping configuration.
After specifying the target IPv4 address (or hostname) to ping, the following parameters can be entered
multiple times and in any order: data, df-bit, repeat, size, source, and timeout. When entering multiple
instances of the same parameter, the last entry will be used. In the following example syntax, only the last
entries for data, repeat, and size will be used, ignoring previous entries for these parameters:
ping ip 192.0.2.15 size 600 data bbbb repeat 3 size 300 data aaaa repeat 2 verbose dscp cs4 size
200
The following is a list of output messages from the ping command:
! Success
- Destination Host Unreachable
$ Invalid Host Address
X TTL Expired in Transit
? Unknown Host
* Request Timed Out

The following is a list of available extended ping fields with descriptions:
Extended Commands Specifies whether additional commands are desired for more ping
configuration parameters. Answer yes (y) or no (n).
Source Address Specifies the IPv4 address to use as the source address in the ECHO_REQ
(or interface) packets.
Data Pattern Specifies an alphanumerical string to use (the ASCII equivalent) as the data
pattern in the ECHO_REQ packets.
Sweep Range of Sizes Varies the sizes of the ECHO_REQ packets transmitted.
Sweep Min Size Specifies the minimum size of the ECHO_REQ packet. Valid range is 0 to
1488.
Sweep Max Size Specifies the maximum size of the ECHO_REQ packet. Valid range is the
sweep minimum size to 1448.
Sweep Interval Specifies the interval used to determine packet size when performing the
sweep. Valid range is 1 to 1448.
Verbose Output Specifies an extended results output.
VRF on AOS products allows a single physical router to be partitioned into multiple virtual routers. Each
router instance has its own route table and interface assignments. Beginning with Release 16.1, all AOS
routers supporting multiple VRF instances (multi-VRF) have an unnamed default VRF instance regardless
of whether multi-VRF is configured. Therefore, executing the above mentioned commands without
specifying a VRF will only affect the default unnamed VRF.
Usage Examples
The following is an example of a successful ping command:
>ping
VRF Name [-default-]:
Target IP address:192.168.0.30
Repeat count [5]:5
Datagram Size [100]:100
Timeout in seconds [2]:2
Wait interval in milliseconds [100]:100
Extended Commands? [n]:n
Type CTRL+C to abort.
Legend: '!' = Success, '?' = Unknown host, '$' = Invalid host address
'*' = Request timed out, '-' = Destination host unreachable
'x' = TTL expired in transit, 'e' = Unknown error
Sending 5, 100-byte ICMP Echos to 192.168.0.30, timeout is 2 seconds:

!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

ping ethernet
Use the ping ethernet command to initiate a loopback message from one Ethernet operations,
administration, and maintenance (OAM) connectivity fault management (CFM) maintenance endpoint
(MEP) to another MEP. These loopback messages are used to test the accessibility of the destination MEP.
Variations of this command include:
ping ethernet <target-mac-address | target-mep-id>

ping ethernet <target-mac-address | target-mep-id> count <number>
ping ethernet <target-mac-address | target-mep-id> data <pattern>
ping ethernet <target-mac-address | target-mep-id> domain <domain name> association <association
name>
ping ethernet <target-mac-address | target-mep-id> domain none association <association name>
ping ethernet <target-mac-address | target-mep-id> drop-eligible
ping ethernet <target-mac-address | target-mep-id> interface <interface>
ping ethernet <target-mac-address | target-mep-id> mep <mep id>
ping ethernet <target-mac-address | target-mep-id> priority <priority>
ping ethernet <target-mac-address | target-mep-id> repeat <number>
ping ethernet <target-mac-address | target-mep-id> size <bytes>
ping ethernet <target-mac-address | target-mep-id> timeout <timeout>
ping ethernet <target-mac-address | target-mep-id> validate-data
ping ethernet <target-mac-address | target-mep-id> verbose
ping ethernet <target-mac-address | target-mep-id> wait <interval>
After specifying the target for the loopback messages, the other parameters can be entered
in any order.
Syntax Description
<target-mac-address | target-mep-id> Specifies the destination for the loopback message. Medium
access control (MAC) addresses are entered in the format
HH:HH:HH:HH:HH:HH. Target MEP IDs are the unique
numerical values identifying MEPs. MEP IDs range from 1 to
8191.
count <number> Optional. Specifies the number of loopback messages to send.
Range is 1 to 1000000.
data <pattern> Optional. Specifies the pattern to be carried in the data time
length value (TLV) of the loopback message. Pattern is up to four
hexadecimal digits. Pattern range is 0 to ffff.
domain <domain name> Optional. Specifies the maintenance domain to which the
transmitting MEP belongs.
domain none Optional. Specifies no maintenance domain.
association <association name> Optional. Specifies the maintenance association to which the

drop-eligible Optional. Specifies the drop eligible bit value in the virtual local
area network (VLAN) tag.
interface <interface> Optional. Specifies the interface on which the transmitting MEP is
configured. Specify an interface in the format <interface type
[slot/port | slot/port.subinterface id | interface id | interface
id.subinterface id]>. For example, for an Ethernet subinterface,
use eth 0/1.1. For a list of appropriate interfaces, enter interface
? at the prompt.
mep <mep id> Specifies the MEP ID of the transmitting MEP. MEP ID range is 1
to 8191.
priority <priority> Optional. Specifies the 802.1 priority bits that are sent in the
loopback message. Range is 0 to 7.
repeat <number> Optional. Specifies the number of loopback messages to be sent.
Range is 1 to 1024.
size <bytes> Optional. Specifies the size of the loopback message. Size
ranges from 1 to 60 bytes.
timeout <timeout> Optional. Specifies the time that the MEP will wait for a response
to the loopback message. Range is 0 to 60 seconds.
validate-data Optional. Specifies whether or not the transmitting MEP validates
the contents of the data TLV in the received loopback messages.
verbose Optional. Specifies that the results are in detailed, rather than
summary, format.
wait <interval> Optional. Specifies a minimum time to wait between sending
loopback messages. Valid range is 100 to 60000 milliseconds.
Default Values
By default, the count value is set to 5.
By default, the drop-eligible value is not set.
By default, the interval is set to 1000 milliseconds.
By default, the priority value is the priority specified in the MEP’s configuration.
By default, the validate-data parameter is disabled.
Command History
Release A4.01 Command was expanded to include the Metro Ethernet Forum (MEF)
Ethernet interface and the wait and repeat parameters.

Functional Notes
The ping ethernet command can be issued from both the Basic and Enable modes.
If the MEP ID is used as the target, the remote MEP must exist in the MEP continuity check message
(CCM) database (meaning the remote MEP is transmitting valid CCMs) so that the MEP ID can be
translated to the MAC address before the loopback message is transmitted.
Both the domain <domain name> and association <association name> parameters are not required if the
source MEP ID of the MEP is specified and unique through the AOS device.
If the domain and association of the transmitting MEP are specified, and there is only one MEP in that
domain or association, or if there is only one MEP configured on the unit, the mep <mep id> parameter is
not required.
For more information regarding Ethernet OAM CFM and its operation on AOS products, refer to the
Ethernet OAM CFM in AOS configuration guide available online at https://supportcommunity.adtran.com.
This command will not appear in the command line interface (CLI) unless Ethernet OAM
CFM is enabled. To enable Ethernet OAM CFM, refer to the command ethernet cfm on
page 1265.
Usage Examples
The following example initiates the Ethernet ping utility from an MEP in Domain1 association MA1 with a
destination to an MEP with an MEP ID of 201:
>ping ethernet 201 domain Domain1 association MA1

Legend: ‘!’ = Success, ‘*’ = Request timed out, ‘d’ = Data Mismatch
‘o’ = Out of order, ‘.’ = No reply, ‘e’ = Unknown error.
Sending 5, 100-byte LBRs to MEP 201 from MEP 1, timeout is 2 seconds:

!!!!!

ping ipv6
Use the ping ipv6 command (at the Basic mode prompt) to verify IPv6 network connectivity. For
information on how to verify IPv4 network connectivity, refer to ping on page 48. Variations of this
command include:
ping ipv6 <ipv6 address>

ping ipv6 <ipv6 address> <interface>
ping ipv6 <ipv6 address> data <string>
ping ipv6 <ipv6 address> destination-option
ping ipv6 <ipv6 address> hop-by-hop-option
ping ipv6 <ipv6 address> repeat <number>
ping ipv6 <ipv6 address> size <value>
ping ipv6 <ipv6 address> source <ipv6 address>
ping ipv6 <ipv6 address> timeout <value>
ping ipv6 <ipv6 address> verbose
ping ipv6 <ipv6 address> wait <interval>
ping ipv6 vrf <name> <ipv6 address>
ping ipv6 vrf <name> <ipv6 address> <interface>
ping ipv6 vrf <name> <ipv6 address> data <string>
ping ipv6 vrf <name> <ipv6 address> destination-option
ping ipv6 vrf <name> <ipv6 address> hop-by-hop-option
ping ipv6 vrf <name> <ipv6 address> repeat <interval>
ping ipv6 vrf <name> <ipv6 address> size <value>
ping ipv6 vrf <name> <ipv6 address> source <ipv6 address>
ping ipv6 vrf <name> <ipv6 address> timeout <value>
ping ipv6 vrf <name> <ipv6 address> verbose
ping ipv6 vrf <name> <ipv6 address> wait <interval>
settings.
Syntax Description
<interface> Specifies the egress interface when pinging an IPv6 link-local address (any
address that has the prefix FE80::/64). Interfaces are specified in the
<interface type> <slot/port | interface id> format. For example, for an
Ethernet interface, use eth 0/1. Type ping ipv6 <ipv6 address> ? to display
a list of valid interfaces. This variable is mandatory when pinging a link-local
address. This variable is ignored when using a non-link-local address.
<ipv6 address> Specifies the IPv6 address of the system to ping. IPv6 addresses should be
expressed in colon hexadecimal format (X:X:X:X::X). For example,
2001:DB8:1::1. Entering the ping ipv6 command using a link-local
destination address prompts the user for an egress interface.

as the data pattern in the ICMPv6 ECHO_REQ packets.
destination-option Optional. Includes the destination option in the ICMPv6 ECHO_REQ
packets.
hop-by-hop-option Optional. Includes the hop-by-hop option in the ICMPv6 ECHO_REQ
packets. This typically causes intermediate routers to process switch the
packets, potentially detecting switching issues in these devices.
1 to 1024.
ICMPv6 ECHO_REQ (or interface) packets. IPv6 addresses should be
destination address prompts the user for an egress interface. The source
IPv6 address must be a valid address local to the router on the specified
virtual routing and forwarding (VRF) instance.
Default Values
Command History
Functional Notes
The ping ipv6 command can be issued from both the Basic and Enable modes.
The ping ipv6 command helps diagnose basic IPv6 network connectivity using the Packet Internet Groper
packets off a system (using a specified IPv6 address). AOS allows executing a standard ping ipv6 request
to a specified IPv6 address, or provides keywords to configure a more specific ping ipv6 configuration.

The following is a list of output messages from the ping ipv6 command:
! Success
x TTL Expired in Transit
? Unknown Host
* Request Timed out
e Unknown Error
B Packet too Big
Usage Examples
The following is example pings 2001:DB8:1A0::3 with 200 byte ICMPv6 ECHO_REQ packets:
>ping ipv6 2001:DB8:1A0::3 size 200

'B' = Packet too big
Sending 5, 200-byte ICMP Echos to 2001:DB8:1A0::3, timeout is 2 seconds:

!!!!!

ping stack-member <number>

Use the ping stack-member command to ping a member of the stack. Variations of this command include:

ping stack-member <number> vrf <name>
Syntax Description
<number> Specified which member of the stack to ping.
vrf <name> Optional. Specifies the virtual routing and forwarding (VRF) where the
stack-member exists.
Default Values
Command History
Functional Notes
The ping stack-member command can be issued from both the Basic and Enable modes.
Usage Examples
The following example pings a member of the stack:
>ping stack-member 3
'x' = TTL expired in transit
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2.2/3 ms
#

ping twamp
Use the ping twamp command to execute a Two-Way Active Measurement Protocol (TWAMP) type ping
to measure the packet loss, delay, and interpacket delay variation (IPDV) and display the results of the test.
Use the subcommands in any combination, in any order, when specifying the destination site. Variations of
this command include:
ping twamp
ping twamp <ip address | hostname>
ping twamp <ip address | hostname> control-port <port>
ping twamp <ip address | hostname> data pattern
ping twamp <ip address | hostname> data pattern ascii <pattern>
ping twamp <ip address | hostname> data pattern hex <pattern>
ping twamp <ip address | hostname> data random
ping twamp <ip address | hostname> data zero
ping twamp <ip address | hostname> dscp <value>
ping twamp <ip address | hostname> interval <value>
ping twamp <ip address | hostname> port <port>
ping twamp <ip address | hostname> repeat <value>
ping twamp <ip address | hostname> size <value>
ping twamp <ip address | hostname> source <ip address>
ping twamp <ip address | hostname> source-port <port>
ping twamp <ip address | hostname> timeout <value>
ping twamp <ip address | hostname> verbose
ping twamp <ip address | hostname> wait <value>
ping twamp vrf <name>
ping twamp vrf <name> <ip address | hostname>
ping twamp vrf <name> <ip address | hostname> control-port <port>
ping twamp vrf <name> <ip address | hostname> data pattern
ping twamp vrf <name> <ip address | hostname> data pattern ascii <pattern>
ping twamp vrf <name> <ip address | hostname> data pattern hex <pattern>
ping twamp vrf <name> <ip address | hostname> data random
ping twamp vrf <name> <ip address | hostname> data zero
ping twamp vrf <name> <ip address | hostname> dscp <value>
ping twamp vrf <name> <ip address | hostname> interval <value>
ping twamp vrf <name> <ip address | hostname> port <port>
ping twamp vrf <name> <ip address | hostname> repeat <value>
ping twamp vrf <name> <ip address | hostname> size <value>
ping twamp vrf <name> <ip address | hostname> source <ip address>
ping twamp vrf <name> <ip address | hostname> source-port <port>
ping twamp vrf <name> <ip address | hostname> timeout <value>
ping twamp vrf <name> <ip address | hostname> verbose

ping twamp vrf <name> <ip address | hostname> wait <value>
The subcommands can be used in a string of any available combination. Use the ? after
each specified subcommand for a valid list of arguments and settings.
Syntax Description
<ip address | hostname> Optional. Specifies the IP address or host name of the system to ping. IP
addresses should be expressed in dotted decimal notation (for example,
10.10.10.1). Entering the ping twamp command with no specified IP
address prompts the user with parameters for a more detailed ping twamp
configuration.
control-port <port> Optional. Specifies the destination TWAMP control port. Port range is 1 to
65535.
data Optional. Specifies data used to pad packets. The following options are
available:
pattern Pads the packet with a user-specified pattern.
ascii <pattern> Pads the packet with a user-specified ascii pattern.
hex <pattern> Pads the packet with a user-specified hex pattern.
random Pads the packet with random numbers.
zero Pads the packet with all zeros.
dscp <value> Optional. Specifies the differentiated services code point (DSCP) value.
Valid range is 0 to 63.
interval <value> Optional. Specifies the interval between consecutive ping TWAMPs (in
milliseconds). Valid range is 5 to 5000.
port <port> Optional. Specifies the destination port for the TWAMP test packets. Valid
range is 1 to 65535.
repeat <value> Optional. Specifies the number of ping TWAMP packets. Valid range is 1 to
1000.
size <value> Optional. Specifies the datagram size. Valid range is 0 to 1462.
source <ip address> Optional. Specifies the source IP address. IP addresses should be
expressed in dotted decimal notation (for example, 10.10.10.1).
source-port <port> Optional. Specifies the source port for the TWAMP test packets. Valid
timeout <value> Optional. Specifies the timeout value in milliseconds. Valid range is 100 to
60000.
verbose Optional. Displays the detailed two-way ping verbose results for the
specified IP address or host name.
vrf <name> Optional. Specifies the virtual routing and forwarding (VRF) instance within
which the ping is executed. If no VRF is specified, the default (unnamed)
VRF is used.

wait <value> Optional. Specifies the interval (in milliseconds) between consecutive
TWAMP test packets. Range is 5 to 5000.
Default Values
By default, the data is zero, the dscp is 0, the interval value is 20, the port value is 0, the repeat value is
100, the size is 0, and the timeout is 2000 milliseconds.
Command History
Release 17.4 Command was introduced to replace the twping command.
Release 17.6 Command was expanded to include control-port and wait keywords.
Release A4.01 Command was expanded to include the ascii and hex pattern parameters.
Release R11.2.0 Command was expanded to include the vrf parameter.
Functional Notes
The ping twamp command can be issued from both the Basic and Enable modes.
Usage Examples
The following example executes a TWAMP ping:
>ping twamp
2009.06.03 11:18:24 IP.TWPING CTRL EVNT Attempting to connect
2009.06.03 11:18:24 IP.TWPING CTRL EVNT State changed Init -> Opening (event=Open Connection)
2009.06.03 11:18:24 IP.TWPING CTRL EVNT State changed Opening -> Setup (event=RX
Server-Greeting)
2009.06.03 11:18:24 IP.TWPING CTRL EVNT State changed Setup -> Starting (event=TX
Setup-Response)
2009.06.03 11:18:24 IP.TWPING CTRL PKT Sending Setup-Response (len=140)
mode=1
keyId=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
--MORE--

show clock
Use the show clock command to display the system time and date entered using the clock set command.
Refer to clock set <time> <day> <month> <year> on page 223 for more information.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays the current time and data from the system clock:
>show clock
23:35:07 UTC Tue Aug 20 2002

show snmp
Use the show snmp command to display the system Simple Network Management Protocol (SNMP)
parameters and current status of SNMP communications.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following is an example output using the show snmp command for a system with SNMP disabled and
the default chassis and contact parameters:
>show snmp
Chassis: Chassis ID
Contact: Customer Service
0 Rx SNMP packets
0 Bad community names
0 Bad community uses
0 Bad versions
0 Silent drops
0 Proxy drops
0 ASN parse errors

show version
Use the show version command to display the current AOS version information.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following is sample output from the show version command:
>show version
AOS version 06.01.00

Checksum: 1F0D5243 built on Fri Nov 08 13:12:06 2002
Upgrade key: de76efcfeb4c8eeb6901188475dd0917
Boot ROM version 03.00.18
Checksum: 7A3D built on: Fri Nov 08 13:12:25 2002
Copyright (c) 1999-2002 ADTRAN Inc.
Serial number C14C6308
UNIT_2 uptime is 0 days 4 hours 59 minutes 43 seconds
System returned to ROM by Warm Start

Current system image file is "030018adv.biz"
Boot system image file is “030018adv.biz”

telnet <ip address>

Use the telnet command to open a Telnet session (through AOS) to another system on the network.
Variations of this command include the following:
telnet <ip address | hostname>

telnet <ip address | hostname> port <tcp port>
telnet vrf <name> <ip address | hostname>
telnet vrf <name> <ip address | hostname> port <tcp port>
Syntax Description
<ip address | hostname> Specifies the IP address or host name of the remote system. IPv4
10.10.10.1). IPv6 addresses should be expressed in colon hexadecimal
format (X:X:X:X::X). For example, 2001:DB8:1::1.
port <tcp port> Optional. Specifies the Transmission Control Protocol (TCP) port number to
be used when connecting to a host through Telnet. Range is 1 to 65535.
vrf <name> Optional. Specifies the virtual routing and forwarding (VRF) where the IP
address or host name exists.
Default Values
Command History
Release 14.1 Command was expanded to specify the port number.
Functional Notes
Usage Examples
The following example opens a Telnet session with a remote system (10.200.4.15):
>telnet 10.200.4.15
User Access Login:
Password:

The following example opens a Telnet session with a remote system (10.200.4.15) on port 8010:
>telnet 10.200.4.15 port 8010

User Access Login:
Password:

traceroute
Use the traceroute command to display the Internet Protocol version 4 (IPv4) routes a packet takes to
reach the specified destination. Variations of this command include:
traceroute
traceroute [ip] <ipv4 address | hostname>
traceroute [ip] <ipv4 address | hostname> <interface>
traceroute [ip] <ipv4 address | hostname> source <ipv4 address>
traceroute [ip] <ipv4 address | hostname> <interface> source <ipv4 address>
traceroute [ip] vrf <name> <ipv4 address | hostname>
traceroute [ip] vrf <name> <ipv4 address | hostname> <interface>
traceroute [ip] vrf <name> <ipv4 address | hostname> source <ipv4 address>
traceroute [ip] vrf <name> <ipv4 address | hostname> <interface> source <ipv4 address>
Syntax Description
ip Optional. Specifies an IPv4 trace.
<interface> Optional. Specifies the egress interface to use for the trace. Interfaces are
specified in the <interface type> <slot/port | interface id> format. For
example, for an Ethernet interface, use eth 0/1. Type traceroute <ipv4
address | hostname> ? to display a list of valid interfaces.
<ipv4 address | hostname> Optional. Specifies the IPv4 address or host name of the remote system’s
route to trace.
source <ipv4 address> Optional. Specifies the IPv4 address of the interface to use as the source of
the trace. IPv4 addresses should be expressed in dotted decimal notation
(for example, 10.10.10.1).
vrf <name> Optional. Specifies the virtual routing and forwarding (VRF) where the route
exists.
Default Values
Command History
Release 18.3 Command was expanded to include the <interface> and ip parameters.

Functional Notes
The traceroute command can be issued from both the Basic and Enable modes.
Usage Examples
The following is sample output from the traceroute command:
>traceroute 192.168.0.1
Tracing route to 192.168.0.1 over a maximum of 30 hops
1 22ms 20ms 20ms 192.168.0.65
2 23ms 20ms 20ms 192.168.0.1

traceroute ethernet
Use the traceroute ethernet command to initiate a linktrace message from one Ethernet operations,
(MEP) to another MEP. These linktrace messages are used to trace the packet route to a destination MEP.
traceroute ethernet <target-mac-address | target-mep-id>

traceroute ethernet <target-mac-address | target-mep-id> domain <domain name> association
<association name>
traceroute ethernet <target-mac-address | target-mep-id> domain none association <association
name>
traceroute ethernet <target-mac-address | target-mep-id> fdb-only
traceroute ethernet <target-mac-address | target-mep-id> interface <interface>
traceroute ethernet <target-mac-address | target-mep-id> mep <mep id>
traceroute ethernet <target-mac-address | target-mep-id> sorted
traceroute ethernet <target-mac-address | target-mep-id> timeout <timeout>
traceroute ethernet <target-mac-address | target-mep-id> ttl <value>
After specifying the target for the linktrace messages, the other parameters can be entered
in any order.
Syntax Description
<target-mac-address | target-mep-id> Specifies the destination for the linktrace message. Medium
8191.
fdb-only Optional. Specifies that the maintenance points on the route
only use their forwarding database, and not their continuity
check message (CCM) database when deciding if/how to
forward linktrace messages.
interface <interface> Optional. Specifies the interface on which the transmitting MEP
is configured. Specify an interface in the format <interface type
use eth 0/1.1. For a list of appropriate interfaces, enter
interface ? at the prompt.

mep <mep id> Optional. Specifies the MEP ID of the transmitting MEP. MEP ID
range is 1 to 8191.
sorted Optional. Specifies the traceroute utility waits until all traceroute
results have been received and sorted by hop count before
displaying them.
timeout <timeout> Optional. Specifies the time that the MEP will wait for a
response to the linktrace message. Range is 0 to 60 seconds.
ttl <value> Optional. Specifies the time to live (TTL) field of the linktrace
message. Range is 0 to 255.
Default Values
By default, the ttl value is set to 5 seconds.
Command History
Release A4.01 Command was expanded to include the Metro Ethernet Forum (MEF) Metro
Ethernet interface and the Gigabit Switchport interface.
Functional Notes
The traceroute ethernet command can be issued from both the Basic and Enable modes.
If the MEP ID is used as the target, the remote MEP must exist in the MEP CCM database (meaning the
remote MEP is transmitting valid CCMs) so that the MEP ID can be translated to the MAC address before
the linktrace message is transmitted.
not required.

Usage Examples
The following example initiates the Ethernet traceroute utility from a MEP with the ID 1 to an MEP with an
MEP ID of 201:
>traceroute ethernet 201 mep 1
TTL 255. LTM Timeout is 5 seconds

Tracing route to MEPID 201 (00:10:94:00:00:06)
from MEPID 1
in Domain_1/MA_1
MD Level 7, vlan 0
Traceroute sent via interface eth 0/1
--------------------------------------------------------------------------------------------------------------------------------------------
Hops Mac Flags Ingress-Action Relay Action
PrevHop Egress-Action
--------------------------------------------------------------------------------------------------------------------------------------------
1 00:10:94:00:00:00 Forwarded InNoTLV RLY_MPDB
00:A0:C8:16:96:0D EgOK
00:10:94:00:00:04 EgOK
00:10:94:00:00:00 EgOK
4 00:10:94:00:00:06 (Eg) Terminal InNoTLV RLY_HIT
00:10:94:00:00:05
Destination reached
Remember that linktrace can be a tree-structure, and is not always linear. The PrevHop for
Hop 3 in the previous example tells you the MAC of Hop 2. This gives you a way to trace
the linktrace message when a tree-structure exists. Refer to Section J.5 of IEEE 802.1ag
for more information.

traceroute ipv6
Use the traceroute ipv6 command to display the IPv6 nodes traversed to reach the specified destination.
traceroute ipv6 <ipv6 address>

traceroute ipv6 <ipv6 address> <interface>
traceroute ipv6 <ipv6 address> <interface> source <ipv6 address>
traceroute ipv6 <ipv6 address> source <ipv6 address>
traceroute ipv6 vrf <name> <ipv6 address>
traceroute ipv6 vrf <name> <ipv6 address> <interface>
traceroute ipv6 vrf <name> <ipv6 address> <interface> source <ipv6 address>
traceroute ipv6 vrf <name> <ipv6 address> source <ipv6 address>
Syntax Description
<interface> Optional. Specifies the egress interface when tracing a route to an IPv6
link-local address (any address that has the prefix FE80::/64). Interfaces
are specified in the <interface type> <slot/port | interface id> format. For
example, for an Ethernet interface, use eth 0/1. Type traceroute ipv6 <ipv6
address> ? to display a list of valid interfaces. This variable is ignored when
using a non-link-local address.
<ipv6 address> Specifies the IPv6 address of the remote system’s route to trace. IPv6
addresses should be expressed in colon hexadecimal format (X:X:X:X::X).
For example, 2001:DB8:1::1. Entering the traceroute ipv6 command using
a link-local destination address prompts the user for an egress interface.
probing packets. The source IPv6 address must be a valid address local to
the router on the specified virtual routing and forwarding (VRF) instance.
Default Values
Command History
Functional Notes
The traceroute ipv6 command can be issued from both the Basic and Enable modes.
platforms supporting multiple VRF instances (multi-VRF) have an unnamed default VRF instance
regardless of whether multi-VRF is configured. Therefore, executing the above mentioned commands
without specifying a VRF will only affect the default unnamed VRF.

Usage Examples
The following is sample output from the traceroute ipv6 command:
>traceroute ipv6 2001:DB8:1A0::3

Tracing route to over a maximum of 30 hops
1 2ms 2ms 3ms 2001:DB8:0:F820::5
2 102ms 109ms 102ms 2001:DB8:1A0::3

Common Commands Command Reference Guide
COMMON COMMANDS
The following section contains descriptions of commands that are common across multiple command sets.
These commands are listed in alphabetical order.
alias “<text>” on page 75

cross-connect on page 76
description <text> on page 80
do on page 81
end on page 82
exit on page 83
interface on page 84
shutdown on page 93

Command Reference Guide Common Commands
alias “<text>”
Use the alias command to populate the ifAlias object identifier (OID) (Interface Table MIB of RFC 2863)
for all physical and virtual interfaces when using Simple Network Management Protocol (SNMP)
management stations. Use the no form of this command to remove an alias.
Syntax Description
“<text>” Describes the interface (for SNMP) using an alphanumeric character string
enclosed in quotation marks (limited to 64 characters).
Default Values
Applicable Command Modes

Applies to all interface mode command sets.
Command History
Functional Notes
The ifAlias OID is a member of the ifXEntry object-type (defined in RFC 2863) used to provide a
nonvolatile, unique name for various interfaces. This name is preserved through power cycles. Enter a
string (using the alias command) which clearly identifies the interface.
Usage Examples
The following example defines a unique character string for the T1 interface:
(config-t1 1/1)#alias “CIRCUIT_ID_23-908-8887-401”
Technology Review
Please refer to RFC 2863 for more detailed information on the ifAlias display string.

cross-connect
Use the cross-connect command to create a cross-connection between a created interfaces, whether virtual
or physical. Interface connection types include connecting time division multiplexing (TDM) groups on an
interface to a virtual interface, or connecting Point-to-Point Protocol (PPP) interfaces to Frame Relay
interfaces for use with PPP over Frame Relay (PPPoFR), or PPP interfaces to Ethernet interfaces for PPP
over Ethernet (PPPoE) functionality. Variations of this command include:
cross-connect <number> <from interface> <to interface>

cross-connect <number> <from interface> <group number> <to interface>
Changing cross-connect settings could potentially result in service interruption.
Syntax Description
<number> Identifies the cross connection using a number descriptor or label (useful in
systems that allow multiple cross connections). Valid range is 1 to 1024.
<from interface> Specifies the interface (physical or virtual) on one end of the cross connection.
Specify an interface in the format <interface type [slot/port | slot/port.subinterface
id | interface id | interface id.subinterface id]>. For example, for a T1 interface, use
t1 0/1; for an Ethernet subinterface, use eth 0/1.1; and for an ATM subinterface,
use atm 1.1. Type cross-connect 1 ? for a list of valid interfaces.
<group number> Optional. Specifies which configured TDM group to use for this cross connection.
This subcommand only applies to T1 physical interfaces.
<to interface> Specifies the virtual interface on the other end of the cross connection. Specify an
interface in the format <interface type [slot/port | slot/port.subinterface id |
interface id | interface id.subinterface id]>. For example, for a T1 interface, use
t1 0/1; for an Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1;
and for an ATM subinterface, use atm 1.1. Use the ? to display a list of valid
interfaces.
Default Values
By default, there are no configured cross connections.

Command History
Release 5.1 Command was expanded to include the E1 interface.
Release 17.7 Command was expanded to include its use with the PPPoFR feature.

Ethernet interface.
Release R10.6.0 Command was expanded to include the Ethernet and Gigabit Ethernet interfaces.
Functional Notes
Cross connections provide the mechanism for connecting a configured virtual (Layer 2) endpoint with a
physical (Layer 1) interface. Supported Layer 2 protocols include Frame Relay, PPP, and PPPoE. This
command can be used to connect the Frame Relay interface with a TDM group on a T1 circuit, to connect
a PPP interface to a Frame Relay interface for use with PPPoFR encapsulation, and to connect a PPP
interface with an Ethernet, Gigabit Ethernet, or MEF Ethernet interface. When using the cross-connect
command to connect a Frame Relay endpoint to a T1 interface, the command is issued from the Frame
Relay Interface Configuration mode or from the Global Configuration mode. When using the
cross-connect command to link a PPP interface to a Frame Relay interface in PPPoFR, the command is
issued from the PPP Interface Configuration mode. When using the cross-connect command to connect
a PPP interface with an Ethernet, Gigabit Ethernet, or MEF Ethernet interface, the command is issued
from the PPP Interface Configuration mode.
Usage Examples
The following example creates a Frame Relay endpoint and connects it to the T1 1/1 physical interface:
1. Create the Frame Relay virtual endpoint and set the signaling method:
(config)#interface frame-relay 1
(config-fr 1)#frame-relay lmi-type cisco
2. Create the subinterface and configure the PVC parameters (including DLCI and IP address):
(config-fr 1)#interface fr 1.1
(config-fr 1.1)#frame-relay interface-dlci 17
(config-fr 1.1)#ip address 168.125.33.252 255.255.255.252
3. Create the TDM group of 12 DS0s (64K) on the T1 physical interface:

(THIS STEP IS ONLY VALID FOR T1 INTERFACES.)
(config-t1 1/1)#tdm-group 1 timeslots 1-12 speed 64
(config-t1 1/1)#exit
4. Connect the Frame Relay subinterface with port T1 1/1:

(config)#cross-connect 1 t1 1/1 1 fr 1
The following example creates a PPP interface and connects it to the Frame Relay interface for use with
PPPoFR. The Frame Relay interface in this example is based on the interface configured in the previous
example.
1. Create the PPP interface and enter its configuration mode:

(config)#interface ppp 1
(config-ppp 1)#
2. Configure the PPP interface (including IP address and PPP authentication information):
(config-ppp 1)#ip address 65.162.109.202 255.255.255.252
(config-ppp 1)#ppp authentication chap

(config-ppp 1)#ppp chap hostname USERNAME

(config-ppp 1)#ppp chap password PASSWORD
(config-ppp 1)#no shutdown
3. Connect the PPP interface with the Frame Relay interface:

(config-ppp 1)#cross-connect 2 fr 1.1 ppp 1
Technology Review
Creating an endpoint that uses a Layer 2 protocol (such as Frame Relay) is generally a four-step process:
Step 1:
Create the Frame Relay virtual endpoint (using the interface frame-relay command) and set the signaling
method (using the frame-relay lmi-type command). Also included in the Frame Relay virtual endpoint are
all the applicable Frame Relay timers logging thresholds, encapsulation types, etc. Generally, most Frame
Relay virtual interface parameters should be left at their default state. For example, the following creates a
Frame Relay interface labeled 7 and sets the signaling method to ansi.
(config-fr 7)#frame-relay lmi-type ansi
Step 2:
Create the subinterface and configure the permanent virtual circuit (PVC) parameters. Using the
subinterface, apply access policies to the interface, create bridging interfaces, configure dial-backup,
assign an IP address, and set the PVC data link connection identifier (DLCI). For example, the following
creates a Frame Relay subinterface labeled 22, sets the DLCI to 30, and assigns an IP address of
193.44.69.253 to the interface.
(config-fr 7)#interface fr 7.22

(config-fr 7.22)#ip address 193.44.69.253 255.255.255.252
Step 3: (VALID ONLY FOR T1 INTERFACES)

Specify the group of DS0s used for signaling on the T1 interface by creating a TDM group. Group any
number of contiguous DS0s together to create a data pipe for Layer 2 signaling. Also use the tdm-group
command to specify the per-DS0 signaling rate on the interface. For example, the following creates a TDM
group labeled 9 containing 20 DS0s (each DS0 having a data rate of 56 kbps).
(config-t1 1/1)#exit
Step 4:
Make the association between the Layer 2 endpoint and the physical interface using the cross-connect
command. Supported Layer 2 protocols include Frame Relay and Point-to-Point Protocol (PPP). For
example, the following creates a cross-connect (labeled 5) to make an association between the Frame
Relay virtual interface (fr 7) and the TDM group configured on interface t1 1/1 (tdm-group 9).
(config)#cross-connect 5 t1 1/1 9 fr 7

The cross-connect command is also used by the PPP interface when using PPPoFR or PPPoE. PPPoFR
can be used with a single T1 circuit, when using Multilink PPP, or when using Multilink Frame Relay.
Configuration considerations vary according to the type of PPPoFR being used. For more information
regarding PPPoFR, refer to the PPPoFR Configuration Guide. For more information regarding PPPoE,
refer to the Configuring the EFM NIM2 and the MEF Ethernet Interface configuration guide. Both guides
are available online at https://supportcommunity.adtran.com.

description <text>
Use the description command to identify the specified interface (for example, circuit ID, contact
information, etc.). Use the no form of this command to remove a description.
Syntax Description
<text> Identifies the specified interface using up to 80 alphanumeric characters.
Default Values

Command History
Usage Examples
The following example enters comment information using the description command:
(config-t1 1/1)#description This is the Dallas office T1

do
Use the do command to execute any AOS command, regardless of the active configuration mode. It
provides a way to execute commands in other modes without taking the time to exit the current mode and
enter the desired one.
Syntax Description
No subcommands.
Default Values

Applies to all mode command sets.
Command History
Functional Notes
Use the do command to view configurations or interface states after configuration changes are made
without exiting to the Enable mode.
Usage Examples
The following example shows the do command used to view the Frame Relay interface configuration while
currently in the T1 Interface Configuration mode:
(config-t1 1/1)#do show interfaces fr 7
fr 7 is ACTIVE
Signaling type is ANSI signaling role is USER
Polling interval is 10 seconds full inquiry interval is 6 polling intervals
Output queue: 0/0 (highest/drops)
0 packets input 0 bytes
0 pkts discarded 0 error pkts 0 unknown protocol pkts
0 packets output 0 bytes
0 tx pkts discarded 0 tx error pkts

end
Use the end command to exit the current configuration mode and enter the Enable Security mode.
When exiting the Global Configuration mode, remember to perform a copy

running-config startup-config to save all configuration changes.
Syntax Description
No subcommands.
Default Values

Applies to all mode command sets except Basic mode.
Command History
Usage Examples
The following example shows the end command being executed in the T1 Interface Configuration mode:
(config-t1 1/1)#end
#
#- Enable Security mode command prompt

exit
Use the exit command to exit the current configuration mode and enter the previous one. For example,
using the exit command in an interface configuration mode will activate the Global Configuration mode.
When using the exit command in the Basic mode, the current session will be terminated.
When exiting the Global Configuration mode, remember to perform a copy

running-config startup-config to save all configuration changes.
Syntax Description
No subcommands.
Default Values

Applies to all mode command sets.
Command History
Usage Examples
The following example shows the exit command being executed in the Global Configuration mode:
(config)#exit
#
#- Enable Security mode command prompt

interface
Use the interface command to activate the interface command set for the specified physical or virtual
interface on an AOS unit. This command can be issued from the Global Configuration mode prompt or
from any configuration mode to navigate to an interface configuration mode without issuing the exit
command. The interface command is also used to create virtual interfaces prior to entering the
configuration command set.
Type interface ? for a complete list of valid interface types on the unit. Refer to the command interface
range <interface type> <slot/port> - <slot/port> on page 1333 for more information. Use the no form of
this command to delete a configured interface. Variations of this command include:
interface adsl <slot/port>

interface atm <port | port.sublink>
interface bri <slot/port>
interface bvi <interface id>
interface cellular <slot/port>
interface dds <slot/port>
interface demand <interface id>
interface demand <interface id> encapsulation [hdlc | ppp]
interface dot11ap <ap | ap/radio | ap/radio.vap> [ap-type nv150 | ap-type nv16x] [radio-type [802.11a |
802.11bg]]
interface e1 <slot/port>
interface ethernet <slot/port | slot/port.subinterface>
interface fdl <slot/port>
interface frame-relay <port | port.sublink>
interface fxo <slot/port>
interface fxs <slot/port>
interface gigabit-ethernet <slot/port>
interface gigabit-switchport <slot/port>
interface hdlc <interface id>
interface hssi <slot/port>
interface loopback <interface id>
interface mef-ethernet <slot/port | slot/port.subinterface>
interface modem <slot/port>
interface port-channel <interface id>
interface ppp <interface id>
interface pri <slot/port>
interface serial <slot/port>
interface sdsl <slot/port>
interface shdsl <slot/port>
interface switchport <slot/port>
interface t1 <slot/port>
interface tunnel <interface id> [gre ip | multipoint-gre ip | vxlan]
interface vdsl <slot/port>

interface vlan <interface id>

interface xgigabit-switchport <slot/port>
Syntax Description
adsl <slot/port> Identifies physical asymmetric digital subscriber line (ADSL)
interfaces. Slot and port number ranges are dependent upon the
hardware installed in the unit. Type interface adsl ? for
information regarding valid ranges.
atm <port | port.sublink> Identifies and creates asynchronous transfer mode (ATM) virtual
interfaces or subinterfaces. Port number range is 1 to 1024.
Sublink number range is 1 to 65535.
bri <slot/port> Identifies physical basic rate interfaces (BRIs). Slot and port
number ranges are dependent upon the hardware installed in the
unit. Type interface bri ? for information regarding valid ranges.
bvi <interface id> Identifies bridged virtual interfaces (BVIs). This ID must
correspond to an existing bridge group. Valid range is 1 to 255.
cellular <slot/port> Identifies physical cellular interfaces. Slot numbers are either 0 or
1. Port numbers begin at 1 with a range dependent on the unit.
dds <slot/port> Identifies physical digital data service (DDS) interfaces. Slot and
port number ranges are dependent upon the hardware installed in
the unit. Type interface dds ? for information regarding valid
ranges.
demand <interface id> Identifies and creates virtual demand routing interfaces. Valid
range is 1 to 1024.
encapsulation [hdlc | ppp] Optional. Specifies the encapsulation type for the demand routing
interface. The hdlc encapsulation type specifies high level data
link control (HDLC) encapsulation, and the ppp encapsulation
type specifies Point-to-Point Protocol (PPP) encapsulation. If no
encapsulation type is specified, PPP encapsulation is used for the
demand routing interface by default.
dot11ap <ap | ap/radio | ap/radio.vap> Identifies wireless access point, radio, and/or virtual access point
(VAP) interfaces. The AP number range is 1 to 8. The radio is
either 1 or 2. The VAP number range is 1 to 8.
ap-type nv150 Specifies the wireless access point (AP) type as a NetVanta 150.
ap-type nv16x Specifies the wireless AP type as a NetVanta 160 Series.
radio-type [802.11a | 802.11bg] Specifies the radio interface type. Valid interface types are
802.11a and 802.11bg.
e1 <slot/port> Identifies physical E1 interfaces. Slot and port number ranges are
dependent upon the hardware installed in the unit. Type interface
e1 ? for information regarding valid ranges.
ethernet <slot/port> Identifies physical Ethernet interfaces. Slot and port number
ranges are dependent upon the hardware installed in the unit.
Type interface ethernet ? for information regarding valid ranges.

fdl <slot/port> Identifies physical facility data link (FDL) interfaces. Slot and port
unit. Type interface fdl ? for information regarding valid ranges.
frame-relay <port | port.sublink> Identifies and creates virtual Frame Relay interfaces. Port number
range is 1 to 1024. Sublink range is 1 to 1007.
fxo <slot/port> Identifies physical foreign exchange office (FXO) interfaces. Slot
and port number ranges are dependent upon the hardware
installed in the unit. Type interface fxo ? for information regarding
valid ranges.
fxs <slot/port> Identifies physical foreign exchange station (FXS) interfaces. Slot
and port number ranges are dependent upon the hardware
installed in the unit. Type interface fxs ? for information regarding
valid ranges.
gigabit-ethernet <slot/port> Identifies physical gigabit Ethernet interfaces. Slot and port
unit. Type interface gigabit-ethernet ? for information regarding
valid ranges.
gigabit-switchport <slot/port> Identifies physical gigabit switchport interfaces. Slot and port
unit. Type interface gigabit-switchport ? for information
regarding valid ranges.
hdlc <interface id> Identifies and creates virtual high level data link control (HDLC)
interfaces. Valid range is 1 to 1024.
hssi <slot/port> Identifies physical high speed serial interfaces (HSSIs). Slot and
port number ranges are dependent upon the hardware installed in
the unit. Type interface hssi ? for information regarding valid
ranges.
loopback <interface id> Identifies and creates virtual loopback interfaces. Valid range is 1
to 1024.
mef-ethernet <slot/port> Identifies physical Metro Ethernet Forum (MEF) Metro Ethernet
hardware installed in the unit.
modem <slot/port> Identifies physical analog modem interfaces. Slot and port number
Type interface modem ? for information regarding valid ranges.
port-channel <interface id> Creates and configures virtual link aggregation interfaces. Valid
range is 1 to 6.
ppp <interface id> Identifies and creates virtual Point-to-Point Protocol (PPP)
interfaces. Valid range is 1 to 1024.
pri <slot/port> Identifies physical primary rate interfaces (PRIs). Slot and port
unit. Type interface pri ? for information regarding valid ranges.

serial <slot/port> Identifies physical serial ports. Slot and port number ranges are
serial ? for information regarding valid ranges.
sdsl <slot/port> Identifies physical symetric digital subscriber line (SDSL)
hardware installed in the unit. Type interface sdsl ? for
shdsl <slot/port> Identifies physical single-pair high-speed digital subscriber line
(SHDSL) interfaces. Slot and port number ranges are dependent
upon the hardware installed in the unit. Type interface shdsl ? for
switchport <slot/port> Identifies physical switchport interfaces. Slot and port number
Type interface switchport ? for information regarding valid
ranges.
t1 <slot/port> Identifies physical T1 interfaces. Slot and port number ranges are
t1 ? for information regarding valid ranges.
t3 <slot/port> Identifies physical T3 interfaces. Slot and port number ranges are
t4 <slot/port> Identifies physical T4 interface. Slot and port number ranges are
ttunnel <interface id> Identifies the tunnel interface ID. Valid range is 1 to 1024.
gre ip Creates a virtual Internet Protocol version 4 (IPv4) generic routing
encapsulation (GRE) tunnel interface.
multipoint-gre ip Creates a virtual IPv4 GRE multipoint tunnel interface.
vxlan Creates a virtual extensible local area network (VxLAN) tunnel
interface.
vdsl <slot/port> Identifies physical very high-speed digital subscriber line (VDSL)
hardware installed in the unit. Type interface vdsl ? for
vlan <interface id> Identifies and creates virtual local area network (VLAN) interfaces.
xgigabit-switchport <slot/port> Identifies physical 10-gigabit switchport interfaces. Slot and port
unit. Type interface xgigabit-switchport ? for information
regarding valid ranges.

Default Values
By default, an interface is inactive. To activate the interface, enter the no shutdown command from within
the specific interface command set; for example, (config-ppp 7)#no shutdown. There are no default
values for these commands.
Command History
Release 3.1 Command was expanded to include the loopback interface.
Release 8.1 Command was expanded to include the ATM interface.
Release 9.1 Command was expanded to include the HDLC interface.
Release 11.1 Command was expanded to include demand, FXO, and PRI
interfaces.
Release 15.1 Command was expanded to allow navigation from one interface to
another without exiting the current configuration mode. Also,
expanded to include AP, radio, VAP, and BVI interfaces.
Release 17.2 Command was expanded to include cellular interface.
Release A4.01 Command was expanded to include the MEF Metro Ethernet
interface.
Release 18.1 Command was expanded to include the ap-type and radio-type
parameters.
Release R10.1.0 The tunnel <interface id> command was changed to tunnel
<interface id> gre ip.
Release R10.4.0 Command was expanded to include the NetVanta 160 Series AP
type (ap-type nv16x).
Release R10.8.0 Command was expanded to include the encapsulation
[hdlc | ppp] parameter on the demand routing interface.
Release R10.10.0 Command was expanded to include the SDSL, VDSL, and
10 gigabit switchport interfaces.
Release R10.11.0 Command was expanded to include the T4 interface.
Release R13.1.0 The tunnel <interface id> command was expanded to include
vxlan parameter.
Functional Notes
When identifying a physical interface slot and port, keep the following in mind:
• Built-in nonremovable interfaces are identified by slot 0.

• Removable interfaces are identified by the physical labels on the slots.
• Interfaces are numbered per slot, from left to right, starting with 1.

Usage Examples
The following example uses the interface command to navigate from the T1 Interface Configuration mode
to a Frame Relay interface:
(config-t1 1/1)#interface fr 7
(config-fr 7)#
The following examples activate the interface configuration mode for the specified interface type:
For an ADSL interface:

(config-adsl 1/1)#
For an ATM subinterface:
(config)#interface atm 1.1

(config-atm 1.1)#
For a BRI interface:
(config)#interface bri 1/2

(config-bri 1/2)#
For a BVI interface:
(config)#bridge irb
(config-bvi 1)#
For a cellular interface:
(config)#interface cellular 1/1

For a DDS interface:
(config)#interface dds 1/1

(config-dds 1/1)#
For a demand routing interface using HDLC encapsulation:

(config)#interface demand 1 encapsulation hdlc
(config-demand 1)#
For a dot11ap interface:
(config)#interface dot11ap 1
(config-dot11ap 1)#
For an E1 interface:

(config)#interface e1 1
(config-e1 1)#
For an Ethernet interface:
(config)#interface ethernet 0/1

(config-eth 0/1)#
For an Ethernet subinterface:

(config)#interface eth 0/1.1
(config-eth 0/1.1)#
For an FDL interface:
(config)#interface fdl 1/1

(config-fdl 1/1)#
For a Frame Relay subinterface:
(config)#interface frame-relay 1.16

(config-fr 1.16)#
For an FXO interface:
(config)#interface fxo 0/1

(config-fxo 0/1)#
For an FXS interface:
(config)#interface fxs 2/1

(config-fxs 2/1)#
For a Gigabit Ethernet interface:
(config)#interface gigabit-ethernet 0/3

For an HDLC interface:
(config)#interface hdlc 1
(config-hdlc 1)#
For an HSSI interface:
(config)#interface hssi 1/1

(config-hssi 1/1)#
For a loopback interface:
(config)#interface loopback 8
(config-loop 8)#

For an MEF Ethernet interface:
(config)#interface mef-ethernet 2/1

(config-mef-ethernet 2/1)#
For a modem interface:
(config)#interface modem 1/1

(config-modem 1/1)#
For a port channel interface:
(config)#interface port-channel 6
Creating Port Channel interface 6.
(config-p-chan6)#
For a PPP interface:

(config-ppp 100)#
For a PRI interface:
(config)#interface pri 2
(config-pri 2)#
For a serial interface:
(config)#interface serial 1/1

(config-serial 1/1)#
For an SDSL interface:
(config)#interface sdsl 1/1

(config-sdsl 1/1)#
For an SHDSL interface:
(config)#interface shdsl 1/1

(config-shdsl 1/1)#
For a switchport interface:
(config)#interface switchport 0/2

(config-swx 0/2)#
For a 10 gigabit switchport interface:
(config)#interface xgigabit-switchport 1/1

For a T1 interface:

(config-t1 1/1)#
For a T3 interface:
(config-t3 1/1)#
For a T4 interface:
(config-t4 1/1)#
For a tunnel interface:
(config)#interface tunnel 300 gre ip

(config-tunnel 300)#
For a VDSL interface:
(config)#interface vdsl 1/1

(config-vdsl 1/1)#
For a VLAN interface:
(config)#interface vlan 300

(config-vlan 300)#
For a wireless access point:
(config)#interface dot11ap 1/1.1

(config-dot11ap 1/1.1-bg)#

shutdown
Use the shutdown command to disable an interface (both physical and virtual) or an ADTRAN Operating
System (AOS) feature. Use the no form of this command to turn on the interface or enable the feature.
Syntax Description
No subcommands.
Default Values
By default, all interfaces are disabled.
The default setting for feature commands vary. Refer to the individual feature command set for specific
details about feature default settings.
Command History
Functional Notes
The shutdown command applies to all interface mode command sets and certain feature command sets.
When the shutdown command is issued from within an interface configuration command set, it disables
the interface so no traffic will be passed through. When the shutdown command is issued from within a
feature command set, it disables the feature and causes it to stop functioning. Using this command allows
you to temporarily disable an interface or feature without altering the configurationg settings related to it.
Once the no shutdown command is issued, the interface or feature is enabled, resuming functionality
using the previously configured settings.
Usage Examples
The following example administratively disables the modem interface:

(config-modem 1/2)#shutdown
The following example disables the packet capture feature:
(config)#packet-capture 1CAPTURE standard

(config-packet-capture-1CAPTURE)#shutdown

Enable Mode Command Set Command Reference Guide
ENABLE MODE COMMAND SET
To activate the Enable mode, enter the enable command at the Basic mode prompt. (If an enable password
has been configured, a password prompt will display.) For example:
>enable
Password: XXXXXXX
#
In AOS Release 17.1, output modifiers were introduced for all show commands. These modifiers help
specify the information displayed in the show command output. The modifiers are appended to the end of
the show command, preceded by the pipe character (|), and followed by the <text> to exclude, include, or
with which to begin the display. The following output modifiers are common for all show commands:
| begin <text> Produces output that begins with lines, including the specified text and
every line thereafter.
| exclude <text> Produces output that excludes any lines containing the specified text.
| include <text> Produces output that only displays lines with the specified text.
In the following example, the show command was modified to begin its display with the lines http server
and display all lines thereafter:
#show run | begin ip http server

no http server
no http secure-server
no snmp agent
no ip ftp server
ip ftp server default-filesystem flash
no ip scp server
no ip sntp server
!
In the following example, the exclude modifier was used with the show command to exclude lines of text
containing the words no shutdown:
#show run interface ppp 1 | exclude no shutdown

!
!
interface ppp 1
ip address 10.2.0.1 255.255.255.0
ip access-policy UNTRUSTED
crypto map SITE2SITE
no lldp send-and-receive
cross-connect 1 t1 1/1 1 ppp 1
!

Command Reference Guide Enable Mode Command Set
In the following example, the include modifier was used with the show command to only display
information about interfaces:
#show run | include interface

interface switchport 0/1
--MORE--
exit on page 83
application on page 98
auto-config restart on page 100
boot config on page 101
boot system on page 102
clear commands begin on page 104
clear counters commands begin on page 112
clear ip commands begin on page 141
clear ipv6 commands begin on page 163
clear sip commands begin on page 205
clock auto-correct-dst on page 221
clock no-auto-correct-dst on page 222
clock set <time> <day> <month> <year> on page 223
clock timezone <value> on page 224
configure on page 226
copy commands begin on page 227
debug commands begin on page 284
debug dot11 commands begin on page 308
debug ethernet cfm commands begin on page 319
debug ip commands begin on page 352
debug ipv6 commands begin on page 395
debug licensing on page 415
debug packet-capture on page 430
debug radius on page 443

debug sip on page 451

debug snmp packets on page 458
debug sntp on page 459
debug spanning-tree on page 460
debug ssh on page 462
debug voice on page 469
debug vrrp on page 474
debug vrrpv3 on page 476
debug y1731 file-save on page 478
dir on page 479
disable on page 481
dot11ap apply-changes on page 482
eject usbdrive0 on page 483
erase on page 484
events on page 486
exception report generate on page 487
factory-default on page 488
flashme on page 491
find <input> on page 489
http secure-server certificate regenerate on page 492
ip dhcp on page 494
ipv6 dhcp on page 496
license commands begin on page 499
led status-led on page 498
logout on page 505
mount usbdrive0 on page 506
nslookup on page 507
ping commands begin on page 509
port-auth re-authenticate on page 525
ramdisk <size> on page 526
reload on page 527
reload dot11 interface dot11ap <ap interface> on page 529
rename on page 530
run audit security on page 531
run checkdisk cflash on page 534
run checkdisk usbdrive0 on page 535
run tcl <name> on page 536
run voipwizard on page 537
show commands begin on page 541

show bgp commands begin on page 556

show dot11 commands begin on page 604
show ethernet cfm commands begin on page 616
show ethernet loopback on page 629
show ethernet y1731 commands begin on page 635
show interfaces commands begin on page 670
show ip commands begin on page 692
show ipv6 commands begin on page 787
show mac address-table commands begin on page 849
show ospfv3 commands begin on page 882
show rtp commands begin on page 961
show sip commands begin on page 995
show spanning-tree commands begin on page 1009
show voice commands begin on page 1065
sip check-sync on page 1115
ssh <url> on page 1116
ssh key regenerate on page 1118
ssh port-forward on page 1119
telnet on page 1121
telnet stack-member <unit id> on page 1123
telnet vrf <name> stack-member <number> on page 1124
terminal length <number> on page 1125
test cable-diagnostics on page 1126
traceroute on page 1127
traceroute ethernet on page 1129
traceroute ipv6 on page 1132
undebug all on page 1134
verify-file on page 1135
vlan database on page 1136
voice dsp capture on page 1137
voice loopback-call on page 1138
wall <message> on page 1139
write on page 1140

application
Use the application command to enter the application command set. Ethernet Y.1731 and network
synchronization (Network Sync) can be configured from this set. Available Ethernet Y.1731 commands in
the application set include:
ethernet y1731 meg char-string <name> <level> <id>

ethernet y1731 meg icc-umc <name> <level> <id>
Syntax Description
char-string <name> Specifies a Y.1731 maintenance entity group (MEG) name using a
character string format. Maximum length is 45 ASCII characters.
icc-umc <name> Specifies a Y.1731 MEG name using the ITU-CarrierCode Unique MEG ID
Code MEG (ICC-UMC) format. Maximum length is 13 ASCII characters.
<level> Specifies the MEG level. Valid range is 0 to 7.
<id> Specifies the MEG ID. Valid range is 1 to 8191.
Default Values
By default, no Y.1731 applications are configured. By default, no Network Sync applications are
configured.
Command History
Release R10.10.0 Command was introduced.
Release R10.11.0 Command was expanded to include Network Sync configuration
commands.
Functional Notes
The Y.1731 application is configured using the commands outlined in Y.1731 Application Command Set on
page 1982.
The Network Sync application is configured using the commands outlined in Network Sync Application
Command Set on page 1977.
Usage Examples
The following example access the application command set:
>enable
#application
(app)#

The following example accesses the Y.1731 application command set:
>enable
#application
(app)#ethernet y1731 meg char-string MEG1 3 100
(app-y1731 100)#

auto-config restart
Use the auto-config restart command to restart the AOS automatic self-configuration feature. For more
detailed information, refer to the Configuring Auto-Config guide available online at
To stop AOS automatic self-configuration once it has started, enter the no auto-config
command from the Global Configuration Mode prompt. The AOS automatic
self-configuration feature must be disabled before the auto-config restart command will
start the process.
Syntax Description
No subcommands.
Default Values
There is no default setting for this command.
Command History
Release R10.5.0 Command was relocated to the Enable Mode from the Global Configuration
Mode.
Usage Examples
The following command restarts the automatic configuration process:
>enable
#auto-config restart

boot config
Use the boot config command to modify system boot parameters by specifying the location and name of
primary and secondary configuration files. Use the no form of this command to use the default startup
configuration file. Variations of this command include:
boot config cflash <primary filename>

boot config cflash <primary filename> cflash <secondary filename>
boot config cflash <primary filename> flash <secondary filename>
boot config flash <primary filename>
boot config flash <primary filename> cflash <secondary filename>
boot config flash <primary filename> flash <secondary filename>
The cflash parameter is only valid for units with CompactFlash® capabilities.
Syntax Description
cflash Specifies that the configuration file is located in CompactFlash memory.
flash Specifies that the configuration file is located in flash memory.
<primary filename> Specifies the name of the primary configuration file (file names are case
sensitive).
<secondary filename> Optional. Specifies the name of the backup configuration file.
Default Values
Command History
Release 18.2 Command was introduced
Usage Examples
The following example specifies the file myconfig.biz (located in flash memory) as the primary system
boot file:
>enable
(config)#boot config flash myconfig.biz
boot file and the file mybackupconfig.biz (located in CompactFlash memory) as the backup configuration
file:
>enable
(config)#boot config flash myconfig.biz cflash mybackupconfig.biz

boot system
Use the boot system command to specify the system image loaded at startup. Variations of this command
include:
boot system cflash <primary filename>

boot system cflash <primary filename> verify
boot system cflash <primary filename> cflash <secondary filename>
boot system cflash <primary filename> cflash <secondary filename> verify
boot system cflash <primary filename> flash <secondary filename>
boot system cflash <primary filename> flash <secondary filename> verify
boot system cflash <primary filename> no-backup
boot system cflash <primary filename> no-backup verify
boot system flash <primary filename>
boot system flash <primary filename> verify
boot system flash <primary filename> <secondary filename>
boot system flash <primary filename> <secondary filename> verify
boot system flash <primary filename> cflash <secondary filename>
boot system flash <primary filename> cflash <secondary filename> verify
boot system flash <primary filename> flash <secondary filename>
boot system flash <primary filename> flash <secondary filename> verify
boot system flash <primary filename> no-backup
boot system flash <primary filename> no-backup verify
For units without CompactFlash capabilities, the secondary media type does not need to
be specified. Refer to the last example under Usage Examples.
Syntax Description
cflash Specifies the system image is located in CompactFlash memory.
flash Specifies the system image is located in flash memory.
no-backup Specifies that there is no backup image present.
<primary filename> Specifies the file name of the image (file names are case sensitive). Image
files should have a .biz extension.
<secondary filename> Specifies a name for the backup image.
verify Optional. Verifies the image checksum.
Default Values

Command History
Release R12.1.0 Command version boot system flash was made unavailable for virtual
AOS (vAOS) instances.
Functional Notes
Detailed instructions for upgrading AOS and loading files into flash memory are found online at
http://supportforums.adtran.com.
The boot system flash command is not available in vAOS instances.
Usage Examples
The following example specifies myimage.biz (located in CompactFlash memory) as the primary image
file with no backup image:
>enable
#boot system cflash myimage.biz no-backup
The following example specifies myimage.biz (located in flash memory) as the primary image file with no
backup image:
>enable
#boot system flash myimage.biz no-backup
The following example specifies myimage.biz (located in flash memory) as the primary image file and
mybackupimage.biz (also located in flash memory) as the backup image:
>enable
#boot system flash myimage.biz mybackupimage.biz

clear activchassis
Use the clear activchassis command to cause the master device to trigger a restart of the ActivChassis
supervision protocols. This action causes the entire ActivChassis to restart discovery and to re-resolve the
current ActivChassis configuration.
Syntax Description
No subcommands.
Default Values
Command History
Release AC1.0 Command was introduced.
Usage Examples
The following example restarts the ActivChassis supervision protocols:
>enable
#clear activchassis

clear arp-cache
Use the clear arp-cache command to remove all dynamic entries from the Address Resolution Protocol
(ARP) cache table. Variations of this command include:
clear arp-cache
clear arp-cache vrf <name>
Syntax Description
vrf <name> Optional. Clears the ARP cache entry for a specific virtual routing and
forwarding (VRF).
Default Values
Command History
Release A1 Command was expanded to include the vrf parameter.
Usage Examples
The following example removes all dynamic entries from the ARP cache:
>enable
#clear arp-cache

clear arp-entry <ip address>

Use the clear arp-entry command to remove a single entry from the Address Resolution Protocol (ARP)
cache. Variations of this command include:
clear arp-entry <ip address>

clear arp-entry <ip address> vrf <name>
Syntax Description
<ip address> Specifies a valid IP address to remove. IP addresses should be expressed
in dotted decimal notation (for example, 10.10.10.1).
vrf <name> Optional. Clears the ARP entry for a specific virtual routing and forwarding
(VRF).
Default Values
Command History
Release A1 Command was expanded to include the vrf parameter.
Usage Examples
The following example removes the entry for 10.10.10.1 from the ARP cache:
>enable
#clear arp-entry 10.10.10.1

clear bgp
Use the clear bgp command to clear information for Internet Protocol version 4 (IPv4) or Internet Protocol
version 6 (IPv6) Border Gateway Protocol (BGP). You can clear BGP neighbors, BGP IPv4 and IPv6 route
information, and BGP connections on the default or nondefault virtual routing and forwarding (VRF)
instances. Variations of this command include:
clear bgp * [mef-ethernet <slot/port> | system-control-evc | system-management-evc]

clear bgp <number> [system-control-evc | system-management-evc]
clear bgp <ipv4 address> [system-control-evc | system-management-evc]
clear bgp <ipv6 address> [system-control-evc | system-management-evc]
clear bgp any-vrf [* | <number> | <ipv4 address>] [mef-ethernet <slot/port> | system-control-evc |
system-management-evc] [in | out | soft]
clear bgp any-vrf [* | <number> | <ipv6 address>] [mef-ethernet <slot/port> | system-control-evc |
clear bgp any-vrf ipv4 [* | <number> | <ipv4 address>] [mef-ethernet <slot/port> | system-control-evc |
clear bgp any-vrf ipv6 [* | <number> | <ipv6 address>] [mef-ethernet <slot/port> | system-control-evc |
clear bgp ipv4 [* | <number> | <ipv4 address>] [mef-ethernet <slot/port> | system-control-evc |
clear bgp ipv6 [* | <number> | <ipv6 address>] [mef-ethernet <slot/port> | system-control-evc |
clear bgp vrf <name> [* | <number> | <ipv4 address>] [mef-ethernet <slot/port> | system-control-evc |
clear bgp vrf <name> ipv4 [* | <number> | <ipv4 address>] [mef-ethernet <slot/port> |
system-control-evc | system-management-evc] [in | out | soft]
clear bgp vrf <name> ipv6 [* | <number> | <ipv6 address>] [mef-ethernet <slot/port> |
system-control-evc | system-management-evc] [in | out | soft]
Syntax Description
* Clears all BGP neighbors.
<number> Clears all BGP neighbors with the specified autonomous system (AS)
number. Range is 1 to 4294967295.
<ipv4 address> Clears the BGP neighbor with the specified IPv4 address. IPv4 addresses
should be expressed in dotted decimal notation (for example, 10.10.10.1).
<ipv6 address> Clears the BGP neighbor with the specified IPv6 address. IPv6 addresses
should be expressed in colon hexadecimal format (for example,
2001:DB8:1::1).
any-vrf Optional. Clears BGP connections for all VRF instances.
ipv4 Optional. Clears all BGP IPv4 route information.
ipv6 Optional. Clears all BGP IPv6 route information.
in Causes a soft reset inbound with a neighbor, reprocessing routes
advertised by that neighbor.

out Causes a soft reset outbound with a neighbor, resending advertised routes
to that neighbor.
soft Causes a soft reset both inbound and outbound.
mef-ethernet <slot/port> Specifies the Metro Ethernet Forum (MEF) Ethernet interface.
system-control-evc Specifies the system control Ethernet virtual connection (EVC). This EVC is
preconfigured on the unit.
system-management-evc Specifies the system management EVC. This EVC is preconfigured on the
unit.
vrf <name> Optional. Clears connections for a nondefault VRF instance.
Default Values
Command History
Release 18.1 Command was altered to support 4-byte AS number (previously AOS only
supported 2-byte numbers).
Release 18.3 Command syntax was changed to remove the ip keyword for ADTRAN
internetworking products. In addition, the any-vrf, vrf <name>, and ipv4
parameters were added.
Release R10.1.0 Command was expanded to include IPv6 BGP capability, and the ipv6 and
<ipv6 address> parameters were added. In addition, the command syntax
was changed to remove the ip keyword for ADTRAN voice products.
Release R.10.10.0 Command was expanded to include the system-control-evc and
system-management-evc parameters.
Release R10.11.0 Command was expanded to include the MEF Ethernet interface.
Functional Notes
The clear bgp command must be issued to re-initialize the BGP process between the peers matching the
given arguments. Most neighbor changes, including changes to prefix-list filters, do not take effect until the
clear command is issued. A hard reset clears the Transmission Control Protocol (TCP) connection with the
specified peers, which results in clearing the table. This method of clearing is disruptive and causes peer
routers to record a route flap for each route.
The out version of this command provides a soft reset out to occur by causing all routes to be re-sent to
the specified peer(s). TCP connections are not torn down, so this method is less disruptive. Output
filters/policies are re-applied before sending the update.
The in version of this command provides a soft reset in to occur by allowing the router to receive an
updated table from a peer without tearing down the TCP connection. This method is less disruptive and
does not count as a route flap. Currently, all of the peer's routes are stored permanently, even if they are
filtered by a prefix list. The command causes the peer's routes to be reprocessed with any new
parameters.

Usage Examples
The following example causes a hard reset with peers with an AS number of 101:
>enable
#clear bgp 101

clear bridge <number>

Use the clear bridge command to clear all counters associated with bridging (or for a specified bridge
group). Variations of this command include:
clear bridge
clear bridge <number>
Syntax Description
<number> Optional. Specifies a single bridge group. Range is 1 to 255.
Default Values
Command History
Usage Examples
The following example clears all counters for bridge group 17:
>enable
#clear bridge 17

clear buffers max-used

Use the clear buffers max-used command to clear the maximum-used statistics for buffers displayed in
the show memory heap command.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example clears the maximum-used buffer statics:
>enable
#clear buffers max-used

clear counters <interface>

Use the clear counters command to clear the counters for a specified interface or Ethernet virtual
connection (EVC). Variations of this command include:
clear counters evc <name>

clear counters <interface>
Syntax Description
evc <name> Specifies an EVC on which to clear counters.
<interface> Specifies an interface in the format <interface type [slot/port |
slot/port.subinterface id | interface id | interface id.subinterface id | ap |
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use
dot11ap 1/1.1. Type clear counters ? or show interfaces ? for a complete
list of interfaces.
Default Values
Command History
Release 9.1 Command was expanded to include the high level data link control (HDLC)
and tunnel interfaces.
Ethernet interface and the gigabit switchport interface.
Release A5.01 Command was expanded to include the Gigabit Ethernet interface.
Release R10.5.0 Command was expanded to include the basic rate interface (BRI).
Release R11.2.0 Command was expanded to include the very high-speed digital subscriber
line (VDSL).
Release R11.5.0 Command was expanded to include the EVC option.
Release R11.7.0 Command was expanded to include the 10 gigabit switchport interface.
Usage Examples
The following example clears all counters associated with the Ethernet 0/1 interface:
>enable
#clear counters ethernet 0/1

clear counters crypto ipsec sa peak

Use the clear counters crypto ipsec sa peak command to clear peak Internet Protocol version 4 (IPv4)
and Internet Protocol version 6 (IPv6) security association (SA) count statistics associated with IP security
(IPsec).
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example clears the peak IPv4 and IPv6 SA count statistics:
>enable
#clear counters crypto ipsec sa peak

clear counters dynamic-counter

Use the clear counters dynamic-counter command to clear dynamic counter statistics. Variations of the
command include:
clear counters dynamic-counter

clear counters dynamic-counter <slot/index>
Syntax Description
<slot/index> Optional. Specifies the slot and port of the dynamic counter in the format
<slot/port>. For example, 0/1.
Default Values
Command History
Usage Examples
The following example clears all dynamic counter statistics:
>enable
#clear counters dynamic-counter

clear counters efm-group <group number>

Use the clear counters efm-group command to clear the counters of the specified Ethernet in the first mile
(EFM) group.
Syntax Description
<group number> Specifies the EFM group. Range is 1 to 1024.
Default Values
Command History
Release A4.01 Command was introduced.
Usage Examples
The following example clears the counters for the EFM group 1:
>enable
#clear counters efm-group 1

clear counters ethernet cfm

Use the clear counters ethernet cfm command to clear all statistics held by Ethernet operations,
administration, and maintenance (OAM) connectivity fault management (CFM) maintenance endpoints
(MEPs). Variations of this command include:
clear counters ethernet cfm

clear counters ethernet cfm domain <domain name> association <association name>
clear counters ethernet cfm domain none association <association name>
clear counters ethernet cfm interface <interface>
clear counters ethernet cfm level <level>
clear counters ethernet cfm mep-id <mep id>
Syntax Description
domain <domain name> Optional. Specifies that only statistics for MEPs in the named domain
are cleared.
domain none Optional. Specifies that no domain is named and all MEP statistics,
regardless of domain, are cleared.
association <association name> Optional. Specifies that only statistics for MEPs in the named
association are cleared.
interface <interface> Optional. Specifies that only statistics for MEPs configured on the
specified interface are cleared. Specify an interface in the format
<interface type [slot/port | slot/port.subinterface id | interface id |
interface id.subinterface id]>. For example, for an Ethernet
subinterface, use eth 0/1.1. For a list of appropriate interface, enter
level <level> Optional. Specifies that only statistics for MEPs within the specified
maintenance domain level are cleared. Level range is 0 to 7.
mep-id <mep id> Optional. Specifies that only statistics for MEPs with the specified MEP
ID are cleared. MEP ID range is 1 to 8191.
Default Values
No default values necessary for this command.
Command History
Ethernet interface.
Functional Notes

Usage Examples
The following example clears all statistics associated with Ethernet OAM CFM MEPs:
>enable
#clear counters ethernet cfm
The following example clears all statistics associated with MEPs on maintenance domain level 5:
>enable
#clear counters ethernet cfm level 5

clear counters global-policer

Use the clear counters global-policer command to clear the virtual AOS (vAOS) global policer statistics.
This command clears the global policer dropped packets and dropped bytes counters. The licensed rate
drops on each policed interface are also cleared.
Syntax Description
No additional subcommands.
Default Values
Command History
Usage Examples
The following example clears the vAOS global policer statistics:
>enable
#clear counters global-policer

clear counters hmr

Use the clear counters hmr command to clear any Session Initiation Protocol (SIP) header manipulation
rules (HMR) statistics. Variations of this command include:
clear counters hmr

clear counters hmr direction inbound
clear counters hmr direction outbound
clear counters hmr policy <name>
clear counters hmr user <extension>
clear counters hmr user global
clear counters hmr user proxy-server
clear counters hmr user proxy-user
Syntax Description
direction inbound Optional. Clears HMR statistics for inbound SIP traffic.
direction outbound Optional. Clears HMR statistics for outbound SIP traffic.
policy <name> Optional. Clears HMR statistics for a specific HMR policy.
user Optional. Clears HMR statistics for a specific user.
<extension> Optional. Clears HMR statistics for a specific user.
global Optional. Clears HMR statistics for SIP global traffic.
proxy-server Optional. Clears HMR statistics for SIP proxy server traffic.
proxy-user Optional. Clears HMR statistics for SIP proxy user traffic.
Default Values
Command History
Usage Examples
The following example clears all HMR statistics:
>enable
#clear counters hmr

clear counters media-gateway

Use the clear counters media-gateway command to reset cumulative totals for all Realtime Transport
Protocol (RTP) channels or for a specific RTP channel. Variations of this command include the following:
clear counters media-gateway

clear counters media-gateway channel <value>
clear counters media-gateway dtmf
Syntax Description
channel <value> Optional. Specifies the ID of a particular media-gateway channel to be reset
(for example, 0/1.1).
dtmf Optional. Specifies that dual tone multi-frequency (DTMF) counters are
reset.
Default Values
Command History
Release A2 Command was expanded to include the dtmf parameter.
Usage Examples
The following example resets the counters on media gateway channel 0/1.1:
>enable
#clear counters media-gateway channel 0/1.1
Counters on media-gateway channel reset by console.

clear counters probe

Use the clear counters probe command to reset counters on all probe objects or on a specific probe.
clear counters probe

clear counters probe <name>
Syntax Description
<name> Specifies a probe object to reset counter.
Default Values
Command History
Usage Examples
The following example resets the counters for all configured probes:
>enable
#clear counters probe
The following example resets the counters only for the probe named probe_A:
>enable
#clear counters probe probe_A

clear counters shdsl <slot/port> splice-detect

Use the clear counters shdsl splice-detect command to clear all bad splice detection test data for the
specified single-pair high-speed digital subscriber line (SHDSL) interface.
Syntax Description
<slot/port> Specifies the slot and port of the interface for which you want to clear the
test data.
Default Values
Command History
Usage Examples
The following example clears all bad splice detection test data associated with the SHDSL 1/1 interface:
>enable
#clear counters shdsl 1/1 splice-detect

clear counters track

Use the clear counters track command to reset counters on all track objects or on a specifically named
track.
clear counters track

clear counters track <name>
Syntax Description
<name> Specifies a track object to reset counter.
Default Values
Command History
Usage Examples
The following example resets the counters for all configured tracks:
>enable
#clear counters track
The following example resets the counters only for the track named track_1:
>enable
#clear counters track track_1

clear counters vlan <vlan id>

Use the clear counters vlan command to reset counters on the specified virtual local area network
(VLAN) interface.
Syntax Description
<vlan id> Specifies a valid VLAN interface ID. Range is 1 to 4094.
Default Values
Command History
Usage Examples
The following example resets the counters on VLAN interface 7:
>enable
#clear counters vlan 7

clear counters voice-trunk

Use the clear counters voice-trunk command to reset counters on all voice trunks or on a specific voice
trunk. Variations of this command include:
clear counters voice-trunk all

clear counters voice-trunk <trunk id>
Syntax Description
all Clears all voice trunk counters.
<trunk id> Specifies clearing a specific voice trunk using the trunk's two-digit identifier
following T (for example, T01).
Default Values
Command History
Usage Examples
The following example resets the counters for all configured voice trunks:
>enable
#clear counters voice-trunk all

clear crypto ike sa

Use the clear crypto ike sa command to clear existing Internet key exchange (IKE) security associations
(SAs). Use the policy and remote-id options to clear specific SAs without clearing them all. Variations of
clear crypto ike sa

clear crypto ike sa peak
clear crypto ike sa policy <value>
clear crypto ike sa remote-id <remote id>
Syntax Description
peak Optional. Clears the peak IKE SA count reached.
policy <value> Optional. Removes all IKE SAs associated with the specified policy priority
value. This number is assigned using the command crypto ike on page 1239.
remote-id <remote id> Optional. Removes all IKE SAs associated with the specified IKE remote ID. A
delete payload is sent to the peers prior to deletion of the SA. This
command is preferred to the clear crypto ike sa policy <value> command
when multiple unique SAs have been created on the same IKE policy, but
the user wants to delete only the SA to a unique peer.
Default Values
Command History
Release 12.1 Command was expanded to include the policy and remote-id parameters.
Release 17.5 Command was expanded to include the peak parameter.
Usage Examples
The following example clears the entire database of IKE SAs (including the active associations):
>enable
#clear crypto ike sa
The following example clears IKE SAs associated with policy 101:
>enable
#clear crypto ike sa policy 101
The following example clears an IKE SA associated with remote-id netvanta:
>enable
#clear crypto ike sa remote-id netvanta

clear crypto ipsec sa

Use the clear crypto ipsec sa command to clear existing Internet Protocol security (IPsec) security
associations (SAs), including active ones. Variations of this command include the following:
clear crypto ipsec sa

clear crypto ipsec sa entry <ip address> ah <SPI>
clear crypto ipsec sa entry <ip address> esp <SPI>
clear crypto ipsec sa map <name>
clear crypto ipsec sa peak
clear crypto ipsec sa peer <ip address>
clear crypto ipsec sa remote-id <remote-id>
Syntax Description
entry <ip address> Optional. Clears only the SAs related to the specified destination IP
address. IP addresses should be expressed in dotted decimal notation (for
example, 10.10.10.1).
ah <SPI> Optional. Clears only a portion of the SAs by specifying the Authentication
Header (AH) Protocol and a security parameter index (SPI). You can
determine the correct SPI value using the show crypto ipsec sa
command.
esp <SPI> Optional. Clears only a portion of the SAs by specifying the Encapsulating
Security Payload (ESP) Protocol and an SPI. You can determine the correct
SPI value using the show crypto ipsec sa command.
map <name> Optional. Clears only the SAs associated with the specified crypto map.
peak Optional. Clears the peak IPsec SA count reached.
peer <ip address> Optional. Clears only the SAs associated with the specified far-end IP
example, 10.10.10.1).
remote-id <remote-id> Optional. Removes all IPsec SAs associated with the specified IPsec remote
ID.
Default Values
Command History
Release 15.1 Command was expanded to include the remote-id parameter.

Usage Examples
The following example clears all IPsec SAs:
>enable
#clear crypto ipsec sa
The following example clears the IPsec SA used for ESP traffic with the SPI of 300 to IP address
63.97.45.57:
>enable
#clear crypto ipsec sa entry 63.97.45.57 esp 300

clear crypto keystore

Use the clear crypto keystore command to remove all stored cryptographic key pairs on a device and
update the running configuration.
This command cannot be undone. Deleted key pairs cannot be recovered.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
The command prompts you to confirm before deleting the key pairs. You must enter either yes or no at the
prompt. You will also be prompted to specify whether you want to save the system configuration, which will
save the running configuration to the unit’s nonvolatile random access memory (NVRAM). Even if you do
not save the system configuration, the key pairs are still deleted from the device.
Usage Examples
The following example removes all stored cryptographic key pairs and saves the system configuration:
>enable
#clear crypto keystore
This will erase all stored key pairs. All self-generated and CA-signed
certificates will be deleted. This action is irreversible. Proceed? [yes/no] yes
All stored key pairs have been successfully deleted.
Associated certificates have been removed from the current system
configuration.
Save System Configuration? [y/n] y
Building configuration. . .
Done. Success!

clear desktop-auditing
Use the clear desktop-auditing command to remove the collected network access protection (NAP)
statistics for clients connected to the network. Statistics can be cleared for a single client or for all clients.
clear desktop-auditing
clear desktop-auditing host <hostname>
clear desktop-auditing interface gigabit-switchport <slot/port>
clear desktop-auditing ip <ip address>
clear desktop-auditing mac <mac address>
clear desktop-auditing vlan <vlan id>
Syntax Description
host <hostname> Optional. Clears the statistics for the client with the specified
host name.
interface gigabit-switchport <slot/port> Optional. Clears the statistics for the client using the specified
interface.
ip <ip address> Optional. Clears the statistics for the client with the specified
IP address. IP addresses should be expressed in dotted
decimal notation (for example, 10.10.10.1).
mac <mac address> Optional. Clears the statistics for the client with the specified
medium access control (MAC) address. MAC addresses
should be expressed in the following format: xx:xx:xx:xx:xx:xx
(for example, 00:A0:C8:00:00:01).
vlan <vlan id> Optional. Clears the statistics for the client with the specified
virtual local area network (VLAN) identification number.
VLAN IDs range from 1 to 4096.
Default Values
Command History
Usage Examples
The following example clears all collected NAP statistics for all clients:
>enable
#clear desktop-auditing

The following example clears all collected NAP statistics for the client with the MAC address
00:A0:C8:00:00:01:
>enable
#clear desktop-auditing mac 00:A0:C8:00:00:01

clear dot11 client <mac address>

Use the clear dot11 client command to disassociate with the client that has the specified medium access
control (MAC) address.
Syntax Description
<mac address> Specifies the MAC address of the client for which disassociation is desired.
MAC addresses should be expressed in the following format:
xx:xx:xx:xx:xx:xx (for example, 00:A0:C8:00:00:01).
Default Values
Command History
Release15.1 Command was introduced.
Usage Examples
The following example disassociates with a client with the MAC address 00:40:96:AB:38:5E:
>enable
#clear dot11 client 00:40:96:AB:38:5E
This Station has been removed.

clear dump-core
The clear dump-core command clears diagnostic information appended to the output of the show version
command. This information results from an unexpected unit reboot.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example clears the entire database of Internet key exchange (IKE) SAs (including the active
associations):
>enable
#clear dump-core

clear ethernet cfm mep remote

Use the clear ethernet cfm mep remote command to clear remote maintenance endpoint (MEP) entries
from the Ethernet operations, administration, and maintenance (OAM) connectivity fault management
(CFM) continuity check message (CCM) database. Variations of this command include:
clear ethernet cfm mep remote

clear ethernet cfm mep remote domain <domain name> association <association name>
clear ethernet cfm mep remote domain none association <association name>
clear ethernet cfm mep remote mep-id <mep id>
clear ethernet cfm mep remote remote-mep <mep id>
Syntax Description
domain <domain name> Optional. Specifies that only statistics for remote MEPs in the named
domain are cleared.
domain none Optional. Specifies that no domain is named and all remote MEP
statistics, regardless of domain, are cleared.
association <association name> Optional. Specifies that only statistics for remote MEPs in the named
association are cleared.
mep-id <mep id> Optional. Specifies that only statistics for local MEPs with the specified
MEP ID are cleared. MEP ID range is 1 to 8191.
remote mep-id <mep id> Optional. Specifies that only statistics for remote MEPs with the
specified MEP ID are cleared. MEP ID range is 1 to 8191.
Default Values
Command History
Functional Notes
Usage Examples
The following example clears all CCM entries for all remote MEPs:
>enable
#clear ethernet cfm mep remote

clear ethernet lmi statistics

Use the clear ethernet lmi statistics command to clear all Ethernet local management interface (E-LMI)
statistics, or all E-LMI statistics for a specified interface. Variations of this command include:
clear ethernet lmi statistics

clear ethernet lmi statistics interface <interface>
Syntax Description
interface <interface> Optional. Specifies an interface on which to clear E-LMI statistics. Specify
interfaces in the format <interface type [slot/port]>. For example, for a
Gigabit Ethernet interface, use gigabit eth 0/1. Type clear ethernet lmi
statistics ? for a complete list of interfaces.
Default Values
Command History
Usage Examples
The following example clears all E-LMI statistics on all interfaces:
>enable
#clear ethernet lmi statistics

clear ethernet oam statistics

Use the clear ethernet oam statistics command to clear Ethernet Link operations, administration, and
management (OAM) statistics on the interface. Ethernet Link OAM statistical information cleared includes
Protocol Data Unit (PDU) counters, critical link fault records, and link-monitor events. Variations of this
command include:
clear ethernet oam statistics

clear ethernet oam statistics interface <interface>
Syntax Description
interface <interface> Optional. Clears the Ethernet Link OAM statistics only on the specified
interface. If no interface is specified, then statistics on all interfaces with
Ethernet Link OAM enabled are cleared. Specify an interface in the format
<interface type [slot/port | slot/port.subinterface id | interface id | interface id.
subinterface id]>. For example, for a Gigabit Ethernet interface, use
giga-eth 0/1. For an Ethernet in the first mile (EFM) group, use efm-group
1/1. For a list of appropriate interfaces, enter interface ? at the prompt.
Default Values
Command History
Usage Examples
The following example clears all Ethernet Link OAM statistics for the Gigabit Ethernet interface 0/1:
>enable
#clear ethernet oam statistics interface gigabit-ethernet 0/1

clear ethernet y1731 file-save

Use the clear ethernet y1731 file-save command to delete all Y.1731 performance monitoring log files
and clears the current historical information stored in RAM.
Syntax Description
No subcommands.
Default Values
Command History
Release 11.6.0 Command was introduced.
Usage Examples
The following example deletes all Y.1731 performance monitoring log files:
(config)#clear ethernet y1731 file-save

clear event-history
Use the clear event-history command to clear all messages logged to the local event-history.
Messages cleared from the local event-history (using the clear event-history command) are
no longer accessible.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example clears all local event-history messages:
>enable
#clear event-history

clear gvrp statistics

Use the clear gvrp statistics command to clear counter statistics on GARP VLAN Registration Protocol
(GVRP) interfaces. Variations of this command include:
clear gvrp statistics all

clear gvrp statistics interface <interface>
Syntax Description
all Clears the information for all GVRP interfaces.
interface <interface> Clears the information for the specified interface. Specify an interface in the
format <interface type [slot/port | slot/port.subinterface id | interface id |
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; for a
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and for a
wireless virtual access point, use dot11ap 1/1.1. Type clear gvrp statistics
interface ? for a complete list of applicable interfaces.
Default Values
Command History
Usage Examples
The following example clears counter statistics on the GVRP interfaces:
>enable
#clear gvrp statistics all

clear host
Use the clear host command to clear a host name when using the domain naming system (DNS) proxy.
clear host *
clear host <hostname>
clear host vrf <name> <hostname>
Syntax Description
* Clears all hosts from the host table.
<hostname> Clears a specific host entry from the host-to-address table.
vrf <name> Optional. Clears the host table entry for a specific virtual routing and
forwarding (VRF).
Default Values
Command History
Functional Notes
Usage Examples
The following example clears all dynamic host names:
>enable
#clear host *

clear ip access-list
Use the clear ip access-list command to clear all counters associated with all Internet Protocol version 4
(IPv4) access control lists (ACLs) or a specified IPv4 ACL. Variations of this command include:
clear ip access-list
clear ip access-list <ipv4 acl name>
Syntax Description
<ipv4 acl name> Optional. Specifies the name (label) of an IPv4 ACL to clear.
Default Values
Command History
Release 17.9 Command was changed to require the ip keyword for ADTRAN
internetworking products only.
Release R10.1.0 Command was changed to require the ip keyword for ADTRAN voice
products.
Usage Examples
The following example clears all counters for the IPv4 ACL labeled MatchAll:
>enable
#clear ip access-list MatchAll

clear ip cache
Use the clear ip cache command to delete cache table entries. Add the counters parameter to reset the
counters on the cache table. The command can be limited to a specific virtual routing and forwarding
(VRF). Variations of this command include:
clear ip cache
clear ip cache counters
clear ip cache vrf <name>
clear ip cache vrf <name> counters
Syntax Description
counters Optional. Resets counters in the cache table.
vrf <name> Optional. Clears all fast-cache entries for a specific VRF.
Default Values
Command History
Release 14.1 Command was expanded to include the counters parameter.
Functional Notes
Usage Examples
The following example removes all entries from the cache table:
>enable
#clear ip cache
The following example resets all fast-cache entries just for the VRF RED:
>enable
#clear ip cache vrf RED counters

clear ip crypto ipsec sa

Use the clear ip crypto ipsec sa command to clear existing Internet Protocol security (IPsec) security
associations (SAs), including active ones. Variations of this command include the following:
clear ip crypto ipsec sa

clear ip crypto ipsec sa entry <ip address> ah <SPI>
clear ip crypto ipsec sa entry <ip address> esp <SPI>
clear ip crypto ipsec sa map <name>
clear ip crypto ipsec sa peak
clear ip crypto ipsec sa peer <ip address>
clear ip crypto ipsec sa profile <name>
clear ip crypto ipsec sa remote-id <remote-id>
Syntax Description
entry <ip address> Optional. Clears only the SAs related to the specified destination IP
example, 10.10.10.1).
ah <SPI> Optional. Clears only a portion of the SAs by specifying the Authentication
Header (AH) Protocol and a security parameter index (SPI). You can
determine the correct SPI value using the show crypto ipsec sa
command.
esp <SPI> Optional. Clears only a portion of the SAs by specifying the Encapsulating
Security Payload (ESP) Protocol and an SPI. You can determine the correct
SPI value using the show crypto ipsec sa command.
map <name> Optional. Clears only the SAs associated with the specified crypto map.
peak Optional. Clears the peak IPsec SA count reached.
peer <ip address> Optional. Clears only the SAs associated with the specified far-end IP
example, 10.10.10.1).
profile <name> Optional. Clears only the SAs created in association with the specified
IPsec profile name.
remote-id <remote-id> Optional. Removes all IPsec SAs associated with the specified IPsec remote
ID.
Default Values

Command History
Release 15.1 Command was expanded to include the remote-id parameter.
Release R10.5.0 Command syntax was changed to require the ip keyword.
Release R11.9.0 Command was expanded to include the profile <name> parameter.
Usage Examples
The following example clears all IPsec SAs:
>enable
#clear ip crypto ipsec sa
The following example clears the IPsec SA used for ESP traffic with the SPI of 300 to IP address
63.97.45.57:
>enable
#clear ip crypto ipsec sa entry 63.97.45.57 esp 300

clear ip dhcp binding

Use the clear ip dhcp binding command to clear Dynamic Host Configuration Protocol version 4
(DHCPv4) server binding entries. Variations of this command include:
clear ip dhcp binding *

clear ip dhcp binding <ipv4 address>
clear ip dhcp binding vrf <name> *
clear ip dhcp binding vrf <name> <ipv4 address>
Syntax Description
* Clears all automatic DHCPv4 server binding entries.
vrf <name> Optional. Clears DHCPv4 server binding entries on the specified virtual
routing and forwarding (VRF) instance.
<ipv4 address> Clears a specific DHCPv4 server binding associated with an IPv4 address.
example, 10.10.10.1).
Default Values
Command History
Release 18.3 Command syntax was changed to remove the hyphen and the server
keyword for ADTRAN internetworking products.
Release R10.1.0 Command syntax was changed to remove the hyphen and the server
keyword for ADTRAN voice products.
Usage Examples
The following example clears all DHCPv4 server bindings on the default VRF:
>enable
#clear ip dhcp binding *
The following example clears all DHCPv4 server bindings from the VRF RED:
>enable
#clear ip dhcp binding vrf RED *

clear ip ffe
Use the clear ip ffe command to remove the RapidRoute Engine entries on all interfaces or on a specific
interface. Variations of this command include:
clear ip ffe
clear ip ffe <interface>
clear ip ffe <interface> peak
clear ip ffe ipsec
clear ip ffe ipsec <rapidroute interface ID>
clear ip ffe ipsec <rapidroute interface ID> peak
clear ip ffe ipsec peak
clear ip ffe peak
clear ip ffe system-control-evc
clear ip ffe system-control-evc peak
clear ip ffe system-management-evc
clear ip ffe system-management-evc peak
Syntax Description
slot/port.subinterface id | interface id | interface id.subinterface id]>. For
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use
atm 1.1. Type clear ip ffe? for a complete list of valid interfaces.
ipsec Specifies that all RapidRoute entries to and from an Internet Protocol
security (IPsec) security association (SA) are cleared.
<rapidroute interface ID> Specifies that RapidRoute entries to and from an IPsec SA on a specified
RapidRoute interface are cleared. RapidRoute interface identifiers range
from 1 to 16777215.
peak Clears the RapidRoute peak entry count. If no interface is specified, the
peak entry counts for all interfaces are cleared.
unit.
Default Values
Command History
Release 17.6 Command was expanded to include ipsec parameters.


Release R11.3.0 Command was expanded to include the Ethernet in the first mile (EFM)
group and Metro Ethernet Forum (MEF) Ethernet interface.
Release R11.10.0 Command was expanded to include the peak parameter.
Usage Examples
The following example clears all RapidRoute entries for the Ethernet 0/1 interface:
>enable
#clear ip ffe ethernet 0/1
The following example clears the RapidRoute peak entry count for all interfaces:
>enable
#clear ip ffe peak

clear ip flow stats

Use the clear ip flow stats command to clear all statistics associated with an integrated traffic monitoring
(ITM) observation point.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example clears all ITM statistics associated with an observation point:
#clear ip flow stats

clear ip flow top-talkers

Use the clear ip flow top-talkers command to clear all statistics associated with integrated traffic
monitoring (ITM) Top Talker listings.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example clears all Top Talker statistics:
#clear ip flow top-talkers

clear ip igmp group

Use the clear ip igmp group command to clear entries from the Internet Group Management Protocol
(IGMP) tables. If no address or interface is specified, all nonstatic IGMP groups are cleared with this
command. Variations of this command include:
clear ip igmp group

clear ip igmp group <multicast address>
clear ip igmp group <interface>
Syntax Description
<multicast address> Optional. Clears the IGMP tables of a specific multicast group IP address. The
multicast group IP address range is 244.0.0.0 to 239.255.255.255 or
224.0.0.0 /4.
<interface> Optional. Clears the IGMP tables of all interfaces of the specified type or a
specific interface of a particular type. Specify an interface in the format
<interface type [slot/port | slot/port.subinterface id | interface id | interface
id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for a T1
interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; for a PPP
interface, use ppp 1; for an ATM subinterface, use atm 1.1; and for a
wireless virtual access point, use dot11ap 1/1.1. Type clear ip igmp group
? for a list of valid interfaces.
Default Values
Command History
Release 9.1 Command was expanded to include the high-bit-rate digital subscriber line
(HDSL) and tunnel interfaces.
Ethernet interface.
Usage Examples
The following example clears all statistics from the IGMP tables for all nonstatic IGMP groups:
>enable
#clear ip igmp group

clear ip nhrp
Use the clear ip nhrp command to clear all Next Hop Resolution Protocol (NHRP) cache entries.
clear ip nhrp
clear ip nhrp <destination ipv4 address>
clear ip nhrp <number>
Syntax Description
<destination ipv4 address> Optional. Specifies that only cache entries matching this address are
cleared. Express IPv4 addresses in dotted decimal notation; for example,
10.10.10.1.
<number> Optional. Specifies that only cache entries matching the Generic Routing
Encapsulation (GRE) multipoint tunnel interface number are cleared. Valid
range is 1 to 1024.
Default Values
Command History
Usage Examples
The following example clears all NHRP cache entries:
>enable
#clear ip nhrp

clear ip ospf
Use the clear ip ospf command to reset Open Shortest Path First version 2 (OSPFv2) information.
clear ip ospf process

clear ip ospf redistribution
Syntax Description
process Restarts the OSPF process.
redistribution Refreshes routes redistributed over OSPF.
Default Values
Command History
Usage Examples
The following example resets the OSPF process:
>enable
#clear ip ospf process

clear ip policy-sessions
Use the clear ip policy-sessions command to clear Internet Protocol version 4 (IPv4) access control policy
(ACP) firewall sessions. You may clear all the IPv4 sessions or a specific session. Use the show ip
policy-sessions command to view a current IPv4 session listing. Variations of this command include:
clear ip policy-sessions
clear ip policy-sessions any-vrf
clear ip policy-sessions pending
clear ip policy-sessions <ipv4 acp name> [ahp | esp | gre | icmp | tcp | udp | <protocol>] <ipv4 source>
<source port> <ipv4 destination> <destination port>
clear ip policy-sessions <ipv4 acp name> [ahp | esp | gre | icmp | tcp | udp | <protocol>] <ipv4 source>
<source port> <ipv4 destination> <destination port> [destination | source] <nat ipv4 address>
<nat address port>
clear ip policy-sessions vrf <name>
clear ip policy-sessions vrf <name> <ipv4 acp name> [ahp | esp | gre | icmp | tcp | udp | <protocol>]
<ipv4 source> <source port> <ipv4 destination> <destination port>
clear ip policy-sessions vrf <name> <ipv4 acp name> [ahp | esp | gre | icmp | tcp | udp | <protocol>]
<ipv4 source> <source port> <ipv4 destination> <destination port> [destination | source]
<nat ipv4 address> <nat port>
Syntax Description
any-vrf Optional. Clears the current ACP associations for all virtual routing and
forwarding (VRF) instances.
pending Optional. Clears pending ACP associations that are waiting on unknown
traffic.
<ipv4 acp name> Optional. Specifies the IPv4 ACP from which to clear the firewall sessions.
ahp Specifies Authentication Header (AH) Protocol.
esp Specifies Encapsulating Security Payload (ESP) Protocol.
gre Specifies Generic Routing Encapsulation (GRE) Protocol.
icmp Specifies Internet Control Message Protocol (ICMP).
tcp Specifies Transmission Control Protocol (TCP).
udp Specifies User Datagram Protocol (UDP).
<protocol> Specifies a protocol. Valid range is 0 to 255.
<ipv4 source> Optional. Specifies the source IPv4 address. IPv4 addresses should be
<source port> Optional. Specifies the source port (in hex format AH, ESP, and GRE;
decimal for all other protocols).
<ipv4 destination> Optional. Specifies the destination IPv4 address. IPv4 addresses should be
<destination port> Optional. Specifies the destination port (in hex format for AH, ESP, and
GRE; decimal for all other protocols).
[destination | source] Optional. For network address translation (NAT) sessions, this specifies
whether to select a NAT source or NAT destination session.

<nat ipv4 address> Optional. For NAT sessions, this specifies the NAT IP address. IP
10.10.10.1).
<nat port> Optional. For NAT sessions, this specifies the NAT port (in hex format for
AH, ESP, and GRE; decimal for all other protocols).
vrf <name> Optional. Specifies the VRF instance to impact. Executing the above
mentioned commands without specifying a VRF will only affect the default
unnamed VRF.
Clearing pending ACP sessions may temporarily disrupt any applications that depend on
the presence of pending ACP sessions to allow the application traffic through the firewall.
Default Values
Command History
Release 17.1 Command was expanded to include the vrf and any-vrf parameters.
Release R10.1.0 Command was expanded to include the pending parameter.
Functional Notes
The second half of this command, beginning with the source IPv4 address, may be copied and pasted from
a row in the show ip policy-sessions table for easier use.
Usage Examples
The following example clears the Telnet association (TCP port 23) for an IPv4 policy class PCLASS1 with
source IPv4 address 192.22.71.50 and destination 192.22.71.130:
>enable
#clear ip policy-sessions PCLASS1 tcp 192.22.71.50 23 192.22.71.130 23
The following example clears all IPv4 policy class sessions for the VRF instance named RED:
>enable
#clear ip policy-sessions vrf RED

clear ip policy-stats
Use the clear ip policy-stats command to clear statistical counters for Internet Protocol version 4 (IPv4)
access control policies (ACPs). Variations of this command include:
clear ip policy-stats
clear ip policy-stats <ipv4 acp name>
clear ip policy-stats <ipv4 acp name> entry <number>
Syntax Description
<ipv4 acp name> Optional. Specifies the IPv4 ACP to clear. If no IPv4 ACP is specified, statistics
are cleared for all policies.
entry <number> Optional. Clears the statistics of a specific IPv4 ACP. Number range is 1 to
4294967295.
Default Values
Command History
Usage Examples
The following example clears statistical counters for all IPv4 ACPs:
>enable
#clear ip policy-stats
The following example clears statistical counters for the IPv4 ACP MatchALL:
>enable
#clear ip policy-stats MatchALL

clear ip prefix-list <name>

Use the clear ip prefix-list command to clear the IP prefix list hit count shown in the show ip prefix-list
detail command output. Refer to show ip prefix-list on page 768 for more information.
Syntax Description
<name> Clears the count statistics of the specified IP prefix list.
Default Values
Command History
Usage Examples
The following example clears the hit count statistics for prefix list test:
>enable
#clear ip prefix-list test

clear ip route
Use the clear ip route command to remove all learned routes from the IP route table. Static and connected
routes are not cleared by this command. The command can be limited to a specific virtual routing and
forwarding (VRF). Variations of this command include:
clear ip route *
clear ip route <ip address> <subnet mask>
clear ip route vrf <name> *
clear ip route vrf <name> <ip address> <subnet mask>
Syntax Description
* Deletes all destination routes.
<ip address> Specifies the IP address of the destination routes to be deleted. IP
10.10.10.1).
<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses
(network) or a specific host. Subnet masks can be expressed in dotted
decimal notation (for example, 255.255.255.0) or as a prefix length (for
example, /24).
vrf <name> Optional. Clears the IP route table for the specified VRF.
Default Values
Command History
Functional Notes
Usage Examples
The following example removes all learned routes from the route table:
>enable
#clear ip route *

The following example removes all learned routes from the route table on the VRF RED:
>enable
#clear ip route vrf RED *

clear ip route-cache express

Use the clear ip route-cache express command to remove all routes from the hardware forwarding table.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example clears all routes from the hardware forwarding table:
>enable
#clear ip route-cache express

clear ip security
Use the clear ip security command to clear all statistics associated with the security monitor. Variations of
clear ip security any-vrf threats

clear ip security monitor
clear ip security threats
clear ip security vrf <name> threats
Syntax Description
any-vrf threats Clears statistics on any available VRF on the device.
monitor Clears all statistics associated with the security monitor.
threats Clears the IP security threats list.
vrf <name> threats Clears statistics on the named VRF.
Default Values
Command History
Functional Notes
The clear ip security command is used to clear all statistics associated with the security monitor including
policy-stats and excluding timeline and virtual private network (VPN) statistics. The time of the clear is
saved.
Usage Examples
The following example clears threat statistics for the named VRF MyVRF:
>enable
#clear ip security vrf MyVRF threats

clear ip urlfilter statistics

Use the clear ip urlfilter statistics command to clear all statistics counters for uniform resource locator
(URL) filter requests and responses.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example clears all counters for URL filter requests and responses:
>enable
#clear ip urlfilter statistics

clear ip urlfilter top-websites

Use the clear ip urlfilter top-websites command to clear all statistics for top websites reporting.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example clears all statistics for top websites reporting:
>enable
#clear ip urlfilter top-websites

clear ipv6 access-list

Use the clear ip access-list command to clear all counters associated with all Internet Protocol version 6
(IPv6) access control lists (ACLs) or a specified IPv6 ACL. Variations of this command include:
clear ipv6 access-list

clear ipv6 access-list <ipv6 acl name>
Syntax Description
<ipv6 acl name> Optional. Specifies the name (label) of an IPv6 ACL to clear.
Default Values
Command History
Usage Examples
The following example clears all counters for the IPv6 ACL labeled MatchAll:
>enable
#clear ipv6 access-list MatchAll

clear ipv6 cache

Use the clear ipv6 cache command to clear all the Internet Protocol version 6 (IPv6) route cache entries in
a given virtual routing and forwarding (VRF) instance. Variations of this command include:
clear ipv6 cache

clear ipv6 cache counters
clear ipv6 cache vrf <name>
clear ipv6 cache vrf <name> counters
Syntax Description
counters Optional. Specifies that only the use-count statistics are cleared for each
IPv6 route cache entry.
vrf <name> Optional. Specifies a nondefault VRF instance on which to clear all the IPv6
route cache entries. If no VRF instance is specified, all entries on the default
VRF instance are cleared.
Default Values
Command History
Usage Examples
The following example clears all the IPv6 route cache entries on the default VRF instance:
>enable
#clear ipv6 cache

clear ipv6 dhcp binding

Use the clear ipv6 dhcp binding command to remove one or all of the Dynamic Host Control Protocol for
Internet Protocol version 6 (DHCPv6) server binding entries. Variations of this command include:
clear ipv6 dhcp binding *

clear ipv6 dhcp binding <ipv6 address>
clear ipv6 dhcp binding client-identifier <client DUID>
clear ipv6 dhcp binding vrf <name> *
clear ipv6 dhcp binding vrf <name> <ipv6 address>
clear ipv6 dhcp binding vrf <name> client-identifier <client DUID>
Syntax Description
* Clears all DHCPv6 server IPv6 address bindings.
<ipv6 address> Clears DHCPv6 server bindings for a single IPv6 address. IPv6
addresses should be expressed in colon hexadecimal format
(X:X:X:X::X), for example, 2001:DB8:1::1.
client-identifier <client DUID> Clears the DHCPv6 server bindings for a single DHCPv6 client. The
client DHCP unique identifier (DUID) is expressed as a hexadecimal
value.
vrf <name> Optional. specifies a nondefault virtual routing and forwarding (VRF)
instance from which to remove the binding entries. If no VRF instance is
specified, the binding entries are cleared on the default VRF instance.
Default Values
Command History
Usage Examples
The following example specifies that the DHCPv6 server bindings on the default VRF instance for all IPv6
addresses are cleared:
>enable
#clear ipv6 dhcp binding *

clear ipv6 dhcp client <interface>

Use the clear ipv6 dhcp client command to reinitialize the entire Dynamic Host Control Protocol for
Internet Protocol version 6 (DHCPv6) client on the specified interface. Using this command releases and
renews ALL parameters requested or assigned using DHCPv6 to this client. This includes addresses,
prefixes, and any other configuration information. Variations of this command include:
clear ipv6 dhcp client <interface>

clear ipv6 dhcp client mef-ethernet <slot/port>
clear ipv6 dhcp client system-control-evc
clear ipv6 dhcp client system-management-evc
Syntax Description
<interface> Specifies the client interface on which to reinitialize the DHCPv6
information. Specify interfaces in the format <interface type [slot/port |
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use atm
1.1. Type clear ipv6 dhcp client ? for a complete list of valid interfaces.
unit.
Default Values
Command History
Usage Examples
The following example reinitializes the entire client and all its associated information for the Ethernet 0/1
interface:
>enable
#clear ipv6 dhcp client ethernet 0/1

clear ipv6 dhcp conflict

Use the clear ipv6 dhcp conflict command to remove one or all of the Dynamic Host Control Protocol for
Internet Protocol version 6 (DHCPv6) server addresses that conflict. Variations of this command include:
clear ipv6 dhcp conflict *

clear ipv6 dhcp conflict <ipv6 address>
clear ipv6 dhcp conflict vrf <name> *
clear ipv6 dhcp conflict vrf <name> <ipv6 address>
Syntax Description
* Specifies that all IPv6 address conflicts are cleared.
<ipv6 address> Specifies that the conflicts for a single IPv6 address are cleared. IPv6
addresses should be expressed in colon hexadecimal format (X:X:X:X::X),
for example, 2001:DB8:1::1.
vrf <name> Optional. Specifies a nondefault virtual routing and forwarding (VRF)
instance from which to remove the conflicting address entries. If no VRF
instance is specified, the conflicting entries are cleared on the default VRF
instance.
Default Values
Command History
Usage Examples
The following example clears the DHCPv6 server conflict addresses on the default VRF instance for all
IPv6 addresses:
>enable
#clear ipv6 dhcp conflict *

clear ipv6 ffe

Use the clear ipv6 ffe command to manually clear Internet Protocol version 6 (IPv6) RapidRoute entries in
the fast forwarding engine (FFE) table. Variations of this command include:
clear ipv6 ffe

clear ipv6 ffe peak
clear ipv6 ffe <interface>
clear ipv6 ffe <interface> peak
clear ipv6 ffe system-control-evc
clear ipv6 ffe system-control-evc peak
clear ipv6 ffe system-management-evc
clear ipv6 ffe system-management-evc peak
Syntax Description
<interface> Optional. Specifies an ingress interface on which to clear all IPv6
RapidRoute entries. If no interface is specified, then all IPv6 RapidRoute
entries in the AOS device are cleared. Specify interfaces in the format
id.subinterface id]>. For example, for a T1 interface, use t1 0/1; for an
ATM subinterface, use atm 1.1. Type clear ip ffe? for a complete list of
valid interfaces.
peak Clears the RapidRoute peak entry count. If no interface is specified, the
peak entry counts for all interfaces are cleared.
unit.
Default Values
Command History
Release R10.5.0 Command was expanded to include the loopback interface.
Release R11.10.0 Command was expanded to include the peak parameter.

Usage Examples
The following example clears all IPv6 RapidRoute entries on the AOS device:
>enable
#clear ipv6 ffe
The following example clears the RapidRoute peak entry count for all interfaces:
>enable
#clear ipv6 ffe peak

clear ipv6 interfaces prefix

Use the clear ipv6 interfaces prefix command to clear Internet Protocol version 6 (IPv6) address prefix
information from a specified interface. Variations of this command include:
clear ipv6 interfaces <interface> prefix

clear ipv6 mef-ethernet <slot/port> prefix
clear ipv6 interfaces system-control-evc prefix
clear ipv6 interfaces system-management-evc prefix
Syntax Description
<interface> Specifies the interface on which to clear IPv6 address prefix information.
Specify interfaces in the <interface> <slot/port | interface id> format. For
example, to specify a Point-to-Point Protocol (PPP) interface, enter ppp 1.
Enter clear ipv6 interfaces ? for a list of available interfaces.
unit.
Default Values
Command History
Release R10.1.0 Command was expanded to include the tunnel interface.
Usage Examples
The following example specifies that all IPv6 address prefix information is cleared for the ethernet 0/1
interface:
>enable
#clear ipv6 interfaces ethernet 0/1 prefix

clear ipv6 mld traffic

Use the clear ipv6 mld traffic command to reset Internet Protocol version 6 (IPv6) Multicast Listener
Discovery (MLD) traffic counters to zero. Variations of this command include:
clear ipv6 mld traffic

clear ipv6 mld traffic vrf <name>
Syntax Description
instance on which to reset the MLD counters. If no VRF is specified, the
counters on the default VRF are reset.
Default Values
Command History
Usage Examples
The following example clears the MLD traffic counters on the default VRF:
>enable
#clear ipv6 mld traffic

clear ipv6 neighbors

Use the clear ipv6 neighbors command to clear dynamic entries from the Internet Protocol version 6
(IPv6) neighbor cache. Variations of this command include:
clear ipv6 neighbors <interface>

clear ipv6 neighbors <interface> <ipv6 address>
clear ipv6 neighbors <interface> statistics
clear ipv6 neighbors [mef-ethernet <slot/port> | system-control-evc | system-management-evc]
<ipv6 address>
statistics
clear ipv6 neighbors vrf <name>
clear ipv6 neighbors vrf <name> <ipv6 address>
clear ipv6 neighbors vrf <name> statistics
Syntax Description
<ipv6 address> Optional. Specifies that the neighbor cache entries for a specific IPv6
address are cleared. Specify IPv6 addresses in colon hexadecimal format
(X:X:X:X::X). For example, 2001:DB8:1::1. If no IPv6 address is specified,
all entries are cleared.
<interface> Optional. Specifies that the neighbor cache entries for a specific interface
are cleared. Specify interfaces in the <interface> <slot/port | interface id>
format. For example, to specify a Point-to-Point Protocol (PPP) interface,
enter ppp 1. If no interface is specified, all entries for all interfaces on the
virtual routing and forwarding (VRF) instance are cleared.
statistics Optional. Specifies that statistics for the neighbor cache and protocol
interaction are cleared.
unit.
vrf <name> Optional. Specifies that neighbor cache entries for a specific VRF instance
are cleared. If no VRF is specified, entries on the default unnamed VRF are
cleared.
Default Values
By default, if no options are specified, entering this command clears all neighbor cache entries on all
interfaces assigned to the default VRF.
Command History


Usage Examples
The following example clears all entries in the neighbor cache for the default VRF:
>enable
#clear ipv6 neighbors

clear ipv6 policy-sessions

Use the clear ipv6 policy-sessions command to clear Internet Protocol version 6 (IPv6) access control
policy (ACP) sessions from the firewall association database. Clearing a session typically terminates the
session’s communication, therefore this command should be used carefully, particularly if the session is
one used for access to the command line interface (CLI). You may clear all the IPv6 sessions or a specific
IPv6 session. Use the show ipv6 policy-sessions command to view a current IPv6 session listing.
clear ipv6 policy-sessions

clear ipv6 policy-sessions <ipv6 acp name> [ahp | esp | gre | <protocol>] <ipv6 source> [<interface>]
<ipv6 destination> [mef-ethernet <slot/port> | system-control-evc | system-management-evc]
clear ipv6 policy-sessions <ipv6 acp name> [tcp | udp] <ipv6 source> [<interface>] <source port>
<ipv6 destination> <destination port> [mef-ethernet <slot/port> | system-control-evc |
system-management-evc]
clear ipv6 policy-sessions <ipv6 acp name> icmpv6 <ipv6 source> [<interface>] <id>
<ipv6 destination> <type/code> [mef-ethernet <slot/port> | system-control-evc |
clear ipv6 policy-sessions any-vrf
clear ipv6 policy-sessions pending
clear ipv6 policy-sessions pending any-vrf
clear ipv6 policy-sessions pending <ipv6 acp name> [ahp | esp | gre | <protocol>] <ipv6 source>
[<interface>] <ipv6 destination> [mef-ethernet <slot/port> | system-control-evc |
clear ipv6 policy-sessions pending <ipv6 acp name> [tcp | udp] <ipv6 source> [<interface>] <source
port | unknown> <ipv6 destination> <destination port | unknown> [mef-ethernet <slot/port> |
system-control-evc | system-management-evc]
clear ipv6 policy-sessions pending <ipv6 acp name> icmpv6 <ipv6 source> [<interface>] <id>
clear ipv6 policy-sessions pending vrf <name> <ipv6 acp name> [tcp | udp] <ipv6 source>
[<interface>] <source port | unknown> <ipv6 destination> <destination port | unknown>
[mef-ethernet <slot/port> | system-control-evc | system-management-evc]
clear ipv6 policy-sessions vrf <name>
clear ipv6 policy-sessions vrf <name> <ipv6 acp name> [ahp | esp | gre | <protocol>] <ipv6 source>
[<interface>] <ipv6 destination> [mef-ethernet <slot/port> | system-control-evc |
clear ipv6 policy-sessions vrf <name> <ipv6 acp name> [tcp | udp | <protocol>] <ipv6 source>
[<interface>] <source port | unknown> <ipv6 destination> <destination port | unknown>
clear ipv6 policy-sessions vrf <name> <ipv6 acp name> icmpv6 <ipv6 source> [<interface>] <id>
Syntax Description
any-vrf Optional. Specifies that all sessions in all virtual routing and forwarding
(VRF) instances are cleared.

pending Optional. Specifies that any associations waiting on unknown traffic are
cleared.
<ipv6 acp name> Optional. Specifies the IPv6 ACP from which to clear the firewall sessions.
ahp Specifies Authentication Header (AH) Protocol.
esp Specifies Encapsulating Security Payload (ESP) Protocol.
gre Specifies Generic Routing Encapsulation (GRE) Protocol.
icmpv6 Specifies Internet Control Message Protocol (ICMP) version 6 (ICMPv6).
unit.
tcp Specifies Transmission Control Protocol (TCP).
udp Specifies User Datagram Protocol (UDP).
<protocol> Specifies a protocol. Valid range is 0 to 255.
<ipv6 source> Specifies the source IPv6 address. IPv6 addresses should be expressed in
colon hexadecimal notation (X:X:X:X::X). For example, 2001:DB8:1::1.
<source port> Specifies the source port for TCP and UDP sessions. Range is 0 to 65535.
<ipv6 destination> Specifies the destination IPv6 address. IPv6 addresses should be
expressed in colon hexadecimal notation (X:X:X:X::X). For example,
2001:DB8:1::1.
<destination port> Specifies the destination port for TCP and UDP sessions. Range is 0 to
65535.
<interface> Specifies the interface when a link-local IPv6 address is entered (addresses
beginning with FE80::). Interfaces must be entered when using a link-local
address. Specify interfaces in the <interface> <slot/port | interface id>
enter ppp 1.
<id> Specifies the ICMPv6 ID. Valid range is 0 to 65535.
<type/code> Specifies the type and code of the ICMPv6 session to be cleared. Type and
code ranges are 0 to 255.
unknown Specifies that the source or destination port is unknown.
vrf <name> Optional. Specifies the VRF instance to impact. Executing the above
mentioned commands without specifying a VRF will only affect the default
unnamed VRF.
Default Values
Command History

Release R10.1.0 Command was expanded to include the tunnel interface and the pending
parameter.
Release R10.7.0 Command was expanded to include the unknown parameter.
Release R10.10.0 Command was expanded to include the system-control-evc and
Release R13.7.0 Command was expanded to include the Gigabit Ethernet and virtual local
area network (VLAN) interfaces.
Functional Notes
The second half of this command, beginning with the source IPv6 address, can be copied and pasted from
a row in the show ipv6 policy-sessions table for easier use.
Usage Examples
The following example clears the Telnet association (TCP port 23) for IPv6 ACP pclass1 with source IPv6
address FE80::2AO:C8FF:FE61:3082 and destination IPv6 address 2003::2AO:C8FF:FE61:3084.
Because the source IPv6 address is a link-local address (FE80::), the appropriate interface (in this case
ethernet 0/1) must be entered after the source IPv6 address. Enter the command as follows:
>enable
#clear ipv6 policy-sessions pclass1 tcp FE80::2AO:C8FF:FE61:3082 ethernet 0/1
2003::2AO:C8FF:FE61:3084
The following example clears all IPv6 policy class sessions for the VRF instance named RED:
>enable
#clear ipv6 policy-sessions vrf RED

clear ipv6 policy-stats

Use the clear ipv6 policy-stats command to clear statistical counters for IPv6 access control policies
(ACPs). Variations of this command include:
clear ipv6 policy-stats

clear ipv6 policy-stats <ipv6 acp name>
clear ipv6 policy-stats <ipv6 acp name> entry <number>
Syntax Description
<ipv6 acp name> Optional. Specifies the IPv6 ACP statistics to clear. If no IPv6 ACP is specified,
statistics are cleared for all IPv6 ACPs.
entry <number> Optional. Specifies only a specific entry within the IPv6 ACP is cleared.
Number range is 1 to 4294967295.
Default Values
Command History
Usage Examples
The following example clears statistical counters for all IPv6 ACPs:
>enable
#clear ipv6 policy-stats
The following example clears statistical counters for the IPv6 ACP MatchALL:
>enable
#clear ipv6 policy-stats MatchALL
The following example clears statistical counters for the 6th entry in the IPv6 ACP MatchALL:
>enable
#clear ipv6 policy-stats MatchALL entry 6

clear ipv6 prefix-list <name>

Use the clear ipv6 prefix-list command to clear statistics associated with the Internet Protocol version 6
(IPv6) prefix list.
Syntax Description
<name> Clears the hit count statistics of the specified IPv6 prefix list.
Default Values
Command History
Usage Examples
The following example clears the hit count statistics for the IPv6 prefix list TEST1:
>enable
#clear ipv6 prefix-list TEST1

clear ipv6 routers

Use the clear ipv6 routers command to clear the Internet Protocol version 6 (IPv6) list of routers learned
from router advertisement (RA) messages from locally reachable routers. Variations of this command
include:
clear ipv6 routers <interface>

clear ipv6 routers <interface> conflict
clear ipv6 routers [system-control-evc | system-management-evc]
clear ipv6 routers [system-control-evc | system-management-evc] conflict
clear ipv6 routers vrf <name>
clear ipv6 routers vrf <name> conflict
Syntax Description
<interface> Optional. Specifies an interface from which to clear the learned router list. If
no interface is specified, learned routers on all interfaces of the virtual
routing and forwarding (VRF) are cleared. Specify interfaces in the
<interface> <slot/port | interface id> format. For example, to specify a
Point-to-Point Protocol (PPP) interface, enter ppp 1. Enter clear ipv6
routers ? for a list of available interfaces.
conflict Optional. Specifies that learned routers with misconfigurations are cleared
from locally reachable routers.
unit.
vrf <name> Optional. Specifies a VRF on which to clear learned routers. If no VRF is
specified, learned routers for all interfaces on the default VRF are cleared.
Default Values
By default, all learned routers from all interfaces on the default VRF are cleared when no options are
specified.
Command History
Usage Examples
The following example specifies that learned routers are cleared from all interfaces on the default VRF:
>enable
#clear ipv6 routers

clear lldp counters interface <interface>

Use the clear lldp counters interface command to reset all Link Layer Discovery Protocol (LLDP) packet
counters to zero on all interfaces.
Syntax Description
<interface> Clears the information for the specified interface. Specify an interface in the
wireless virtual access point, use dot11ap 1/1.1. Type clear lldp counters
Default Values
Command History
Ethernet interface.
Release A5.01 Command was expanded to include the Gigabit Ethernet and gigabit
switchport interfaces.
Usage Examples
The following example resets all LLDP counters:
>enable
#clear lldp counters interface

clear lldp neighbors

Use the clear lldp neighbors command to remove all neighbors from this unit’s database. As new Link
Layer Discovery Protocol (LLDP) frames are received, the database will contain information about
neighbors included in those frames.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
This command generates output indicating the names of any neighbors deleted from the database and the
name of the interface on which the neighbor was learned.
Usage Examples
The following example clears LLDP neighbor Switch_1 from the Ethernet interface 0/7:
>enable
#clear lldp neighbors
LLDP: Deleted neighbor “Switch_1” on interface eth 0/7
#

clear mac address-table

Use the clear mac address-table command to remove medium access control (MAC) addresses from the
MAC address table. Variations of this command include:
clear mac address-table

clear mac address-table <interface>
Syntax Description
<interface> Optional. Removes the MAC address of the specified interface. Specify an
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For
1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type clear
mac address-table interface ? for a complete list of applicable interfaces.
Default Values
Command History
Usage Examples
The following example removes the MAC address of a Gigabit Ethernet interface from the MAC address
table:
>enable
#clear mac address-table gigabit-ethernet 0/1

clear mac address-table dynamic

Use the clear mac address-table dynamic command to remove dynamic medium access control (MAC)
addresses from the MAC address table. Variations of this command include:
clear mac address-table dynamic <interface>

clear mac address-table dynamic address <mac address>
Syntax Description
<interface> Removes the MAC address of the specified interface. Specify an interface
in the format <interface type [slot/port | slot/port.subinterface id | interface id
| interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for
wireless virtual access point, use dot11ap 1/1.1. Type clear mac
address-table dynamic interface ? for a complete list of applicable
interfaces.
address <mac address> Removes a specific MAC address from the table. MAC addresses should
be expressed in the following format xx:xx:xx:xx:xx:xx (for example,
00:A0:C8:00:00:01).
Default Values
Command History
Usage Examples
The following example removes the dynamic address A0:B1:C2:D3:E4:A1 from the MAC address table:
>enable
#clear mac address-table dynamic address A0:B1:C2:D3:E4:A1
The following example removes all dynamic addresses from the MAC address table:
>enable
#clear mac address-table dynamic

clear mac address-table multicast

Use the clear mac address-table multicast command to clear all entries in the multicast address
resolution lookup (ARL) table or filter the entries based on certain criteria. Variations of this command
include:
clear mac address-table multicast

clear mac address-table multicast igmp-snooping
clear mac address-table multicast user
clear mac address-table multicast vlan <vlan id>
clear mac address-table multicast vlan <vlan id> igmp-snooping
clear mac address-table multicast vlan <vlan id> user
Syntax Description
igmp-snooping Optional. Clears entries in the multicast ARL table that were added
dynamically (via IGMP snooping).
user Optional. Clears entries in the multicast ARL table that were added statically
(by the user).
vlan <vlan id> Optional. Clears entries in the multicast ARL table based on virtual local
area network (VLAN).
Default Values
Command History
Usage Examples
The following example removes the entries in the multicast ARL table for VLAN 200:
>enable
#clear mac address-table multicast vlan 200

clear mail-client body <agent name>

Use the clear mail-client body command to clear the body text of the pending email message for a specific
mail agent.
Syntax Description
<agent name> Specifies which mail agent body text is cleared.
Default Values
Command History
Usage Examples
The following example clears pending email body text for mail agent myagent:
>enable
#clear mail-client body myagent

clear mail-client counters

Use the clear mail-client counters command to clear all statistical counters associated with all mail
agents. Variations of this command include:
clear mail-client counters

clear mail-client counters <agent name>
Syntax Description
<agent name> Optional. Specifies that only a specific mail agent’s counters are cleared.
Default Values
Command History
Usage Examples
The following example clears all counters for all configured mail agents:
>enable
#clear mail-client counters

clear network-forensics ip dhcp

Use the clear network-forensics ip dhcp command to remove the Dynamic Host Configuration Protocol
(DHCP) statistics for clients connected to the network. Statistics can be cleared for a single client or for all
clients. Variations of this command include:
clear network-forensics ip dhcp

clear network-forensics ip dhcp hostname <hostname>
clear network-forensics ip dhcp interface gigabit-switchport <slot/port>
clear network-forensics ip dhcp ip <ip address>
clear network-forensics ip dhcp mac <mac address>
clear network-forensics ip dhcp vlan <vlan id>
Syntax Description
hostname <hostname> Optional. Clears statistics for the client with the specified host
name.
interface gigabit-switchport <slot/port> Optional. Clears statistics for the client using the specified
interface.
ip <ip address> Optional. Clears the statistics for the client with the specified
IP address. IP addresses should be expressed in dotted
mac <mac address> Optional. Clears the statistics for the client with the specified
medium access control (MAC) address. MAC addresses
should be expressed in the following format: xx:xx:xx:xx:xx:xx
(for example, 00:A0:C8:00:00:01).
vlan <vlan id> Optional. Clears the statistics for the client with the specified
virtual local area network (VLAN) identification number.
VLAN IDs range from 1 to 4094.
Default Values
Command History
Usage Examples
The following example clears all collected DHCP statistics for all clients:
>enable
#clear network-forensics ip dhcp

The following example clears all collected DHCP statistics for the client with the MAC address
00:A0:C8:00:00:01:
>enable
#clear network-forensics ip dhcp mac 00:A0:C8:00:00:01

clear network-sync
Use the clear network-sync command to clear network synchronization (Network Sync) related
information from the unit’s configuration. Variations of this command include:
clear network-sync
clear network-sync info
Syntax Description
info Optional. Specifies that all Network Sync statistical information is cleared.
Default Values
Command History
Usage Examples
The following example clears all statistical information for Network Sync:
>enable
#clear network-sync info

clear ntp
Use the clear ntp command to restart the Network Time Protocol (NTP) daemon.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example restarts the NTP daemon:
>enable
#clear ntp

clear ospfv3
Use the clear ospfv3 command to reset and restart specific Open Shortest Path First version 3 (OSPFv3)
processes, and to refresh routes distributed into OSPFv3 processes. Variations of this command include:
clear ospfv3 <process id> process

clear ospfv3 <process id> redistribution
clear ospfv3 process
clear ospfv3 redistribution
Syntax Description
<process id> Optional. Restarts or resets the specified OSPFv3 process, or refreshes
routes distributed only to the specified process.
process Specifies that all OSPFv3 processes are reset and restarted.
redistribution Specifies that all routes distributed into OSPFv3 processes are refreshed.
Default Values
Command History
Usage Examples
The following example resets and restarts OSPFv3 process 5:
>enable
#clear ospfv3 5 process
The following example refreshes all routes distributed into OSPFv3 processes:
>enable
#clear ospfv3 redistribution

clear performance-statistics
Use the clear performance-statistics command to clear the performance monitoring statistics on a
particular interface or Ethernet virtual connection (EVC). Variations of this command include:
clear performance-statistics evc <name>

clear performance-statistics <interface>
Syntax Description
evc <name> Specifies an EVC on which to clear the performance statistics.
<interface> Specifies the interface on which to clear the performance statistics. Specify
an interface in the format <interface type [slot/port | slot/port.subinterface id
| interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For
1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type clear
performance-statistics ? for a complete list of applicable interfaces.
Default Values
Command History
line (VDSL).
Release R11.5.0 Command was expanded to include the EVC option.
Usage Examples
The following example clears all performance statistics on the Ethernet subinterface 1/1.1:
>enable
#clear performance-statistics ethernet 1/1.1

clear port-security
Use the clear port-security command to clear the dynamic or sticky secure medium access control (MAC)
addresses associated with an interface. This can be done on a per-address or per-port basis. Variations of
this command include the following:
clear port-security dynamic address <mac address>

clear port-security dynamic interface <interface>
clear port-security sticky address <mac address>
clear port-security sticky interface <interface>
Syntax Description
dynamic Clears the dynamic MAC addresses.
sticky Clears the sticky secure MAC addresses.
address <mac address> Clears the information for the specified MAC address. MAC addresses
should be expressed in the following format xx:xx:xx:xx:xx:xx (for example,
00:A0:C8:00:00:01).
interface <interface> Clears the information for the specified interface. Specify an interface in the
wireless virtual access point, use dot11ap 1/1.1. Type clear port-security
sticky interface ? or clear port-security dynamic interface ? for a
complete list of applicable interfaces.
Default Values
Command History
Usage Examples
The following command clears all dynamic secure MAC addresses associated with the Ethernet interface
0/1:
>enable
#clear port-security dynamic interface eth 0/1

clear port-security violation-count <interface>

Use the clear port-security violation-count command to clear the violation count associated with a
particular interface.
Syntax Description
<interface> Clears the information for the specified Ethernet interface. Specify an
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type
clear port-security violation-count interface ? for a complete list of
applicable interfaces.
Default Values
Command History
Usage Examples
The following command clears the violation count associated with the Ethernet interface 0/1:
>enable
#clear port-security violation-count eth 0/1

clear pppoe
Use the clear pppoe command to terminate the current Point-to-Point Protocol over Ethernet (PPPoE)
client session and cause AOS to attempt to re-establish the session. Variations of this command include:
clear pppoe <interface>

clear pppoe system-control-evc
Syntax Description
<interface> Specifies the Point-to-Point Protocol (PPP) interface ID number to clear.
Specify an interface in the format <interface type [slot/port |
dot11ap 1/1.1. Type clear pppoe ? for a complete list of valid interfaces.
Default Values
Command History
Release R.10.10.0 Command was expanded to include the system-control-evc parameter.
Usage Examples
The following example ends the current PPPoE client session for ppp 1:
>enable
#clear pppoe 1

clear probe responder

Use the clear probe responder command to remove entries from the probe responders. Variations of this
command include:
clear probe responder counters

clear probe responder icmp-timestamp counters
clear probe responder twamp counters
clear probe responder udp-echo counters
Syntax Description
counters Clears the probe responder counters.
icmp-timestamp Clears the Internet Control Message Protocol (ICMP) timestamp probe
responder counters.
twamp Clears the Two-Way Active Measurement Protocol (TWAMP) probe
responder counters.
udp-echo Clears the User Datagram Protocol (UDP) echo probe responder counters.
Default Values
Command History
Usage Examples
The following example removes the TWAMP responder counters:
>enable
#clear probe responder twamp counters

clear processes cpu max

Use the clear processes cpu max command to clear the maximum CPU usage statistic, which is displayed
in the show process cpu command output.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example resets the CPU maximum usage statistics:
>enable
#clear processes cpu max

clear processes queue

Use the clear processes queue command to clear the contents of the system processing queues.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example clears the contents of the system processing queues:
>enable
#clear processes queue

clear qos map

Use the clear qos map command to clear the statistics for all defined quality of service (QoS) maps or for
maps meeting user-configured specifications. Variations of this command include the following:
clear qos map

clear qos map <name>
clear qos map <name> default
clear qos map <name> <number>
clear qos map interface <interface>
clear qos map interface efm-group <group id>
Syntax Description
<name> Optional. Clears the statistics of a defined QoS map.
<number> Optional. Clears the statistics for one of the map’s specified sequence
numbers.
default Optional. Clears the default QoS map entry.
efm-group <group id> Specifies an Ethernet in the first mile (EFM) group ID. Range is 1 to 1024.
interface <interface> Optional. Clears QoS map statistics for the specified interface. Specify an
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1.Type
clear qos map interface ? for a complete list of applicable interfaces.
Default Values
Command History
Ethernet interface.
Release A5.01 Command was expanded to include the default parameter and Ethernet
interface.
Release R11.1.0 Command was expanded to include the system control Ethernet virtual
connection (EVC) and system management EVC.
Release R11.4.0 Command was expanded to include the EFM group.

Usage Examples
The following example clears statistics for all defined QoS maps:
#clear qos map
The following example clears statistics for all entries in the priority QoS map:
#clear qos map priority
The following example clears statistics in entry 10 of the priority QoS map:
#clear qos map priority 10
The following example clears QoS statistics for a specified interface:
#clear qos map interface frame-relay 1
The clear counters command clears ALL interface statistics (including QoS map interface
statistics).

clear relay
Use the clear relay command to reset the door contact relay.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example resets the door contact relay:
>enable
#clear relay

clear route-map counters

Use the clear route-map counters command to reset route map hit counters. Variations of this command
include:
clear route-map counters

clear route-map counters <name>
Syntax Description
<name> Optional. Clears the counters for the specified route map.
Default Values
Command History
Usage Examples
The following example clears all route map counters:
>enable
#clear route-map counters

clear rtp quality-monitoring

Use the clear rtp quality-monitoring command to clear all voice quality monitoring (VQM) statistics or
only VQM statistics from the call history or a particular interface. Variations of this command include:
clear rtp quality-monitoring

clear rtp quality-monitoring call-history
clear rtp quality-monitoring interface <interface>
Syntax Description
call-history Optional. Removes call statistics from the call history only.
interface <interface> Optional. Clears all interface VQM statistics for the specified interface.
Specifies an interface in the format <interface type [slot/port |
dot11ap 1/1.1. Type clear ip rtp quality-monitoring interface ? for a valid
list of interfaces.
Default Values
Command History
Ethernet interface.
Release R10.8.0 Command syntax was changed to remove the ip keyword.
Usage Examples
The following example clears all VQM statistics from the call history:
>enable
#clear rtp quality-monitoring call-history

clear rtp quality-monitoring reporter

Use the clear rtp quality-monitoring reporter command to clear all statistics associated with all
configured voice quality monitoring (VQM) reporters. Variations of this command include:
clear rtp quality-monitoring reporter

clear rtp quality-monitoring reporter <name>
Syntax Description
<name> Optional. Clears statistics for only the specified VQM reporter.
Default Values
Command History
Usage Examples
The following example clears only the statistics associated with VQM reporter Reporter1:
>enable
#clear rtp quality-monitoring reporter Reporter1

clear sip location <username>

Use the clear sip location command to clear Session Initiation Protocol (SIP) location database statistics.
clear sip location *

clear sip location <username>
Syntax Description
* Clears all SIP location database statistics.
<username> Clears the statistics for the specified user name.
Default Values
Command History
Usage Examples
The following example deletes all dynamic location entries:
>enable
#clear sip location *

clear sip resources

Use the clear sip resources command to clear the counters for Session Initiation Protocol (SIP) resources
currently in use. Refer to show sip on page 995 for information about using the show sip resources
command to display the current SIP resource information.
Syntax Description
No subcommands.
Default Values
Command History
Release 17.9 Command was introduced for AOS data products.
Release A4.01 Command was included for AOS voice products.
Usage Examples
The following example clears SIP server resource counters:
>enable
#clear sip resources

clear sip secure remote-user

Use the clear sip secure remote-user command to clear statistics for Session Initiation Protocol (SIP)
security remote user blacklist entries and dropped requests. If you do not specify the IPv4 address for the
blacklist item to clear, all blacklist items are cleared. Refer to show sip secure remote-user on page 1001
for information about using the show sip secure command to display the current SIP security remote user
statistics. Variations of this command include:
clear sip secure remote-user blacklist

clear sip secure remote-user blacklist <ipv4 address>
clear sip secure remote-user dropped-requests
Syntax Description
blacklist Optional. Displays UDP SIP security blacklist entries.
<ipv4 address> Optional. Specifies a valid IPv4 address. IPv4 addresses should be
dropped-requests Optional. Displays UDP SIP security dropped requests due to failed
authentication attempts.
Default Values
Command History
Usage Examples
The following example clears all entries from the SIP security remote user blacklist table:
>enable
#clear sip secure remote-user blacklist

clear sip tls session

Use the clear sip tls session command to clear statistics for active Session Initiation Protocol (SIP)
Transport Layer Security (TLS) sessions. Variations of this command include:
clear sip tls session *

clear sip tls session <session ID>
Syntax Description
* Specifies that statistics for all TLS sessions are cleared.
<session ID> Specifies that statistics for the individual TLS session are cleared. The
session ID value can be determined using the command show tls sessions
on page 1048.
Default Values
Command History
Usage Examples
The following example clears statistics for all TLS sessions:
>enable
#clear sip tls session *

clear sip trunk-registration

Use the clear sip trunk-registration command to clear local Session Initiation Protocol (SIP) registration
information for one or more trunks. Variations of this command include:
clear sip trunk-registration

clear sip trunk-registration <Txx>
clear sip trunk-registration <Txx> <trunk id>
Syntax Description
<Txx> Optional. Specifies the trunk to clear using its two-digit identifier (for
example, T01).
<trunk id> Optional. Clears the registration information for the specified trunk.
Default Values
Command History
Usage Examples
The following example clears SIP registration information for trunk 01:
>enable
#clear sip trunk-registration T01

clear sip user-registration

Use the clear sip user-registration command to clear local Session Initiation Protocol (SIP) server
registration information.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example clears all SIP server registration information:
>enable
#clear sip user-registration

clear spanning-tree counters

The clear spanning-tree counters command clears the following counts: bridge protocol data unit
(BPDU) transmit, BPDU receive, and number of transitions to forwarding state. Variations of this
command include:
clear spanning-tree counters

clear spanning-tree counters interface <interface>
Syntax Description
interface <interface> Optional. Specifies a single interface. Specify an interface in the format
wireless virtual access point, use dot11ap 1/1.1. Type clear spanning-tree
counters ? for a complete list of interfaces.
Default Values
Command History
Ethernet interface.
Usage Examples
The following example clears the spanning tree counters for Ethernet 0/10:
>enable
#clear spanning-tree counters interface eth 0/10

clear spanning-tree detected-protocols

Use the clear spanning-tree detected-protocols command to restart the protocol migration process.
clear spanning-tree detected-protocols

clear spanning-tree detected-protocols interface <interface>
Syntax Description
interface <interface> Optional. Specifies a valid interface to clear. Specify an interface in the
wireless virtual access point, use dot11ap 1/1.1. Type clear spanning-tree
detected-protocols interface ? for a complete list of applicable interfaces.
Default Values
Command History
Ethernet interface.
Functional Notes
The switch has the ability to operate using the rapid spanning-tree protocol or the legacy 802.1D version of
spanning-tree. When a bridge protocol data unit (BPDU) of the legacy version is detected on an interface,
the switch automatically regresses to using the 802.1D spanning-tree protocol for that interface. Issue the
clear spanning-tree detected-protocols command to return to rapid spanning-tree operation.
Usage Examples
The following example re-initiates the protocol migration process on Ethernet interface 0/3:
>enable
#clear spanning-tree detected-protocols interface ethernet 0/3
The following example re-initiates the protocol migration process on all interfaces:
>enable
#clear spanning-tree detected-protocols

clear ssh port-forward

Use the clear ssh port-forward command to remove a previously defined secure shell (SSH) port
forwarding. Variations of this command include:
clear ssh port-forward <port-forward port> <url>

clear ssh port-forward <port-forward port> <url> myprivkey dsa
clear ssh port-forward <port-forward port> <url> password <password>
clear ssh port-forward <port-forward port> <url> port <port>
clear ssh port-forward <port-forward port> <url> port <port> myprivkey dsa
clear ssh port-forward <port-forward port> <url> port <port> password <password>
clear ssh port-forward <port-forward port> <url> port <port> privkey <filename>
clear ssh port-forward <port-forward port> <url> privkey <filename>
Syntax Description
<port-forward port> Specifies the forwarded port on the local unit.
<url> Specifies the uniform resource locator (URL) of the far end listening
address. The format of the URL string must be user@server:remote-port,
for example, MGARCIA@10.10.10.1:7000. Optionally, you may include the
IP address of an interface on the remote machine using the format
user@server:remote-port:FarEndListenAddress, for example,
MGARCIA@10.10.10.1:7000:10.10.10.2.
myprivkey dsa Optional. Specifies to use the AOS unit’s digital signature algorithm (DSA)
private key for SSH authentication.
password <password> Optional. Specifies a password to use for SSH authentication.
port <port> Optional. Specifies a port to use for underlying SSH protocol instead of the
default SSH port 22. Valid range is 1 to 65535.
privkey <filename> Optional. Specifies a private key file to use for SSH authentication.
Default Values
Command History
Usage Examples
The following example removes the forward of port 22 on the AOS device for user MGARCIA using port
7000 on device 10.10.10.1:
>enable
#clear ssh port-forward 22 MGARCIA@10.10.10.1:7000 password PASSWORD

clear tacacs+ statistics

Use the clear tacacs+ statistics command to delete all terminal access controller access-control system
plus (TACACS+) protocol statistics.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example clears all TACACS+ protocol statistics:
>enable
#clear tacacs+ statistics

clear user
Use the clear user command to detach a user from a given line. Variations of this command include:
clear user console <number>

clear user ssh <number>
clear user telnet <number>
Syntax Description
console <number> Detaches a specific console user. Valid range is 0 to 1.
ssh <number> Detaches a specific secure shell (SSH) user. Valid range is 0 to 4.
telnet <number> Detaches a specific Telnet user. Valid range is 0 to 5.
Default Values
Command History
Usage Examples
The following example detaches the console 1 user:
>enable
#clear user console 1

clear voice logging smdr

Use the clear voice logging smdr command to clear the local station messaging detail record (SMDR) log.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example clears the SMDR log:
>enable
#clear voice logging smdr

clear voice queue <extension>

Use the clear voice queue command to reset statistics for all call queues or the specified call queue.
Syntax Description
<extension> Indicates the extension of the call queue.
Default Values
Command History
Usage Examples
The following example resets the statistics on the call queue on extension 6407:
>enable
#clear voice queue 6407

clear vrrp counters

Use the clear vrrp counters command to clear the Virtual Router Redundancy Protocol (VRRP) statistics.
The following are variations of this command:
clear vrrp counters

clear vrrp counters interface <interface>
clear vrrp counters interface <interface> group <number>
Syntax Description
interface <interface> Optional. Clears all VRRP statistics on the specified interface. Specify an
example, for an Ethernet subinterface, use eth 0/1.1; for a PPP interface,
use ppp 1; for an ATM subinterface, use atm 1.1; and for a wireless virtual
access point, use dot11ap 1/1.1. Type clear vrrp counters interface ? for
a complete list of valid interfaces.
group <number> Optional. Clears all VRRP statistics for the specified group on the specified
interface. Group numbers range from 1 to 255.
Default Values
Command History
Ethernet interface.
Functional Notes
Although VRRP group virtual router IDs (VRIDs) can be numbered between 1 and 255, only two VRRP
routers per interface are supported.
Usage Examples
The following example clears all VRRP group statistics on all interfaces:
>enable
#clear vrrp counters

clear vrrpv3 counters

Use the clear vrrpv3 counters command to clear all Virtual Router Redundancy Protocol version 3
(VRRPv3) statistics. Variations of this command include:
clear vrrpv3 counters

clear vrrpv3 counters interface <interface>
clear vrrpv3 counters interface <interface> group <vrid>
clear vrrpv3 counters ipv4
clear vrrpv3 counters ipv6
Syntax Description
interface <interface> Optional. Clears all VRRPv3 statistics on the specified interface. Specify an
access point, use dot11ap 1/1.1. Type clear vrrpv3 counters interface ?
for a complete list of valid interfaces.
group <vrid> Optional. Clears all VRRPv3 statistics for the specified group virtual router
ID (VRID) on the specified interface. Group VRIDs range from 1 to 255.
ipv4 Optional. Clears all VRRPv3 statistics for the IPv4 address family.
ipv6 Optional. Clears all VRRPv3 statistics for the IPv6 address family.
Default Values
Command History
Release R10.11.0 Command was expanded to include the ipv4 and ipv6 parameters.
Functional Notes
Although VRRPv3 group VRIDs can be numbered between 1 and 255, only two VRRPv3 routers per
interface per IP version are supported.
Usage Examples
The following example clears all VRRPv3 group statistics on all interfaces:
>enable
#clear vrrpv3 counters

clear vxlan host

Use the clear vxlan host command to clear the remote host entries learned from the virtual extensible local
area network (VxLAN) peers. Variations of this command include:
clear vxlan host <mac address>

clear vxlan host tunnel <interface id>
clear vxlan host vni <number>
Syntax Description
<mac address> Clears host entries with the specified mac address. MAC addresses should
be expressed in the following format: xx:xx:xx:xx:xx:xx (for example,
00:A0:C8:00:00:01).
tunnel <interface id> Clears host entries with the specified tunnel interface. Valid interface range
is 1 to 1024.
vni <number> Clears host entires with the specified VxLAN network ID (VNI). Valid range
is 1 to 677215.
Default Values
Command History
Usage Examples
The following example clears the remote host entries for MAC address 00:A0:C8:00:00:01:
>enable
#clear vxlan host 00:A0:C8:00:00:01

clock auto-correct-dst
The clock auto-correct-dst command allows the automatic one-hour correction for daylight savings time
(DST). Use the clock no-auto-correct-dst command to disable this feature.
Syntax Description
No subcommands.
Default Values
By default, this command is enabled.
Command History
Usage Examples
The following example allows for automatic DST correction:
>enable
#clock auto-correct-dst

clock no-auto-correct-dst
The clock no-auto-correct-dst command allows you to override the automatic one-hour correction for
daylight savings time (DST).
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Many time zones include an automatic one-hour correction for daylight savings time at the appropriate
time. You may override it at your location using this command.
Usage Examples
The following example overrides the one-hour offset for DST:
>enable
#clock no-auto-correct-dst


Use the clock set command to configure the system software clock. For the command to be valid, all fields
must be entered. Refer to the Usage Examples below for an example.
Syntax Description
<time> Sets the time (in 24-hour format) of the system software clock in the format
hours:minutes:seconds (HH:MM:SS).
<day> Sets the current day of the month. Valid range is 1 to 31.
<month> Sets the current month. Valid range is January to December. You need only
enter enough characters to make the entry unique. This entry is not case
sensitive.
<year> Sets the current year. Valid range is 2000 to 2100.
Default Values
Command History
Usage Examples
The following example sets the system software clock for 3:42 p.m., August 22, 2004:
>enable
#clock set 15:42:00 22 Au 2004

clock timezone <value>

The clock timezone command sets the unit’s internal clock to the time zone of your choice. This setting is
based on the difference in time (in hours) between Greenwich Mean Time (GMT) or Central Standard
Time (CST) and the time zone for which you are setting up the unit. Use the no form of this command to
disable this feature.
Syntax Description
<value> Clock time zone values are specified in the Functional Notes section for this
command.
Default Values
Command History
Release 11.1 Command was expanded to include the clock timezone 0.
clock timezone +1-Amsterdam clock timezone +3:30

clock timezone +1-Belgrade clock timezone +4-Abu-Dhabi
clock timezone +1-Brussels clock timezone +4-Baku
clock timezone +1-Sarajevo clock timezone +4:30
clock timezone +1-West-Africa clock timezone +5-Ekaterinburg
clock timezone +10-Brisbane clock timezone +5-Islamabad
clock timezone +10-Canberra clock timezone +5:30
clock timezone +10-Guam clock timezone +5:45
clock timezone +10-Hobart clock timezone +6-Almaty
clock timezone +10-Vladivostok clock timezone +6-Astana
clock timezone +11 clock timezone +6-Sri-Jay
clock timezone +12-Auckland clock timezone +6:30
clock timezone +12-Fiji clock timezone +7-Bangkok
clock timezone +13 clock timezone +7-Kranoyarsk
clock timezone +2-Athens clock timezone +8-Bejing
clock timezone +2-Bucharest clock timezone +8-Irkutsk
clock timezone +2-Cairo clock timezone +8-Kuala-Lumpur
clock timezone +2-Harare clock timezone +8-Perth
clock timezone +2-Helsinki clock timezone +8-Taipei
clock timezone +2-Jerusalem clock timezone +9-Osaka
clock timezone +3-Baghdad clock timezone +9-Seoul
clock timezone +3-Kuwait clock timezone +9-Yakutsk
clock timezone +3-Moscow clock timezone +9:30-Adelaide
clock timezone +3-Nairobi clock timezone +9:30-Darwin

Functional Notes
The following list shows sample cities and their time zone codes.
clock timezone -1-Azores clock timezone -5-Bogota
clock timezone -1-Cape-Verde clock timezone -5-Eastern-Time
clock timezone -10 clock timezone -6-Central-America
clock timezone -11 clock timezone -6-Central-Time
clock timezone -12 clock timezone -6-Mexico-City
clock timezone -2 clock timezone -6-Saskatchewan
clock timezone -3-Brasilia clock timezone -7-Arizona
clock timezone -3-Buenos-Aires clock timezone -7-Mountain-Time
clock timezone -3-Greenland clock timezone -8
clock timezone -3:30 clock timezone -9
clock timezone -4-Atlantic-Time clock timezone 0-Universal Coordinated Time
clock timezone -4-Caracus (UTC)
clock timezone -4-Santiago clock timezone GMT-Casablanca
clock timezone -5 clock timezone GMT-Dublin
Usage Examples
The following example sets the time zone for Santiago, Chile.
>enable
#clock timezone -4-Santiago

configure
Use the configure command to enter the Global Configuration mode or to configure the system from
memory. Refer to Global Configuration Mode Command Set on page 1141 for more information.
configure memory
configure network
configure overwrite-network
configure terminal
Syntax Description
memory Configures the active system with the commands located in the default
configuration file stored in nonvolatile random access memory (NVRAM).
network Configures the system from a Trivial File Transfer Protocol (TFTP) network
host.
overwrite-network Overwrites NVRAM memory from a TFTP network host.
terminal Enters the Global Configuration mode.
Default Values
Command History
Usage Examples
The following example enters the Global Configuration mode from the Enable mode:
>enable
#configure terminal
(config)#

copy
Use the copy command to copy the specified file from the source (flash memory) to the specified
destination.
Variations of this command (valid only on AOS units WITHOUT CompactFlash®) include:
copy <source file> <new file>

copy <source file> boot
copy <source file> default-config
copy <source file> fpga
copy <source file> interface <interface>
copy <source file> startup-config
Syntax Description
<source file> Specifies the name of the file to copy.
<new file> Makes a copy of the specified source file and saves it in flash memory using
the specified new name.
boot Copies the specified source file and overwrites the boot read only memory
(ROM).
default-config Replaces the default configuration with the specified file copied from flash
memory.
fpga Updates the field-programmable gate array (FPGA) using a copy of the
specified file.
interface <interface> Updates the specified interface using a copy of the specified file. Specify an
copy <source file> interface ? to display a list of valid interfaces.
startup-config Replaces the startup configuration with the specified file copied from flash
memory.
Default Values
Command History
Release 16.1 Command was expanded to include the default-config.
Release 17.2 Command was expanded to include the cellular interface.
Ethernet interface.

Release A4.05 Command was expanded to include the asymmetric digital subscriber line
(ADSL) interface.
Release A5.01 Command was expanded to include the fpga parameter.
Release R12.1.0 Command version copy <source file> boot was made unavailable for
virtual AOS (vAOS) instances.
Functional Notes
Updates to the boot ROM are required periodically to enhance and expand the unit’s operation. The
bootcode can be updated from within the command line interface (CLI) using the copy <source file> boot
command.
The copy <source file> boot command is not available on vAOS instances.
Usage Examples
The following example copies the file myfile.biz (located in flash memory) and overwrites the boot ROM:
>enable
#copy myfile.biz boot
Upgrading bootcode is a critical process that cannot be interrupted. If something were to happen and the
process was not able to be completed, it would render your unit inoperable. It is for this reason that during
a bootcode upgrade, all other system tasks will be halted. This means packets will not be routed, and all
console sessions will not respond during the upgrade process. Once the process finishes, the system will
function as it did before. This process will take approximately 20 seconds.
Do you want to proceed? [yes/no]y
WARNING!! A bootcode upgrade has been initiated. Your session will become
nonresponsive for the duration of the upgrade (approx. 20 seconds). A message
will be sent when the upgrade is completed.
Bootcode upgrade process done. Your session should function normally.
Success!!!!!

copy cflash
Use the copy cflash command to copy files located on the CompactFlash® card to the specified
destination.
The following variations of this command are valid only on AOS units with CompactFlash:
copy cflash <source file> boot

copy cflash <source file> cflash <new file>
copy cflash <source file> flash
copy cflash <source file> flash <new file>
copy cflash <source file> http <url>
copy cflash <source file> http <url> port <port>
copy cflash <source file> http <url> port <port> username <username> password <password>
copy cflash <source file> http <url> username <username> password <password>
copy cflash <source file> https <url>
copy cflash <source file> https <url> allow-tls1.0
copy cflash <source file> https <url> allow-tls1.0 allow-tls1.1
copy cflash <source file> https <url> allow-tls1.0 allow-tls1.1 allow-sslv3
copy cflash <source file> https <url> allow-tls1.1
copy cflash <source file> https <url> allow-tls1.1 allow-sslv3
copy cflash <source file> https <url> allow-sslv3
copy cflash <source file> https <url> username <username> password <password>
copy cflash <source file> https <url> allow-tls1.0 username <username> password <password>
copy cflash <source file> https <url> allow-tls1.0 allow-tls1.1 username <username> password
<password>
copy cflash <source file> https <url> allow-tls1.0 allow-tls1.1 allow-sslv3 username <username>
password <password>
copy cflash <source file> https <url> allow-tls1.0 allow-sslv3 username <username> password
<password>
copy cflash <source file> https <url> allow-tls1.1 username <username> password <password>
copy cflash <source file> https <url> allow-tls1.1 allow-sslv3 username <username> password
<password>
copy cflash <source file> https <url> allow-sslv3 username <username> password <password>
copy cflash <source file> https <url> port <port>
copy cflash <source file> https <url> port <port> allow-tls1.0
copy cflash <source file> https <url> port <port> allow-tls1.0 allow-tls1.1
copy cflash <source file> https <url> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3
copy cflash <source file> https <url> port <port> allow-tls1.0 allow-sslv3
copy cflash <source file> https <url> port <port> allow-tls1.1
copy cflash <source file> https <url> port <port> allow-tls1.1 allow-sslv3
copy cflash <source file> https <url> port <port> allow-sslv3
copy cflash <source file> https <url> port <port> username <username> password <password>
copy cflash <source file> https <url> port <port> allow-tls1.0 username <username> password
<password>
copy cflash <source file> https <url> port <port> allow-tls1.0 allow-tls1.1 username <username>
password <password>

copy cflash <source file> https <url> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3 username
<username> password <password>
copy cflash <source file> https <url> port <port> allow-tls1.0 allow-sslv3 username <username>
password <password>
copy cflash <source file> https <url> port <port> allow-tls1.1 username <username> password
<password>
copy cflash <source file> https <url> port <port> allow-tls1.1 allow-sslv3 username <username>
password <password>
copy cflash <source file> https <url> port <port> allow-sslv3 username <username> password
<password>
copy cflash <source file> interface <interface>
copy cflash <source file> startup-config
copy cflash tftp
copy cflash xmodem
Syntax Description
<new file> Specifies the new file name.
<source file> Specifies the name of the source file to copy.
(ROM).
cflash Specifies the location of the specified source file or the location of the new
file as the CompactFlash card.
flash Specifies the location of the source file or the location of the new file as
flash memory.
http <url> Specifies transferring the copied source file to an Hypertext Transfer
Protocol (HTTP) server using the HTTP PUT operation. The HTTP server
uniform resource locator (URL) provides the location.
https <url> Specifies transferring the source file to a secure socket Hypertext Transfer
Protocol Secure (HTTPS) server using the HTTPS PUT operation. The
HTTPS server URL provides the location.
allow-tls1.0 Optional. Allows the use of Transport Layer Security protocol version 1.0
when transferring the source file. If allow-tls1.0 is enabled, Secure Socket
Layer version 3 (SSLv3) can also optionally be enabled.
allow-tls1.1 Optional. Allows the use of TLS protocol version 1.1 when transferring the
source file. If allow-tls1.1 is enabled, SSLv3 can also optionally be
enabled.
allow-sslv3 Optional. Allows the use of SSLv3 when transferring source files. If SSLv3
is enabled, then TLS version 1.0 is automatically enabled.

copy cflash <source file> interface ? to display a list of valid interfaces.
password <password> Optional. Specifies a password for HTTP or HTTPS authentication.
port <port> Optional. Specifies the port used to transfer the specified file to an HTTP or
HTTPS server. Range is 0 to 65335.
startup-config Replaces the startup configuration with the specified file copied from the
CompactFlash card.
tftp Copies any file on the CompactFlash card to a specified Trivial File Transfer
Protocol (TFTP) server.
After copy cflash tftp is entered, the following prompts require additional
information:
Address of remote host: Specifies the IP address of the TFTP server.
Source filename: Specifies the name of the file to copy to the TFTP
server.
Destination filename: Specifies the file name to use when storing the
copied file on the TFTP server. (The file will be
placed in the default directory established by the
TFTP server.)
username <username> Optional. Specifies a user name for HTTP or HTTPS authentication.
xmodem Copies any file on the CompactFlash card (using the XMODEM protocol) to
the terminal connected to the console port. XMODEM capability is provided
in VT100 terminal emulation software, such as HyperTerminal.
After copy cflash xmodem is entered, the following prompts require
additional information:
Source filename: Specifies the name of the file to copy from
CompactFlash to the connected terminal.
Default Values
Command History
Release 16.1 Command was expanded to include HTTP and HTTPS.
Ethernet interface.

(ADSL) interface.
Release R10.5.0 Command was expanded to include the username and password
parameters.
Release R12.3.0 Command was expanded to include the allow-tls1.0 and allow-sslv3
parameters.
Release R13.9.0 Command was expanded to include the allow-tls1.1 parameter.
Usage Examples
The following example copies the source file myfile.biz (located on the CompactFlash card) to flash
memory and names the new file newfile.biz:
>enable
#copy cflash myfile.biz flash newfile.biz
The following example creates a copy of the file myfile.biz (located on the CompactFlash card), names
the new file newfile.biz, and places the new file on the installed CompactFlash card:
>enable
#copy cflash myfile.biz cflash newfile.biz
The following example replaces the startup configuration file with the file newconfig.txt:
>enable
#copy cflash newconfig.txt startup-config
The following example copies the file myfile.biz (located on the CompactFlash card) to the specified TFTP
server:
>enable
#copy cflash tftp
Address of remote host?10.200.2.4
Source filename myfile.biz
Destination filename myfile.biz
Initiating TFTP transfer...
Received 45647 bytes.
Transfer Complete!
>enable
#copy cflash xmodem
Source filename myfile.biz
Begin the Xmodem transfer now...
Press CTRL+X twice to cancel
CCCCCC

AOS is now ready to transmit the file on the CONSOLE port (using the XMODEM protocol). The next step
in the process may differ depending on the type of terminal emulation software you are using. For
HyperTerminal, you will now select Transfer > Receive File and select the destination. Once the transfer
is complete, information similar to the following is displayed:

Transfer complete

copy console
Use the copy console command to copy the console’s input to a text file. To stop copying to the text file,
type <Ctrl+D>. The file will be saved in the AOS root directory.
Variations of this command (valid only on AOS units without CompactFlash® capability) include:
copy console <filename>

copy console flash <filename>
copy console flash <filename> force-overwrite
copy console flash startup-config
copy console flash startup-config force-overwrite
copy console startup-config
copy console startup-config force-overwrite
Variations of this command (valid only on AOS units with CompactFlash capability) include:
copy console cflash <filename>

copy console cflash <filename> force-overwrite
Variations of this command (valid only on AOS units with Universal Serial Bus (USB) flash drive
capability) include:
copy console usbdrive0 <filename>

copy console usbdrive0 <filename> force-overwrite
Syntax Description
<filename> Copies the console input and saves it to flash memory using the specified
file name.
startup-config Copies the console input and saves it to flash memory as the startup
configuration.
cflash <filename> Copies the console input and saves it to CompactFlash memory using the
specified file name.
flash <filename> Copies the console input and saves it to flash memory using the specified
file name.
force-overwrite Optional. Specifies a force override to copy the file.
usbdrive0 <filename> Copies the console input and saves it to USB flash drive memory using the
Default Values
Command History
Release 18.2 Command was expanded to include USB flash drive memory.

Release R10.1.0 Command was expanded to include the cflash keyword.

Release R12.2.0 Command was expanded to include the startup-config parameter.
Functional Notes
The copy console command works much like a line editor. Prior to pressing <Enter>, changes can be
made to the text on the line. Changes can be made using <Delete> and <Backspace> keys. The text can
be traversed using the arrow keys, <Ctrl+A> (to go to the beginning of a line), and <Ctrl+E> (to go to the
end of a line). To end copying to the text file, type <Ctrl+D>. The file will be saved in the AOS root
directory. Use the dir command to see a list of files in the root directory.
Usage Examples
The following example copies the console input into the file config.txt (located in the AOS root directory):
>enable
#copy console flash config.txt

copy dynvoice-config
Use the copy dynvoice-config command to copy the dynamic voice configuration file to the specified
destination.
The following variations of this command are valid only on AOS units with CompactFlash® and voice
capability:
copy dynvoice-config cflash <filename>

copy dynvoice-config flash <filename>
copy dynvoice-config http <url>
copy dynvoice-config http <url> port <port>
copy dynvoice-config http <url> port <port> username <username> password <password>
copy dynvoice-config http <url> username <username> password <password>
copy dynvoice-config https <url>
copy dynvoice-config https <url> port <port>
copy dynvoice-config https <url> port <port> username <username> password <password>
copy dynvoice-config https <url> username <username> password <password>
copy dynvoice-config running-config
copy dynvoice-config tftp
copy dynvoice-config xmodem
Syntax Description
cflash <filename> Copies the dynamic voice configuration file and saves it to the
CompactFlash card using the specified file name.
flash <filename> Copies the dynamic voice configuration file and saves it to flash memory
using the specified file name.
http <url> Specifies the Hypertext Transfer Protocol (HTTP) server uniform resource
locator (URL) to which to transfer the dynamic voice configuration file using
the HTTP PUT operation.
https <url> Specifies the secure socket Hypertext Transfer Protocol (HTTPS) server
uniform resource locator (URL) to which to transfer the dynamic voice
configuration file using the HTTPS PUT operation.
running-config Replaces the active running configuration with a copy of the dynamic voice
configuration file.
tftp Specifies the Trivial File Transfer Protocol (TFTP) server to which to copy
the dynamic voice configuration file.
After copy dynvoice-config tftp is entered, the following prompts require
Source filename: Specifies the name of the file (located on the
CompactFlash card) to copy to the TFTP server.

copied file on the TFTP server. The file will be
TFTP server.
xmodem Copies the dynamic voice configuration file (using the XMODEM protocol)
and saves it to the terminal connected to the console port. XMODEM
capability is provided in VT100 terminal emulation software, such as
HyperTerminal.
After copy dynvoice-config xmodem is entered, the following prompts
require additional information:
Source filename: Specifies the name of the file to copy from
CompactFlash to the connected terminal.
Default Values
Command History
Release 16.1 Command was expanded to include the http parameter.
Release R10.5.0 Command was expanded to include the https, port, username, and
password parameters.
Usage Examples
The following example copies the dynamic voice configuration file and saves it to the CompactFlash card
using the name myvoice-config:
>enable
#copy dynvoice-config cflash myvoice-config
Percent Complete 100%
The following example copies the dynamic voice configuration file and saves it to flash memory using the
name myvoice-config:
>enable
#copy dynvoice-config flash myvoice-config
The following example replaces the active running configuration with a copy of the dynamic voice
configuration file:
>enable
#copy dynvoice-config running-config

The following example copies the dynamic voice configuration file and saves it to the TFTP server:
>enable
#copy dynvoice-config tftp
Address of remote host? 10.200.2.4
Destination filename? myvoice-config
Sent 5221 bytes.
Transfer complete.

copy flash
Use the copy flash command to copy files located in flash memory to a specified destination. Certain
variations of this command are available only on specific AOS units and are explained below.
The following variations of this command are valid on all AOS units:
copy flash <source file> http <url> port <port>

copy flash <source file> http <url> port <port> username <username> password <password>
copy flash <source file> http <url> username <username> password <password>
copy flash <source file> https <url>
copy flash <source file> https <url> allow-tls1.0
copy flash <source file> https <url> allow-tls1.0 allow-tls1.1
copy flash <source file> https <url> allow-tls1.0 allow-tls1.1 allow-sslv3
copy flash <source file> https <url> allow-tls1.0 allow-sslv3
copy flash <source file> https <url> allow-tls1.1
copy flash <source file> https <url> allow-tls1.1 allow-sslv3
copy flash <source file> https <url> allow-sslv3
copy flash <source file> https <url> username <username> password <password>
copy flash <source file> https <url> allow-tls1.0 username <username> password <password>
copy flash <source file> https <url> allow-tls1.0 allow-tls1.1 username <username> password
<password>
copy flash <source file> https <url> allow-tls1.0 allow-tls1.1 allow-sslv3 username <username>
password <password>
copy flash <source file> https <url> allow-tls1.0 allow-sslv3 username <username> password
<password>
copy flash <source file> https <url> allow-tls1.1 username <username> password <password>
copy flash <source file> https <url> allow-tls1.1 allow-sslv3 username <username> password
<password>
copy flash <source file> https <url> allow-sslv3 username <username> password <password>
copy flash <source file> https <url> port <port>
copy flash <source file> https <url> port <port> allow-tls1.0
copy flash <source file> https <url> port <port> allow-tls1.0 allow-tls1.1
copy flash <source file> https <url> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3
copy flash <source file> https <url> port <port> allow-tls1.0 allow-sslv3
copy flash <source file> https <url> port <port> allow-tls1.1
copy flash <source file> https <url> port <port> allow-tls1.1 allow-sslv3
copy flash <source file> https <url> port <port> allow-sslv3
copy flash <source file> https <url> port <port> username <username> password <password>
copy flash <source file> https <url> port <port> allow-tls1.0 username <username> password
<password>
copy flash <source file> https <url> port <port> allow-tls1.0 allow-tls1.1 username <username>
password <password>
copy flash <source file> https <url> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3 username
copy flash <source file> https <url> port <port> allow-tls1.0 allow-sslv3 username <username>
password <password>

copy flash <source file> https <url> port <port> allow-tls1.1 username <username> password
<password>
copy flash <source file> https <url> port <port> allow-tls1.1 allow-sslv3 username <username>
password <password>
copy flash <source file> https <url> port <port> allow-sslv3 username <username> password
<password>
copy flash <source file> scp <url> myprivkey
copy flash <source file> scp <url> myprivkey dsa
copy flash <source file> scp <url> myprivkey rsa
copy flash <source file> scp <url> password <password>
copy flash <source file> scp <url> port <port>
copy flash <source file> scp <url> port <port> myprivkey
copy flash <source file> scp <url> port <port> myprivkey dsa
copy flash <source file> scp <url> port <port> myprivkey rsa
copy flash <source file> scp <url> port <port> password <password>
copy flash <source file> scp <url> port <port> privkey <filename>
copy flash <source file> scp <url> privkey <filename>
copy flash <source file> sftp <url>
copy flash <source file> sftp <url> myprivkey
copy flash <source file> sftp <url> myprivkey dsa
copy flash <source file> sftp <url> myprivkey rsa
copy flash <source file> sftp <url> password <password>
copy flash <source file> sftp <url> port <port>
copy flash <source file> sftp <url> port <port> myprivkey
copy flash <source file> sftp <url> port <port> myprivkey dsa
copy flash <source file> sftp <url> port <port> myprivkey rsa
copy flash <source file> sftp <url> port <port> password <password>
copy flash <source file> sftp <url> port <port> privkey <filename>
copy flash <source file> sftp <url> privkey <filename>
copy flash tftp

copy flash xmodem
The following variations of this command are valid only on AOS units with CompactFlash® capability:
copy flash <source file> boot

copy flash <source file> cflash
copy flash <source file> cflash <new file>
copy flash <source file> flash <new file>
copy flash <source file> interface <interface>
copy flash <source file> startup-config
The following variations of this command are valid only on AOS units with CompactFlash and voice
capability:
copy flash <source file> dynvoice-config
The following variations of this command are valid only on AOS units with ramdisk enabled:

copy flash <source file> ramdisk

copy flash <source file> ramdisk <new file>
The following variations of this command are valid only on AOS units with Universal Serial Bus (USB)
flash drive capability:
copy flash <source file> usbdrive0

copy flash <source file> usbdrive0 <new file>
The following variations of this command are valid only on AOS units with field-programmable gate
arrays (FPGAs):
copy flash <source file> fpga
Syntax Description
<new file> Saves the file using the specified file name.
(ROM).
cflash Copies a file and saves it to the CompactFlash card.
dynvoice-config Replaces the dynamic voice configuration file with the specified file copied
from flash memory.
flash Copies the specified file and saves it to flash memory.
fpga Copies the specified file and saves it as the FPGA image.
locator (URL) to which to transfer the source file using the HTTP PUT
operation.
uniform resource locator (URL) to which to transfer the source file using the
HTTPS PUT operation.
enabled.
allow-sslv3 Optional. Allows the use of SSLv3 when transferring source files. If SSLv3
is enabled, then TLS version 1.0 is automatically enabled.
copy flash <source file> interface ? to display a list of valid interfaces.

myprivkey Optional. Specifies the AOS unit’s private key is used for SSH
authentication.
dsa Optional. Specifies to use the unit’s Digital Signature Algorithm (DSA)
rsa Optional. Specifies to use the unit’s Rivest-Shamir-Adleman (RSA) private
key for SSH authentication.
password <password> Optional. Specifies a password for HTTP, HTTPS, or SSH authentication.
port <port> Optional. Specifies the port used to transfer the specified file to an HTTP,
HTTPS, server. Range is 0 to 65335.
privkey <filename> Optional. Specifies the filename of a 3rd party private key file for SSH
authentication in privacy enhanced email (PEM) format.
ramdisk Copies a file and saves it to the volatile RAM disk.
scp <url> Specifies the Secure Copy Protocol (SCP) server Uniform Resource
Locator (URL) to which to transfer the source file. Specify the URL in the
following format:user@server:/path/filename.
sftp <url> Specifies the Secure File Transfer Protocol server Uniform Resource
startup-config Replaces the startup configuration file with a copy of the specified file.
tftp Copies any file located in flash memory to a specified Trivial File Transfer
Protocol (TFTP) server.
After copy flash tftp is entered, the following prompts require additional
information:
Source filename: Specifies the name of the file (located in flash
memory) to copy to the TFTP server.
TFTP server.
usbdrive0 Specifies saving the file to USB flash drive memory.
xmodem Copies any file located in flash memory (using the XMODEM protocol) to
After copy flash xmodem is entered, the following prompts require
Source filename: Specifies the name of the file to copy from system
flash memory using XMODEM.
Default Values

Command History
Release 17.7 Command was expanded to include the ramdisk parameter.
Ethernet interface.
(ADSL) interface.
Release A5.01 Command was expanded to include the fpga parameter.
parameters.
parameters.
Release R13.11.0 Command was expanded to include SCP and SFTP with myprivkey,
myprivkey dsa, and myprivkey rsa parameters.
Functional Notes
The myprivkey keyword specifies to use the unit’s private key for SSH authentication. This is the key
generated using the command ssh key regenerate sftp. Use the privkey keyword if you are using 3rd
party keys instead of the keys generated by the unit.
Usage Examples
The following example creates a copy of the file myfile.biz (located in flash memory), names the new file
newfile.biz, and places the new file in flash memory:
>enable
#copy flash myfile.biz flash newfile.biz
The following example copies the file myfile.biz (located in flash memory) to CompactFlash memory and
names the new file newfile.biz:
>enable
#copy flash myfile.biz cflash newfile.biz
The following example copies the file new_startup_config.txt (located in flash memory) to the startup
configuration:
>enable
#copy flash new_startup_config.txt startup-config
The following example copies the file myfile.biz (located in flash memory) to a TFTP server:

>enable
#copy flash tftp
Source filename? myfile.biz
Destination filename? myfile.biz
Sent 769060 bytes.
Transfer Complete!
The following example copies the file startup-config.txt to the SSH server
adtran@10.200.2.4:/backup/start using a DSA private key generated in AOS.
>enable
#copy flash startup-config.txt sftp adtran@10.200.2.4:/backup/start myprivkey dsa
Initiating SFTP transfer...
Transferred 5510 bytes in 1 secs. (5.380 KB/sec)
Transfer complete.
The following example copies the file myfile.biz (located in flash memory) to USB flash drive memory and
names the new file newfile.biz:
>enable
#copy flash myfile.biz usbdrive0 newfile.biz
The following example copies the file myfile.biz (located in flash memory) to the connected terminal using
XMODEM protocol:
>enable
#copy flash xmodem
CCCCCC
Sent 231424 bytes.

Transfer complete

copy http
Use the copy http command to copy a file located on a network Hypertext Transfer Protocol (HTTP)
server to a specified destination. Certain variations of this command are available only on specific AOS
units and are explained below.
copy http <url> flash <destination file>

copy http <url> flash <destination file> username <username> password <password>
copy http <url> flash <destination file> force-overwrite
copy http <url> flash <destination file> force-overwrite port <port>
copy http <url> flash <destination file> force-overwrite port <port> username <username>
password <password>
copy http <url> flash <destination file> force-overwrite username <username> password <password>
copy http <url> flash <destination file> port <port>
copy http <url> flash <destination file> port <port> username <username> password <password>
copy http <url> running-config
copy http <url> running-config username <username> password <password>
copy http <url> running-config port <port>
copy http <url> running-config port <port> username <username> password <password>
copy http <url> startup-config
copy http <url> startup-config username <username> password <password>
copy http <url> startup-config port <port>
copy http <url> startup-config port <port> username <username> password <password>
copy http <url> cflash <destination file> username <username> password <password>
copy http <url> cflash <destination file>
copy http <url> cflash <destination file> force-overwrite
copy http <url> cflash <destination file> force-overwrite port <port>
copy http <url> cflash <destination file> force-overwrite port <port> username <username>
password <password>
copy http <url> cflash <destination file> force-overwrite username <username>
password <password>
copy http <url> cflash <destination file> port <port>
copy http <url> cflash <destination file> port <port> username <username> password <password>
copy http <url> cflash running-config
copy http <url> cflash running-config port <port>
capability:
copy http <url> dynvoice-config

copy http <url> dynvoice-config port <port>
copy http <url> dynvoice-config port <port> username <username> password <password>
copy http <url> dynvoice-config username <username> password <password>

copy http <url> ramdisk <destination file>

copy http <url> ramdisk <destination file> username <username> password <password>
copy http <url> ramdisk <destination file> force-overwrite
copy http <url> ramdisk <destination file> force-overwrite port <port>
copy http <url> ramdisk <destination file> force-overwrite port <port> username <username>
password <password>
copy http <url> ramdisk <destination file> force-overwrite username <username>
password <password>
copy http <url> ramdisk <destination file> port <port>
copy http <url> ramdisk <destination file> port <port> username <username> password <password>
copy http <url> ramdisk running-config
copy http <url> ramdisk running-config port <port>
copy http <url> usbdrive0 <destination file>

copy http <url> usbdrive0 <destination file> username <username> password <password>
copy http <url> usbdrive0 <destination file> force-overwrite
copy http <url> usbdrive0 <destination file> force-overwrite username <username> password
<password>
copy http <url> usbdrive0 <destination file> force-overwrite port <port>
copy http <url> usbdrive0 <destination file> force-overwrite port <port> username <username>
password <password>
copy http <url> usbdrive0 <destination file> port <port>
copy http <url> usbdrive0 <destination file> port <port> username <username> password <password>
Syntax Description
<destination file> Specifies the new name of the file after it is copied.
cflash Copies a file from the HTTP server to the CompactFlash card.
dynvoice-config Specifies that the file copied from the HTTP server overwrite the dynamic
voice configuration file.
flash Specifies the flash memory as the destination for the copied file.
http <url> Specifies the URL of the HTTP server.
password <password> Optional. Specifies a password for HTTP authentication.
port <port> Optional. Specifies the port used to transfer the specified file from an HTTP
server. Range is 0 to 65335.
ramdisk Copies a file from the HTTP server to the volatile RAM disk.
running-config Replaces the active running configuration file with the file copied from the
HTTP server.
startup-config Replaces the startup configuration file with the file copied from the HTTP
server.

username <username> Optional. Specifies a user name for HTTP authentication.

usbdrive0 Specifies the USB flash drive memory as the destination for the copied file.
Default Values
By default, the port value is 80.
Command History
Release 18.2 Command was expanded to include the USB flash drive memory.
parameters.
Usage Examples
The following example replaces the current running configuration file with newconfig.txt from the HTTP
server (10.200.2.4):
#copy http http://10.200.2.4/newconfig.txt running-config

Initiating HTTP transfer...
Transfer Complete!
#
The following example copies the file myfile.biz from the HTTP server (10.200.2.4) and saves it to
CompactFlash memory (naming the copy newfile.biz):
#copy http http://10.200.2.4/SomeDirectory/AnotherDirectory/myfile.biz cflash newfile.biz

Initiating HTTP transfer...
Transfer Complete!

copy https
Use the copy https command to copy a file located on a secure socket Hypertext Transfer Protocol Secure
(HTTPS) server to a specified destination using the HTTPS PUT operation. Certain variations of this
command are available only on specific AOS units and are explained below.
copy https <url> flash <destination file>

copy https <url> flash <destination file> allow-tls1.0
copy https <url> flash <destination file> allow-tls1.0 allow-tls1.1
copy https <url> flash <destination file> allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> flash <destination file> allow-tls1.0 allow-sslv3
copy https <url> flash <destination file> allow-tls1.1
copy https <url> flash <destination file> allow-tls1.1 allow-sslv3
copy https <url> flash <destination file> allow-sslv3
copy https <url> flash <destination file> username <username> password <password>
copy https <url> flash <destination file> allow-tls1.0 username <username> password <password>
copy https <url> flash <destination file> allow-tls1.0 allow-tls1.1 username <username> password
<password>
copy https <url> flash <destination file> allow-tls1.0 allow-tls1.1 allow-sslv3 username <username>
password <password>
copy https <url> flash <destination file> allow-tls1.0 allow-sslv3 username <username> password
<password>
copy https <url> flash <destination file> allow-tls1.1 username <username> password <password>
copy https <url> flash <destination file> allow-tls1.1 allow-sslv3 username <username> password
<password>
copy https <url> flash <destination file> allow-sslv3 username <username> password <password>
copy https <url> flash <destination file> force-overwrite
copy https <url> flash <destination file> force-overwrite allow-tls1.0
copy https <url> flash <destination file> force-overwrite allow-tls1.0 allow-tls1.1
copy https <url> flash <destination file> force-overwrite allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> flash <destination file> force-overwrite allow-tls1.0 allow-sslv3
copy https <url> flash <destination file> force-overwrite allow-tls1.1
copy https <url> flash <destination file> force-overwrite allow-tls1.1 allow-sslv3
copy https <url> flash <destination file> force-overwrite allow-sslv3
copy https <url> flash <destination file> force-overwrite username <username> password
<password>
copy https <url> flash <destination file> force-overwrite allow-tls1.0 username <username> password
<password>
copy https <url> flash <destination file> force-overwrite allow-tls1.0 allow-tls1.1 username
copy https <url> flash <destination file> force-overwrite allow-tls1.0 allow-tls1.1 allow-sslv3
username <username> password <password>
copy https <url> flash <destination file> force-overwrite allow-tls1.0 allow-sslv3 username
copy https <url> flash <destination file> force-overwrite allow-tls1.1 username <username> password

<password>
copy https <url> flash <destination file> force-overwrite allow-tls1.1 allow-sslv3 username
copy https <url> flash <destination file> force-overwrite allow-sslv3 username <username> password
<password>
copy https <url> flash <destination file> force-overwrite port <port>
copy https <url> flash <destination file> force-overwrite port <port> allow-tls1.0
copy https <url> flash <destination file> force-overwrite port <port> allow-tls1.0 allow-tls1.1
allow-sslv3
copy https <url> flash <destination file> force-overwrite port <port> allow-tls1.0 allow-sslv3
copy https <url> flash <destination file> force-overwrite port <port> allow-tls1.1
copy https <url> flash <destination file> force-overwrite port <port> allow-sslv3
copy https <url> flash <destination file> force-overwrite port <port> username <username> password
<password>
copy https <url> flash <destination file> force-overwrite port <port> allow-tls1.0 username
allow-sslv3 username <username> password <password>
copy https <url> flash <destination file> force-overwrite port <port> allow-tls1.1 username
copy https <url> flash <destination file> force-overwrite port <port> allow-sslv3 username
copy https <url> flash <destination file> port <port>

copy https <url> flash <destination file> port <port> allow-tls1.0
copy https <url> flash <destination file> port <port> allow-tls1.0 allow-tls1.1
copy https <url> flash <destination file> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> flash <destination file> port <port> allow-tls1.0 allow-sslv3
copy https <url> flash <destination file> port <port> allow-tls1.1
copy https <url> flash <destination file> port <port> allow-tls1.1 allow-sslv3
copy https <url> flash <destination file> port <port> allow-sslv3
copy https <url> flash <destination file> port <port> username <username> password <password>
copy https <url> flash <destination file> port <port> allow-tls1.0 username <username> password
<password>
copy https <url> flash <destination file> port <port> allow-tls1.0 allow-tls1.1 username <username>
password <password>
copy https <url> flash <destination file> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3 username

copy https <url> flash <destination file> port <port> allow-tls1.0 allow-sslv3 username <username>
password <password>
copy https <url> flash <destination file> port <port> allow-tls1.1 username <username> password
<password>
copy https <url> flash <destination file> port <port> allow-tls1.1 allow-sslv3 username <username>
password <password>
copy https <url> flash <destination file> port <port> allow-sslv3 username <username> password
<password>
copy https <url> running-config
copy https <url> running-config allow-tls1.0
copy https <url> running-config allow-tls1.0 allow-tls1.1
copy https <url> running-config allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> running-config allow-tls1.0 allow-sslv3
copy https <url> running-config allow-tls1.1
copy https <url> running-config allow-tls1.1 allow-sslv3
copy https <url> running-config allow-sslv3
copy https <url> running-config username <username> password <password>
copy https <url> running-config allow-tls1.0 username <username> password <password>
copy https <url> running-config allow-tls1.0 allow-tls1.1 username <username> password
<password>
copy https <url> running-config allow-tls1.0 allow-tls1.1 allow-sslv3 username <username>
password <password>
copy https <url> running-config allow-tls1.0 allow-sslv3 username <username> password
<password>
copy https <url> running-config allow-tls1.1 username <username> password <password>
copy https <url> running-config allow-tls1.1 allow-sslv3 username <username> password
<password>
copy https <url> running-config allow-sslv3 username <username> password <password>
copy https <url> running-config port <port>
copy https <url> running-config port <port> allow-tls1.0
copy https <url> running-config port <port> allow-tls1.0 allow-tls1.1
copy https <url> running-config port <port> allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> running-config port <port> allow-tls1.0 allow-sslv3
copy https <url> running-config port <port> allow-tls1.1
copy https <url> running-config port <port> allow-tls1.1 allow-sslv3
copy https <url> running-config port <port> allow-sslv3
copy https <url> running-config port <port> username <username> password <password>
copy https <url> running-config port <port> allow-tls1.0 username <username> password
<password>
copy https <url> running-config port <port> allow-tls1.0 allow-tls1.1 username <username>
password <password>
copy https <url> running-config port <port> allow-tls1.0 allow-tls1.1 allow-sslv3 username
copy https <url> running-config port <port> allow-tls1.0 allow-sslv3 username <username>
password <password>
copy https <url> running-config port <port> allow-tls1.1 username <username> password

<password>
copy https <url> running-config port <port> allow-tls1.1 allow-sslv3 username <username>
password <password>
copy https <url> running-config port <port> allow-sslv3 username <username> password
<password>
copy https <url> startup-config
copy https <url> startup-config allow-tls1.0
copy https <url> startup-config allow-tls1.0 allow-tls1.1
copy https <url> startup-config allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> startup-config allow-tls1.0 allow-sslv3
copy https <url> startup-config allow-tls1.1
copy https <url> startup-config allow-tls1.1 allow-sslv3
copy https <url> startup-config allow-sslv3
copy https <url> startup-config username <username> password <password>
copy https <url> startup-config allow-tls1.0 username <username> password <password>
copy https <url> startup-config allow-tls1.0 allow-tls1.1 username <username> password
<password>
copy https <url> startup-config allow-tls1.0 allow-tls1.1 allow-sslv3 username <username>
password <password>
copy https <url> startup-config allow-tls1.0 allow-sslv3 username <username> password
<password>
copy https <url> startup-config allow-tls1.1 username <username> password <password>
copy https <url> startup-config allow-tls1.1 allow-sslv3 username <username> password
<password>
copy https <url> startup-config allow-sslv3 username <username> password <password>
copy https <url> startup-config port <port>
copy https <url> startup-config port <port> allow-tls1.0
copy https <url> startup-config port <port> allow-tls1.0 allow-tls1.1
copy https <url> startup-config port <port> allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> startup-config port <port> allow-tls1.0 allow-sslv3
copy https <url> startup-config port <port> allow-tls1.1
copy https <url> startup-config port <port> allow-tls1.1 allow-sslv3
copy https <url> startup-config port <port> allow-sslv3
copy https <url> startup-config port <port> username <username> password <password>
copy https <url> startup-config port <port> allow-tls1.0 username <username> password
<password>
copy https <url> startup-config port <port> allow-tls1.0 allow-tls1.1 username <username>
password <password>
copy https <url> startup-config port <port> allow-tls1.0 allow-tls1.1 allow-sslv3 username
copy https <url> startup-config port <port> allow-tls1.0 allow-sslv3 username <username> password
<password>
copy https <url> startup-config port <port> allow-tls1.1 username <username> password
<password>
copy https <url> startup-config port <port> allow-tls1.1 allow-sslv3 username <username> password
<password>

copy https <url> startup-config port <port> allow-sslv3 username <username> password
<password>
copy https <url> cflash <destination file>

copy https <url> cflash <destination file> allow-tls1.0
copy https <url> cflash <destination file> allow-tls1.0 allow-tls1.1
copy https <url> cflash <destination file> allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> cflash <destination file> allow-tls1.0 allow-sslv3
copy https <url> cflash <destination file> allow-tls1.1
copy https <url> cflash <destination file> allow-tls1.1 allow-sslv3
copy https <url> cflash <destination file> allow-sslv3
copy https <url> cflash <destination file> username <username> password <password>
copy https <url> cflash <destination file> allow-tls1.0 username <username> password <password>
copy https <url> cflash <destination file> allow-tls1.0 allow-tls1.1 username <username> password
<password>
copy https <url> cflash <destination file> allow-tls1.0 allow-tls1.1 allow-sslv3 username <username>
password <password>
copy https <url> cflash <destination file> allow-tls1.0 allow-sslv3 username <username> password
<password>
copy https <url> cflash <destination file> allow-tls1.1 username <username> password <password>
copy https <url> cflash <destination file> allow-tls1.1 allow-sslv3 username <username> password
<password>
copy https <url> cflash <destination file> allow-sslv3 username <username> password <password>
copy https <url> cflash <destination file> force-overwrite
copy https <url> cflash <destination file> force-overwrite allow-tls1.0
copy https <url> cflash <destination file> force-overwrite allow-tls1.0 allow-tls1.1
copy https <url> cflash <destination file> force-overwrite allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> cflash <destination file> force-overwrite allow-tls1.0 allow-sslv3
copy https <url> cflash <destination file> force-overwrite allow-tls1.1
copy https <url> cflash <destination file> force-overwrite allow-tls1.1 allow-sslv3
copy https <url> cflash <destination file> force-overwrite allow-sslv3
copy https <url> cflash <destination file> force-overwrite username <username>
password <password>
copy https <url> cflash <destination file> force-overwrite allow-tls1.0 username <username>
password <password>
copy https <url> cflash <destination file> force-overwrite allow-tls1.0 allow-tls1.1 username
copy https <url> cflash <destination file> force-overwrite allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> cflash <destination file> force-overwrite allow-tls1.0 allow-sslv3 username
copy https <url> cflash <destination file> force-overwrite allow-tls1.1 username <username>
password <password>
copy https <url> cflash <destination file> force-overwrite allow-tls1.1 allow-sslv3 username

copy https <url> cflash <destination file> force-overwrite allow-sslv3 username <username>
password <password>
copy https <url> cflash <destination file> force-overwrite port <port>
copy https <url> cflash <destination file> force-overwrite port <port> allow-tls1.0
copy https <url> cflash <destination file> force-overwrite port <port> allow-tls1.0 allow-tls1.1
allow-sslv3
copy https <url> cflash <destination file> force-overwrite port <port> allow-tls1.0 allow-sslv3
copy https <url> cflash <destination file> force-overwrite port <port> allow-tls1.1
copy https <url> cflash <destination file> force-overwrite port <port> allow-sslv3
copy https <url> cflash <destination file> force-overwrite port <port> username <username>
password <password>
copy https <url> cflash <destination file> force-overwrite port <port> allow-tls1.0 username
copy https <url> cflash <destination file> force-overwrite port <port> allow-tls1.1 username
copy https <url> cflash <destination file> force-overwrite port <port> allow-sslv3 username
copy https <url> cflash <destination file> port <port>
copy https <url> cflash <destination file> port <port> allow-tls1.0
copy https <url> cflash <destination file> port <port> allow-tls1.0 allow-tls1.1
copy https <url> cflash <destination file> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> cflash <destination file> port <port> allow-tsl1.0 allow-sslv3
copy https <url> cflash <destination file> port <port> allow-tls1.1
copy https <url> cflash <destination file> port <port> allow-tls1.1 allow-sslv3
copy https <url> cflash <destination file> port <port> allow-sslv3
copy https <url> cflash <destination file> port <port> username <username> password <password>
copy https <url> cflash <destination file> port <port> allow-tls1.0 username <username> password
<password>
copy https <url> cflash <destination file> port <port> allow-tls1.0 allow-tls1.1 username <username>
password <password>
copy https <url> cflash <destination file> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3 username
copy https <url> cflash <destination file> port <port> allow-tls1.0 allow-sslv3 username <username>
password <password>
copy https <url> cflash <destination file> port <port> allow-tls1.1 username <username> password
<password>

copy https <url> cflash <destination file> port <port> allow-tls1.1 allow-sslv3 username <username>
password <password>
copy https <url> cflash <destination file> port <port> allow-sslv3 username <username> password
<password>
copy https <url> cflash running-config
copy https <url> cflash running-config port <port>
capability:
copy https <url> dynvoice-config

copy https <url> dynvoice-config port <port>
copy https <url> dynvoice-config port <port> username <username> password <password>
copy https <url> dynvoice-config username <username> password <password>
copy https <url> ramdisk <destination file>

copy https <url> ramdisk <destination file> allow-tls1.0
copy https <url> ramdisk <destination file> allow-tls1.0 allow-tls1.1
copy https <url> ramdisk <destination file> allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> ramdisk <destination file> allow-tls1.0 allow-sslv3
copy https <url> ramdisk <destination file> allow-tls1.1
copy https <url> ramdisk <destination file> allow-tls1.1 allow-sslv3
copy https <url> ramdisk <destination file> allow-sslv3
copy https <url> ramdisk <destination file> username <username> password <password>
copy https <url> ramdisk <destination file> allow-tls1.0 username <username> password <password>
copy https <url> ramdisk <destination file> allow-tls1.0 allow-tls1.1 username <username> password
<password>
copy https <url> ramdisk <destination file> allow-tls1.0 allow-tls1.1 allow-sslv3 username
copy https <url> ramdisk <destination file> allow-tls1.0 allow-sslv3 username <username> password
<password>
copy https <url> ramdisk <destination file> allow-tls1.1 username <username> password <password>
copy https <url> ramdisk <destination file> allow-tls1.1 allow-sslv3 username <username> password
<password>
copy https <url> ramdisk <destination file> allow-sslv3 username <username> password <password>
copy https <url> ramdisk <destination file> force-overwrite
copy https <url> ramdisk <destination file> force-overwrite allow-tls1.0
copy https <url> ramdisk <destination file> force-overwrite allow-tls1.0 allow-tls1.1
copy https <url> ramdisk <destination file> force-overwrite allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> ramdisk <destination file> force-overwrite allow-tls1.0 allow-sslv3
copy https <url> ramdisk <destination file> force-overwrite allow-sslv3
copy https <url> ramdisk <destination file> force-overwrite username <username> password
<password>
copy https <url> ramdisk <destination file> force-overwrite allow-tls1.0 username <username>
password <password>

copy https <url> ramdisk <destination file> force-overwrite allow-tls1.0 allow-tls1.1 username
copy https <url> ramdisk <destination file> force-overwrite allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> ramdisk <destination file> force-overwrite allow-tls1.0 allow-sslv3 username
copy https <url> ramdisk <destination file> force-overwrite allow-tls1.1 username <username>
password <password>
copy https <url> ramdisk <destination file> force-overwrite allow-tls1.1 allow-sslv3 username
copy https <url> ramdisk <destination file> force-overwrite allow-sslv3 username <username>
password <password>
copy https <url> ramdisk <destination file> force-overwrite port <port>
copy https <url> ramdisk <destination file> force-overwrite port <port> allow-tls1.0
copy https <url> ramdisk <destination file> force-overwrite port <port> allow-tls1.0 allow-tls1.1
allow-sslv3
copy https <url> ramdisk <destination file> force-overwrite port <port> allow-tls1.0 allow-sslv3
copy https <url> ramdisk <destination file> force-overwrite port <port> allow-tls1.1
copy https <url> ramdisk <destination file> force-overwrite port <port> allow-sslv3
copy https <url> ramdisk <destination file> force-overwrite port <port> username <username>
password <password>
copy https <url> ramdisk <destination file> force-overwrite port <port> allow-tls1.0 username
copy https <url> ramdisk <destination file> force-overwrite port <port> allow-tls1.1 username
copy https <url> ramdisk <destination file> force-overwrite port <port> allow-sslv3 username
copy https <url> ramdisk <destination file> port <port>
copy https <url> ramdisk <destination file> port <port> allow-tls1.0
copy https <url> ramdisk <destination file> port <port> allow-tls1.0 allow-tls1.1
copy https <url> ramdisk <destination file> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3
copy https <url> ramdisk <destination file> port <port> allow-tls1.0 allow-sslv3
copy https <url> ramdisk <destination file> port <port> allow-tls1.1
copy https <url> ramdisk <destination file> port <port> allow-tls1.1 allow-sslv3
copy https <url> ramdisk <destination file> port <port> allow-sslv3
copy https <url> ramdisk <destination file> port <port> username <username> password <password>

copy https <url> ramdisk <destination file> port <port> allow-tls1.0 username <username> password
<password>
copy https <url> ramdisk <destination file> port <port> allow-tls1.0 allow-tls1.1 username
copy https <url> ramdisk <destination file> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3 username
copy https <url> ramdisk <destination file> port <port> allow-tls1.0 allow-sslv3 username
copy https <url> ramdisk <destination file> port <port> allow-tls1.1 username <username> password
<password>
copy https <url> ramdisk <destination file> port <port> allow-tls1.1 allow-sslv3 username
copy https <url> ramdisk <destination file> port <port> allow-sslv3 username <username> password
<password>
copy https <url> ramdisk running-config
copy https <url> ramdisk running-config port <port>
copy https <url> usbdrive0 <destination file>

copy https <url> usbdrive0 <destination file> username <username> password <password>
copy https <url> usbdrive0 <destination file> force-overwrite
copy https <url> usbdrive0 <destination file> force-overwrite username <username> password
<password>
copy https <url> usbdrive0 <destination file> force-overwrite port <port>
copy https <url> usbdrive0 <destination file> force-overwrite port <port> username <username>
password <password>
copy https <url> usbdrive0 <destination file> port <port>
copy https <url> usbdrive0 <destination file> port <port> username <username> password
<password>
Syntax Description
when copying the file. If allow-tls1.0 is enabled, Secure Socket Layer
version 3 (SSLv3) can also optionally be enabled.
allow-tls1.1 Optional. Allows the use of TLS protocol version 1.1 when copying the file.
If allow-tls1.1 is enabled, SSLv3 can also optionally be enabled.
allow-sslv3 Optional. Allows the use of SSLv3 when copying the file. If SSLv3 is
enabled, then TLS version 1.0 is automatically enabled.
<destination file> Specifies the new name of the file after it is copied.
cflash Specifies the CompactFlash card as the destination for the copied file.
dynvoice-config Specifies that the file copied from the HTTP secure server overwrite the
dynamic voice configuration file.
flash Specifies the flash memory as the destination for the copied file.


https <url> Specifies the URL of the HTTP secure server.
password <password> Optional. Specifies a password to use with HTTPS authentication.
port <port> Optional. Specifies the port used to transfer the specified file from an HTTP
secure server. Range is 0 to 65335.
ramdisk Specifies the volatile RAM disk as the destination for the copied file.
running-config Replaces the active running configuration with the file copied from the
HTTP secure server.
startup-config Replaces the startup configuration file with the file copied from the HTTP
secure server.
usbdrive0 Specifies the USB flash drive memory as the destination for the copied file.
username <username> Optional. Specifies a user name to use with HTTPS authentication.
Default Values
By default, the port value is 443.
Command History
Release R10.5.0 Command was expanded to include the password and username
parameters.
parameters.
Usage Examples
The following example replaces the current running configuration file with newconfig.txt from the HTTPS
server (MyWebServer):
#copy https https://MyWebServer.com/newconfig.txt running-config

Initiating HTTPS transfer...
Transfer Complete!
#
The following example copies the file myfile.biz from the HTTPS server (10.200.2.4) and saves it to
#copy https https://10.200.2.4/myfile.biz cflash newfile.biz

Initiating HTTPS transfer...
Transfer Complete!

copy ramdisk
Use the copy ramdisk command to copy files located in the volatile RAM disk memory to a specified
destination. Variations of this command include:
copy ramdisk <source file> flash

copy ramdisk <source file> flash <new file>
copy ramdisk <source file> http <url>
copy ramdisk <source file> http <url> username <username> password <password>
copy ramdisk <source file> http <url> port <port>
copy ramdisk <source file> http <url> port <port> username <username> password <password>
copy ramdisk <source file> https <url>
copy ramdisk <source file> https <url> allow-tls1.0
copy ramdisk <source file> https <url> allow-tls1.0 allow-tls1.1
copy ramdisk <source file> https <url> allow-tls1.0 allow-tls1.1 allow-sslv3
copy ramdisk <source file> https <url> allow-tls1.0 allow-sslv3
copy ramdisk <source file> https <url> allow-tls1.1
copy ramdisk <source file> https <url> allow-tls1.1 allow-sslv3
copy ramdisk <source file> https <url> allow-sslv3
copy ramdisk <source file> https <url> username <username> password <password>
copy ramdisk <source file> https <url> allow-tls1.0 username <username> password <password>
copy ramdisk <source file> https <url> allow-tls1.0 allow-tls1.1 username <username> password
<password>
copy ramdisk <source file> https <url> allow-tls1.0 allow-tls1.1 allow-sslv3 username <username>
password <password>
copy ramdisk <source file> https <url> allow-tls1.0 allow-sslv3 username <username> password
<password>
copy ramdisk <source file> https <url> allow-tls1.1 username <username> password <password>
copy ramdisk <source file> https <url> allow-tls1.1 allow-sslv3 username <username> password
<password>
copy ramdisk <source file> https <url> allow-sslv3 username <username> password <password>
copy ramdisk <source file> https <url> port <port>
copy ramdisk <source file> https <url> port <port> allow-tls1.0
copy ramdisk <source file> https <url> port <port> allow-tls1.0 allow-tls1.1
copy ramdisk <source file> https <url> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3
copy ramdisk <source file> https <url> port <port> allow-tls1.0 allow-sslv3
copy ramdisk <source file> https <url> port <port> allow-tls1.1
copy ramdisk <source file> https <url> port <port> allow-tls1.1 allow-sslv3
copy ramdisk <source file> https <url> port <port> allow-sslv3
copy ramdisk <source file> https <url> port <port> username <username> password <password>
copy ramdisk <source file> https <url> port <port> allow-tls1.0 username <username> password
<password>
copy ramdisk <source file> https <url> port <port> allow-tls1.0 allow-tls1.1 username <username>
password <password>
copy ramdisk <source file> https <url> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3 username
copy ramdisk <source file> https <url> port <port> allow-tls1.0 allow-sslv3 username <username>

password <password>
copy ramdisk <source file> https <url> port <port> allow-tls1.1 username <username> password
<password>
copy ramdisk <source file> https <url> port <port> allow-tls1.1 allow-sslv3 username <username>
password <password>
copy ramdisk <source file> https <url> port <port> allow-sslv3 username <username> password
<password>
copy ramdisk <source file> overwrite primary
copy ramdisk <source file> overwrite primary verify
copy ramdisk <source file> overwrite secondary
copy ramdisk <source file> overwrite secondary verify
copy ramdisk tftp
copy ramdisk xmodem
Not all units are capable of using a RAM disk file system. Use the copy ? command to
display a list of valid commands at the enable prompt.
Syntax Description
<new file> Specifies the new file name.
<source file> Specifies the name of the source file to copy.
flash Specifies the location to copy the new file as the system flash memory.
locator (URL) to which to transfer the source file using the HTTP PUT
operation.
uniform resource locator (URL) to which to transfer the source file using the
HTTPS PUT operation.
enabled.
allow-sslv3 Optional. Allows the use of SSLv3 when transferring the source file. If
SSLv3 is enabled, then TLS version 1.0 is automatically enabled.
overwrite primary Replaces the primary boot image file with the file from RAM disk. The file to
be overwritten is deleted prior to copying the new file. In order for this
command to succeed, the RAM disk must be mounted, the specified file
must exist, and the specified file must verify with a valid signature for the
unit.

overwrite secondary Replaces the secondary boot image file with the file from RAM disk. The file
to be overwritten is deleted prior to copying the new file. In order for this
command to succeed, the RAM disk must be mounted, the specified file
must exist, and the specified file must verify with a valid signature for the
unit.
tftp Copies the specified file from the RAM disk to a specified Trivial File
Transfer Protocol (TFTP) server.
After the command is entered, the following prompts require additional
information:
RAM disk) to copy to the TFTP server.
TFTP server.
username <username> Optional. Specifies a user name to use with HTTP or HTTPS authentication.
verify Optional. Specifies that a second verification of the new primary or
secondary boot system image is performed after it is copied.
xmodem Copies the specified file from the RAM disk (using the XMODEM protocol)
to the terminal connected to the console port. XMODEM capability is
provided in VT100 terminal emulation software, such as HyperTerminal.
After the command is entered, the following prompts require additional
information:
RAM disk) to copy using XMODEM.
Default Values
Command History
Release R10.5.0 Command was expanded to include the following parameters: http, https,
port, username, and password.
parameters.

Usage Examples
The following example creates a copy of the file myfile.biz (located on the RAM disk), names the new file
newfile.biz, and places the new file in flash memory:
>enable
#copy ramdisk myfile.biz flash newfile.biz
The following example copies the software file myfile.biz (located on the RAM disk) to a TFTP server:
>enable
#copy ramdisk tftp
Destination filename? myfile.biz
Sent 769060 bytes.
Transfer Complete!
The following example copies the software file myfile.biz (located on the RAM disk) to the connected
terminal using XMODEM protocol:
>enable
#copy ramdisk xmodem
CCCCCC
Sent 231424 bytes.

Transfer complete

copy running-config
Use the copy running-config command to create a copy of the current running configuration and replace
the current startup configuration or save it to a specified location. Certain variations of this command are
available only on specific AOS units and are explained below.
copy running-config <filename>

copy running-config http <url>
copy running-config http <url> username <username> password <password>
copy running-config http <url> port <port>
copy running-config http <url> port <port> username <username> password <password>
copy running-config https <url>
copy running-config https <url> allow-tls1.0
copy running-config https <url> allow-tls1.0 allow-tls1.1
copy running-config https <url> allow-tls1.0 allow-tls1.1 allow-sslv3
copy running-config https <url> allow-tls1.0 allow-sslv3
copy running-config https <url> allow-tls1.1
copy running-config https <url> allow-tls1.1 allow-sslv3
copy running-config https <url> allow-sslv3
copy running-config https <url> username <username> password <password>
copy running-config https <url> allow-tls1.0 username <username> password <password>
copy running-config https <url> allow-tls1.0 allow-tls1.1 username <username> password
<password>
copy running-config https <url> allow-tls1.0 allow-tls1.1 allow-sslv3 username <username>
password <password>
copy running-config https <url> allow-tls1.0 allow-sslv3 username <username> password
<password>
copy running-config https <url> allow-sslv3 username <username> password <password>
copy running-config https <url> port <port>
copy running-config https <url> port <port> allow-tls1.0
copy running-config https <url> port <port> allow-tls1.0 allow-tls1.1
copy running-config https <url> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3
copy running-config https <url> port <port> allow-tls1.0 allow-sslv3
copy running-config https <url> port <port> allow-sslv3
copy running-config https <url> port <port> username <username> password <password>
copy running-config https <url> port <port> allow-tls1.0 username <username> password
<password>
copy running-config https <url> port <port> allow-tls1.0 allow-tls1.1 username <username>
password <password>
copy running-config https <url> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3 username
copy running-config https <url> port <port> allow-tls1.0 allow-sslv3 username <username>
password <password>
copy running-config https <url> port <port> allow-tls1.1 username <username> password
<password>

copy running-config https <url> port <port> allow-tls1.1 allow-sslv3 username <username>
password <password>
copy running-config https <url> port <port> allow-sslv3 username <username> password
<password>
copy running-config tftp
copy running-config xmodem
copy running-config cflash <filename>

copy running-config cflash startup-config
copy running-config flash <filename>
copy running-config flash startup-config
capability:
copy running-config dynvoice-config

copy running-config dynvoice-config tftp
copy running-config dynvoice-config http <url>
copy running-config non-dynvoice-config http <url>
copy running-config ramdisk <filename>
copy running-config usbdrive0 <filename>

copy running-config usbdrive0 startup-config
Syntax Description
<filename> Specifies the filename to use when saving the configuration file.
cflash Specifies the location so save the current running configuration as the
CompactFlash card.
dynvoice-config Copies the current active voice running configuration and saves it to the
dynamic voice configuration file.
flash Specifies saving the current running configuration to flash memory.
locator (URL) to which to transfer the configuration file using the HTTP PUT
operation.
uniform resource locator (URL) to which to transfer the configuration file
using the HTTPS PUT operation.

when transferring the configuration file. If allow-tls1.0 is enabled, Secure
Socket Layer version 3 (SSLv3) can also optionally be enabled.
allow-tls1.1 Optional. Allows the use of TLS version 1.1 when transferring the
configuration file. If allow-tls1.1 is enabled, SSLv3 can also optionally be
enabled.
allow-sslv3 Optional. Allows the use of SSLv3 when transferring the configuration file. If
SSLv3 is enabled, then TLS version 1.0 is automatically enabled.
non-dynvoice-config Copies the current nondynamic portion of the voice running configuration
and saves it to the nondynamic voice configuration file.
ramdisk Copies the current running configuration to the volatile RAM disk.
startup-config Replaces the startup configuration (located in either CompactFlash or
system flash) with a copy of the current running configuration.
tftp Copies the current running configuration or newly stored dynamic voice
configuration file to the specified Trivial File Transfer Protocol (TFTP)
server.
After copy running-config tftp or copy running-config dynvoice-config
tftp is entered, the following prompts require additional information:
TFTP server.
usbdrive0 Copies the current running configuration to the USB flash drive memory.
xmodem Copies the current running configuration (using the XMODEM protocol) to
Default Values
Command History
Release R10.5.0 Command was expanded to include the port, username, and password
parameters.

parameters.
Usage Examples
The following example copies the current running configuration to the startup configuration file located in
flash memory:
>enable
#copy running-config flash startup-config
Building configuration...
Done. Success!
The following example copies the current running configuration to CompactFlash memory and names the
file config_01.txt:
>enable
#copy running-config cflash config_01.txt
Percent Compete 100%
#
The following example copies the current running configuration to a TFTP server and names the file
config_01.txt:
>enable
#copy running-config tftp
Destination filename? config_01.txt
Sent 3099 bytes.
Transfer Complete!
The following example copies the current running configuration to the connected terminal using XMODEM
protocol:
>enable
#copy running-config xmodem
CCCCCC
Sent 3704 bytes.

Transfer complete!

copy scp
Use the copy scp command to securely copy a file using Secure Copy Protocol (SCP) from a secure shell
(SSH) server. Variations of this command include:
copy scp <url> flash <filename>

copy scp <url> flash <filename> force-overwrite
copy scp <url> flash <filename> force-overwrite myprivkey
copy scp <url> flash <filename> force-overwrite myprivkey dsa
copy scp <url> flash <filename> force-overwrite myprivkey rsa
copy scp <url> flash <filename> force-overwrite password <password>
copy scp <url> flash <filename> force-overwrite port <port>
copy scp <url> flash <filename> force-overwrite port <port> myprivkey
copy scp <url> flash <filename> force-overwrite port <port> myprivkey dsa
copy scp <url> flash <filename> force-overwrite port <port> myprivkey rsa
copy scp <url> flash <filename> force-overwrite port <port> password <password>
copy scp <url> flash <filename> force-overwrite port <port> privkey <filename>
copy scp <url> flash <filename> force-overwrite privkey <filename>
copy scp <url> flash <filename> myprivkey
copy scp <url> flash <filename> myprivkey dsa
copy scp <url> flash <filename> myprivkey rsa
copy scp <url> flash <filename> password <password>
copy scp <url> flash <filename> port <port>
copy scp <url> flash <filename> port <port> myprivkey
copy scp <url> flash <filename> port <port> myprivkey dsa
copy scp <url> flash <filename> port <port> myprivkey rsa
copy scp <url> flash <filename> port <port> password <password>
copy scp <url> flash <filename> port <port> privkey <filename>
copy scp <url> flash <filename> privkey <filename>
copy scp <url> cflash <filename> force-overwrite myprivkey dsa

copy scp <url> cflash <filename> force-overwrite myprivkey rsa
copy scp <url> cflash <filename> force-overwrite port <port> myprivkey dsa
copy scp <url> cflash <filename> force-overwrite port <port> myprivkey rsa
copy scp <url> cflash <filename> myprivkey dsa
copy scp <url> cflash <filename> myprivkey rsa
copy scp <url> cflash <filename> port <port> myprivkey dsa
copy scp <url> cflash <filename> port <port> myprivkey rsa
Syntax Description
<url> Specifies the source uniform resource locator (URL) on the remote server
from which the file is copied. Specify the URL in the following format:
user@server: /path/filename.

cflash Specifies the file is copied securely to the CompactFlash card.

flash Specifies the file is copied securely to the flash drive.
<filename> Specifies the name of the file to copy from the SSH server.
force-overwrite Optional. Specifies the copied file overwrites an existing file.
authentication.
password <password> Optional. Specifies a password is used for SSH authentication.
port <port> Optional. Specifies a port to use for file transfer. Valid range is 1 to 65535.
privkey <filename> Optional. Specifies a private key is used for SSH authentication. The file
name is the name of the private key file in privacy enhanced email (PEM)
format.
Default Values
Command History
Release R10.10 Command was introduced.
Release R13.11.0 Command was expanded to include myprivkey, myprivkey dsa, and
myprivkey rsa parameters. Compact Flash commands were added.
Usage Examples
The following example uses SCP to copy FILE1 securely to flash from the SSH server john@server1.
SSH authentication is performed using a password:
>enable
#copy scp john@server1:/FILE1 flash FILE1 password PSWD

copy sftp
Use the copy sftp command to securely copy a file using Secure File Transfer Protocol from a secure shell
(SSH) server. Variations of this command include:
copy sftp <url> flash <filename>

copy sftp <url> flash <filename> force-overwrite
copy sftp <url> flash <filename> force-overwrite myprivkey
copy sftp <url> flash <filename> force-overwrite myprivkey dsa
copy sftp <url> flash <filename> force-overwrite myprivkey rsa
copy sftp <url> flash <filename> force-overwrite password <password>
copy sftp <url> flash <filename> force-overwrite port <port>
copy sftp <url> flash <filename> force-overwrite port <port> myprivkey
copy sftp <url> flash <filename> force-overwrite port <port> myprivkey dsa
copy sftp <url> flash <filename> force-overwrite port <port> myprivkey rsa
copy sftp <url> flash <filename> force-overwrite port <port> password <password>
copy sftp <url> flash <filename> force-overwrite port <port> privkey <filename>
copy sftp <url> flash <filename> force-overwrite privkey <filename>
copy sftp <url> flash <filename> myprivkey
copy sftp <url> flash <filename> myprivkey dsa
copy sftp <url> flash <filename> myprivkey rsa
copy sftp <url> flash <filename> password <password>
copy sftp <url> flash <filename> port <port>
copy sftp <url> flash <filename> port <port> myprivkey
copy sftp <url> flash <filename> port <port> myprivkey dsa
copy sftp <url> flash <filename> port <port> myprivkey rsa
copy sftp <url> flash <filename> port <port> password <password>
copy sftp <url> flash <filename> port <port> privkey <filename>
copy sftp <url> flash <filename> privkey <key>
Syntax Description
<url> Specifies the source uniform resource locator (URL) on the remote server
from which the file is copied. Specify the URL in the following format:
user@server: /path/filename.
<filename> Specifies the name of the file to copy from the SSH server.
authentication.

privkey <filename> Optional. Specifies a 3rd party private key is used for SSH authentication.
The file name is the name of the private key file in privacy enhanced email
(PEM) format.
Default Values
Command History
Usage Examples
The following example uses SFTP to copy FILE1 securely to flash from the SSH server john@server1.
SSH authentication is performed using a password:
>enable
#copy sftp john@server1:/FILE1 flash FILE1 password PSWD

copy vrf
Use the copy vrf command to securely copy a file from a virtual routing and forwarding (VRF) instance.
copy vrf <name> flash scp <url>

copy vrf <name> flash scp <url> myprivkey
copy vrf <name> flash scp <url> myprivkey dsa
copy vrf <name> flash scp <url> myprivkey rsa
copy vrf <name> flash scp <url> password
copy vrf <name> flash scp <url> port <port>
copy vrf <name> flash scp <url> port <port> myprivkey
copy vrf <name> flash scp <url> port <port> myprivkey dsa
copy vrf <name> flash scp <url> port <port> myprivkey rsa
copy vrf <name> flash scp <url> port <port> password <password>
copy vrf <name> flash scp <url> port <port> privkey <filename>
copy vrf <name> flash scp <url> privkey <filename>
copy vrf <name> flash sftp <url>
copy vrf <name> flash sftp <url> myprivkey
copy vrf <name> flash sftp <url> myprivkey dsa
copy vrf <name> flash sftp <url> myprivkey rsa
copy vrf <name> flash sftp <url> password
copy vrf <name> flash sftp <url> port <port>
copy vrf <name> flash sftp <url> port <port> myprivkey
copy vrf <name> flash sftp <url> port <port> myprivkey dsa
copy vrf <name> flash sftp <url> port <port> myprivkey rsa
copy vrf <name> flash sftp <url> port <port> password <password>
copy vrf <name> flash sftp <url> port <port> privkey <filename>
copy vrf <name> flash sftp <url> privkey <filename>
copy vrf <name> scp <url> flash <filename>
copy vrf <name> scp <url> flash <filename> force-overwrite
copy vrf <name> scp <url> flash <filename> force-overwrite myprivkey
copy vrf <name> scp <url> flash <filename> force-overwrite myprivkey dsa
copy vrf <name> scp <url> flash <filename> force-overwrite myprivkey rsa
copy vrf <name> scp <url> flash <filename> force-overwrite password <password>
copy vrf <name> scp <url> flash <filename> force-overwrite port <port>
copy vrf <name> scp <url> flash <filename> force-overwrite port <port> myprivkey
copy vrf <name> scp <url> flash <filename> force-overwrite port <port> myprivkey dsa
copy vrf <name> scp <url> flash <filename> force-overwrite port <port> myprivkey rsa
copy vrf <name> scp <url> flash <filename> force-overwrite port <port> password <password>
copy vrf <name> scp <url> flash <filename> force-overwrite port <port> privkey <filename>
copy vrf <name> scp <url> flash <filename> force-overwrite privkey <filename>
copy vrf <name> scp <url> flash <filename> myprivkey
copy vrf <name> scp <url> flash <filename> myprivkey dsa
copy vrf <name> scp <url> flash <filename> myprivkey rsa
copy vrf <name> scp <url> flash <filename> password <password>

copy vrf <name> scp <url> flash <filename> port <port>

copy vrf <name> scp <url> flash <filename> port <port> myprivkey
copy vrf <name> scp <url> flash <filename> port <port> myprivkey dsa
copy vrf <name> scp <url> flash <filename> port <port> myprivkey rsa
copy vrf <name> scp <url> flash <filename> port <port> password <password>
copy vrf <name> scp <url> flash <filename> port <port> privkey <filename>
copy vrf <name> scp <url> flash <filename> privkey <filename>
copy vrf <name> sftp <url> flash <filename>
copy vrf <name> sftp <url> flash <filename> force-overwrite
copy vrf <name> sftp <url> flash <filename> force-overwrite myprivkey
copy vrf <name> sftp <url> flash <filename> force-overwrite myprivkey dsa
copy vrf <name> sftp <url> flash <filename> force-overwrite myprivkey rsa
copy vrf <name> sftp <url> flash <filename> force-overwrite password <password>
copy vrf <name> sftp <url> flash <filename> force-overwrite port <port>
copy vrf <name> sftp <url> flash <filename> force-overwrite port <port> myprivkey
copy vrf <name> sftp <url> flash <filename> force-overwrite port <port> myprivkey dsa
copy vrf <name> sftp <url> flash <filename> force-overwrite port <port> myprivkey rsa
copy vrf <name> sftp <url> flash <filename> force-overwrite port <port> password <password>
copy vrf <name> sftp <url> flash <filename> force-overwrite port <port> privkey <filename>
copy vrf <name> sftp <url> flash <filename> force-overwrite privkey <filename>
copy vrf <name> sftp <url> flash <filename> myprivkey
copy vrf <name> sftp <url> flash <filename> myprivkey dsa
copy vrf <name> sftp <url> flash <filename> myprivkey rsa
copy vrf <name> sftp <url> flash <filename> password <password>
copy vrf <name> sftp <url> flash <filename> port <port>
copy vrf <name> sftp <url> flash <filename> port <port> myprivkey
copy vrf <name> sftp <url> flash <filename> port <port> myprivkey dsa
copy vrf <name> sftp <url> flash <filename> port <port> myprivkey rsa
copy vrf <name> sftp <url> flash <filename> port <port> password <password>
copy vrf <name> sftp <url> flash <filename> port <port> privkey <filename>
copy vrf <name> sftp <url> flash <filename> privkey <filename>
Syntax Description
<filename> Specifies the name of the file to copy.
authentication.

privkey <filename> Optional. Specifies a private key is used for SSH authentication. The file
name is the name of the private key file in privacy enhanced email (PEM)
format.
vrf <name> Specifies a non-default virtual routing and forwarding (VRF) instance from
which to copy the file.
flash Specifies the file is copied securely from the flash drive.
Locator (URL) from which to transfer the source file. Specify the URL in the
Locator (URL) from which to transfer the source file. Specify the URL in the
Default Values
Command History
Release 13.11.0 Command was expanded to include sftp, myprivkey, myprivkey dsa, and
myprivkey rsa parameters.
Usage Examples
The following example uses SCP to copy FILE1 from the VRF instance V1 on the SSH server
john@server1 and performs SSH authentication using a password:
>enable
#copy vrf V1 scp john@server1:/FILE1 flash FILE1 password PSWD
copy startup-config
Use the copy startup-config command to create a copy of the current startup configuration file and replace
the current running configuration or save it to a specified memory location.
Variations of this command (valid on all AOS units) include:
copy startup-config <filename>

copy startup-config http <url>
copy startup-config http <url> username <username> password <password>

copy startup-config http <url> port <port>

copy startup-config http <url> port <port> username <username> password <password>
copy startup-config https <url>
copy startup-config https <url> allow-tls1.0
copy startup-config https <url> allow-tls1.0 allow-tls1.1
copy startup-config https <url> allow-tls1.0 allow-tls1.1 allow-sslv3
copy startup-config https <url> allow-tls1.0 allow-sslv3
copy startup-config https <url> allow-tls1.1
copy startup-config https <url> allow-tls1.1 allow-sslv3
copy startup-config https <url> allow-sslv3
copy startup-config https <url> username <username> password <password>
copy startup-config https <url> allow-tls1.0 username <username> password <password>
copy startup-config https <url> allow-tls1.0 allow-tls1.1 username <username> password
<password>
copy startup-config https <url> allow-tls1.0 allow-tls1.1 allow-sslv3 username <username>
password <password>
copy startup-config https <url> allow-tls1.0 allow-sslv3 username <username> password
<password>
copy startup-config https <url> allow-tls1.1 username <username> password <password>
copy startup-config https <url> allow-tls1.1 allow-sslv3 username <username> password
<password>
copy startup-config https <url> allow-sslv3 username <username> password <password>
copy startup-config https <url> port <port>
copy startup-config https <url> port <port> allow-tls1.0
copy startup-config https <url> port <port> allow-tls1.0 allow-tls1.1
copy startup-config https <url> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3
copy startup-config https <url> port <port> allow-tls1.0 allow-sslv3
copy startup-config https <url> port <port> allow-sslv3
copy startup-config https <url> port <port> username <username> password <password>
copy startup-config https <url> port <port> allow-tls1.0 username <username> password
<password>
copy startup-config https <url> port <port> allow-tls1.0 allow-tls1.1 username <username> password
<password>
copy startup-config https <url> port <port> allow-tls1.0 allow-tls1.1 allow-sslv3 username
copy startup-config https <url> port <port> allow-tls1.0 allow-sslv3 username <username> password
<password>
copy startup-config https <url> port <port> allow-tls1.1 username <username> password
<password>
copy startup-config https <url> port <port> allow-tls1.1 allow-sslv3 username <username> password
<password>
copy startup-config https <url> port <port> allow-sslv3 username <username> password <password>
copy startup-config running-config
copy startup-config tftp
copy startup-config xmodem

Variations of this command (valid only on AOS units with CompactFlash® capability) include:
copy startup-config cflash <filename>

copy startup-config flash <filename>
Variations of this command (valid only on AOS units with ramdisk enabled) include:
copy startup-config ramdisk <filename>
copy startup-config usbdrive0 <filename>
Syntax Description
<filename> Specifies the file name to use when saving the startup configuration file.
cflash Copies the startup configuration file and saves it to the CompactFlash card
flash Copies the startup configuration file and saves it to flash memory using the
http <url> Copies the startup configuration file and transfers it to a Hypertext Transfer
Protocol (HTTP) server using the specified HTTP server uniform resource
locator (URL). This function use the HTTP PUT operation.
https <url> Copies the startup configuration file and transfers it to a secure socket
Hypertext Transfer Protocol Secure (HTTPS) server using the specified
HTTPS server URL. This function use the HTTPS PUT operation.
when transferring the startup configuration file. If allow-tls1.0 is enabled,
Secure Socket Layer version 3 (SSLv3) can also optionally be enabled.
startup configuration file. If allow-tls1.1 is enabled, SSLv3 can also
optionally be enabled.
allow-sslv3 Optional. Allows the use of SSLv3 when transferring the startup
configuration file. If SSLv3 is enabled, then TLS version 1.0 is automatically
enabled.
ramdisk <filename> Copies the current startup configuration file to the volatile RAM disk using
the specified file name.
running-config Merges the current running configuration with the startup configuration file.
tftp Copies the current startup configuration file to a specified Trivial File
After copy startup-config tftp is entered, the following prompts require


TFTP server.
usbdrive0 Copies the startup configuration and saves it to the USB flash drive memory
xmodem Copies the current startup configuration (using the XMODEM protocol) to
Default Values
Command History
Release R10.5.0 Command was expanded to include the port, username, and password
parameters.
parameters.

Usage Examples
The following example copies the startup configuration file to the current running configuration:
>enable
#copy startup-config running-config
Opening and applying file...
Any changes made to the current running configuration of the AOS unit that have not been
saved to the startup configuration file (using the write command) will be lost when the
copy startup-config running-config command is entered.
The following example copies the startup configuration file (located in flash memory) to CompactFlash and
names the file config_01.txt:
>enable
#copy startup-config cflash config_01.txt
#
The following example copies the current startup configuration file to a TFTP server and names the file
startup_01.txt:
>enable
#copy startup-config tftp
Destination filename? startup_01.txt
Sent 3099 bytes.
Transfer Complete!
The following example copies the current startup configuration to the connected terminal using XMODEM
protocol:
>enable
#copy startup-config xmodem
CCCCCC
Sent 3704 bytes.

Transfer complete!

copy tftp
Use the copy tftp command to copy a file located on a network Trivial File Transfer Protocol (TFTP)
server to a specified destination.
copy tftp flash

copy tftp running-config
copy tftp startup-config
copy tftp cflash
Variations of this command (valid only on AOS units with CompactFlash AND voice capability) include:
copy tftp dynvoice-config
copy tftp ramdisk
copy tftp usbdrive0
Syntax Description
cflash Copies a file from the TFTP server to the CompactFlash card.
dynvoice-config Specifies that the file copied from the TFTP server overwrite the dynamic
voice configuration file.
flash Copies a file from the TFTP server to the flash memory.
ramdisk Copies a file from the TFTP server to the volatile RAM disk.
running-config Replaces the active running configuration with the file copied from the TFTP
server.
startup-config Replaces the startup configuration with the file copied from the TFTP
server.
After entering copy tftp and specifying the destination, AOS prompts for the
following information:
Source filename: Specifies the name of the file to copy from the
TFTP server.
copied file. (Valid only for the copy tftp cflash,
copy tftp flash, copy tftp ramdisk commands.)
usbdrive0 Copies a file from the TFTP server to the USB flash drive memory.

Default Values
Command History
Usage Examples
The following example replaces the current running configuration file with newconfig.txt from the TFTP
server (10.200.2.4):
#copy tftp running-config

Source filename? newconfig.txt
Transfer Complete!
#
The following example copies the file myfile.biz from the TFTP server (10.200.2.4) and saves it
#copy tftp cflash

Destination filename? newfile.biz
Transfer Complete!
#

copy tftp dot11ap

Use the copy tftp dot11ap command to upgrade the firmware on a specific access point (AP) using Trivial
File Transfer Protocol (TFTP). Variations of this command include:
copy tftp dot11ap interface <ap number>

copy tftp dot11ap mac-address <mac address>
Syntax Description
interface <ap number> Specifies the AP interface number to which to apply the firmware
upgrade.
mac-address <mac address> Specifies the medium access control (MAC) address of the AP’s physical
Ethernet interface to which to apply the firmware upgrade. Enter MAC
addresses in the format HH:HH:HH:HH:HH:HH.
Default Values
Command History
Usage Examples
The following example specifies that a firmware upgrade is applied using TFTP to the AP interface 2:
>enable
#copy tftp dot11ap interface 2

copy usbdrive0
Use the copy usbdrive0 command to copy files located in Universal Serial Bus (USB) flash drive memory
to a specified destination.
copy usbdrive0 <source file> boot

copy usbdrive0 <source file> flash
copy usbdrive0 <source file> flash <new file>
copy usbdrive0 <source file> http <url>
copy usbdrive0 <source file> http <url> port <port>
copy usbdrive0 <source file> http <url> port <port> username <username> password <password>
copy usbdrive0 <source file> http <url> username <username> password <password>
copy usbdrive0 <source file> https <url>
copy usbdrive0 <source file> https <url> port <port>
copy usbdrive0 <source file> https <url> port <port> username <username> password <password>
copy usbdrive0 <source file> https <url> username <username> password <password>
copy usbdrive0 <source file> startup-config
copy usbdrive0 tftp
copy usbdrive0 <source file> usbdrive0 <new file>
copy usbdrive0 xmodem
Syntax Description
<new file> Saves the file using the specified file name.
(ROM).
flash Copies the specified file and saves it to flash memory.
http <url> Copies the specified source file and transfers it to a Hypertext Transfer
Protocol (HTTP) server using the specified HTTP server uniform resource
locator (URL). This function uses the HTTP PUT operation.
https <url> Copies the specified source file and transfers it to a secure socket
Hypertext Transfer Protocol Secure (HTTPS) server using the specified
HTTPS server URL. This function uses the HTTPS PUT operation.
iport <port> Optional. Specifies the port used to transfer the specified file to an HTTP or
password <password> Optional. Specifies a password to use with HTTP or HTTPS authentication.
startup-config Replaces the startup configuration file with a copy of the specified file.
tftp Copies any file located in USB flash drive memory to a specified Trivial File
After copy usbdrive0 tftp is entered, the following prompts require

Source filename: Specifies the name of the file (located in USB flash
drive memory) to copy to the TFTP server.
TFTP server.
usbdrive0 <new file> Copies the specified file and saves it to USB flash drive memory.
username <username> Optional. Specifies a user name to use with HTTP or HTTPS
authentication.
xmodem Copies any file located in USB flash drive memory (using the XMODEM
protocol) to the PC connected to the console port. XMODEM capability is
provided in VT100 terminal emulation software, such as HyperTerminal.
After copy flash xmodem is entered, the following prompts the require
Source filename: Specifies the name of the file to copy from USB
flash drive memory using XMODEM.
Default Values
Command History
parameters.
Usage Examples
The following example creates a copy of the file myfile.biz (located in USB flash drive memory), names
the new file newfile.biz, and places the new file in flash memory:
>enable
#copy usbdrive0 myfile.biz flash newfile.biz
The following example copies the file myfile.biz (located in USB flash drive memory) to CompactFlash
memory and names the new file newfile.biz:
>enable
#copy usbdrive0 myfile.biz cflash newfile.biz
The following example copies the file new_startup_config.txt (located in USB flash drive memory) to the
startup configuration file:
>enable
#copy usbdrive0 new_startup_config.txt startup-config

copy xmodem
Use the copy xmodem command to copy a file (using the XMODEM protocol) to a specified destination.
XMODEM capability is provided in VT100 terminal emulation software, such as HyperTerminal.
copy xmodem cflash
Variations of this command (valid only on AOS units with CompactFlash AND voice capability) include:
copy xmodem dynvoice-config
copy xmodem ramdisk
copy xmodem usbdrive0
copy xmodem flash

copy xmodem running-config
copy xmodem startup-config
Syntax Description
cflash Copies a file from the terminal connected to the console port and saves it to
the CompactFlash card.
After entering copy xmodem cflash, AOS prompts for the following
information:
copied file to cflash memory.
dynvoice-config Specifies that the file copied from the terminal connected to the console port
overwrite the dynamic voice configuration file.
flash Copies a file from the terminal connected to the console port and saves it to
flash memory.
After entering copy xmodem flash, AOS prompts for the following
information:
copied file to flash memory.
ramdisk Copies a file from the terminal connected to the console port and saves it to
the volatile RAM disk.
running-config Replaces the active running configuration with a file copied from the
terminal connected to the console port.

startup-config Replaces the startup configuration with a file copied from the terminal
connected to the console port.
usbdrive0 Copies a file from the terminal connected to the console port and saves it to
the USB flash drive memory.
Default Values
Command History
Usage Examples
The following example copies a software file (myfile.biz) to flash memory and renames it newfile.biz:
#copy xmodem flash

Destination filename? newfile.biz
CCCCCC
AOS is now ready to accept the file on the CONSOLE port (using the XMODEM protocol). The next step in
the process may differ depending on the type of terminal emulation software you are using. For
HyperTerminal, you will now select Transfer > Send File and browse to the file you wish to copy
myfile.biz. Once the transfer is complete, information similar to the following is displayed:

Transfer complete

debug aaa
Use the debug aaa command to activate debug messages associated with authentication from the
authentication, authorization, and accounting (AAA) subsystem. Debug messages are displayed (real time)
on the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages.
Turning on a large amount of debug information can adversely affect the performance of
your unit.
Syntax Description
No subcommands.
Default Values
By default, all debug messages in AOS are disabled.
Command History
Functional Notes
The debug aaa events include connection notices, login attempts, and session tracking.
Usage Examples
The following is sample output for this command:
>enable
#debug aaa
AAA: New Session on portal 'TELNET 0 (172.22.12.60:4867)'.
AAA: No list mapped to 'TELNET 0'. Using 'default'.
AAA: Attempting authentication (username/password).
AAA: RADIUS authentication failed.
AAA: Authentication failed.
AAA: Closing Session on portal 'TELNET 0 (172.22.12.60:4867)'.

debug activchassis
Use the debug activchassis command to enable debug messaging for ActivChassis. Variations of this
command include:
debug activchassis
debug activchassis election
debug activchassis fan
debug activchassis filesync
debug activchassis linecard
debug activchassis poe
debug activchassis rpc
debug activchassis sfp
your unit.
Syntax Description
election Optional. Specifies that debug messages for ActivChassis election events
are enabled.
fan Optional. Specifies that debug messages for ActivChassis fan events are
enabled.
filesync Optional. Specifies that debug messages for ActivChassis file
synchronization events are enabled.
linecard Optional. Specifies that debug messages for ActivChassis linecard events
are enabled.
poe Optional. Specifies that debug messages for ActivChassis Power over
Ethernet (PoE) events are enabled.
rpc Optional. Specifies that debug messages for ActivChassis remote
procedure call (RPC) events are enabled.
sfp Optional. Specifies that debug messages for ActivChassis small form-factor
pluggable (SFP) interface events are enabled.
Default Values
Command History
Release R10.7.0 Command was expanded to include the sfp parameter.

Usage Examples
The following example enables debug messages for the entire ActivChassis:
>enable
#debug activchassis

debug arp
Use the debug arp command to activate debug messages associated with IP Address Resolution Protocol
(ARP) transactions. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the
no form of this command to disable the debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates debug messages associated with ARP transactions:
>enable
#debug arp

debug atm events

Use the debug atm events command to display events on all asynchronous transfer mode (ATM) ports and
all virtual circuits. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no
form of this command to disable the debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates ATM event messages:
>enable
#debug atm events

debug atm oam

Use the debug atm oam command to display operations, administration, and maintenance (OAM) packets
for an asynchronous transfer mode (ATM) virtual circuit descriptor (VCD). Debug messages are displayed
(real time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug
messages. Variations of this command include the following:
debug atm oam

debug atm oam <vcd>
debug atm oam <vcd> loopback end-to-end
debug atm oam <vcd> loopback end-to-end <LLID>
debug atm oam <vcd> loopback segment
debug atm oam <vcd> loopback segment <LLID>
your unit.
Syntax Description
<vcd> Optional. Shows OAM packets for a specific VCD.
loopback Optional. Configures an OAM loopback.
end-to-end Optional. Configures an end-to-end OAM loopback.
segment Optional. Configures a segment loopback.
<LLID> Optional. Specifies 16 byte OAM loopback location ID (LLID).
Default Values
Command History
Usage Examples
The following example activates ATM OAM debug messages for VCD 1:
>enable
#debug atm oam 1

debug atm packet

Use the debug atm packet command to activate debug messages associated with packets on asynchronous
transfer mode (ATM) ports and virtual circuits. Debug messages are displayed (real time) to the terminal
(or Telnet) screen. Use the no form of this command to disable the debug messages. Variations of this
command include the following:
debug atm packet

debug atm packet interface atm <port id>
debug atm packet interface atm <port id> vcd <number>
debug atm packet vc <VPI/VCI>
your unit.
Syntax Description
interface atm <port id> Optional. Activates packet debug messages for a specific ATM port and for
all virtual circuits.
vc <VPI/VCI> Optional. Activates packet debug messages for the specified virtual circuit
identified by the virtual path identifier and virtual channel identifier
(VPI/VCI).
vcd <number> Optional. Activates packet debug messages for the specified virtual circuit
descriptors (VCDs).
Default Values
Command History
Usage Examples
The following example activates debug ATM packet debug messages on ATM port 1:
>enable
#debug atm packet interface atm 1

debug auto-config
Use the debug auto-config command to activate debug messages associated automatic configuration
events. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of
this command to disable the debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates debug messages associated with automatic configuration events:
>enable
#debug auto-config

debug auto-link
Use the debug auto-link command to display event messages for the auto-link feature configuration.
Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this
command to disable the debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Release 17.3/A2 Command was introduced.
Usage Examples
The following example activates auto-link debug messages:
>enable
#debug auto-link

debug bgp
Use the debug bgp command to activate debug messages associated with Internet Protocol version 4
(IPv4) Border Gateway Protocol (BGP). Debug messages display general BGP events, such as sent and
received message summaries, route processing actions, and results. These messages are displayed (real
time) on the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages.
debug bgp
debug bgp events
debug bgp in
debug bgp out
debug bgp keepalives
debug bgp scan
debug bgp scan database
debug bgp scan route-table
debug bgp scan soft-reset
debug bgp updates
debug bgp updates quiet
your unit.
Syntax Description
events Optional. Displays significant BGP events, such as a neighbor state
change.
in/out Optional. Displays the same information as debug bgp, but limits
messages to the specified direction (in or out).
keepalives Optional. Displays BGP keepalive packets.
scan Optional. Displays BGP background scan details.
database Optional. Limits output to BGP database scan details.
route-table Optional. Limits output to BGP route table scan details.
soft-reset Optional. Limits output to BGP soft reset scan details.
updates Optional. Displays detailed information on BGP updates for all neighbors.
updates quiet Optional. Displays summary information about BGP neighbor updates.
(Note: updates quiet displays a one-line summary of what update displays
in 104 lines.)
Default Values

Command History
Release 18.3 Command syntax was changed to remove the ip keyword for IPv6 support
in ADTRAN internetworking products. In addition, the scan, database,
route-table, and soft-reset parameters were added.
Release R10.1.0 Command syntax was changed to remove the ip keyword for IPv6 support
in ADTRAN voice products.
Functional Notes
If no arguments are given, the debug bgp command displays general BGP events, such as sent/received
message summaries, route processing actions, and results. Keepalive packets are not debugged with this
command.
Usage Examples
The following example enables debug messages on general outbound BGP messages and events:
>enable
#debug bgp out
07:42:39: BGP OUT 10.15.240.1[2]: Transmitting msg, type=UPDATE (2), len=142

debug bridge
Use the debug bridge command to display messages associated with bridge events. Debug messages are
displayed (real time) to the terminal (or Telnet) screen. Use the no form of this command to disable the
debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates bridge debug messages:
>enable
#debug bridge

debug chat-interfaces <chat interface>

Use the debug chat-interfaces command to activate debug messages associated with chat AT
command-driven interfaces. Debug messages are displayed (real time) on the terminal (or Telnet) screen.
Use the no form of this command to disable the debug messages.
your unit.
Syntax Description
<chat interface> Activates debug messages for the specified chat interface identified by the
slot/port.
Default Values
Command History
Usage Examples
The following example activates debug messages for the chat interface 0/1:
>enable
#debug chat-interfaces 0/1

debug color
Use the debug color command to activate color coding of debug messages. Debug messages are displayed
(real time) on the terminal (or Telnet) screen. Use the no form of this command to disable the color coding
of debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Color coding is based on the debug source and color choices are not configurable.
Usage Examples
The following example enables color coding of debug messages:
>enable
#debug color

debug crypto
Use the debug crypto command to activate debug messages associated with cryptographic operations.
command to disable the debug messages. Variations of this command include:
debug crypto ecies

debug crypto ike
debug crypto ike client authentication
debug crypto ike client configuration
debug crypto ike negotiation
debug crypto pki
your unit.
Syntax Description
ecies Activates debug messages during Elliptic Curve Integrated Encryption
Scheme (ECIES) operations. This information could be useful for
troubleshooting ECIES encryption/decryption issues.
ike Activates all IKE debug messages.
ike client authentication Optional. Displays IKE client authentication messages as they occur.
ike client configuration Optional. Displays mode-config exchanges as they take place over the IKE
security association (SA). It is enabled independently from the debug ike
negotiation messaging.
ike negotiation Optional. Activates only IKE key management debug messages (e.g.,
handshaking).
pki Activates all public key infrastructure (PKI) debug messages.
Default Values
Command History
Release 6.1 Command was expanded to include the pki parameter.
Release R10.5.0 Command syntax was changed to remove debug crypto ipsec. IPsec now
uses the debug data-call command for debug messages.
Release R11.10.0 Command was expanded to include the ecies parameter.

Usage Examples
The following example activates the IKE debug messages:
>enable
#debug crypto ike

debug data-call
Use the debug data-call command to activate debug messages associated with data call errors and events.
Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of this
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates debug messages associated with data call errors and events:
>enable
#debug data-call

debug demand-routing
Use the debug demand-routing command to activate debug messages associated with demand routing
errors and events. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates demand routing error and event messages:
>enable
#debug demand-routing

debug desktop-auditing
Use the debug desktop-auditing command to enable debug messages for clients connected to the
network. The desktop auditing debug messages include the network access protection (NAP) messages
sent between clients and the server. Debug messages are displayed (real time) on the terminal (or Telnet)
screen. Debug messages can be activated for all clients connected to the network or only for specific
clients. Using the no form of this command disables debug messaging for desktop auditing clients.
debug desktop-auditing
debug desktop-auditing hostname <hostname>
debug desktop-auditing interface gigabit-switchport <slot/port>
debug desktop-auditing interface switchport <slot/port>
debug desktop-auditing interface xgigabit-switchport <slot/port>
debug desktop-auditing ip <ip address>
debug desktop-auditing mac <mac address>
your unit.
Syntax Description
hostname <hostname> Optional. Activates debug messages only for the client with
the specified host name.
interface gigabit-switchport <slot/port> Optional. Activates debug messages only for the client using
the specified gigabit switchport interface.
interface switchport <slot/port> Optional. Activates debug messages only for the client using
the specified switchport interface.
interface xgigabit-switchport <slot/port> Optional. Activates debug messages only for the client using
the specified 10 gigabit switchport interface.
ip <ip address> Optional. Activates debug messages only for the client with
the specified IP address. IP addresses should be expressed
in dotted decimal notation (for example, 10.10.10.1).
mac <mac address> Optional. Activates debug messages only for the client with
the specified medium access control (MAC) address. MAC
addresses should be expressed in the following format:
Default Values

Command History
Release R10.7.0 Command was expanded to include the switchport and 10
gigabit switchport interfaces.
Usage Examples
The following is sample output of the debug desktop-auditing command:
2009.08.31 14:30:30 DESKTOP_AUDITING.DHCP.giga-swx 0/5 from 00:E0:29:0E:D5:E3 NAP Capable

client
2009.08.31 14:30:31 DESKTOP_AUDITING.DHCP.giga-swx 0/24 from 00:E0:29:0E:D5:E5 to
00:E0:29:0E:D5:E3 NAP Capable Server
00:E0:29:0E:D5:E5 NAP SoH: Firewall is 3rd-Party, AutoUpdates not downloading or installing
00:E0:29:0E:D5:E3 NAP SoHR: OK

debug dial-backup
Use the debug dial-backup command to activate debug messages associated with dial-backup operation.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Release 2.1 Additional debug messages were implemented for dial-backup operation to
ADTRAN’s IQ and Express Series products.
Functional Notes
The debug dial-backup command activates debug messages to aid in the troubleshooting of dial-backup
links.
Usage Examples
The following example activates debug messages for dial-backup operation:
>enable
#debug dial-backup

debug dialup-interfaces
Use the debug dialup-interfaces command to generate debug messages used to aid in troubleshooting
problems with all dialup interfaces, such as the modem or the basic rate interface (BRI) cards. Debug
messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of this command to
disable the debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
When enabled, these messages provide status information on incoming calls, dialing and answering
progress, etc. These messages also give information on why certain calls are dropped or rejected. It is
beneficial to use this command when troubleshooting dial backup (in addition to the debug dial-backup
command).
Usage Examples
The following example activates the debug messages for dialup interfaces:
>enable
#debug dialup-interfaces

debug dns
Use the debug dns command to activate debug messages associated with domain naming system (DNS)
client operation in AOS. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use
the no form of this command to disable the debug messages. Variations of this command include:
debug dns
debug dns client
debug dns list
debug dns proxy
debug dns query-plan
debug dns resolver-queue
debug dns table
your unit.
Syntax Description
client Optional. Activates debug messages associated with DNS
client operation.
list Optional. Activates debug messages associated with DNS
address lists.
proxy Optional. Activates debug messages associated with DNS
proxy operation.
query-plan Optional. Activates debug messages associated with DNS
query plan operation.
resolver-queue Optional. Activates debug messages associated with DNS
resolver queue operation.
table Optional. Activates debug messages associated with DNS
table operation.
Default Values
Command History
in ADTRAN internetworking products.
Release R11.6.0 Command was expanded to include the list, query-plan, and
resolver-queue parameters.

Functional Notes
The IPv4 and IPv6 DNS capability allows for DNS-based host translation (name-to-address).
Usage Examples
The following example activates debug messages associated with DNS client activity:
>enable
#debug dns client

debug dot11 all

Use the debug dot11 all command to enable all dot11 debugging for the wireless access controller (AC).
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates all dot11 debug messages on the AC:
>enable
#debug dot11 all

debug dot11 client

Use the debug dot11 client command to enable all dot11 client debugging for the wireless access
controller (AC). Debugging can also be limited to clients on a specific access point (AP) interface. Debug
disable the debug messages. Variations of this command include:
debug dot11 client

debug dot11 client interface dot11ap <ap interface>
your unit.
Syntax Description
interface dot11ap <ap interface> Optional. Activates debug messages for the specified AP interface.
Range is 1 to 8.
Default Values
Command History
Usage Examples
The following example activates debug messages for clients on AP interface 1:
>enable
#debug dot11 client interface dot11ap 1
2006.12.23 19:47:04 Dot11 Client: AP(1) Radio(1) VAP(1)Rx associate command from AP for
00:40:96:AB:3B:5E.
2006.12.23 19:48:40 Dot11 Client: AP(1) Radio(1) VAP(1)Rx disassociate command from AP for
00:40:96:AB:3B:5E.
These debug messages were captured as a wireless client associated and then
disassociated with the AP.

debug dot11 config-apply

Use the debug dot11 config-apply command to enable debug messages for configuration changes applied
to the NetVanta 160 Series access point (AP). Debug messages are displayed (real time) on the terminal (or
Telnet) screen. Use the no form of this command to disable the debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables configuration change application debug messages for the NetVanta 160
Series AP:
>enable
#debug dot11 config-apply

debug dot11 firmware-upgrade

Use the debug dot11 firmware-upgrade command to enable debug messages for firmware upgrades
applied to the NetVanta 160 Series access point (AP). Debug messages are displayed (real time) on the
terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Variations of
debug dot11 firmware-upgrade

debug dot11 firmware-upgrade verbose
your unit.
Syntax Description
verbose Optional. Activates detailed debug messages.
Default Values
Command History
Usage Examples
The following example enables firmware upgrade debug messages for the NetVanta 160 Series AP:
>enable
#debug dot11 firmware-upgrade

debug dot11 packet-events

Use the debug dot11 packet-events command to enable debugging for all 802.11 control protocol packet
events. Debugging can also be limited to a specified interface. Debug messages are displayed (real time)
on the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages.
debug dot11 packet-events

debug dot11 packet-events interface <interface>
your unit.
Syntax Description
interface <interface> Optional. Activates debug messages for the specified interface. Specify an
debug dot11 packet-events interface ? for a complete list of valid
interfaces.
Default Values
Command History
Usage Examples
The following example activates packet-events debug messages on access point (AP) interface 1:
>enable
#debug dot11 packet-events interface dot11ap 1
#2006.12.23 18:54:25 Dot11 Packet Events: Rx Echo Req from MAC(00:A0:C8:1D:F8:57) AP(1)
2006.12.23 18:54:25 Dot11 Packet Events: Tx Echo Resp to MAC(00:A0:C8:1D:F8:57) AP(1)
2006.12.23 18:54:29 Dot11 Packet Events: Tx Query Req to MAC(00:A0:C8:1D:F8:57) AP(1)
2006.12.23 18:54:29 Dot11 Packet Events: Rx Query Resp from MAC(00:A0:C8:1D:F8:57) AP(1)
2006.12.23 18:54:36 Dot11 Packet Events: Rx Disc Resp from MAC(00:A0:C8:1D:F8:57) AP(1)

debug dot11 session

Use the debug dot11 session command to debug all dot11 sessions for the wireless access controller (AC).
Debugging may also be limited to a specified interface. Debug messages are displayed (real time) on the
debug dot11 session

debug dot11 session interface <interface>
your unit.
Syntax Description
interface <interface> Optional. Activates debug messages for the specified interface. Specify an
debug dot11 session interface ? for a complete list of valid interfaces.
Default Values
Command History
Usage Examples
The following example activates all dot11 session debug messages:
>enable
#debug dot11 session
2006.12.23 19:56:22 DOT11.Session : AP 1: AP reboot.
2006.12.23 19:56:22 DOT11.Session : AP 1: Control session lost.
2006.12.23 19:56:22 DOT11.Session : AP 1: Control session established.

debug dynamic-dns
Use the debug dynamic-dns command to activate debug messages associated with dynamic domain
naming system (DNS). Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use
debug dynamic-dns
debug dynamic-dns verbose
your unit.
Syntax Description
Default Values
Command History
Usage Examples
The following example activates dynamic DNS debug messages:
>enable
#debug dynamic-dns verbose

debug efm bonding

Use the debug efm bonding command to enable debug messaging for bonding negotiation links on all
Ethernet in the first mile (EFM) groups. Debug messages are displayed (real time) to the terminal (or
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables debug messaging for bonding negotiations an all EFM groups:
>enable
#debug efm bonding

debug efm config

Use the debug efm config command to enable debug messaging for all Ethernet in the first mile (EFM)
components configured on the unit. Debug messages are displayed (real time) to the terminal (or Telnet)
screen. Use the no form of this command to disable the debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables debug messaging for all EFM components:
>enable
#debug efm config

debug efm oam

Use the debug efm oam command to enable debug messaging for all Ethernet in the first mile (EFM)
operations, administration, and management (OAM) and pre-provisioning components configured on the
unit. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables debug messaging for all EFM OAM components:
>enable
#debug efm oam

debug esmc-packets
Use the debug esmc-packets command to display raw Ethernet synchronization message channel (ESMC)
packet dumps.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables the display of raw ESMC packet dumps:
>enable
#debug esmc-packets

debug ethernet cfm

Use the debug ethernet cfm command to activate all debug messages associated with Ethernet operations,
administration, and maintenance (OAM) connectivity fault management (CFM). Debug messages are
displayed (real time) on the terminal (or Telnet) screen. Use the no form of this command to disable the
debug messages.
Use this command with caution as it causes a large amount of debug information. Large
amounts of debug information can adversely affect the performance of your unit. To avoid
an excess of debug information generation, select a debug command that does not activate
all CFM debug messages at once.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
The following example activates system-wide Ethernet OAM CFM debug messages:
>enable
#debug ethernet cfm
2008.09.22 11:00:08 CFM.MD MD:BenchTest|MA:BenchAssoc|MEP:1|CCR|Rx CCM from MEPID 2
2008.09.22 11:00:09 CFM.MD MD:BenchTest|MA:BenchAssoc|MEP:1|CCM|Sent CCM (ID=195)

debug ethernet cfm alarm

Use the debug ethernet cfm alarm command to activate debug messages associated with Ethernet
operations, administration, and maintenance (OAM) connectivity fault management (CFM) fault alarms.
debug ethernet cfm alarm

debug ethernet cfm alarm domain <domain name>
debug ethernet cfm alarm domain <domain name> association <association name>
debug ethernet cfm alarm domain <domain name> association <association name> mep <mep id>
your unit.
Syntax Description
domain <domain name> Optional. Specifies that debug output is limited to alarm information for
maintenance endpoints (MEPs) of a specific domain.
association <association name> Optional. Specifies that debug output is limited to alarm information for
MEPs of a specific association.
mep <mep id> Optional. Specifies that debug output is limited to alarm information for
MEPs that match a specific MEP ID. MEP ID range is 1 to 8191.
Default Values
Command History
Functional Notes

Usage Examples
The following example enables all Ethernet OAM CFM alarm debug messages:
>enable
#debug ethernet cfm alarm
2008.09.22 11:06:20 CFM.FNG MD:BenchTest|MA:BenchAssoc|MEP:1|FNG|Set state: FNG_DEFECT
2008.09.22 11:06:22 CFM.FNG MD:BenchTest|MA:BenchAssoc|MEP:1|FNG|Set state:
FNG_REPORT_DEFECT
2008.09.22 11:06:22 CFM.FNG MD:BenchTest|MA:BenchAssoc|MEP:1|FNG|Set state:
FNG_DEFECT_REPORTED
2008.09.22 11:06:22 CFM.MD:BenchTest|MA:BenchAssoc|MEP:1| mep signaled new fault

debug ethernet cfm ccm rcv

Use the debug ethernet cfm ccm rcv command to activate debug messages associated with Ethernet
operations, administration, and maintenance (OAM) connectivity fault management (CFM) continuity
check message (CCM) receive paths. Debug messages are displayed (real time) on the terminal (or Telnet)
screen. Use the no form of this command to disable the debug messages. Variations of this command
include:
debug ethernet cfm ccm rcv

debug ethernet cfm ccm rcv domain <domain name>
debug ethernet cfm ccm rcv domain <domain name> association <association name>
debug ethernet cfm ccm rcv domain <domain name> association <association name> mep <mep id>
your unit.
Syntax Description
domain <domain name> Optional. Specifies that debug output is limited to CCM receive path
information for maintenance endpoints (MEPs) of a specific domain.
association <association name> Optional. Specifies that debug output is limited to CCM receive path
information for MEPs of a specific association.
mep <mep id> Optional. Specifies that debug output is limited to CCM receive path
information for MEPs that match a specific MEP ID. MEP ID range is
1 to 8191.
Default Values
Command History
Functional Notes

Usage Examples
The following example enables Ethernet OAM CFM debug messages for all CCM receive paths:
>enable
#debug ethernet cfm ccm rcv
2008.09.22 11:02:49 CFM.CCR MD:BenchTest|MA:BenchAssoc|MEP:1|CCR|Rx CCM from MEPID 2

debug ethernet cfm ccm xmit

Use the debug ethernet cfm ccm xmit command to activate debug messages associated with Ethernet
operations, administration, and maintenance (OAM) connectivity fault management (CFM) continuity
check message (CCM) transmit paths. Debug messages are displayed (real time) on the terminal (or
Telnet) screen. Use the no form of this command to disable the debug messages. Variations of this
command include:
debug ethernet cfm ccm xmit

debug ethernet cfm ccm xmit domain <domain name>
debug ethernet cfm ccm xmit domain <domain name> association <association name>
debug ethernet cfm ccm xmit domain <domain name> association <association name> mep <mep id>
your unit.
Syntax Description
domain <domain name> Optional. Specifies that debug output is limited to CCM transmit path
information for maintenance endpoints (MEPs) of a specific domain.
association <association name> Optional. Specifies that debug output is limited to CCM transmit path
information for MEPs of a specific association.
mep <mep id> Optional. Specifies that debug output is limited to CCM transmit path
information for MEPs that match a specific MEP ID. MEP ID range is
1 to 8191.
Default Values
Command History
Functional Notes

Usage Examples
The following example enables Ethernet OAM CFM debug messages for all CCM transmit paths:
>enable
#debug ethernet cfm ccm xmit
2008.09.22 11:01:43 CFM.CCM MD:BenchTest|MA:BenchAssoc|MEP:1|CCM|Sent CCM (ID=290)

debug ethernet cfm linktrace

Use the debug ethernet cfm linktrace command to activate debug messages associated with Ethernet
operations, administration, and maintenance (OAM) connectivity fault management (CFM) linktrace
message paths. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no
form of this command to disable the debug messages. Variations of this command include:
debug ethernet cfm linktrace request

debug ethernet cfm linktrace request domain <domain name>
debug ethernet cfm linktrace request domain <domain name> association <association name>
debug ethernet cfm linktrace request domain <domain name> association <association name>
mep <mep id>
debug ethernet cfm linktrace response
debug ethernet cfm linktrace response domain <domain name>
debug ethernet cfm linktrace response domain <domain name> association <association name>
debug ethernet cfm linktrace response domain <domain name> association <association name>
mep <mep id>
your unit.
Syntax Description
request Specifies debug messages are enabled for linktrace message request
paths.
response Specifies debug messages are enabled for linktrace message response
paths.
domain <domain name> Optional. Specifies that debug output is limited to linktrace message
path information for maintenance endpoints (MEPs) of a specific
domain.
association <association name> Optional. Specifies that debug output is limited to linktrace message
path information for MEPs of a specific association.
mep <mep id> Optional. Specifies that debug output is limited to linktrace message
path information for MEPs that match a specific MEP ID. MEP ID range
is 1 to 8191.
Default Values
Command History

Functional Notes
Usage Examples
The following example enables Ethernet OAM CFM debug messages for all linktrace message request
paths:
>enable
#debug ethernet cfm linktrace request

debug ethernet cfm loopback

Use the debug ethernet cfm loopback command to activate debug messages associated with Ethernet
operations, administration, and maintenance (OAM) connectivity fault management (CFM) loopback
message paths. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no
debug ethernet cfm loopback request

debug ethernet cfm loopback request domain <domain name>
debug ethernet cfm loopback request domain <domain name> association <association name>
debug ethernet cfm loopback request domain <domain name> association <association name>
mep <mep id>
debug ethernet cfm loopback response
debug ethernet cfm loopback response domain <domain name>
debug ethernet cfm loopback response domain <domain name> association <association name>
debug ethernet cfm loopback response domain <domain name> association <association name>
mep <mep id>
your unit.
Syntax Description
request Specifies debug messages are enabled for loopback message request
paths.
response Specifies debug messages are enabled for loopback message
response paths.
domain <domain name> Optional. Specifies that debug output is limited to loopback message
path information for maintenance endpoints (MEPs) of a specific
domain.
association <association name> Optional. Specifies that debug output is limited to loopback message
path information for MEPs of a specific association.
mep <mep id> Optional. Specifies that debug output is limited to loopback message
path information for MEPs that match a specific MEP ID. MEP ID range
is 1 to 8191.
Default Values
Command History

Functional Notes
Usage Examples
The following example enables Ethernet OAM CFM debug messages for all loopback message request
paths:
>enable
#debug ethernet cfm loopback request

debug ethernet cfm remote-mep

Use the debug ethernet cfm remote-mep command to activate debug messages associated with Ethernet
operations, administration, and maintenance (OAM) connectivity fault management (CFM) remote
maintenance endpoints (MEPs). Debug messages are displayed (real time) on the terminal (or Telnet)
include:
debug ethernet cfm remote-mep

debug ethernet cfm remote-mep domain <domain name>
debug ethernet cfm remote-mep domain <domain name> association <association name>
debug ethernet cfm remote-mep domain <domain name> association <association name>
mep <mep id>
your unit.
Syntax Description
domain <domain name> Optional. Specifies that debug output is limited to information for remote
maintenance endpoints (MEPs) of a specific domain.
association <association name> Optional. Specifies that debug output is limited to information for remote
MEPs of a specific association.
mep <mep id> Optional. Specifies that debug output is limited to information for remote
MEPs that match a specific MEP ID. MEP ID range is 1 to 8191.
Default Values
Command History
Functional Notes

Usage Examples
The following example enables Ethernet OAM CFM debug messages for all remote MEPs:
>enable
#debug ethernet cfm remote-mep
2008.09.22 11:13:50 CFM.RMEP MD:BenchTest|MA:BenchAssoc|MEP:1|RMEP|Set CCMdefect: true
2008.09.22 11:13:53 CFM.MD:BenchTest|MA:BenchAssoc|MEP:1| mep signaled new fault alarm state (3)

debug ethernet lmi interface <interface>

Use the debug ethernet lmi command to enable debug messages of Ethernet local management interface
(E-LMI) events or packets. Use the no form of this command to disable the debug messages. Variations of
debug ethernet lmi interface <interface> event

debug ethernet lmi interface <interface> packet
your unit.
Syntax Description
interface <interface> Specifies an interface on which to enable E-LMI debug messages. Specify
interfaces in the format <interface type [slot/port]>. For example, for a
Gigabit Ethernet interface, use gigabit eth 0/1. Type debug ethernet lmi
interface ? for a complete list of interfaces.
event Specifies that debug messages for E-LMI events are generated.
packet Specifies that debug messages for E-LMI packets are generated.
Default Values
Command History
Usage Examples
The following example enables debug messages for E-LMI events on the Gigabit Ethernet interface:
>enable
#debug ethernet lmi interface gigabit-ethernet 0/1 event

debug ethernet oam

Use the debug ethernet oam command to activate all debug messages associated with Ethernet Link
operations, administration, and maintenance (OAM) configurations. Debug messages are displayed (real
time) on the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages.
debug ethernet oam interface <interface>

debug ethernet oam interface <interface> critical
debug ethernet oam interface <interface> discovery
debug ethernet oam interface <interface> link-monitor
debug ethernet oam interface <interface> packet
your unit
Syntax Description
interface <interface> Enables Ethernet Link OAM debug messaging on the interface, and
specifies that debug output for all Ethernet Link OAM configurations, except
OAM PDU transmissions, are included in the debug output. Specify an
interface id | interface id. subinterface id]>. For example, for a Gigabit
Ethernet interface, use giga-eth 0/1. For an Ethernet in the first mile (EFM)
group, use efm-group 1/1. For a list of appropriate interfaces, enter
critical Optional. Specifies that debug output is limited to link event messages for
the specified interface.
discovery Optional. Specifies that debug output is limited to Ethernet Link OAM
discovery processes on the specified interface.
link-monitor Optional. Specifies that debug output is limited to link event message
processing on the specified interface.
packet Optional. Specifies that debug output is limited to information for transmitted
and received OAM PDUs on the specified interface.
Default Values
Command History

Usage Examples
The following example enables debug messaging for Ethernet Link OAM link monitoring events on the
Gigabit Ethernet 0/1 interface:
>enable
#debug ethernet oam gigabit-ethernet 0/1 link-monitor
2013.08.28 18:10:11 LINK_OAM.giga-eth 0/1 link-monitor
Processing Link Event Notification PDU, sequence number: 3
Type: Errored Frame
Timestamp: 0
Window: 10
Threshold: 1
Errored Frames: 16
Error Running Total: 0
Event Running Total: 3
2013.08.28 18:10:12 LINK_OAM.giga-eth 0/2 link-monitor

Processing Link Event Notification PDU, sequence number: 4
Type: Errored Frame
Timestamp: 0
Window: 10
Threshold: 1
Errored Frames: 16
Error Running Total: 0
Event Running Total: 4

debug frame-relay lmi

Use the debug frame-relay lmi command to activate debug messages associated with the Frame Relay
operation for the local management interface (LMI), such as data link connection identifier (DLCI) status
signaling state, etc. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Release 17.6 Command was altered to remove events and llc2 options.
Functional Notes
The debug frame-relay lmi command activates debug messages to aid in the troubleshooting of Frame
Relay links.
Usage Examples
The following example activates debug messages associated with Frame Relay LMI operation:
>enable
#debug frame-relay lmi

debug frame-relay multilink

Use the debug frame-relay multilink command to activate debug messages associated with Frame Relay
multilink operation. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the
no form of this command to disable the debug messages. Variations of this command include:
debug frame-relay multilink

debug frame-relay multilink <interface>
debug frame-relay multilink states
your unit.
Syntax Description
<interface> Optional. Activates debug messages for the specified interface. Specify an
debug frame-relay multilink ? for a complete list of applicable interfaces.
states Optional. Activates the debug messages for Link Integrity Protocol (LIP).
Default Values
Command History
Usage Examples
The following example activates debug messages associated with multilink operation for all Frame Relay
interfaces:
>enable
#debug frame-relay multilink

debug global-policer
Use the debug global-policer command to activate debug messages associated with the virtual AOS
(vAOS) global policer. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use
the no form of this command to disable the debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
The debug global-policer events include expiration of warning event periods or installation of new vAOS
licenses.
Usage Examples
The following is sample output for this command when a warning event period has expired:
>enable
#debug global-policer
2016.06.20 16:23:27 GLOBAL_POLICER Warning event period expired
Time since most recent interface statistics clear: never
Output bytes: 5338483 previous, 5347457 current
Dropped packets: 0 previous, 0 current
Dropped bytes: 0 previous, 0 current
2016.06.20 16:23:27 GLOBAL_POLICER Average rate last interval = 239 bps; threshold = 45000000 bps
The following is sample output for this command when a new vAOS license is installed:
>enable
#debug global-policer
2016.06.20 18:22:00 GLOBAL_POLICER Updated CIR = 50 Mbps; CBS = 5625000 bytes

debug gvrp bpdus

Use the debug gvrp bpdus command to display debug messages showing all GARP VLAN Registration
Protocol (GVRP) configuration messages sent and received on the switch. Debug messages are displayed
(real time) on the terminal (or Telnet) screen. Use the no form of this command to disable the debug
messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
With GVRP enabled on many ports, this command can produce a lot of output. To display these messages
for individual interfaces, refer to the command debug gvrp interface <interface> on page 339.
Usage Examples
The following example displays debug messages showing GVRP configuration messages sent and
received on Ethernet interface 0/24:
>enable
#debug gvrp bpdus
2000.07.31 23:15:51 GVRP BPDUS.eth 0/24: TX = (Len:2 LeaveAll) (Len:4 JoinIn Vlan:1) (End) ... SENT
2000.07.31 23:15:52 GVRP BPDUS.eth 0/24: RX = (Len:4 Empty Vlan:2) (Len:4 JoinIn Vlan:20) (end)
2000.07.31 23:15:52 GVRP BPDUS.eth 0/24: TX = (Len:4 JoinIn Vlan:1) (End) ... SENT
2000.07.31 23:15:52 GVRP BPDUS.eth 0/24: RX = (Len:4 JoinIn Vlan:20) (end)
2000.07.31 23:16:00 GVRP BPDUS.eth 0/24: RX = (Len:2 LeaveAll) (end)
#

debug gvrp interface <interface>

Use the debug gvrp interface command to display GARP VLAN Registration Protocol (GVRP) debug
messages related to a particular interface. Debug messages are displayed (real time) on the terminal (or
command include:
debug gvrp interface <interface> bpdus

debug gvrp interface <interface> vlans
your unit.
Syntax Description
<interface> Activates debug messages for the specified interface. Specify an interface
wireless virtual access point, use dot11ap 1/1.1. Type debug gvrp
bpdus Displays debug messages showing all GVRP configuration messages sent
and received on the interface.
vlans Displays debug messages showing all GVRP-related VLAN changes
occurring on the interface.
Default Values
Command History
Usage Examples
The following example displays debug messages showing GVRP configuration messages sent and
received on Ethernet interface 0/24:
>enable
#debug gvrp interface ethernet 0/24 bpdus
2000.07.31 23:15:51 GVRP BPDUS.eth 0/24: TX = (Len:2 LeaveAll) (Len:4 JoinIn Vlan:1) (End) ... SENT
2000.07.31 23:15:52 GVRP BPDUS.eth 0/24: RX = (Len:4 Empty Vlan:2) (Len:4 JoinIn Vlan:20) (end)
2000.07.31 23:15:52 GVRP BPDUS.eth 0/24: TX = (Len:4 JoinIn Vlan:1) (End) ... SENT
--MORE--

debug gvrp vlans

Use the debug gvrp vlans command to display debug messages showing all GARP VLAN Registration
Protocol (GVRP) VLAN changes. Debug messages are displayed (real time) on the terminal (or Telnet)
include:
debug gvrp vlans

debug gvrp vlans <vlan id>
your unit.
Syntax Description
<vlan id> Optional. Activates debug messages for GVRP-related VLAN changes for
the specified VLAN. Range is 1 to 4094.
Default Values
Command History
Functional Notes
With GVRP enabled on many ports, this command can produce a lot of output. To display these messages
for an individual interface, refer to the command debug gvrp interface <interface> on page 339.
Usage Examples
The following example displays debug messages showing GVRP-related VLAN changes for VLAN 1:
>enable
#debug gvrp vlans 1
#
2000.07.31 22:05:42 GVRP VLANS: Creating dynamic VLAN 20
2000.07.31 22:05:42 GVRP VLANS.eth 0/24: Dynamically adding port to VLAN 20
#
2000.07.31 22:05:56 INTERFACE_STATUS.eth 0/24 changed state to down
2000.07.31 22:06:08 GVRP VLANS.eth 0/24: Dynamically removing port from VLAN 20
2000.07.31 22:06:08 GVRP VLANS: Last port removed from VLAN 20, destroying VLAN

debug hmr
Use the debug hmr command to enable debug messaging for either Session Initiation Protocol (SIP)
header manipulation rules (HMR) processes or rules. Use the no form of this command to disable debug
messages. Variations of this command include:
debug hmr
debug hmr configuration
debug hmr traffic
your unit.
Syntax Description
configuration Optional. Specifies that whenever HMR configuration changes, debug
messages outlining HMR rule configuration events are generated.
traffic Optional. Specifies that whenever HMR policies are applied to traffic, debug
messages outlining HMR message processing events are generated.
Default Values
By default, debug messaging is disabled. When HMR debug messaging is enabled, if neither optional
keyword is specified when the command is entered, then HMR debug messages are generated on any
HMR rule changes that occur.
Command History
Usage Examples
The following example enables debug messaging for HMR policies and their application to SIP traffic:
>enable
#debug sip stack messages
#debug hmr traffic
00:52:13.323 SIP.STACK MSG Rx: UDP src=10.17.142.1:5060 dst=10.17.142.252:5060
00:52:13.323 SIP. STACK MSG INVITE sip:2565550052@10.17.142.252 SIP /2.0
00:52:13.324 SIP. STACK MSG Via: SIP/2.0/UDP
10.17.142.1:5060;branch=z9hG4bk-2834-1-0
00:52:13.324 SIP. STACK MSG From: 2565550052
<sip:256555052@10.17.142.1:5060;tag=2384SIPpTag001>
00:52:13.325 SIP. STACK MSG To: 2565550051
<sip:2565550051@10.17.142.252:5060>
00:52:13.325 SIP. STACK MSG Call-ID: 1-2384@10.17.142.1
00:52:13.326 SIP.STACK MSG

CSeq: 1 INVITE
Contact: 2565550052 <sip:2565550052@10.17.142.1:5060;transport=UDP>
Max-forwards: 70
Content-Type: application/sdp
Content-Length: 132
v=0
o=user1 53655765 2353687637 IN IP4 10.17.142.1
s=-
c=IN IP4 10.17.142.1
t=0 0
m=audio 10000 RTP/AVP 0
a-rtpmap:0 PCMU/8000
00:52:13.337 SIP.HMR PROCESS
Processing SIP message with compiled policy myPolicy
Rule matches message, applying action rules
Modifying SIP message headers matching from
Header From: changed to 2565550052 <sip:2565550052@10.17.142.1:5060>;tag=2384SIPpTag001
Found 1 headers: Modified 1 headers using /(.*)(;tag.*)/

debug http client

Use the debug http client command to activate debug messages associated with Hypertext Transfer
Protocol (HTTP) client operation in AOS. Debug messages are displayed (real time) to the terminal (or
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates debug messages associated with HTTP client activity:
>enable
#debug http client

debug http server

Use the debug http server command to activate debug messages associated with Hypertext Transfer
Protocol (HTTP) server operation in AOS. Debug messages are displayed (real time) to the terminal (or
command include:
debug http server

debug http server verbose
your unit.
Syntax Description
verbose Optional. Activates detailed debug messages for HTTP operation.
Default Values
Command History
Release 15.1 Command was updated.
Usage Examples
The following example activates debug messages associated with HTTP server activity:
>enable
#debug http server

debug hw-access-list <name>

Use the debug hw-access-list command to activate debug messages that display traffic matches logged by
the named hardware access control list (ACL). Use the no form of this command to disable the debug
messages.
your unit.
Syntax Description
<name> Specifies the name of the hardware ACL.
Default Values
Command History
Functional Notes
The debug hw-access-list <name> command displays data gathered by a configured hardware ACL. The
specified hardware ACL must have logging enabled to populate the debug message. For more information
on hardware ACLs and event match logging, refer to the Hardware ACL and Access Map Command Set
on page 4220.
Only hardware ACL debug messages can be displayed using this command. If you enter a
software ACL name in this command, you will receive an error message.
Usage Examples
Enter the command as follows to enable debug messages for the hardware ACL ADTN:
>enable
#debug hw-access-list ADTN
2009.05.07 11:32:39 ACCESS_LIST.ADTN permit mac 00:a0:c8:00:00:00 00:00:00:ff:ff:ff any log
(44864 matches)

(106 matches)

(90 matches)

debug interface <interface>

Use the debug interface command to activate debug messages associated with the specified interface.
your unit.
Syntax Description
<interface> Activates debug messages for the specified interface. Specify an interface
wireless virtual access point, use dot11ap 1/1.1. Type debug
Default Values
Command History
Release 6.1 Command was expanded to include the T1 and foreign exchange station
(FXS) interfaces.
Release 7.1 Command was expanded to include the foreign exchange office (FXO)
interface.
Release 9.1 Command was expanded to include the tunnel interface.
(ADSL) interface.
Release 13.1.0 Command was expanded to include the virtual extensible local area
network (VxLAN) tunnel interface.
Functional Notes
The debug interface command activates debug messages to aid in the troubleshooting of physical
interfaces.
Usage Examples
The following example activates debug messages associated with tunnel interface 1, which is configured
as a (virtual extensible local area network) VxLAN type tunnel:

>enable
#debug interface tunnel 1
2017.05.05 05:52:32 TUNNEL.1 VxLAN: Encapsulating original packet 10.0.2.15->10.0.2.17 (len=178
ttl=255).
2017.05.05 05:53:12 TUNNEL.1 Vxlan Rx: Decapsulating original packet 10.0.2.17->10.0.2.15 (len=58
ttl=253 Protocol=17).
2017.05.05 05:53:12 TUNNEL.1 Vxlan Rx: ARP Request/Reply theHardwareType:1,
theProtocolType:800, theHardwareSize:4, theProtocolSize:0, theOpcode=1,
senderMac:00:11:22:33:44:AB, senderIp:10.10.10.1, vni:200
2017.05.05 05:53:12 TUNNEL.1 Vxlan Rx: PostDecapsulate: VNI=200,
ttl=255).
2017.05.05 05:55:59 TUNNEL.1 Vxlan Tx: Packet Size exceeds tunnel MTU. Dropping packet
ttl=255).
2017.05.05 05:56:01 TUNNEL.1 Vxlan Tx: Packet Size exceeds tunnel MTU. Dropping packet
2017.05.05 06:01:18 TUNNEL.1 Vxlan Rx: ARP Request/Reply theHardwareType:1,
theProtocolType:800, theHardwareSize:4, theProtocolSize:0, theOpcode=2,
senderMac:00:11:22:33:44:AB, senderIp:192.168.100.100, vni:100

debug interface adsl events

Use the debug interface adsl events command to activate debug messages associated with asymmetric
digital subscriber line (ADSL) events. Debug messages are displayed (real time) to the terminal (or Telnet)
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates debug messages for ADSL events:
>enable
#debug interface adsl events

debug interface cellular

Use the debug interface cellular command to activate debug messages associated with the cellular
interface. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of
this command to disable the debug messages. Variations of this command include:
debug interface cellular

debug interface cellular <slot/port>
debug interface cellular <slot/port> data
debug interface cellular <slot/port> data-hdlc
debug interface cellular <slot/port> diag-hdlc
debug interface cellular <slot/port> diagnostic
debug interface cellular <slot/port> diagnostic rx
debug interface cellular <slot/port> diagnostic tx
debug interface cellular <slot/port> diagnostic both
debug interface cellular <slot/port> download
your unit.
Syntax Description
<slot/port> Optional. Activates debug messages for the specified cellular interface.
data Optional. Activates debug messages for the handshaking signals on the
data channel.
data-hdlc Optional. Activates debug messages for high level data link control (HDLC)
errors on the data channel.
diag-hdlc Optional. Activates debug messages for HDLC errors on the diagnostic
channel.
diagnostic Optional. Activates debug messages for all packets.
diagnostic rx Optional. Activates debug messages for packets moving from the cellular
interface to the network.
diagnostic tx Optional. Activates debug messages for packets moving from the network
to the cellular interface.
diagnostic both Optional. Activates debug messages for both transmitted and received
packets.
download Optional. Activates debug messages for application downloads.
Default Values

Command History
Release 17.4 Command was expanded to include the keyword both.
Usage Examples
The following example activates error and event debug messages associated with the cellular interface:
>enable
#debug interface cellular

debug interface cellular modem messaging

Use the debug interface cellular modem messaging command to activate debug messages associated
with messages going to or from the cellular modem. Debug messages are displayed (real time) to the
debug interface cellular modem messaging

debug interface cellular modem messaging detail
debug interface cellular modem messaging include-polled
debug interface cellular modem messaging include-polled detail
your unit.
Syntax Description
detail Optional. Specifies that detailed information about messages going to or
from the modem is included in the debug message.
include-polled Optional. Specifies that polled messages going to and from the modem are
included in the debug message.
Default Values
Command History
Usage Examples
The following example activates debug messages associated with messages going to or from the cellular
modem:
>enable
#debug interface cellular modem messaging

debug ip access-list <name>

Use the debug ip access-list command to activate debug messages for a specific Internet Protocol version
4 (IPv4) access control list (ACL). Debug messages are displayed (real time) on the terminal (or Telnet)
your unit.
Syntax Description
<name> Specifies a configured IPv4 ACL.
Default Values
Command History
Functional Notes
The debug ip access-list command provides debug messages to aid in troubleshooting IPv4 ACL issues.
These debug messages are populated by traffic matches that occur when traffic is filtered through the
ACL. The ACL must have the logging feature enabled in order to populate the debug message. To enable
ACL match logging, refer to the IPv4 Access Control List Command Set on page 4237.
Usage Examples
The following is sample output of debug messages for the IPv4 ACL labeled MatchAll:
>enable
#debug ip access-list MatchAll
2009.06.09 14:15:03 ACCESS_LIST.MatchAll permit host 192.168.0.1 log (1 matches)

debug ip crypto ipsec

Use the debug ip crypto ipsec command to activate debug messages associated with Internet Protocol
security (IPsec) functions. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Release R10.5.0 Command was introduced. This command replaces the debug crypto
ipsec command.
Usage Examples
The following example activates the IPsec debug messages:
>enable
#debug ip crypto ipsec

debug ip dhcp client

Use the debug ip dhcp client command to activate debug messages associated with Dynamic Host
Configuration Protocol version 4 (DHCPv4) client operation in AOS. Debug messages are displayed (real
time) to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages.
debug ip dhcp client

debug ip dhcp client <interface>
your unit.
Syntax Description
<interface> Optional. Specifies an interface to which an IPv4 address can be assigned
an Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for
an ATM subinterface, use atm 1.1; and for a wireless virtual access point,
use dot11ap 1/1.1. Type debug ip dhcp-client ? for a list of valid
interfaces.
Default Values
Command History
Release 16.1 Command was expanded to include the interface parameter.
Ethernet interface.
Release 18.3 Command syntax was changed to remove the hyphen (from dhcp-client)
for ADTRAN internetworking products.
Release R10.1.0 Command syntax was changed to remove the hyphen (from dhcp-client)
for ADTRAN voice products.
Functional Notes
The debug ip dhcp client command activates debug messages to provide information on DHCPv4 client
activity in AOS. The AOS DHCPv4 client capability allows interfaces to dynamically obtain an IPv4 address
from a network DHCPv4 server.

Usage Examples
The following example activates debug messages associated with DHCPv4 client activity:
>enable
#debug ip dhcp client

debug ip dhcp relay

Use the debug ip dhcp relay command to activate debug messages associated with Dynamic Host
Configuration Protocol version 4 (DHCPv4) relay operation in AOS. Debug messages are displayed (real
debug ip dhcp relay

debug ip dhcp relay vrf <name>
your unit.
Syntax Description
vrf <name> Optional. Displays debug information for the specified virtual routing and
Default Values
Command History
Release 18.3 Command syntax was changed to remove the hyphen (from dhcp-relay)
Release R10.1.0 Command syntax was changed to remove the hyphen (from dhcp-relay)
Functional Notes
The debug ip dhcp relay command activates debug messages to provide information on DHCPv4 relay
activity in AOS. The AOS DHCPv4 relay capability allows AOS to relay DHCPv4 messages to a configured
destination on the network.
Usage Examples
The following example activates debug messages associated with DHCPv4 server activity only on the
default VRF instance:
>enable
#debug ip dhcp relay

debug ip dhcp server

Use the debug ip dhcp server command to activate debug messages associated with Dynamic Host
Configuration Protocol version 4 (DHCPv4) server operation in AOS. Debug messages are displayed (real
debug ip dhcp server

debug ip dhcp server vrf <name>
your unit.
Syntax Description
Default Values
Command History
Release 18.3 Command syntax was changed to remove the hyphen (from dhcp-server)
Release R10.1.0 Command syntax was changed to remove the hyphen (from dhcp-server)
Functional Notes
The debug ip dhcp server command activates debug messages to provide information on DHCPv4
server activity in AOS. The AOS DHCPv4 server capability allows AOS to dynamically assign IPv4
addresses to hosts on the network.

Usage Examples
The following example activates debug messages associated with DHCPv4 server activity only on the
default VRF instance:
>enable
#debug ip dhcp server

debug ip ffe wildcards

Use the debug ip ffe wildcards command to enable debug messaging for Internet Protocol version 4
(IPv4) RapidRoute wildcard events. This command can be used to determine which of several subsystem
configurations caused a specific RapidRoute wildcard to be disabled.
your unit.You can view wildcard status on a per-interface basis using the command show
ip ffe on page 705.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
When RapidRoute wildcard debug messages are enabled, two wildcard events are displayed. A calculate
event, generated when an interface is called to recalculate its inbound or outbound wildcards, displays the
results for each subsystem in the order in which wildcard processing is completed. A finalize set event is
generated when the complete wildcards for an interface are pushed to either hardware or software
processing and the new wildcards are used.
The order of wildcard bits displayed in a wildcard debug message are the opposite of the order displayed
in the show ip ffe wildcard command, and exclude the Destination IP Address (which cannot be
wildcarded). The last bit displayed at the end of the wildcard string is the least significant bit and represents
the Source IP Address.
Usage Examples
The following example enables RapidRoute wildcard debug messaging and provides sample event output.
Also included in the example are the configuration of the IPv4 access control list (ACL) named ACL and its
application to the gigabit Ethernet subinterface 0/5.1:
>enable
#debug ip ffe wildcards
#config t
(config)#ip access-list extended ACL
(config-ext-nacl)#permit icmp any any echo
(config-ext-nacl)#exit
(config)#interface gigabit ethernet 0/5.1
(config-giga-eth 0/5.1)#ip access-group ACL out

2015.01.01 12:00:34 FFEWILDCARDV4.giga-eth 0/5.1 calculate outbound:

QoS: 11111111111
AccessGroup: 11011110111
2015.01.01 12:00:34 FFEWILDCARDV4.Loopback finalize set: 11011110111
2015.01.01 12:00:34 FFEWILDCARDV4.null 0 finalize set: 11011110111
2015.01.01 12:00:34 FFEWILDCARDV4.giga-eth 0/2.1 finalize set: 11011110111

debug ip firewall
Use the debug ip firewall command to activate debug messages associated with the AOS Internet Protocol
version 4 (IPv4) firewall operation. Debug messages are displayed (real time) to the terminal (or Telnet)
include:
debug ip firewall
debug ip firewall vrf <name>
your unit.
Syntax Description
Default Values
Command History
products.
Functional Notes
The debug ip firewall command activates debug messages to provide real-time information about the
IPv4 AOS stateful inspection firewall operation.
Usage Examples
The following example activates the debug messages for the IPv4 AOS stateful inspection firewall:
>enable
#debug ip firewall

The following example activates the IPv4 firewall debug messages for the VRF instance gray and provides
sample output:
>enable
#debug ip firewall vrf gray
2000.05.11 19:29:04 FIREWALL_VRF.Gray SrcPort: 41801, DstPort: 80

2000.05.11 19:29:04 FIREWALL_VRF.Gray Selector2: Dir=Public, int=vlan 309, Protocol=6, VRF Black
cookie-> vlan 306
2000.05.11 19:29:04 FIREWALL_VRF.Gray SrcIp: 192.168.10.140, DstIp: 192.168.9.6
2000.05.11 19:29:04 FIREWALL_VRF.Gray SrcPort: 80, DstPort: 41801
2000.05.11 19:29:04 FIREWALL_VRF.Gray Deleting Association
2000.05.11 19:29:04 FIREWALL_VRF.Gray Assoc Index = 6242787, Count (total, policy-class) = 127,
126
2000.05.11 19:29:04 FIREWALL_VRF.Gray nat source -> 192.168.9.6, flags = 0x2000003F, 0x00000004,
timeout = 6

debug ip firewall alg sip

Use the debug ip firewall alg sip command to activate debug messages associated with Session Initiation
Protocol (SIP) information with AOS firewall operation. Debug messages are displayed (real time) on the
debug ip firewall alg sip

debug ip firewall alg sip packets
debug ip firewall alg sip verbose
your unit.
Syntax Description
packets Optional. Activates firewall application-level gateway (ALG) SIP packet
debug messages.
Default Values
Command History
Release A1 Command was expanded to include the packets parameter.
products.
Usage Examples
The following example activates debug messages associated with SIP information with AOS firewall
operation:
>enable
#debug ip firewall alg sip

debug ip flow
Use the debug ip flow command to display debug messages associated with integrated traffic monitoring
(ITM) operation. Use the no form of this command to disable the debug messages. Variations of this
command include:
debug ip flow cache entry

debug ip flow cache expiration
debug ip flow export
your unit.
Syntax Description
cache entry Specifies a debug message will be generated every time traffic flow data is
added to the flow cache.
cache expiration Specifies a debug message will be generated every time traffic flow data
expires from the flow cache.
export Specifies a debug message will be generated every time a message is sent
to an external data collector.
Default Values
By default, debug messages in AOS are disabled.
Command History
Usage Examples
The following example enables debug messages for the ip flow export command and gives sample
output:
#debug ip flow export

#show run
ip flow export destination 10.22.22.254 3000
ip flow export vrf BLUE destination 172.16.4.5 65774
*Dec 18 22:45:43: IPFLOW: Sent export pkt #32958 to 10.22.22.254:3000

*Dec 18 22:45:43: IPFLOW: Sent export pkt #32958 to 172.16.4.5:65774 (BLUE)

The following is sample output from the debug ip flow cache expiration command:
#debug ip flow cache expiration

#show run
interface shdsl 2/1
16:38:37: FLOW.CACHE: Expired 10.23.197.244:23 > 172.22.77.208: 1188 out eth 0/1 <T=0/P=6>
16:38:37: FLOW.CACHE: ^Idle Time = 60, Active Time = 60
interface adsl 1/1
16:39:20: FLOW.CACHE: Expired 10.23.197.244.23 > 172.22.77.208:1189 out eth 0/1 <T=0/P=6>
16:39:20: FLOW.CACHE: ^Idle Time = 60, Active Time = 90
The following is sample output from the debug ip flow cache entry command:
#debug ip flow cache entry

#show run
16:52:20: FLOW.CACHE: Added 172.22.77.208: 1189 > 10.23.197.244: 23 in eth 0/1 <T=0/P=6>

debug ip ftp-server
Use the debug ip ftp-server command to activate debug messages associated with File Transfer Protocol
(FTP) server events in the AOS device. Debug messages are displayed (real time) to the terminal (or
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
The debug ip ftp-server command activates debug messages to provide information on FTP server
activity in AOS. The FTP server capability allows for fast file management and transport for local or remote
devices.
Usage Examples
The following example activates debug messages associated with FTP server activity:
>enable
#debug ip ftp-server

debug ip icmp
Use the debug ip icmp command to show all Internet Control Message Protocol (ICMP) version 4
(ICMPv4) messages as they come into the router or are originated by the router. If an optional keyword
(send or recv) is not used, all results are displayed. Debug messages are displayed (real time) on the
debug ip icmp
debug ip icmp send
debug ip icmp recv
your unit.
Syntax Description
send Optional. Displays only ICMPv4 messages sent by the router.
recv Optional. Displays only ICMPv4 messages received by the router.
Default Values
Command History
Usage Examples
The following example activates the debug ip icmp send and receive messages for ICMPv4 in AOS:
>enable
#debug ip icmp
ICMP SEND: From (0.0.0.0) to (172.22.14.229) Type=8 Code=0 Length=72 Details:echo request
ICMP RECV: From (172.22.14.229) to (10.100.23.19) Type=0 Code=0 Length=72 Details:echo reply
ICMP SEND: From (0.0.0.0) to (172.22.14.229) Type=8 Code=0 Length=72 Details:echo request
ICMP RECV: From (172.22.14.229) to (10.100.23.19) Type=0 Code=0 Length=72 Details:echo reply
ICMP RECV: From (172.22.255.200) to (10.100.23.19) Type=11 Code=0 Length=36 Details:TTL equals 0
during transit
ICMP RECV: From (172.22.14.229) to (10.100.23.19) Type=3 Code=3 Length=36 Details:port
unreachable
ICMP RECV: From (172.22.14.229) to (10.100.23.19) Type=3 Code=3 Length=36 Details:port
unreachable

debug ip igmp
Use the debug ip igmp command to enable debug messages for Internet Group Management Protocol
(IGMP) transactions (including helper activity). Debug messages are displayed (real time) on the terminal
command include:
debug ip igmp
debug ip igmp <ip address>
your unit.
Syntax Description
<ip address> Optional. Specifies the IP address of a multicast group. IP addresses should
be expressed in dotted decimal notation (for example, 10.10.10.1).
Default Values
Command History
Usage Examples
The following example enables IGMP debug messages for the specified multicast group:
>enable
#debug ip igmp 224.1.1.1

debug ip igmp snooping

Use the debug ip igmp snooping command to enable debug messages for Internet Group Management
Protocol (IGMP) snooping errors and events. Debug messages are displayed (real time) on the terminal (or
command include:
debug ip igmp snooping

debug ip igmp snooping verbose
your unit.
Syntax Description
verbose Optional. Enables detailed debug messages.
Default Values
Command History
Usage Examples
The following example enables IGMP snooping debug messages:
>enable
#debug ip igmp snooping

debug ip mrouting
Use the debug ip mrouting command to activate debug messages associated with multicast table routing
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following sample activates ip mrouting debug messages:
>enable
#debug ip mrouting

debug ip nhrp
Use the debug ip nhrp command to activate debug messages associated with Next Hop Resolution
Protocol (NHRP) operations. Debug messages are displayed (real time) to the terminal (or Telnet) screen.
Use the no form of this command to disable the debug messages. Variations of this command include:
debug ip nhrp
debug ip nhrp events
debug ip nhrp packets
your unit.
Syntax Description
events Optional. Limits output to NHRP events.
packets Optional. Limits output to NHRP packets.
Default Values
Command History
Usage Examples
The following example enables debug messages associated with NHRP:
>enable
#debug ip nhrp
18:21:32 NHRP tunnel 1: No reply for registration request to 10.10.10.254 after 16s, resending
18:21:33 NHRP tunnel 1: Error indication received from 10.10.10.254

debug ip ospf
Use the debug ip ospf command to activate debug messages associated with Open Shortest Path First
version 2 (OSPFv2) routing operations. Debug messages are displayed (real time) to the terminal (or
command include:
debug ip ospf
debug ip ospf adj
debug ip ospf database-timer
debug ip ospf events
debug ip ospf flood
debug ip ospf hello
debug ip ospf lsa-generation
debug ip ospf packet
debug ip ospf retransmission
debug ip ospf spf
debug ip ospf tree
your unit.
Syntax Description
adj Optional. Displays OSPF adjacency events.
database-timer Optional. Displays OSPF database timer.
events Optional. Displays OSPF events.
flood Optional. Displays OSPF flooding.
hello Optional. Displays OSPF hello events.
lsa-generation Optional. Displays OSPF link state advertisement (LSA) generation.
packet Optional. Displays OSPF packets.
retransmission Optional. Displays OSPF retransmission events.
spf Optional. Displays OSPF shortest path first (SPF) calculations.
tree Optional. Displays OSPF database tree.
Default Values
Command History

Usage Examples
The following is an example of debug ip ospf command results:
>enable
#debug ip ospf flood
OSPF: Update LSA: id=c0a8020d rtid=192.168.2.13 area=11.0.0.0 type=1
OSPF: Update LSA: id=0b003202 rtid=11.0.50.2 area=11.0.0.0 type=1
OSPF: Queue delayed ACK lasid=0b003202 lsartid=11.0.50.2 nbr=11.0.50.2
OSPF: Rx ACK lasid=c0a8020d lsartid=192.168.2.13 nbr=11.0.50.2
OSPF: Received LSA ACK LSA_ID=-64.-88.2.13 LSA_RT_ID=-64.-88.2.13
OSPF: Rx ACK lasid=00000000 lsartid=192.168.2.13 nbr=11.0.50.2
OSPF: Received LSA ACK LSA_ID=0.0.0.0 LSA_RT_ID=-64.-88.2.13
OSPF: Sending delayed ACK
OSPF: Update LSA: id=c0a8020d rtid=192.168.2.13 area=11.0.0.0 type=1
OSPF: Flooding out last interface
OSPF: Update LSA: id=0b003202 rtid=11.0.50.2 area=11.0.0.0 type=1

debug ip packet
Use the debug ip packet command to display debug messages for every Internet Protocol version 4 (IPv4)
packet forwarded through the unit. Adding the VRF name to this command displays debug information
only for the named virtual routing and forwarding (VRF) instance. Debug messages are displayed (real
debug ip packet
debug ip packet detail
debug ip packet dump
debug ip packet <ipv4 acl name>
debug ip packet <ipv4 acl name> detail
debug ip packet <ipv4 acl name> dump
debug ip packet any-vrf
debug ip packet any-vrf <ipv4 acl name>
debug ip packet any-vrf <ipv4 acl name> detail
debug ip packet any-vrf <ipv4 acl name> dump
debug ip packet any-vrf detail
debug ip packet any-vrf dump
debug ip packet vrf <name>
debug ip packet vrf <name> <acl name>
debug ip packet vrf <name> <acl name> detail
debug ip packet vrf <name> <acl name> dump
debug ip packet vrf <name> detail
debug ip packet vrf <name> dump
your unit.
Syntax Description
detail Optional. Displays IPv4 packet detailed information.
dump Optional. Displays IPv4 packet detailed information, as well as a hex dump
of the packets payload.
Note: The console stream can be captured to a log file and used as an input
file for display with ETHEREAL/Wireshark by using text2pcap.exe, which is
a part of the ETHEREAL/Wireshark distribution.
Execute as follows: text2pcap -l 101 <input_file> <output_file>

Next, open the output file with ETHEREAL/Wireshark for display and
decode. The typical lower layer information in ETHEREAL/Wireshark may
not be present. This converted capture file is treated as a raw IP capture
and also has no timestamp data. Remember to take advantage of access
control lists (ACLs) to narrow down the amount of data being processed
with this facility. This is a CPU-intensive operation, and also disables any
fast flow/fast cache routing.
<ipv4 acl name> Optional. Displays debug information for a specific IPv4 ACL.
any-vrf Optional. Displays debug information for all VRFs, including the default.
vrf <name> Optional. Displays debug information for the specified VRF.
Default Values
Command History
Functional Notes
Usage Examples
The following is sample output for the debug ip packet command, which provides debug information for
the default VRF only:
>enable
#debug ip packet
IP: s= 192.168.8.101 (eth 0/1) d=192.168.7.2 (eth 0/2) g= 192.168.7.2, forward

Where:
s=192.168.8.101 (eth 0/1) indicates source address and interface of received packet.
d=192.168.7.2 (eth 0/2) indicates destination address and interface from which the packet is being sent.
g=192.168.7.2 indicates the address of the next-hop gateway.
forward indicates the router is forwarding this packet.

The following is sample output for the debug ip packet vrf <name> command for the VRF named Red:
>enable
#debug ip packet vrf RED
IP: s=192.168.1.100 (eth 0/1.4) d=192.168.1.255 (Loopback), vrf=RED, rcvd

IP: s=192.168.1.1 (Loopback) d=192.168.1.101 (eth 0/1.4) g=192.168.1.101, vrf=RED, forward
Where:
rcvd indicates the router received this packet.
The following is sample output for the debug ip packet any-vrf command:
>enable
#debug ip packet any-vrf
IP: s=192.168.1.15 (eth 0/1.1) d=192.168.1.1 (Loopback), rcvd

IP: s=192.168.1.1 (Loopback) d=192.168.1.15 (eth 0/1.1) g=192.168.1.15, forward
IP: s=192.168.2.33 (eth 0/1.3) d=192.168.2.1 (Loopback), vrf=BLU, rcvd
IP: s=192.168.2.1 (Loopback) d=192.168.2.33 (eth 0/1.3) g=192.168.2.33, vrf=BLU, forward
Where:
if the vrf=<name> statement is not present, the packet was present on the default VRF.
vrf=<name> indicates the nondefault VRF from which the packet was received.
forward indicates the router transmitted this packet.
g=x.x.x.x indicates the next-hop IP address to which the packet was forwarded.

debug ip pim-sparse
Use the debug ip pim-sparse command to display all protocol-independent multicast (PIM) sparse mode
information. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form
of this command to disable the debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates all PIM sparse mode messages:
>enable
#debug ip pim-sparse

debug ip pim-sparse assert

Use the debug ip pim-sparse assert command to display debug messages associated with
protocol-independent multicast (PIM) sparse assert transactions. Debug messages are displayed (real time)
to the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages.
debug ip pim-sparse assert

debug ip pim-sparse assert event
debug ip pim-sparse assert event <multicast address>
debug ip pim-sparse assert state
debug ip pim-sparse assert state <multicast address>
your unit.
Syntax Description
event Optional. Displays PIM sparse assert events.
state Optional. Displays PIM sparse assert state changes.
<multicast address> Optional. Specifies multicast group IP address to filter. The multicast group
IP address range is 244.0.0.0 to 239.255.255.255 or 224.0.0.0 /4.
Default Values
Command History
Usage Examples
The following example activates all PIM sparse assert event messages:
>enable
#debug ip pim-sparse assert event
14:25:05: PIMSM: Assert - MRoute (*, 239.255.255.250, eth 0/2) processed Received Join in NoInfo state
14:25:29: PIMSM: Assert - MRoute (10.100.13.240, 239.192.19.136, eth 0/2) processed Received Join in
NoInfo state

debug ip pim-sparse hello

Use the debug ip pim-sparse hello command to display protocol-independent multicast (PIM) sparse
mode hello transactions. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates PIM sparse mode hello messages:
>enable
#debug ip pim-sparse hello

debug ip pim-sparse joinprune

Use the debug ip pim-sparse joinprune command to display protocol-independent multicast (PIM)
sparse mode join and prune transactions. Debug messages are displayed (real time) to the terminal (or
command include:
debug ip pim-sparse joinprune

debug ip pim-sparse joinprune event
debug ip pim-sparse joinprune event <multicast address>
debug ip pim-sparse joinprune state
debug ip pim-sparse joinprune state <multicast address>
your unit.
Syntax Description
event Optional. Displays PIM sparse join and prune events.
state Optional. Displays PIM sparse join and prune state changes.
Default Values
Command History
Usage Examples
The following example activates PIM sparse mode messages for all join and prune events and state
changes:
>enable
#debug ip pim-sparse joinprune
14:27:05: PIMSM: Processed JOIN(*, 239.255.255.250) from 10.10.10.2
14:27:29: PIMSM: Processed JOIN(10.100.13.240, 239.192.19.136) from 10.10.10.2
14:27:56: PIMSM: Sent JOIN(10.100.13.240, 239.192.19.136) to 10.100.13.240

debug ip pim-sparse packets

Use the debug ip pim-sparse packets command to display protocol-independent multicast (PIM) sparse
mode packet information. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use
the no form of this command to disable the debug messages.Variations of this command include:
debug ip pim-sparse packets

debug ip pim-sparse packets in
debug ip pim-sparse packets in <interface>
debug ip pim-sparse packets out
debug ip pim-sparse packets out <interface>
your unit.
Syntax Description
in Optional. Displays messages for inbound PIM sparse packets.
out Optional. Displays messages for outbound PIM sparse packets.
<interface> Optional. Specifies an interface in the format <interface type [slot/port |
dot11ap 1/1.1. Type debug ip pim-sparse packets ? for a list of valid
interfaces.
Default Values
Command History
Ethernet interface.
Usage Examples
The following example activates all PIM sparse packet messages (both inbound and outbound):
>enable
#debug ip pim-sparse packets

debug ip pim-sparse register

Use the debug ip pim-sparse register command to display protocol-independent multicast (PIM) sparse
source registration messages. Debug messages are displayed (real time) to the terminal (or Telnet) screen.
debug ip pim-sparse register

debug ip pim-sparse register event
debug ip pim-sparse register event <multicast address>
debug ip pim-sparse register state
debug ip pim-sparse register state <multicast address>
your unit.
Syntax Description
event Optional. Displays PIM sparse register events.
state Optional. Displays PIM sparse register state changes.
Default Values
Command History
Usage Examples
The following example activates all PIM sparse registration changes:
>enable
#debug ip pim-sparse register
18:14:22: PIMSM: Registered new source (10.100.13.240, 239.192.19.136) from 10.10.10.1
18:14:22: PIMSM: RegisterStop(10.100.13.240, 239.192.19.136) sent to 10.10.10.1

debug ip policy
Use the debug ip policy command to display policy-based routing events. Debug messages are displayed
messages. Variations of this command include the following:
debug ip policy
debug ip policy <acl name>
your unit.
Syntax Description
<acl name> Optional. Displays debug information only for the specified access control
list (ACL).
Default Values
Command History
Release 16.1 Command was expanded to filter based on an ACL.
Usage Examples
The following example creates a standard ACL named PVT, which permits packets sourced from the
10.22.0.0/16 network and displays only these policy-based routing event messages:
>enable
#ip access-list standard PVT
#permit 10.22.0.0 0.0.255.255
#deny any
#debug ip policy PVT

debug ip rip
Use the debug ip rip command to activate debug messages associated with Routing Information Protocol
(RIP) operation in AOS. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use
debug ip rip
debug ip rip events
your unit.
Syntax Description
events Optional. Displays only RIP protocol events.
Default Values
Command History
Functional Notes
The debug ip rip command activates debug messages to provide information on RIP activity in AOS. RIP
allows hosts and routers on a network to exchange information about routes.
Usage Examples
The following example activates debug messages associated with RIP activity:
>enable
#debug ip rip

debug ip route-cache express

Use the debug ip route-cache express command to activate debug messages associated with Layer 3
switching.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
>enable
#debug ip route-cache express
xRt: Periodic ARP for 10.2.42.254
xRt: Processed 1 ARP events, with 0 remaining
xRt: host entry added: IP=192.168.1.10, MAC=00:10:94:00:00:01, Vlan=1

xRt: host entry not added (no ARL entry): IP=192.168.5.10, MAC=00:10:96:00:00:01, Vlan=5
xRt: host entry added: IP=192.168.13.10, MAC=00:10:9a:00:00:01, Vlan=13
xRt: host entry not added (no ARL entry): IP=192.168.15.10, MAC=00:10:9b:00:00:01, Vlan=15
xRt: host entry added: IP=192.168.17.10, MAC=00:10:9c:00:00:01, Vlan=17
xRt: host entry added: IP=192.168.19.10, MAC=00:10:9d:00:00:01, Vlan=19
xRt: Processed 10 ARP events, with 605 remaining
xRt: Processed 10 L2 events, with 393 remaining
xRt: host entry added (ARL entry found): IP=192.168.1.20, MAC=00:10:94:00:00:0b, Vlan=1
xRt: host entry added (ARL entry found): IP=192.168.15.10, MAC=00:10:9b:00:00:01, Vlan=15
xRt: host entry added (ARL entry found): IP=192.168.3.18, MAC=00:10:95:00:00:09, Vlan=3
xRt: host entry added (ARL entry found): IP=192.168.3.41, MAC=00:10:95:00:00:20, Vlan=3
xRt: Processed 10 L2 events, with 217 remaining
--MORE--

debug ip routing
Use the debug ip routing command to activate debug messages associated with Internet Protocol
version 4 (IPv4) routing table events. Adding the VRF name to this command displays debug information
for the named virtual routing and forwarding (VRF). Debug messages are displayed (real time) to the
debug ip routing
debug ip routing vrf <name>
your unit.
Syntax Description
vrf <name> Optional. Displays debug information only for the specified VRF. If a VRF is
not specified, the default VRF is assumed.
Default Values
Command History
Functional Notes
Usage Examples
The following example activates debug messages associated with IPv4 routing table events:
>enable
#debug ip routing

The following example activates the debug messages associated with IPv4 routing table events on the
nondefault VRF named RED and provides sample output:
>enable
#debug ip routing vrf RED
ip route vrf RED 1.2.3.0 255.255.255.0 192.168.10.10

15:32:29: ROUTING: Add route for 1.2.3.0/24 nh=192.168.10.10 vrf=RED
15:32:29: ROUTING: Remove route for 1.2.3.0/24 nh=192.168.10.10 vrf=RED
15:32:29: ROUTING: Remove route for 1.2.3.0/24 nh=192.168.10.10 vrf=RED
Where:
nh=192.168.10.10 indicates the next-hop address.

vrf=RED indicates the nondefault VRF where the route is present.

debug ip security monitor

Use the debug ip security monitor command to activate debug messages associated with the IP security
monitor. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
The debug ip security monitor events include statistic collection associated with the timeline.
Usage Examples
>enable
#debug ip security monitor
SECURITY_MONITOR.EVENTS Regular update: timeline interval scheduled to end at 23:00:16
SECURITY_MONITOR.EVENTS [ curr=269095, sched=272343 ]
SECURITY_MONITOR.EVENTS Regular update: timeline interval scheduled to end at 23:00:16
SECURITY_MONITOR.EVENTS [ curr=269154, sched=272343 ] no debug ip security monitor
#

debug ip tcp
Use the debug ip tcp command to activate debug messages associated with Transmission Control Protocol
(TCP) state changes, session allocation and deallocation, and packet information (for example, sequence
numbers, acknowledgement numbers, and packet length) in AOS. Debug messages are displayed (real
debug ip tcp
debug ip tcp events
debug ip tcp md5
These debug events are logged for packets that are sent or received from the router.
Forwarded TCP packets are not included.
your unit.
Syntax Description
events Optional. Displays only messages regarding TCP state changes and TCP
session allocation.
md5 Optional. Displays messages related to the TCP Message Digest 5 (MD5)
authentication process.
Default Values
Command History
Release 9.1 Command was expanded to include the md5 parameter.
Functional Notes
The debug events for this command are logged for packets that are sent or received from the router.
Forwarded TCP packets are not included in the output.
In the debug ip tcp events output, TCB stands for TCP task control block. The numbers which sometimes
appear next to TCB (e.g., TCB5 in the following example) represent the TCP session number. This allows
you to differentiate debug messages for multiple TCP sessions.

Output for the debug ip tcp md5 command can include messages such as: MD5 authentication was
expected but not received, MD5 authentication was not expected but was received, MD5 authentication
failed, and MD5 authentication passed. Debug messages will only be generated for TCP ports that have
MD5 authentication enabled.
Usage Examples
>enable
#debug ip tcp events
2003.02.17 07:40:56 IP.TCP EVENTS TCP: Allocating block 5
2003.02.17 07:40:56 IP.TCP EVENTS TCB5: state change: FREE->SYNRCVD
2003.02.17 07:40:56 IP.TCP EVENTS TCB5: new connection from 172.22.75.246:3473 to
10.200.2.201:23
2003.02.17 07:40:56 IP.TCP EVENTS TCB5: state change: SYNRCVD->ESTABLISHED
[172.22.75.246:3473]
2003.02.17 07:41:06 IP.TCP EVENTS TCB5: Connection aborted -- error = RESET
2003.02.17 07:41:06 IP.TCP EVENTS TCB5: De-allocating tcb

debug ip tftp
Use the debug ip tftp command to activate debug messages associated with Trivial File Transfer Protocol
(TFTP) packets. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no
debug ip tftp client packets

debug ip tftp server events
debug ip tftp server packets
your unit.
Syntax Description
client packets Activates TFTP client packet debug messages.
server events Activates TFTP server event debug messages.
server packets Activates TFTP server packet debug messages.
Default Values
Command History
Release 14.1 Command changed from debug tftp to debug ip tftp.
Usage Examples
The following example activates debug messages associated with TFTP server packets:
>enable
#debug ip tftp server packets

debug ip udp
Use the debug ip udp command to activate debug messages associated with User Datagram Protocol
(UDP) send and receive events in AOS. Debug messages are displayed (real time) to the terminal (or
These debug events are logged for packets that are sent or received from the router.
Forwarded UDP packets are not included.
The overhead associated with this command takes up a large portion of your router’s
resources and at times can halt other router processes. It is best to only use the command
during times when the network resources are in low demand (nonpeak hours, weekends,
etc.).
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
In the debug ip udp information, the message no listener means that there is no service listening on this
UDP port (i.e., the data is discarded).
Usage Examples
>enable
#debug ip udp
2003.02.17 07:38:48 IP.UDP RX: src=10.200.3.236:138, dst=10.200.255.255:138, 229 bytes, no listener
2003.02.17 07:38:48 IP.UDP RX: src=10.200.2.7:138, dst=10.200.255.255:138, 227 bytes, no listener
2003.02.17 07:38:48 IP.UDP RX: src=10.200.201.240:138, dst=10.200.255.255:138, 215 bytes, no
listener

debug ip urlfilter
Use the debug ip urlfilter command to display a summary of debug information for all uniform resource
locator (URL) filters being used. Debug messages are displayed (real time) to the terminal (or Telnet)
screen. The verbose option gives more detailed information. Use the no form of this command to disable
the debug messages. Variations of this command include:
debug ip urlfilter
debug ip urlfilter verbose
your unit.
Syntax Description
verbose Optional. Enables detailed debug messages.
Default Values
Command History
Usage Examples
The following example shows the debug summary for all URL filters being used:
>enable
#debug ip urlfilter
2005.11.06 05:31:52 Connected to a Websense server

2005.11.06 05:33:26 Allowed http://www.adtran.com/

debug ip urlfilter top-websites

Use the debug ip urlfilter top-websites command to display the times at which the generated top websites
lists merge (as the 15-minute list is rolled into the hourly list, the hourly list into the daily list, and so on).
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example shows the debug summary for top websites reporting:
>enable
#debug ip urlfilter top-websites
P2007.05.08 09:55:00 Merging displayed 15 minute list into hour list
2007.05.08 09:55:00 Merging hour list into twenty-four hour list
2007.05.08 09:55:00 Validating timers; timerAdj=0, update=0, lastThen=462
2007.05.08 09:55:00 Scheduled next run in 900; timerAdj=0, nowUpTime=462,
last Period=306

debug ipv6 crypto ipsec

Use the debug ipv6 crypto ipsec command to activate debug messages associated with Internet Protocol
version 6 (IPv6) IP security (IPsec) events within the cryptographic subsystem. Debug messages are
debug messages. Variations of this command include:
debug ipv6 crypto ipsec

debug ipv6 crypto ipsec vrf <name>
your unit.
Syntax Description
forwarding (VRF) instance. If no VRF is specified, information for the default
VRF is displayed.
Default Values
Command History
Functional Notes
Usage Examples
The following example activates the debug messages for IPv6 cryptographic subsystem processing:
>enable
#debug ipv6 crypto ipsec

debug ipv6 dhcp

Use the debug ipv6 dhcp command to enable debug messages for Dynamic Host Control Protocol
version 6 (DHCPv6) operation in AOS. Debug messages are displayed (real time) to the terminal (or
command include:
debug ipv6 dhcp

debug ipv6 dhcp client
debug ipv6 dhcp client <interface>
debug ipv6 dhcp client mef-ethernet <slot/port>
debug ipv6 dhcp client system-control-evc
debug ipv6 dhcp client system-management-evc
debug ipv6 dhcp detail
debug ipv6 dhcp relay
debug ipv6 dhcp relay vrf <name>
debug ipv6 dhcp server
debug ipv6 dhcp server vrf <name>
your unit.
Syntax Description
client Optional. Specifies that DHCPv6 client information is displayed.
<interface> Optional. Specifies that only client information for the single interface is
displayed. Specify an interface in the format <interface type [slot/port |
slot/port.subinterface id | interface id | interface id. subinterface id]>. For
example, for an Ethernet subinterface, use eth 0/1.1. For a list of
appropriate interface, enter interface ? at the prompt.
mef-ethernet <slot/port> Optional. Specifies that only client information for the Metro Ethernet Forum
(MEF) Ethernet interface is displayed.
system-control-evc Optional. Specifies that only client information for the system control
Ethernet virtual connection (EVC) is displayed.
system-management-evc Optional. Specifies that only client information for the system management
EVC is displayed.
detail Optional. Specifies that DHCPv6 packet content is displayed.
relay Optional. Specifies that DHCPv6 relay information is displayed.
server Optional. Specifies that DHCPv6 server information is displayed.
vrf <name> Optional. Specifies that DHCPv6 server or relay information for a nondefault
(named) virtual routing and forwarding (VRF) instance is displayed. If a VRF
is not specified, information for the default VRF is displayed.

Default Values
Command History
Release R10.9.0 Command was expanded to include the client parameter.
Release R10.10.0 Command was expanded to include the system control and system
management EVCs.
Release R11.1.0 Command was expanded to include the vrf <name> parameter.
Usage Examples
The following example displays sample output for DHCPv6 relay debug information:
>enable
#debug ipv6 dhcp relay
2011.01.01 21:40:24 DHCPv6.RELAY Relaying SOLICIT from FE80::B098:1B0E:27CA:A8AB on eth 0/2
2011.01.01 21:40:24 DHCPv6.RELAY to FE80::2A0:C8FF:FE65:702 eth 0/1
2011.01.01 21:40:24 DHCPv6.RELAY Sending RELAY-FORWARD to FE80::2A0:C8FF:FE65:702 eth 0/1
2011.01.01 21:40:24 DHCPv6.RELAY Received RELAY-REPLY from FE80::2A0:C8FF:FE65:702 eth 0/1
2011.01.01 21:40:24 DHCPv6.RELAY Relaying RELAY-REPLY from FE80::2A0:C8FF:FE65:702 eth 0/1
2011.01.01 21:40:24 DHCPv6.RELAY to FE80::B098:1B0E:27CA:A8AB on eth 0/2
2011.01.01 21:40:24 DHCPv6.RELAY Sending REPLY to FE80::B098:1B0E:27CA:A8AB eth 0/2 on eth
0/2

debug ipv6 ffe wildcards

Use the debug ipv6 ffe wildcards command to enable debug messaging for Internet Protocol version 6
(IPv6) RapidRoute wildcard events. This command can be used to determine which of several subsystem
configurations caused a specific RapidRoute wildcard to be disabled.
your unit.You can view wildcard status on a per-interface basis using the command show
ipv6 ffe on page 801.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
When RapidRoute wildcard debug messages are enabled, two wildcard events are displayed. A calculate
event, generated when an interface is called to recalculate its inbound or outbound wildcards, displays the
results for each subsystem in the order in which wildcard processing is completed. A finalize set event is
generated when the complete wildcards for an interface are pushed to either hardware or software
processing and the new wildcards are used.
The order of wildcard bits displayed in a wildcard debug message are the opposite of the order displayed
in the show ipv6 ffe wildcard command, and exclude the Destination IP Address (which cannot be
wildcarded). The last bit displayed at the end of the wildcard string is the least significant bit and represents
the Source IP Address.
Usage Examples
The following example enables RapidRoute wildcard debug messaging and provides sample event output.
Also included in the example are the configuration of the IPv6 access control list (ACL) named ACL and its
application to the gigabit Ethernet subinterface 0/5.1:
>enable
#debug ipv6 ffe wildcards
#config t
(config)#ipv6 access-list extended ACL
(config-ext-nacl)#permit icmpv6 any any echo
(config-ext-nacl)#exit
(config)#interface gigabit ethernet 0/5.1
(config-giga-eth 0/5.1)#ipv6 access-group ACL out

2015.01.01 12:00:34 FFEWILDCARDV6.giga-eth 0/5.1 calculate outbound:

QoS: 11111111111
AccessGroup: 11011110111
2015.01.01 12:00:34 FFEWILDCARDV6.Loopback finalize set: 11011110111
2015.01.01 12:00:34 FFEWILDCARDV6.null 0 finalize set: 11011110111

debug ipv6 firewall

Use the debug ipv6 firewall command to activate debug messages associated with AOS Internet Protocol
version 6 (IPv6) firewall operation. Debug messages are displayed (real time) to the terminal (or Telnet)
include:
debug ipv6 firewall

debug ipv6 firewall vrf <name>
your unit.
Syntax Description
VRF is displayed.
Default Values
Command History
Functional Notes
Usage Examples
The following example activates the debug messages for IPv6 firewall processing:
>enable
#debug ipv6 firewall

The following example activates the IPv6 firewall debug messages for the VRF instance gray and provides
sample output:
>enable
#debug ipv6 firewall vrf gray
2010.08.17 20:39:25 FIREWALL_V6.VRF gray id=firewall time=”2010-08-17 20:39:25”

fw=NV3430 pri=6 proto=icmpv6 src=2001:DB8:1:1::2 dst=2001:DB8:1:1::1 msg=”ICMPv6
type=128 code=0; Bytes processed over policy-session (bytes=256) from PRIVATEV6
policy-class on the interface eth 0/1.1”
2010.08.17 20:39:25 FIREWALL_V6.VRF gray Deleted policy-session due to clear all policy-sessions
command
Policy-session ID = 2; Count (total, policy-class) = 0, 0
Protocol = 58; Flags = 0x1; Timeout = 60
Initiating side: Policy-class = PRIVATEV6
From/To: eth 0/1.1 -> Loopback
Source: 2001.DB8:1:1::2
Destination: 2001:DB8:1:1::1
ICMPv6 Type/Code: 128/0; ID: 0
Responding side: Policy-class = self
From/To: Loopback -> eth 0/1.1
Source: 2001:DB8:1:1::2
Destination: 2001:DB8:1:1::2
ICMPv6 Type/Code: 129/0; ID: 0

debug ipv6 firewall ndar

Use the debug ipv6 firewall ndar command to activate debug messages associated with AOS Internet
Protocol version 6 (IPv6) firewall Neighbor Discovery (ND) operation. Debug messages are displayed
debug ipv6 firewall ndar

debug ipv6 firewall vrf <name> ndar
your unit.
Syntax Description
ndar Specifies that ND address resolution events are displayed.
VRF is displayed.
Default Values
Command History
Functional Notes
Usage Examples
The following example activates the debug messages for IPv6 firewall ND address resolution processing
on the default VRF instance:
>enable
#debug ipv6 firewall ndar

debug ipv6 icmp

Use the debug ipv6 icmp command to show all Internet Control Message Protocol (ICMP) version 6
(ICMPv6) messages being sent or received by the local IPv6 stack. For IPv6, these messages do not
include ICMP packets being exchanged between other devices because those packets appear only as IPv6
packets (rather than ICMPv6 packets) to the local router. If an optional keyword (send or recv) is not used,
all results are displayed. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use
debug ipv6 icmp

debug ipv6 icmp send
debug ipv6 icmp recv
your unit.
Syntax Description
send Optional. Displays only ICMPv6 messages sent by the IPv6 stack.
recv Optional. Displays only ICMPv6 messages received by the IPv6 stack.
Default Values
Command History
Usage Examples
The following example activates the debug ipv6 icmp send and receive messages for ICMPv6 in AOS:
>enable
#debug ipv6 icmp
ICMPv6 SEND: To [2001:DB8:8967::10] Type=128 Code=0 Length=108 Details:echo request
id=0036 seq=0001
ICMPv6 SEND: Source changed to [2001:DB8:8967:1::100] before transmit
ICMPv6 RECV: From [1001:DB8:8967::10] to [2001:DB8:8967:1::100] [eth 0/1]
Type=129 Code=0 Length=108 Details: echo reply
id=0036 seq=0001
--MORE--

debug ipv6 mld

Use the debug ipv6 mld command to display information related to Internet Protocol version 6 (IPv6)
Multicast Listener Discovery (MLD) queries and responses. Use the no form of this command to disable
the debug messages. Variations of this command include:
debug ipv6 mld events

debug ipv6 mld events interface <interface>
debug ipv6 mld packet
debug ipv6 mld packet interface <interface>
your unit.
Syntax Description
events Specifies that events related to MLD activity, such as timer starts or
changes in compatibility mode, are displayed.
packet Specifies that decoded packet information, including MLD message
contents and associated MLD groups, are displayed.
interface <interface> Optional. Limits command output to a specified interface. Specify an
interface id | interface id. subinterface id]>. For example, for an Ethernet
Default Values
Command History
Usage Examples
The following example displays sample output for MLD debug information:
>enable
#debug ipv6 mld
2014.04.20 17:58:05 MLD.PKT giga-eth 0/2.1 Receive MLD packet, len=28
type=130 (query), code=0, cksum=0x231d
maxDelayMs=5000, mcast=:: (general)
sFlag=0, QRV=2, QQIC=30, numSources=0
2014.04.20 17:58:05 MLD.PKT giga-eth 0/2.1 Transmit MLD packet, len=88
type=143 (v2 report), code=0, cksum=0x8f49

debug ipv6 named-prefix

Use the debug ipv6 named-prefix command to enable debug messages for all events associated with
Internet Protocol version 6 (IPv6) named prefixes.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables debug messages for all IPv6 named prefixes:
>enable
#debug ipv6 named-prefix

debug ipv6 nd
Use the debug ipv6 nd command to activate debug messages for Internet Protocol version 6 (IPv6)
Neighbor Discovery (ND) functions on the router. This command details the processing of ND messages
and all resulting state changes and errors. Debug messages are displayed (real time) on the terminal (or
command include:
debug ipv6 nd ar
debug ipv6 nd dad
debug ipv6 nd neighbor-state
debug ipv6 nd packet neighbor
debug ipv6 nd packet router
your unit.
Syntax Description
ar Optional. Activates debug messaging for address resolution (AR) changes.
dad Optional. Activates debug messaging for duplicate address detection (DAD)
events.
neighbor-state Optional. Activates debug messaging for state changes in the neighbor
cache.
packet neighbor Optional. Activates debug messaging for ND packets.
packet router Optional. Activates debug messaging for router advertisement (RA)
packets.
Default Values
Command History
Usage Examples
The following example activates debug messaging for all ND DAD events:
>enable
#debug ipv6 nd dad

debug ipv6 packet

Use the debug ipv6 packet command to display debug messages for every Internet Protocol version 6
(IPv6) packet forwarded through the unit. Adding the virtual routing and forwarding (VRF) instance name
to this command displays debug information only for the named VRF instance. Debug messages are
debug messages. Variations of this command include:
debug ipv6 packet

debug ipv6 packet detail
debug ipv6 packet dump
debug ipv6 packet <ipv6 acl name>
debug ipv6 packet <ipv6 acl name> detail
debug ipv6 packet <ipv6 acl name> dump
debug ipv6 packet any-vrf
debug ipv6 packet any-vrf <ipv6 acl name>
debug ipv6 packet any-vrf <ipv6 acl name> detail
debug ipv6 packet any-vrf <ipv6 acl name> dump
debug ipv6 packet any-vrf detail
debug ipv6 packet any-vrf dump
debug ipv6 packet vrf <name>
debug ipv6 packet vrf <name> <acl name>
debug ipv6 packet vrf <name> <acl name> detail
debug ipv6 packet vrf <name> <acl name> dump
debug ipv6 packet vrf <name> detail
debug ipv6 packet vrf <name> dump
your unit.
Syntax Description
detail Optional. Displays IPv6 packet detailed information.
dump Optional. Displays IPv6 packet detailed information, as well as a hex dump
of the packets payload.
<ipv6 acl name> Optional. Displays debug information for a specific IPv6 access control list
(ACL).
any-vrf Optional. Displays debug information for all VRFs, including the default.
vrf <name> Optional. Displays debug information for the specified VRF.
Default Values

Command History
Functional Notes
Usage Examples
The following is sample output for the debug ipv6 packet command, which provides debug information for
the default VRF only:
>enable
#debug ip packet
IPv6: s=FE80::2A0:C8FF:FE00:6120 (Loopback)

d=FF02::5 (eth 0/1)
g=FF02::5
forward, size = 76(36)
IPv6: s=FE80::2A0:C8FF:FE00:6120 (Loopback)

d=2620:106:A001:899:4DC8:275B:34AA:99F6 (eth 0/1)
g=2620:106:A001:899:4DC8:275B:34AA:99F6
forward, size = 72(32)
In this example, the following is true:
s=FE80::2A0:C8FF:FE00:6120 (Loopback) indicates the source address and interface of received packet.
d=FF02::5 (eth 0/1) indicates the destination address and interface from which the packet is being sent.
g=FF02::5 indicates the address of the next-hop gateway.
forward indicates the router is forwarding this packet.

debug ipv6 routing

Use the debug ipv6 routing command to activate debug messages associated with Internet Protocol
version 6 (IPv6) routing table events. Adding the VRF name to this command displays debug information
for the named virtual routing and forwarding (VRF). Debug messages are displayed (real time) to the
debug ipv6 routing

debug ipv6 routing vrf <name>
your unit.
Syntax Description
vrf <name> Optional. Displays debug information only for the specified VRF. If a VRF is
not specified, the default unnamed VRF is assumed.
Default Values
Command History
Functional Notes
Usage Examples
The following example activates debug messages associated with IPv6 routing table events:
>enable
#debug ipv6 routing

debug isdn
Use the debug isdn command to activate debug messages associated with integrated services digital
network (ISDN) events in AOS. Debug messages are displayed (real time) to the terminal (or Telnet)
include the following:
debug isdn cc-ie

debug isdn cc-ie bri
debug isdn cc-ie bri <number>
debug isdn cc-ie pri
debug isdn cc-ie pri <number>
debug isdn cc-messages
debug isdn cc-messages bri
debug isdn cc-messages bri <number>
debug isdn cc-messages pri
debug isdn cc-messages pri <number>
debug isdn endpoint
debug isdn endpoint bri
debug isdn endpoint bri <number>
debug isdn endpoint pri
debug isdn endpoint pri <number>
debug isdn interface
debug isdn interface bri
debug isdn interface bri <number>
debug isdn interface pri
debug isdn interface pri <number>
debug isdn l2-formatted
debug isdn l2-formatted bri
debug isdn l2-formatted bri <number>
debug isdn l2-formatted pri
debug isdn l2-formatted pri <number>
debug isdn l2-messages
debug isdn l2-messages bri
debug isdn l2-messages bri <number>
debug isdn l2-messages pri
debug isdn l2-messages pri <number>
your unit.
Syntax Description
bri Optional. Specifies the basic rate interface (BRI) interface.
cc-ie Displays call control information elements.

cc-messages Displays call control messages.

endpoint Displays endpoint events.
interface Displays ISDN interface events.
l2-formatted Displays Layer 2 formatted messages.
l2-messages Displays Layer 2 messages.
pri Optional. Specifies the ISDN interface.
pri <number> Optional. Specifies a specific ISDN interface. Range is 1 to 255.
Default Values
Command History
Release R10.5.0 Command was expanded to include the bri parameter.
Usage Examples
The following example activates all Layer 2 formatted messages:
>enable
#debug isdn l2-formatted
The following example activates Layer 2 formatted messages received on ISDN interface primary rate
interface (PRI) 1:
>enable
#debug isdn l2-formatted pri 1

debug isdn group

Use the debug isdn group command to activate integrated services digital network (ISDN) group errors
and messages. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no
debug isdn group

debug isdn group <number>
your unit.
Syntax Description
<number> Optional. Specifies the ISDN group. Valid range is 1 to 255.
Default Values
Command History
Usage Examples
The following example activates debug messages for all ISDN groups:
>enable
#debug isdn group

debug isdn resource-manager

Use the debug isdn resource-manager command to activate integrated services digital network (ISDN)
resource manager errors and messages. Debug messages are displayed (real time) to the terminal (or
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates debug messages associated with the ISDN resource manager:
>enable
#debug isdn resource-manager

debug isdn verbose

Use the debug isdn verbose command to activate all debug messages associated with integrated services
digital network (ISDN) events in AOS. Debug messages are displayed (real time) to the terminal (or
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates all debug messages associated with ISDN activity:
>enable
#debug isdn verbose

debug licensing
Use the debug licensing command to display licensing event messages. Debug messages are displayed
messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates licensing event messages:
>enable
#debug licensing

debug lldp
Use the debug lldp command to display debug output for all Link Layer Discovery Protocol (LLDP)
receive and transmit packets. Debug messages are displayed (real time) on the terminal (or Telnet) screen.
debug lldp
debug lldp rx
debug lldp rx verbose
debug lldp tx
debug lldp tx verbose
debug lldp verbose
your unit.
Syntax Description
rx Optional. Shows information about received packets.
tx Optional. Shows information about transmitted packets.
verbose Optional. Shows detailed debugging information.
Default Values
Command History
Release R11.5.0 Command was expanded to include inventory information if transmitted by
the endpoint.
Usage Examples
The following example activates both transmit and receive messages associated with LLDP operation:
>enable
#debug lldp

debug mail-client
Use the debug mail-client command to enable mail agent debug messages. Variations of this command
include:
debug mail-client
debug mail-client <agent name>
your unit.
Syntax Description
<agent name> Optional. Specifies debug messages are enabled only for the specified mail
agent.
Default Values
Command History
Usage Examples
The following example enables debug messaging for all configured mail agents:
>enable
#debug mail-client

debug mef config

Use the debug mef config command to enable debug messaging for all Metro Ethernet Forum (MEF)
components configured on the unit. Debug messages are displayed (real time) to the terminal (or Telnet)
include:
debug mef config

debug mef config detail
your unit.
Syntax Description
detail Optional. Specifies that detailed debug information is displayed.
Default Values
Command History
Usage Examples
The following example enables debug messages for all MEF component configurations:
>enable
#debug mef config

debug mgcp stack

Use the debug mgcp stack command to display information about the Media Gateway Control Protocol
(MGCP) stack and MGCP messages. Variations of this command include:
debug mgcp stack

debug mgcp stack messages
debug mgcp stack messages summary
debug mgcp stack verbose
your unit.
Syntax Description
messages Optional. Specifies that MGCP stack messages information is displayed.
messages summary Optional. Specifies that MGCP message summary information is displayed.
verbose Optional. Specifies that detailed MGCP stack information is displayed.
Default Values
Command History
Release A2 Command was introduced.
Usage Examples
The following is sample output from the debug mgcp stack messages summary command:
#debug mgcp stack messages summary

19:20:22 MGCP.STACK MSGSUM TX: -> 47.234.101.60:2727
19:20:22 MGCP.STACK MSGSUM TX: ntfy 88 aaln/1@65.162.109.238 MGCP 1.0
19:20:22 MGCP.STACK MSGSUM RX: <- 47.234.101.60:2727
19:20:22 MGCP.STACK MSGSUM RX: 200 88 OK
19:20:22 MGCP.STACK MSGSUM RX: <- 47.234.101.60:2727

19:20:22 MGCP.STACK MSGSUM RX: RQNT 30425 aaln/1@65.162.109.238 MGCP 1.0

debug mgcp verbose

Use the debug mgcp verbose command to display detailed information about Media Gateway Control
Protocol (MGCP) transmissions and receptions.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following is sample output from the debug mgcp verbose command:
#debug mgcp verbose

19:02:35 MGCP.STACK DEBUG adEndpointEvent(int=0:1, pkg=, evt=hd)
19:02:35 MGCP.STACK MSG TX: -> 47.234.101.60:2727
19:02:35 MGCP.STACK MSG TX: ntfy 58 aaln/1@65.162.109.238 MGCP 1.0
K: 57
X: 22410
O: l/hd
19:02:35 MGCP.STACK MSG RX: <- 47.234.101.60:2727

19:02:35 MGCP.STACK MSG RX: 200 58 OK
19:02:35 MGCP.STACK MSG RX: <- 47.234.101.60:2727

19:02:35 MGCP.STACK MSG RX: RQNT 30081 aaln/1@65.162.109.238 MGCP 1.0
X: 22414
S:
R: L/hu(N)
Q: loop

debug network-forensics ip dhcp

Use the debug network-forensics ip dhcp command to display Dynamic Host Configuration Protocol
(DHCP) information collected from messages sent between clients connected to the network and the
network server. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Debug
messages can be activated for all clients or for specific clients connected to the network. Use the no form
of this command to disable the debug messages. Variations of this command include:
debug network-forensics ip dhcp

debug network-forensics ip dhcp hostname <hostname>
debug network-forensics ip dhcp interface gigabit-switchport <slot/port>
debug network-forensics ip dhcp interface switchport <slot/port>
debug network-forensics ip dhcp interface xgigabit-switchport <slot/port>
debug network-forensics ip dhcp ip <ip address>
debug network-forensics ip dhcp mac <mac address>
your unit.
Syntax Description
hostname <hostname> Optional. Activates debug messages for the client with the
specified host name.
interface gigabit-switchport <slot/port> Optional. Activates debug messages for the client using the
specified gigabit switchport interface.
interface switchport <slot/port> Optional. Activates debug messages for the client using the
specified switchport interface.
interface xgigabit-switchport <slot/port> Optional. Activates debug messages for the client using the
specified 10 gigabit switchport interface.
ip <ip address> Optional. Activates debug messages for the client with the
specified IP address. IP addresses should be expressed in
dotted decimal notation (for example, 10.10.10.1).
mac <mac address> Optional. Activates debug messages for the client with the
specified medium access control (MAC) address. MAC
Default Values

Command History
Release R10.7.0 Command was expanded to include the switchport and 10
Usage Examples
The following is sample output of the debug network-forensics ip dhcp command:
>enable
#debug network-forensics ip dhcp
2009.08.31 14:30:30 NETWORK_FORENSICS.IP.DHCP.giga-swx 0/5 Discover from 00:E0:29:0E:D5:E3
(xpsp3-host)
2009.08.31 14:30:31 NETWORK_FORENSICS.IP.DHCP.giga-swx 0/24 Offer from
00:E0:29:0E:D5:E5/10.23.220.254 to 00:E0:29:0E:D5:E3 of 10.23.220.1/255.255.255.0(xpsp3-host)
2009.08.31 14:30:31 NETWORK_FORENSICS.IP.DHCP.giga-swx 0/5 Request from 00:E0:29:0E:D5:E3
10.23.220.1/255.255.255.0 (xpsp3-host) to 00:E0:29:0E:D5:E5/10.23.220.254
2009.08.31 14:30:31 NETWORK_FORENSICS.IP.DHCP.giga-swx 0/24 Ack from
00:E0:29:0E:D5:E5/10.23.220.254 to 00:E0:29:0E:D5:E3 of 10.23.220.1/255.255.255.0 (xpsp3-host)

debug network-sync
Use the debug network-sync command to enable debug messaging for network synchronization (Network
Sync). Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of this
debug network-sync clock

debug network-sync clock defects
debug network-sync clock status
debug network-sync ssm
debug network-sync ssm rx
debug network-sync ssm tx
debug network-sync ssm events
debug network-sync ssm events rx
debug network-sync ssm events tx
your unit.
Syntax Description
clock Specifies Network Sync clock debug messages are enabled.
defects Optional. Specifies that debug messages for Network Sync clock defect
events are enabled.
status Optional. Specifies that debug messages for Network Sync clock status
events are enabled.
ssm Specifies that debug messages for Network Sync synchronization status
messages (SSMs) are enabled.
events Optional. Specifies that debug message for SSM events are enabled.
rx Optional. Specifies that debug messages for received SSM events are
enabled.
tx Optional. Specifies that debug messages for transmitted SSM events are
enabled.
Default Values
Command History

Usage Examples
The following example enables debug messages for Network Sync clock events:
>enable
#debug network-sync clock
The following example enables debug messages for Network Sync SSM events:
>enable
#debug network-sync ssm events

debug nslookup
Use the debug nslookup command to activate debug messages associated with name server lookup client
(nslookup) events. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates debug messages associated with nslookup events:
>enable
#debug nslookup

debug ntp
Use the debug ntp command to activate debug messages associated with the Network Time Protocol
(NTP) daemon information. Adding the virtual routing and forwarding (VRF) name to this command
displays debug information only for the named VRF. Debug messages are displayed (real time) on the
debug ntp
debug ntp any-vrf
debug ntp vrf <name>
your unit.
Syntax Description
any-vrf Optional. Displays debug information for all VRF instances, including the
default.
vrf <name> Optional. Displays debug information for the specified VRF instance.
Default Values
Command History
Release R10.7.0 Command was expanded to include the vrf and any-vrf parameters.
Usage Examples
The following example activates debug messages associated with NTP:
>enable
#debug ntp

debug ospfv3
Use the debug ospfv3 command to activate debug messages associated with Open Shortest Path First
version 3 (OSPFv3). Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the
debug ospfv3
debug ospfv3 adj
debug ospfv3 adj errors
debug ospfv3 database-timer
debug ospfv3 events
debug ospfv3 flood
debug ospfv3 flood errors
debug ospfv3 hello
debug ospfv3 hello errors
debug ospfv3 lsa-generation
debug ospfv3 packet errors
debug ospfv3 packet rx
debug ospfv3 packet rx summary
debug ospfv3 packet tx
debug ospfv3 packet tx summary
debug ospfv3 retransmission
debug ospfv3 spf
debug ospfv3 spf router-calculation
debug ospfv3 <process id>
debug ospfv3 <process id> adj
debug ospfv3 <process id> adj errors
debug ospfv3 <process id> database-timer
debug ospfv3 <process id> events
debug ospfv3 <process id> flood
debug ospfv3 <process id> flood errors
debug ospfv3 <process id> hello
debug ospfv3 <process id> hello errors
debug ospfv3 <process id> lsa-generation
debug ospfv3 <process id> packet errors
debug ospfv3 <process id> packet rx
debug ospfv3 <process id> packet rx summary
debug ospfv3 <process id> packet tx
debug ospfv3 <process id> packet tx summary
debug ospfv3 <process id> retransmission
debug ospfv3 <process id> spf
debug ospfv3 <process id> spf router-calculation
your unit.

Syntax Description
<process id> Optional. Displays debug information for the specified OSPFv3 routing
process. If no process ID is specified, information for all OSPFv3 processes
is displayed. Valid process ID range is 1 to 65535.
adj Specifies that only OSPFv3 adjacency events are displayed.
database-timer Specifies that only OSPFv3 database timer information is displayed.
events Specifies that only OSPFv3 events are displayed.
errors Optional. Specifies that errors about specific information are displayed.
flood Specifies that only OSPFv3 flooding information is displayed.
hello Specifies that only OSPFv3 Hello events are displayed.
lsa-generation Specifies that only OSPFv3 link state advertisement (LSA) generation
information is displayed.
packet errors Specifies that only OSPFv3 errors with received packets are displayed.
packet rx Specifies that only OSPFv3 received packet information is displayed.
packet tx Specifies that only OSPFv3 transmitted packet information is displayed.
summary Optional. Summarizes OSPFv3 packet information.
retransmission Specifies that only OSPFv3 retransmission events are displayed.
spf Specifies that OSPFv3 shortest path first (SPF) events are displayed.
spf route-calculation Specifies that OSPFv3 SPF route calculations are displayed.
Default Values
Command History
Usage Examples
The following example activates the debug messages for all OSPFv3 processes on the AOS device:
>enable
#debug ospfv3
Receiving OSPFv3 packet from 2001:db8:10:24::106.4 to FF02::5 on eth 0/1.6
SysUpTime=1222577915 ms.
Hello Packet from Router ID: 1.1.1.4; Ver:2 Length:48
Area ID: 0.0.0.0 Checksum: )x8659;; Using Null Authentication: 0:0
PrefixLenV4: /64; Hello Interval: 10 Options: 0x13 Router Priority: 1 Router Dead Interval: 40
Designated Router: 10.24.106.4 Backup Designated Router: 10.24.106.5
1 Neighbors:
123.1.1.1
16:35:24: OSPFv3: HELLO received form 1.1.1.4, neighbor state is FULL

debug over-temperature protection

Use the debug over-temperature protection command to activate debug messages associated with
over-temperature protection events. Debug messages are displayed (real time) on the terminal (or Telnet)
include:
debug over-temperature protection

debug over-temperature protection sensor
debug over-temperature protection voting
your unit.
Syntax Description
sensor Optional. Displays debug messages only for the over-temperature
protection temperature sensor.
voting Optional. Displays debug messages only for the over-temperature
protection temperature voting events.
Default Values
Command History
Usage Examples
The following example activates debug messages for the over-temperature protection feature:
>enable
#debug over-temperature protection

debug packet-capture
Use the debug packet-capture command to enable debug messaging for all packet-capture activities. Use
the no form of this command to disable packet-capture debug messaging.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables debug messaging for all packet-capture activities:
>enable
#debug packet-capture

debug ping twamp

Use the debug ping twamp command to activate debug messages associated with Two-Way Active
Measurement Protocol (TWAMP) ping activity. Debug messages are displayed (real time) on the terminal
command include:
debug ping twamp

debug ping twamp control
debug ping twamp control events
debug ping twamp control packets
debug ping twamp test
debug ping twamp test events
debug ping twamp test packets
your unit.
Syntax Description
control Optional. Activates TWAMP control debug messages.
events Optional. Displays TWAMP control events and messages.
packets Optional. Displays TWAMP control events and packets.
test Activates TWAMP Test debug messages.
events Optional. Displays TWAMP test events and messages.
packets Optional. Displays TWAMP test events and packets.
Default Values
Command History
Usage Examples
The following example enables debug messaging for TWAMP control events and messages:
>enable
#debug ping twamp control
Type CTRL+C to abort. Test will complete in approximately 7 seconds.


Server-Greeting)
Setup-Response)
mode=1
keyId=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
token=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2009.06.03 11:18:51 IP.TWPING CTRL EVNT State changed Starting -> Active (event=RX Server-Start)
2009.06.03 11:18:51 IP.TWPING CTRL PKT Received Server-Start (len=48)
accept=0 serverIV=3d97e36d000000000178343030386337 startTime=4a26a1ad.2be49403
2009.06.03 11:18:51 IP.TWPING CTRL EVNT State changed Active -> Register-Session (event=TX
Request-Session)
2009.06.03 11:18:51 IP.TWPING CTRL PKT Sending Request-Session (len=112)
ipVer=4 confSender=0 confReceiver=0 numSchedSlots=0 numPkts=10
senderPort=1090 receiverPort=0 senderIp=10.22.135.18 receiverIp=10.22.130.44
sessId=00000000000000000000000000000000 padLen=0
startTime=0.0 timeout=2.0 dscp=0
2009.06.03 11:18:51 IP.TWPING CTRL EVNT State changed Register-Session -> Active (event=RX
Accept-Session)
2009.06.03 11:18:51 IP.TWPING CTRL PKT Received Accept-Session (len=48)
accept=0 port=1063 sessId=0000000000000025cf198506ac7bb859
2009.06.03 11:18:51 IP.TWPING CTRL EVNT State changed Active -> Start-Sessions (event=TX
Start-Sessions)
2009.06.03 11:18:51 IP.TWPING CTRL PKT Sending Start-Sessions (len=32)
2009.06.03 11:18:51 IP.TWPING CTRL EVNT State changed Start-Sessions -> Active (event=RX
Start-Ack)
2009.06.03 11:18:51 IP.TWPING CTRL PKT Received Start-Ack (len=32)
accept=0--- statistics from [10.22.135.18]:1090 to [10.22.130.44]:1063
SID: 00000003720725133617212318489
10 sent, 0 lost (0.000%)
Delay
round-trip min/avg/max = 0 0 0 ms
num/sum/sum2 = 10 9 9 ms
out min/avg/max = -6 -6 -6 ms
num/sum/sum2 = 10 -62 388 ms
in min/avg/max = 7 7 7 ms

IPDV-abs
out min/avg/max = 0 0 0 ms
IPDV-pos
IPDV-neg
clock error
local = sync, 0.488281 ms
remote = sync, 0.488281 ms
2009.06.03 11:18:53 IP.TWPING CTRL EVNT State changed Active -> Stop-Sessions (event=TX
Stop-Session)
2009.06.03 11:18:53 IP.TWPING CTRL PKT Sending Stop-Sessions (len=32)
accept=0 numSessions=0
2009.06.03 11:18:53 IP.TWPING CTRL EVNT State changed Stop-Sessions -> Active (event=Stopping
Tests)
2009.06.03 11:18:53 IP.TWPING CTRL EVNT Closing connection
2009.06.03 11:18:53 IP.TWPING CTRL EVNT State changed Active -> Closed (event=Close Connection)

debug port-auth
Use the debug port-auth command to generate debug messages used to aid in troubleshooting problems
during the port authentication process. Debug messages are displayed (real time) on the terminal (or
debug port-auth
debug port-auth auth-sm
debug port-auth bkend-sm
debug port-auth general
debug port-auth packet
debug port-auth packet [both | tx | rx]
debug port-auth reauth-sm
debug port-auth supp-sm
debug port-auth voice
your unit.
Syntax Description
auth-sm Optional. Displays AuthPAE-state machine information.
bkend-sm Optional. Displays backend-state machine information.
general Optional. Displays configuration changes to the port authentication system.
packet both Optional. Displays packet exchange information in both receive and
transmit directions.
packet rx Optional. Displays packet exchange information in the receive-only
direction.
packet tx Optional. Displays packet exchange information in the transmit-only
direction.
reauth-sm Optional. Displays reauthentication-state machine information.
supp-sm Optional. Displays supplicant-state machine information.
voice Optional. Displays voice-based port authentication information.
Default Values

Command History
Release 10.1 New options were introduced.
Release 13.1 New options were introduced.
Release R11.13.0 Command was expanded to include the voice parameter.
Usage Examples
The following example activates port authentication debug information on received packets:
>enable
#debug port-auth packet rx
Rcvd EAPOL Start for sess 1 on int eth 0/2

debug port security

Use the debug port security command to display messages associated with port security. Debug messages
are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this command to disable the
debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates port security debug messages:
>enable
#debug port security

debug ppp
Use the debug ppp command to activate debug messages associated with Point-to-Point Protocol (PPP)
operation in AOS. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no
debug ppp authentication

debug ppp errors
debug ppp negotiation
debug ppp verbose
your unit.
Syntax Description
authentication Activates debug messages pertaining to PPP authentication
(Challenge-Handshake Authentication Protocol (CHAP), Password
Authentication Protocol (PAP), Extensible Authentication Protocol
(EAP), etc.).
errors Activates debug messages that indicate a PPP error was detected
(mismatch in negotiation authentication, etc.).
negotiation Activates debug messages associated with PPP negotiation.
verbose Activates detailed debug messages for PPP operation.
Default Values
Command History
Functional Notes
The debug ppp command activates debug messages to provide information on PPP activity in the system.
PPP debug messages can be used to aid in troubleshooting PPP links.
Usage Examples
The following example activates debug messages associated with PPP authentication activity:
>enable
#debug ppp authentication

debug pppoe client

Use the debug pppoe client command to activate debug messages associated with Point-to-Point Protocol
over Ethernet (PPPoE) operation in AOS. Debug messages are displayed (real time) to the terminal (or
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates debug messages associated with PPPoE activity:
>enable
#debug pppoe client

debug probe
Use the debug probe command to activate debug messages associated with activities performed by the
named probe object. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the
debug probe
debug probe <name>
debug probe <name> twamp
debug probe <name> twamp control
debug probe <name> twamp control events
debug probe <name> twamp control packets
debug probe <name> twamp test
debug probe <name> twamp test events
debug probe <name> twamp test packets
your unit.
Syntax Description
<name> Optional. Specifies the probe object or activates the probe database debug
event messages for the specified probe.
twamp Optional. Specifies Two-Way Active Measurement Protocol (TWAMP)
probe verbose output.
control Activates TWAMP control probe verbose messages.
events Optional. Activates TWAMP control probe events.
packets Optional. Activates decode TWAMP control packets messages.
test Activates TWAMP Test probe verbose output.
events Optional. Activates TWAMP Test probe events.
packets Optional. Activates decode TWAMP Test packets messages.
Default Values
Command History
Release 17.3 Command was expanded to include the TWAMP probe verbose output.

Usage Examples
The following example activates all debug messages associated with the probes:
>enable
#debug probe
The following example activates debug messages associated with the probe object named probe_A:
>enable
#debug probe probe_A

debug probe responder

Use the debug probe responder command to display probe responder event messages or activate debug
messages associated with activities performed by the named probe object. Debug messages are displayed
debug probe responder twamp

debug probe responder twamp control
debug probe responder twamp control event
debug probe responder twamp control event <address>
debug probe responder twamp control packet
debug probe responder twamp control packet <address>
debug probe responder twamp test
debug probe responder twamp test event
debug probe responder twamp test event <address>
debug probe responder twamp test packet
debug probe responder twamp test packet <address>
your unit.
Syntax Description
twamp Optional. Activates probe debug messages for all Two-Way Active
Measurement Protocol (TWAMP) responder verbose output.
control Optional. Activates probe debug messages for TWAMP control responder
verbose output.
event <address> Optional. Activates probe debug messages for TWAMP control responder
events. Specify the far-end IP address to activate remote events.
packet <address> Optional. Activates probe debug messages to decode TWAMP control
packets. Enter an IP address to decode TWAMP control packets from a
specific address.
test Optional. Activates probe debug messages for TWAMP test responder
verbose output.
event <address> Optional. Activates probe debug messages for TWAMP test responder
events. Enter a far-end IP address to display events from the specified
address.
packet <address> Optional. Activates probe debug messages to decode TWAMP test packets.
Enter an IP address to decode TWAMP test packets from a specific
address.
Default Values

Command History
Release 17.2 Command was expanded to include the TWAMP responder debug options.
Usage Examples
The following example activates debug messages associated with all probe objects:
>enable
#debug probe
The following example activates debug messages associated with the probe object named probe_A:
>enable
#debug probe probe_A
The following example activates probe responder debug messages:
>enable
#debug probe responder

debug radius
Use the debug radius command to enable debug messages from the remote authentication dial-in user
service (RADIUS) subsystem. Debug messages are displayed (real time) to the terminal (or Telnet) screen.
Use the no form of this command to disable the debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
The debug radius messages show the communication process with the remote RADIUS servers.
Usage Examples
The following is sample output for the debug radius command:
>enable
#debug radius
RADIUS AUTHENTICATION: Sending packet to 172.22.48.1 (1645).
RADIUS AUTHENTICATION: Received response from 172.22.48.1.

debug restore
Use the debug restore command to restore the last saved debug filters to the unit.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
This command is used to restore filters saved using the command debug save on page 449. To view the
saved filters without restoring them to the unit, use the show debugging saved-filters command (refer to
show debugging on page 591).
Usage Examples
The following example restores previously saved debug filters on the AOS unit:
>enable
#debug restore
Restoring saved debug filters...
Filters to restore:
debug mail-client agent
debug probe test1
Running restoration script...done

debug rtp media

Use the debug rtp media command to display media event debug messages (real time) to the terminal (or
Telnet) screen. Debug messages are generated for media functions, such as the beginning and ending of
anchoring sessions and the creation and destruction of associations. Use the no form of this command to
disable the debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates RTP packets debug messages for media events:
>enable
#debug rtp media

debug rtp quality-monitoring

Use the debug rtp quality-monitoring command to display voice quality monitoring (VQM) event debug
messages (real time) to the terminal (or Telnet) screen. Use the no form of this command to disable the
debug messages. Variations of this command include the following:
debug rtp quality-monitoring

debug rtp quality-monitoring packets
debug rtp quality-monitoring packets rtcp
debug rtp quality-monitoring packets rtp
debug rtp quality-monitoring packets round-trip-delay
your unit.
Syntax Description
packets Optional. Displays VQM debug events of voice traffic packets.
rtcp Optional. Displays VQM debug messages for Realtime Transport Control
Protocol (RTCP) packet events.
rtp Optional. Displays VQM debug messages for Realtime Transport Protocol
(RTP) packet events.
round-trip-delay Optional. Displays VQM debug messages for round-trip delay mechanism
events.
Default Values
Command History
Release A1 Command was included in the AOS voice products.
Usage Examples
The following example activates RTP packets debug messages for VQM:
>enable
#debug rtp quality-monitoring packets rtp
2007.10.23 17:35:06 VQM.PACKET RTCP Sender SSRC=1244609021
2007.10.23 17:35:06 VQM.PACKET RTCP NTP timestamp (MSW)=3402167683 (0xcac8f583)
2007.10.23 17:35:06 VQM.PACKET RTCP NTP timestamp (LSW)=1116355952 (0x428a3d70)
2007.10.23 17:35:06 VQM.PACKET RTCP RTP timestamp=3990799999
2007.10.23 17:35:06 VQM.PACKET RTCP SSRC=1919245558

2007.10.23 17:35:06 VQM.PACKET RTCP Last SR timestamp=4119950126 (0xf591732e)

2007.10.23 17:35:06 VQM.PACKET RTCP Delay since last SR timestamp=175671
2007.10.23 17:35:06 VQM.PACKET RTCP handle=0x6179810ebu
2007.10.23 17:35:09 VQM.PACKET RTCP Rx RTCP SR pkt from 10.22.41.91
2007.10.23 17:35:09 VQM.PACKET RTCP call-ID=30bbb408417e519a00be27ac15d5776b@1
0.22.41.52
2007.10.23 17:35:09 VQM.PACKET RTCP Sender SSRC=1919245558
2007.10.23 17:35:09 VQM.PACKET RTCP NTP timestamp (MSW)=3402167702 (0xcac8f596)
2007.10.23 17:35:09 VQM.PACKET RTCP NTP timestamp (LSW)=1932399624 (0x732e1408)
2007.10.23 17:35:09 VQM.PACKET RTCP RTP timestamp=2621875150
2007.10.23 17:35:09 VQM.PACKET RTCP SSRC=1244609021
2007.10.23 17:35:09 VQM.PACKET RTCP Last SR timestamp=4119020170 (0xf583428a)
2007.10.23 17:35:09 VQM.PACKET RTCP Delay since last SR timestamp=151436
2007.10.23 17:35:09 VQM.PACKET RTCP handle=0x6524010g all

debug rtp quality-monitoring reporter

Use the debug rtp quality-monitoring reporter to activate debug messages associated with voice quality
monitoring (VQM) reporters. Debug messages are displayed (real time) on the terminal (or Telnet) screen.
debug rtp quality-monitoring reporter

debug rtp quality-monitoring reporter <name>
your unit.
Syntax Description
<name> Optional. Specifies that debug messages are enabled only for the named
reporter.
Default Values
Command History
Usage Examples
The following is sample output of debug messages for VQM reporter Reporter1:
>enable
#debug rtp quality-monitoring reporter Reporter1
08:46:13 VQM.REPORTER Reporter1 1 Enqueuing VQM Report - 2575556352@10.1.3.9 to
6353@10.1.3.9, RTP=10.10.20.2:2234->10.17.138.1:3000
08:46:13 VQM.REPORTER Reporter1 1 Generating VQM Report
08:46:13 VQM.REPORTER Reporter1 1 Sending VQM Report
08:46:13 VQM.REPORTER Reporter1 1 Transaction 0x022ad5f0: state changed -> Client General
Request Sent

debug save
Use the debug save command to perform a persistent save of the debug filters enabled in the current
command line interface (CLI) session. The saved filters can be restored at a later time.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
This command is used to save debug filters across a unit reboot. Filters are restored using the command
debug restore on page 444. To view the saved filters without restoring them to the unit, use the show
debugging saved-filters command (refer to show debugging on page 591).
Only one set of filters can be saved per instance of AOS. If a previous set of filters has been saved, issuing
the debug save command overwrites the previously saved filters with the current set of filters. If no filters
are currently active, issuing debug save has no effect so that the last saved files are not lost.
Usage Examples
The following example saves the debug filters from the current CLI session:
>enable
#debug save
Saving debug filters enabled in this session...
debug probe test1
Done.

debug schedule
Use the debug schedule command to activate debug messages associated with a schedule. Variations of
debug schedule
debug schedule <name>
your unit.
Syntax Description
<name> Optional. Displays only the debug information for a specific schedule.
Default Values
Command History
Usage Examples
The following example enables debug information for any configured schedules:
>enable
#debug schedule
01:00:15: NETMON.SCHEDULE MIDNIGHT: status changed to inactive

debug sip
Use the debug sip command to activate debug messages associated with Session Initiation Protocol (SIP)
debug sip cldu

debug sip location
debug sip manager
debug sip name-service
debug sip secure remote-user
debug sip syntax
debug sip tdu
debug sip trunk-registration
debug sip trunk-registration <Txx>
debug sip trunk-registration <Txx> <trunk id>
debug sip user-registration
debug sip user-registration <extension>
your unit.
Syntax Description
cldu Activates SIP call leg distribution unit (CLDU) event debug
messages.
location Activates SIP location database event debug messages.
manager Activates SIP stack manager event debug messages.
name-service Activates SIP name-service event debug messages.
secure remote-user Activates SIP security remote user debug messages.
syntax Activates SIP syntax event debug messages.
tdu Activates SIP transaction distribution unit (TDU) debug messages.
trunk-registration Activates all SIP trunk-registration event debug messages.
trunk-registration <Txx> Optional. Activates SIP trunk-registration event debug messages
for a specific trunk. For example: Txx (T01) where xx is the trunk’s
two-digit identifier.
trunk-registration <Txx> <trunk id> Optional. Activates SIP trunk-registration event debug messages
for a specific trunk. For example: Txx (T01) where xx is the trunk’s
two-digit identifier and <trunk id> is the specific name associated
with the trunk.
user-registration Activates all SIP user-registration event debug messages.
user-registration <extension> Optional. Activates SIP user-registration event debug messages for
a specific trunk.

Default Values
Command History
Release 11.1 Command was expanded to include the proxy event messages.
Release 15.1 Command was expanded to include the name-service messages.
Release 16.1 Command was expanded to include the TDU messages.
Release 17.3 Command was expanded to include the syntax messages.
Release R10.7.0 Command was expanded to include the secure remote-user parameter.
Usage Examples
The following example activates all debug messages associated with SIP CLDU events:
>enable
#debug sip cldu

debug sip connections

Use the debug sip connections command to activate debug messages associated with setting up and
tearing down a Session Initiation Protocol (SIP) connection to remote peer. Debug messages are displayed
debug sip connections

debug sip connections persistence
your unit.
Syntax Description
persistence Activates SIP connection debug messages only for persistent connections.
Default Values
Command History
Usage Examples
The following example activates all debug messages associated with SIP connection events:
>enable
#debug sip connections

debug sip proxy

Use the debug sip proxy command to activate debug messages associated with Session Initiation Protocol
(SIP) proxy events. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the
debug sip proxy database

debug sip proxy database verbose
debug sip proxy dialogs
debug sip proxy register rate-adaption
debug sip proxy routing
debug sip proxy transactions
debug sip proxy verbose
your unit.
Syntax Description
database Activates SIP proxy database debug event debug messages.
verbose Activates more detailed debug messages concerning SIP proxy user
database lookups.
dialogs Activates SIP proxy DOM event debug messages.
register rate-adaption Activates SIP proxy REGISTER rate adaption debug messages.
routing Activates SIP proxy message-routing events.
transactions Activates SIP proxy event debug messages that shows the interaction
between the SIP proxy and the SIP stack.
verbose Activates all SIP proxy debug messages.
Default Values
Command History
Release A5.02 Command was expanded to include the register rate-adaption parameter.
Release R11.10.5 Command was expanded to include the verbose option for debug sip
proxy database.

Usage Examples
The following example activates all debug messages associated with SIP proxy events:
>enable
#debug sip proxy verbose

debug sip stack

Use the debug sip stack command to activate debug messages associated with Session Initiation Protocol
(SIP) stack events. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no
debug sip stack debug

debug sip stack errors
debug sip stack exceptions
debug sip stack info
debug sip stack messages [ack | all | bye | cancel | info | invite | message | notify | options | prack |
publish | refer | register | request | response | subscribe | update] [from <user> | request |
response | rx | to <user> | tx]
debug sip stack messages [from <user> | request | response | rx | to <user> | tx]
debug sip stack messages summary [ack | all | bye | cancel | info | invite | message | notify | options
| prack | publish | refer | register | request | response | subscribe | update] [from <user> | request
| response | rx | to <user> | tx]
debug sip stack verbose
debug sip stack warnings
your unit.
The majority of the debug sip stack messages variations are available in any order, at any
time within the subcommand. Use the ? at any level after each variation listed within the
brackets to view additional arguments and variations for the subcommand(s).
Syntax Description
debug Activates SIP stack debug event debug messages.
errors Activates SIP stack error event debug messages.
exceptions Activates SIP stack exception event debug messages.
info Activates SIP stack info event debug messages.
messages Specify which SIP debug messages to activate from the list below.
ack Activates SIP ACK debug messages.
all Activates all SIP debug messages.
bye Activates SIP BYE debug messages.
cancel Activates SIP CANCEL debug messages.
from <user> Activates SIP debug messages from the specified user.
info Activates SIP INFO debug messages.
invite Activates SIP INVITE debug messages.
message Activates SIP MESSAGES debug messages.

notify Activates SIP NOTIFY debug messages.

options Activates SIP OPTIONS debug messages.
prack Activates SIP PRACK debug messages.
publish Activates SIP PUBLISH debug messages.
refer Activates SIP REFER debug messages.
register Activates SIP REGISTER debug messages.
request Activates the specified SIP request debug messages.
response Activates the specified SIP response debug messages.
rx Activates received SIP debug messages to or from a specific user.
subscribe Activates SIP SUBSCRIBE debug messages.
summary Activates SIP debug messages and displays only a summary (first line) of
the available messages.
to <user> Activates SIP debug messages to the specified user.
tx Activates transmitted SIP debug messages to or from a specific user.
update Activates SIP UPDATE debug messages.
verbose Activates all SIP stack event debug messages.
warnings Activates SIP stack warning event debug messages.
Default Values
Command History
Release A1 Command was expanded in the AOS voice products.
Usage Examples
The following example activates all debug messages associated with SIP stack events:
>enable
#debug sip stack all

debug snmp packets

Use the debug snmp packets command to enable debug output from local Simple Network Management
Protocol (SNMP) traffic. Debug messages are displayed (real time) to the terminal (or Telnet) screen.
When SNMP packets ingress or egress the unit (local traffic only), the traffic is displayed in a partially
decoded form. Use the no form of this command to disable the debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following is an example of debug output for snmp packets:
>enable
#debug snmp packets
#SNMP V1 RX: GET-NEXT Request PDU from 10.23.1.157:2922 (community=public)
request id=3, error status=0, error index=0
max repetitions=0, non repetitions=0
VarBinds:
OID=1.3.6.1.2.1.1.3
value=empty
#SNMP V1 TX: GET Response PDU to 10.23.1.157:2922 (community=public)

request id=3, error status=0, error index=0
max repetitions=1, non repetitions=0
VarBinds:
OID=1.3.6.1.2.1.1.3.0
value=410825

debug sntp
Use the debug sntp command to enable debug messages associated with the Simple Network Time
Protocol (SNTP). All SNTP packet exchanges and time decisions are displayed with these debugging
events enabled. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no
form of this command to disable the debug messages. Variations of this command include the following:
debug sntp client

debug sntp server
your unit.
Syntax Description
client Displays SNTP client information.
server Displays SNTP server information.
Default Values
Command History
Release 13.1 Command was expanded to include the client and server options.
Functional Notes
The debug sntp command activates debug messages to aid in troubleshooting SNTP issues.
Usage Examples
The following is sample output for the debug sntp client command:
>enable
#debug sntp client
#configure terminal
#sntp server ntp.adtran.com
2009.03.16 15:38:06 SNTP.CLIENT sent Version 1 SNTP time request to 172.22.48.13
2009.03.16 15:38:06 SNTP.CLIENT received SNTP reply packet from 172.22.48.13
2009.03.16 15:38:06 SNTP.CLIENT setting time to 03-16-2009 15:37:54 CDT
2009.03.16 15:37:54 SNTP.CLIENT waiting for 86400 seconds for the next poll interval

debug spanning-tree
Use the debug spanning-tree command to enable the display of spanning-tree debug messages. Debug
disable the debug messages. Variations of this command include:
debug spanning-tree config

debug spanning-tree events
debug spanning-tree general
debug spanning-tree topology
your unit.
Refer to debug spanning-tree bpdu on page 461 for more information.
Syntax Description
config Enables the display of spanning-tree debug messages when configuration
changes occur.
events Enables the display of debug messages when spanning-tree protocol
events occur.
general Enables the display of general spanning-tree debug messages.
topology Enables the display of debug messages when spanning-tree protocol
topology events occur.
Default Values
Command History
Release 12.1 Command was expanded to include topology.
Usage Examples
The following example enables the display of general spanning-tree debug messages:
>enable
#debug spanning-tree general

debug spanning-tree bpdu

Use the debug spanning-tree bpdu command to display bridge protocol data unit (BPDU) debug
messages. When enabled, a debug message is displayed for each BPDU packet that is transmitted or
received by the unit. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the
debug spanning-tree bpdu all

debug spanning-tree bpdu receive
debug spanning-tree bpdu transmit
your unit.
Refer to debug spanning-tree on page 460 for more information.
Syntax Description
all Displays debug messages for BPDU packets that are transmitted and
received by the unit.
receive Displays debug messages for BPDU packets received by the unit.
transmit Displays debug messages for BPDU packets transmitted by the unit.
Default Values
Command History
Usage Examples
The following example displays debug messages for BPDU packets that are transmitted and received by
the unit:
>enable
#debug spanning-tree bpdu all

debug ssh
Use the debug ssh command to activate debug messages associated with secure shell (SSH) client and
server information. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the
debug ssh client events

debug ssh client port-forward
debug ssh client scp
debug ssh client sftp
debug ssh server events
your unit.
Syntax Description
client events Enables the display of SSH client events.
client port-forward Enables the display of SSH port forward information.
client scp Enables the display of SSH client SCP information.
client sftp Enables the display of SSH client SFTP information.
server events Enables the display of SSH and SCP server events.
Default Values
Command History
Release R11.4.0 Command was expanded to include the client port-forward parameter.
Release R13.11.0 Command was expanded to include the client sftp parameter.
Usage Examples
The following enables the display of SSH server event debug messages:
>enable
#debug ssh server events

debug stack
Use the debug stack command to enable switch-stacking debug messages. Debug messages are displayed
messages.Variations of this command include:
debug stack
debug stack switch
debug stack verbose
your unit.
Syntax Description
switch Optional. Enables messages specific to the stack ports (stack switch
application program interface (API) information).
verbose Optional. Enables detailed messages specific to the stack protocol.
Default Values
Command History
Usage Examples
The following example activates the possible debug stack messages:
>enable
#debug stack switch
#debug stack verbose

debug system
Use the debug system command to enable debug messages associated with system events (i.e., login,
logouts, etc.). Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form
of this command to disable the debug messages.
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates debug messages associated with system information:
>enable
#debug system

debug tacacs+
Use the debug tacacs+ command to activate debug messages associated with terminal access controller
access-control system plus (TACACS+) protocol. Debug messages are displayed (real time) to the
debug tacacs+
debug tacacs+ events
debug tacacs+ packets
your unit.
Syntax Description
events Optional. Activates TACACS+ event debug messages.
packets Optional. Activates TACACS+ packet debug messages.
Default Values
Command History
Usage Examples
The following example activates debug messages associated with the TACACS+ protocol:
>enable
#debug tacacs+ packets

debug tcl
Use the debug tcl command to activate debug messages associated with tool command language (Tcl)
interpreter operation. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the
debug tcl cli

debug tcl cli <filename>
debug tcl track <name>
your unit.
Syntax Description
cli Displays debug messages for the Tcl interpreter to the command line
interface (CLI).
<filename> Optional. Displays debug messages only for the specified Tcl script file.
track <name> Displays debug messages for the specified track. The track parameter is
only available on platforms with Network Monitoring enabled.
Default Values
Command History
Usage Examples
The following example activates debug messages for the Tcl interpreter while running the file test1.tcl:
>enable
#debug tcl test1.tcl

debug tls sip

Use the debug tls sip command to enable debug messages for Session Initiation Protocol (SIP) Transport
Layer Security (TLS) functionality. Use the no form of this command to disable the debug messages.
debug tls sip events

debug tls sip negotiation
your unit.
Syntax Description
events Displays TLS events, such as errors and state changes.
negotiation Displays information about each step of all TLS handshakes.
Default Values
Command History
Usage Examples
The following example enables debug messages for all SIP TLS events:
>enable
#debug tls sip

debug track
Use the debug track command to activate debug messages associated with activities performed by track
objects. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of
debug track
debug track <name>
your unit.
Syntax Description
<name> Optional. Displays information about the specified track rather than all
configured tracks.
Default Values
Command History
Usage Examples
The following example activates debug messages associated with all track objects:
>enable
#debug track
The following example activates debug messages associated with the track object named track_1:
>enable
#debug track track_1

debug voice
Use the debug voice command to activate debug messages associated with voice functionality. Debug
disable the debug messages. Variations of this command include the following:
debug voice account-status

debug voice conference local
debug voice dsp
debug voice dsp voip <slot/port> channel <number> ecan
debug voice dsp voip <slot/port> channel <number> rfc2833
debug voice dsp voip <slot/port> channel <number> rtp
debug voice dsp voip <slot/port> channel verbose rfc2833
debug voice dsp voip <slot/port> channel verbose rtp
debug voice erltool
debug voice erltool info
debug voice erltool statemachine
debug voice lineaccount
debug voice lineaccount <line>
debug voice linemanager
debug voice linemanager <line>
debug voice loopback
debug voice phonemanager
debug voice phonemanager <slot:port>
debug voice ring-group
debug voice ring-group <group>
debug voice rtp channel
debug voice rtp conference local
debug voice rtp manager
debug voice rtp provider
debug voice rtp verbose
debug voice smdr
debug voice smdr <number>
debug voice srtp
debug voice srtp sdes
debug voice srtp sdes events
debug voice srtp sdes negotiation
debug voice srtp sdes parse
debug voice stationaccount
debug voice stationaccount <extension>
debug voice summary
debug voice switchboard
debug voice switchboard <subsource>
debug voice switchboard call
debug voice switchboard call <call id>
debug voice switchboard ccm

debug voice toneservices

debug voice toneservices <notifies>
debug voice toneservices <interface>
debug voice toneservices <interface> <slot/port>
debug voice trunkaccount
debug voice trunkaccount <trunk id>
debug voice trunkaccount <trunk id> <appearance>
debug voice trunkmanager
debug voice trunkmanager <trunk id>
debug voice trunkmanager <trunk id> <appearance>
debug voice trunkport
debug voice trunkport <slot:port:DS0>
debug voice verbose
your unit.
Syntax Description
account-status Activates station account status event debug messages.
dsp Activates digital signal processor (DSP) event debug messages.
voip <slot/port> channel Optional. Activates DSP on the specified interface and DSP channel.
<number> Optional. Activates DSP on the specified interface and DSP channel.
ecan Optional. Activates the echo canceller debug feature.
rfc2833 Optional. Activates the RFC 2833 debug feature.
rtp Optional. Activates Realtime Transfer Protocol (RTP) event debug
messages for the specified interface and channel.
verbose Optional. Activates detailed debug DSP messaging for the RTP and RFC
2833 features.
erltool Activates the echo return loss (ERL) debug messages to monitor the
progress of the testing.
info Optional. Activates information events related to the ERL tool testing
progress.
statemachine Optional. Activates ERL tool state machine events.
lineaccount Activates all line account event debug messages.
<line> Optional. Activates a specific line account event debug messages.
linemanager Activates all line manager event debug messages.
<line> Optional. Activates a specific line manager event debug messages.
loopback Activates all voice loopback account event debug messages.
phonemanager Activates all phone manager event debug messages.
<slot:port> Optional. Activates phone manager event debug messages for a specific
slot and port.

ring-group Activates ring-group event debug messages.

<group> Optional. Activates event debug messages for a specified group.
rtp Activates Realtime Transport Protocol (RTP) event debug messages.
channel Activates RTP channel event debug messages.
conference local Activates local conference session debug messages.
manager Activates RTP manager event debug messages.
provider Activates RTP provider event debug messages.
verbose Activates detailed RTP debug messages.
smdr Activates all station message detail reporting (SMDR) event debug
messages.
<number> Optional. Activates SMDR event debug messages for a specific to or from
number.
srtp Activates debug messages for Secure Realtime Transfer Protocol (SRTP).
sdes Optional. Activates debug messages for Session Description Protocol
Security Descriptions (SDES) key management of SRTP.
events Optional. Displays SDES events, such as errors and state changes.
negotiation Optional. Displays information about each step of all SDES negotiations.
parse Optional. Displays information about the parsing of SDES content.
stationaccount Activates all station account event debug messages.
<extension> Optional. Activates station account event debug messages for a specific
extension.
summary Activates simple voice event debug messages.
switchboard Activates all switchboard event debug messages.
<subsource> Optional. Activates switchboard event debug messages for a specific
subsource.
call Activates switchboard call state machine event debug messages.
call <call id> Optional. Activates switchboard call state machine event debug messages
for a specific call.
ccm Activates switchboard call connection manager event debug messages.
toneservices Activates all tone service events debug messages.
<notifies> Optional. Activates tone service events debug messages for the specified
interface type. For example, for a foreign exchange station (FXS) interface,
use fxs.
<interface> Optional. Activates tone service events debug messages for the specified
interface type.
<interface> <slot/port> Optional. Activates tone service events debug messages for the specified
slot and port of the interface type. For example, for an individual FXS port
use, fxs 0/1.
trunkaccount Activates all trunk account event debug messages.
<trunk id> Optional. Activates trunk account event debug messages for a specific
trunk.

<trunk id> <appearance> Optional. Specifies specific trunk appearance.

trunkmanager Activates all trunk manager event debug messages.
<trunk id> Optional. Activates trunk manager event debug messages for a specific
trunk.
<trunk id> <appearance> Optional. Specifies specific trunk appearance.
trunkport Activates all trunk port event debug messages.
<slot:port:DS0> Optional. Activates trunk port event debug messages for a specific slot,
port, and digital signal 0 (DS0).
verbose Optional. Displays the entire running configuration to the terminal screen
(versus only the nondefault values).
Default Values
Command History
Release 10.1 Command was expanded to include more parameters.
Release A1 Command was expanded to include the loopback parameter.
Release A2 Command was expanded to include the conference local and dsp
parameters.
Release A2.04 Command was expanded to include the erltool, paging-group, and
replication parameters.
Release A4.01 Command was expanded to include the moh, findme-followme,
pickup-group, queue, and conference local parameters.
Release A4.05 Command was altered to exclude the color and pickup-group parameters.
The color parameter is covered by the debug color command on page 297
and the pickup-group parameter is covered using the debug voice
verbose command. Command was expanded to include the
services-interface and ring-group parameters.
Release A5.01 Command was expanded to include the fax, detailed, and isu_cp_det
parameters.
Release R11.2.0 Command was expanded to include the call-pickup parameter.
Release R11.5.0 Command was expanded to include the srtp and sdes parameters.

Release R13.6.0 Command was rewritten to exclude parameters that are no longer
supported (auto-attendant, call-pickup, dsp fax, dsp isu_cp_det,
findme-followme, mail, moh, paging-group, promptstudio, proxydial,
queue, replication, services interface, and statusgroups). In addition the
rtp parameter was added to the debug voice dsp voip command, the rtp
and rfc2833 parameters were added to the debug dsp voip verbose
command, the <group> parameter was added to the debug voice
ring-group command, the <appearance> parameter was added to the
debug voice trunkmanager command.
Usage Examples
The following example activates all debug messages associated with voice functionality:
>enable
#debug voice summary

debug vrrp
Use the debug vrrp command to enable Virtual Router Redundancy Protocol (VRRP) debug messages.
command to disable the debug messages. Variations of this command include the following:
debug vrrp
debug vrrp error
debug vrrp interface <interface> error
debug vrrp interface <interface> group <number> error
debug vrrp interface <interface> group <number> packet
debug vrrp interface <interface> packet
debug vrrp packet
your unit.
Syntax Description
error Optional. Displays debug messages for all VRRP errors in all groups on all
interfaces or on a specified interface.
interface <interface> Optional. Displays debug messages for all VRRP groups on the specified
interface. Specify an interface in the format <interface type [slot/port |
use ppp 1; for an ATM subinterface, use atm 1.1; and for a virtual local area
network (VLAN) interface, use vlan 1. Type debug vrrp interface ? for a
complete list of valid interfaces.
group <number> Optional. Specifies debug messages for a single VRRP group on a
specified interface are generated. Group numbers range from 1 to 255.
error Optional. Displays debug messages for VRRP errors for a single group on a
specified interface.
packet Optional. Displays debug messages for VRRP packets for a single group on
a specified interface.
packet Optional. Displays debug messages for all VRRP packets in all groups on
all interfaces or on a specified interface.
Default Values
Command History
Ethernet interface.

Functional Notes
Although VRRP group virtual router IDs (VRIDs) can be numbered between 1 and 255, only two VRRP
routers per interface are supported.
Usage Examples
The following example gives sample output from the debug vrrp packet command:
>enable
#debug vrrp packet
2007.05.26 15:48:57 VRRP.PKT eth 0/1 grp 1 Sent Advertisement pri: 125, ipCnt:1
2007.05.26 15:48:57 VRRP.PKT eth 0/1 grp 2 Received Advertisement pri: 125 from 10.23.197.236

debug vrrpv3
Use the debug vrrpv3 command to enable Virtual Router Redundancy Protocol version 3 (VRRPv3)
debug messages. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no
form of this command to disable the debug messages. Variations of this command include the following:
debug vrrpv3
debug vrrpv3 error
debug vrrpv3 interface <interface>
debug vrrpv3 interface <interface> group <vrid> ipv4
debug vrrpv3 interface <interface> group <vrid> ipv6
debug vrrpv3 interface <interface> group <vrid> ipv4 packet
debug vrrpv3 interface <interface> group <vrid> ipv6 packet
debug vrrpv3 interface <interface> packet
debug vrrpv3 packet
your unit.
Syntax Description
error Optional. Displays debug messages for all VRRPv3 errors in all groups on
interface <interface> Optional. Displays debug messages for all VRRPv3 groups on the specified
use ppp 1; for an ATM subinterface, use atm 1.1; and for a virtual local area
network (VLAN) interface, use vlan 1. Type debug vrrpv3 interface ? for a
group <vrid> Optional. Displays debug messages for a single VRRPv3 virtual router ID
(VRID) on a specified interface. VRIDs range from 1 to 255.
ipv4 Displays debug messages for the VRID’s IPv4 address family.
ipv6 Displays debug messages for the VRID’s IPv6 address family.
packet Optional. Displays debug messages for VRRPv3 packets for a single group
on a specified interface.
packet Optional. Displays debug messages for all VRRPv3 packets in all groups on
Default Values

Command History
Functional Notes
Usage Examples
The following example enables VRRPv3 debug messaging:
>enable
#debug vrrpv3 packet

debug y1731 file-save

Use the debug y1731 file-save command to enable debug messages for the Y.1731 performance
monitoring logging subsystem to display information on file writes and log rotation events. Use the no
your unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables Y.1731 performance monitoring logging debug messaging:
>enable
#debug y1731 file-save

dir
Use the dir command to display a directory list of all files on the system or just those matching the
specified pattern, located in a specified location. Variations of this command include:
dir
dir <pattern>
dir cflash
dir cflash <pattern>
dir flash
dir flash <pattern>
dir ramdisk
dir ramdisk <pattern>
dir usbdrive0
dir usbdrive0 <pattern>
Syntax Description
<pattern> Optional. Displays all files that match the specified pattern. When a wildcard
(*) is specified, only files located in the specified location matching the listed
pattern are displayed. For example, *.biz displays all files with the .biz
extension.
When no wildcard is specified, the entire contents of flash memory is
displayed.
cflash Optional. Displays files located on the installed CompactFlash® card.
flash Optional. Displays files located on the system in flash memory.
ramdisk Optional. Displays files located on the volatile RAM disk.
usbdrive0 Optional. Displays files located on the Universal Serial Bus (USB) flash
drive memory.
Default Values
Command History
Release 12.1 Command was expanded to include CompactFlash.

Usage Examples
The following is sample output from the dir flash command:
>enable
#dir flash
3563529 NV2100A-10-05-00-E.biz
2438 startup-config
2484 startup-config.bak
3694712 bytes used, 3007368 available, 6702080 total
The following is sample output from the dir ramdisk command displaying the contents of the RAM disk,
space occupied by each file, the total ramdisk space allocated, available space, and used space:
>enable
#dir ramdisk
10005125 NV3130A-17-07-00-26-AE.biz

disable
Use the disable command to exit the Enable mode and enter the Basic mode.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example exits the Enable mode and enters the Basic Command mode:
#disable
>

dot11ap apply-changes
Use the dot11ap apply-changes command to apply any configuration changes to a NetVanta 160 Series
access point (AP). Any configuration that is performed on the AP is not completed until the configuration
is applied to the AP using this command. Variations of this command include:
dot11ap apply-changes <ap>

dot11ap apply-changes all
Syntax Description
<ap> Specifies the NetVanta 160 Series AP to which to apply the changes. Valid
range is 1 to 8.
all Optional. Specifies the changes are applied to all managed NetVanta 160
Series APs.
Default Values
By default, no changes are applied to the NetVanta 160 AP without the use of this command.
Command History
Usage Examples
The following example specifies that all NetVanta 160 Series APs managed by the access controller are
updated with recent configuration changes:
>enable
#dot11ap apply-changes

eject usbdrive0
Use the eject usbdrive0 command to safely eject a specified Universal Serial Bus (USB) device before
removing it from the AOS unit.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example ejects an attached USB flash drive device.
>enable
#eject usbdrive0

erase
Use the erase command to erase the files from a specified location.
erase <filename>
erase startup-config
Variations of this command (valid only on AOS units WITH CompactFlash®) include:
erase cflash <filename>

erase flash <filename>
erase file-system cflash
Variations of this command (valid only on AOS units WITH voice capability) include:
erase dynvoice-config
erase file-system flash
erase file-system interface mef-ethernet <interface>
Variations of this command (valid only on AOS units WITH ramdisk enabled) include:
erase ramdisk <filename>
Variations of this command (valid only on AOS units WITH Universal Serial Bus (USB) flash drive
erase file-system usbdrive0

erase usbdrive0 <filename>
Erasing the file system removes all files and directories located in the unit’s memory,
including firmware images. If the primary boot image is located on the erased file system,
the unit will be adversely affected after a reboot. The firmware has to be replaced using the
procedure explained in the Upgrading AOS Firmware configuration guide, available
online at https://supportcommunity.adtran.com.
Syntax Description
<filename> Specifies the name of the file to erase. The asterisk (*) can be used as a
wildcard to specify a pattern for erasing multiple files. When a wildcard is
specified, only files matching the listed pattern are erased.
cflash Specifies the location of the file to erase as the installed CompactFlash
card.
dynvoice-config Erases the dynamic voice configuration file stored in the flash memory.
file-system Erases the system files stored in either the system flash, CompactFlash, or
USB flash drive memory.
flash Specifies the location of the file to erase as the system flash memory.
mef-ethernet <interface> Erases the file system on the specified MEF-Ethernet interface.

ramdisk Specifies the location of the file to erase as the volatile RAM disk.
startup-config Erases the startup configuration file stored in flash memory.
usbdrive0 Specifies the location of the file to erase as the USB flash drive memory.
Default Values
Command History
Release 12.1 Command was expanded to include the dynvoice-config parameter.
Release 14.1 Command was expanded to include the file-system cflash parameter.
Release A2.04 Command was expanded to include the file-system flash parameter.
Ethernet interface.
Release 18.2 Command was expanded to include the USB flash drive memory.
Usage Examples
The following example erases the startup configuration file stored in flash memory:
>enable
#erase startup-config
If a new startup configuration file is not specified before cycling the power on the unit, AOS will initialize
using a blank configuration.
The following example erases all files located on the installed CompactFlash card:
>enable
#erase file-system cflash
This will erase ALL files on compact flash. Proceed? [y/n]
The following example erases all files located in the system flash memory:
>enable
#erase file-system flash
WARNING! You are about to erase all files on the flash file system.
This includes all firmware images and configuration files. This cannot be undone.
This will erase ALL files on flash. Proceed? [y/n]

events
Use the events command to enable event reporting to the current command line interface (CLI) session.
Use the no form of this command to disable all event reporting to the current CLI session.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables event reporting:
>enable
#events

exception report generate

Use the exception report generate command to immediately generate an exception report.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example immediately generates an exception report:
>enable
#exception report generate

factory-default
Use the factory-default command to reset the unit to the factory default setting.
Performing an AOS factory-default disrupts data traffic.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
After you issue this command, the system responds by first warning you that restoring the factory default
settings will erase the current configurations. It then asks if you would like to proceed. Choose n to return
to the command prompt (no configuration changes are made). Choose y to erase the
startup-configuration, replace it with the factory-default configuration, and reboot the unit. After reboot, the
new configuration takes effect.
Usage Examples
The following example resets the unit to the factory default settings:
>enable
#factory-default
WARNING - Restoring the factory default settings will erase the current startup and running configurations
and will reboot the unit.
Restore factory default settings?[y/n]y
Startup configuration written.
Rebooting the system. Please wait...

find <input>
Use the find command to search the AOS CLI for a specific command. The output of this command
displays the command set location of the discovered commands. Variations of this command include:
find <input>
find /current set <input>
find /current set /no suppress <input>
find /no suppress /current set <input>
find /no suppress <input>
Syntax Description
<input> Specifies the given command for which to search in a text string; for
example, sip proxy. Wild-card matching can be performed by entering *; for
example, sip *.
/current set Optional. Limits the command search results to the current command set.
/no suppress Optional. Specifies the search output does not suppress multiple results.
Default Values
Command History
Functional Notes
The /current set and /no suppress parameters of the find command may be entered in any order.
The use of wildcard matching can be beneficial when searching for a command for which the entire
command syntax is not known (such as sip pr).
Usage Examples
The following example searches for the command billing-code:
>enable
#find billing-code
Searching.... Found 2 commands
voice-user : billing-codes
configterminal : voice spre-map billing-code
The following example searches for any commands with sip pr:
>enable
#find sip pr
Searching...Found 4 commands


Root (2) : show sip proxy
The following example searches for any commands with sip pr, without suppressing the search results:
>enable
#find /no-suppress sip pr
Root : show running-config sip proxy
Root : show sip proxy
configterminal : sip prefer
configterminal : sip privacy

flashme
Use the flashme command to allow the ActivChassis master device to flash the LEDs on its connected
linecard devices. Variations of this command include:
flashme
flashme vcid <vcid>
flashme vcid <vcid> <value>
flashme <value>
Syntax Description
vcid <vcid> Optional. Specifies that only the device with the specified VCID will flash
LEDs. Valid VCID range is 1 to 8 (VCID values 1 and 2 are given to the
ActivChassis master and backup devices, respectively).
<value> Optional. Specifies the duration (in seconds) that the LEDs will flash.
Default Values
By default, LEDs will flash for 3 seconds.
Command History
Functional Notes
This command is available from both the ActivChassis master and linecard devices’ CLI. For more
information about the difference between linecard and master devices, how to access the CLI for each,
and additional configuration information, refer to the configuration guide Configuring ActivChassis in AOS,
available online at https://supportcommunity.adtran.com.
Usage Examples
The following example tests the master device’s connection to all ActivChassis linecard devices:
>enable
#flashme

http secure-server certificate regenerate

Use the http secure-server certificate regenerate command to generate a new private key and certificate
used by the Hypertext Transfer Protocol (HTTP) secure (HTTPS) server. When a new HTTPS certificate is
generated, it erases the old HTTPS private key and certificate.
Syntax Description
No subcommands.
Default Values
By default, a unique HTTPS certificate and private key are generated when the system boots for the first
time.
Command History
Usage Examples
The following example generates a new https certificate:
(config)#http secure-server certificate regenerate

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
70:a2:aa:7c:8e:d8:ef:b2:68:e1:58:65:55:84:69:81:19:91:7b:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=AL, L=Huntsville, O=ADTRAN, Inc., CN=NetVanta
Validity
Not Before: Jun 19 19:11:09 2015 GMT
Not After : Jun 17 19:11:09 2023 GMT
-----BEGIN CERTIFICATE-----
MIIDbzCCAlegAwIBAgIUcKKqfI7Y3bJo4VhlVYRpgRmReykwDQYJKoZIhvcNAQEL
BQAwWTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFMMRMwEQYDVQQHDApIdW50c3Zp
dHN2aWxsZTELMAkGA1UEBhMCVVMwHhcNMTUwNDI5MDY0ODE0WhcNMjMwNDI3MDY0
DTE1MDYxOTE5MTEwOVoXDTIzMDYxNzE5MTEwOVowWTELMAkGA1UEBhMCVVMxCzAJ
BgNVBAgMAkFMMRMwEQYDVQQHDApIdW50c3ZpbGxlMRUwEwYDVQQKDAxBRFRSQU4s
IEluYy4xETAPBgNVBAMMCE5ldFZhbnRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA2x/r4499jQKrXX0810fTkIoGk5jNwkfQ7JkZxSoqX7OPzYSYQ8/E
1UF/fsv0SxlHCTVTVmihLSbkc75fDEs6NL3URGFXBLJJ/Rlg5g3UwdnpUR02GUr3
zP7kXP+UvcuUWD7DqamcD2eS/78sn6kZUVE+ocytr89KDsevU/eRhEvUq2Z3YgIA
3fg3hGYYD2vTSarWOmRd3cFxzw7C2TTUnHCVu+CCVxvOmETFljfHwjOl1KgBBTVe
o2rR+Yyb5RtUiPmyQdVeR8L6OBV0/yToF4/AX73gUiOjMOeiPZ30SQPIJhjumVvV
FC1w8CfHALoDjbpBGqwIuxO9XjqtIdxe7QIDAQABoy8wLTAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBTyhd5mKbpAOtV03ObopcGtuYFg8TANBgkqhkiG9w0BAQsFAAOC

AQEAk3E3ea3esaLf4KgbXvViBlT0/S9+P6gmU88hZcyr6/ArOzpSv0Ne21orByk3
OsBBFoGibMfOYzRL8tPD3b5aqqwjDlXmG2rg8i1W/tLDeyo6xDPrxJEN+3EEqLIP
3EKEVAyL1a6DaeQOvv3B5tN28mmLYCxP5749gcnE3jIH77cCxLrxR1HcvGlelecw
yi8RioKBho/yOl5jCR4VTgDYzXhbrdSheuVAsjoEb1yaNi00sKlJbfIneHlUfYK9
gD0rBw5hoW7QxSx7N/oo3D/7yKxN5aKyCAJwlfyRWeytSrVc9UgoXzD4PNu7UiYz
jtgSsHe4c5Vwx8xS+0G9ttf42w==
-----END CERTIFICATE-----

ip dhcp
Use the ip dhcp command to manually release or renew Dynamic Host Control Protocol (DHCP) values.
Releasing DHCP values causes the DHCP client to stop using information assigned by the DHCP server
and releases that information. Renewing DHCP values causes the DHCP client to re-request information.
ip dhcp release
ip dhcp release <interface>
ip dhcp release efm-group <group id>
ip dhcp release mef-ethernet <slot/port>
ip dhcp release system-control-evc
ip dhcp release system-management-evc
ip dhcp renew
ip dhcp renew <interface>
ip dhcp renew efm-group <group id>
ip dhcp renew mef-ethernet <slot/port>
ip dhcp renew system-control-evc
ip dhcp renew system-management-evc
Syntax Description
<interface> Optional. Specifies that DHCP information is released or renewed on the
single interface. Specify an interface in the format <interface type [slot/port |
appropriate interface, enter ip dhcp release ? at the prompt.
system-control-evc Optional. Specifies that DHCP information is released or renewed on the
system control Ethernet virtual connection (EVC).
system-management-evc Optional. Specifies that DHCP information is released or renewed on the
system management EVC.
Default Values
By default, if DHCP has been enabled, then the IA_NA is released or renewed. If DHCP has not been
enabled, then only non-address configuration information is released or renewed.
Command History

Usage Examples
The following example manually renews all non-address DHCP information:
>enable
#ip dhcp renew

ipv6 dhcp
Use the ipv6 dhcp command to release or renew Dynamic Host Control Protocol version 6 (DHCPv6)
values manually. Releasing DHCPv6 values causes the DHCPv6 client to stop using information assigned
by the DHCPv6 server and releases that information. Renewing DHCPv6 values causes the DHCPv6 client
to rerequest information. Variations of this command include:
ipv6 dhcp release

ipv6 dhcp release address
ipv6 dhcp release address <interface>
ipv6 dhcp release all
ipv6 dhcp release all <interface>
ipv6 dhcp release information
ipv6 dhcp release information <interface>
ipv6 dhcp release prefix
ipv6 dhcp release prefix <interface>
ipv6 dhcp renew
ipv6 dhcp renew address
ipv6 dhcp renew address <interface>
ipv6 dhcp renew all
ipv6 dhcp renew all <interface>
ipv6 dhcp renew information
ipv6 dhcp renew information <interface>
ipv6 dhcp renew prefix
ipv6 dhcp renew prefix <interface>
Syntax Description
address Optional. Specifies that only the DHCPv6 identity association
non-temporary address (IA_NA) is released or renewed.
all Optional. Specifies that all DHCPv6 values are released or renewed.
information Optional. Specifies that only DHCPv6 non-address configuration
information is released or renewed.
prefix Optional. Specifies that only the DHCPv6 identity association prefix
definition (IA_PD) is released or renewed.
<interface> Optional. Specifies that DHCPv6 information is released or renewed on the
single interface. Specify an interface in the format <interface type [slot/port |
appropriate interface, enter ipv6 dhcp release ? at the prompt.
Default Values
By default, if DHCPv6 has been enabled, then the IA_NA is released or renewed. If DHCPv6 has not been
enabled, then only non-address configuration information is released or renewed.

Command History
Release R10.11.0 Command was expanded to include the Metro Ethernet Forum (MEF)
Ethernet interface.
Usage Examples
The following example manually renews non-address DHCPv6 information:
>enable
#ipv6 dhcp renew information

led status-led
Use the led status-led command to control the status LED on an applicable AOS device. This command
can be used to turn off the LED, as well as control both the LED color and blink rate. Use the no form of
this command to return to the default setting. Variations of this command include:
led status-led [green | red]

led status-led [green | red] blink [fast | slow]
led status-led red-green
led status-led off
Syntax Description
green Modifies the status LED display to green.
red Modifies the status LED display to red.
red-green Modifies the status LED to alternate between red and green
blink Specifies the status LED blink rate. If the blink rate is not specified, the
display color will be solid (i.e., non-blinking).
fast Specifies a blink rate of five times per second.
slow Specifies a blink rate of once per second.
off Turns off the status LED.
Default Values
By default, the status LED is solid green.
Command History
Release R11.7.0 Command was expanded to include the red-green parameter.
Functional Notes
This command does not save to the startup configuration file. When the device reboots, the status LED
display returns to the default setting.
Usage Examples
The following example changes the status LED display to slow, blinking red:
>enable
#led status-led red blink slow

license activate <activation key>

Use the license activate <activation key> command to specify up to five license activation keys for
activating licensed features on your AOS device.
Syntax Description
<activation key> Specifies the activation key to use for licensing AOS features. Up to 5
activation keys can be entered using this command.
Default Values
Command History
Functional Notes
The activation keys used in this command are provided to you by ADTRAN when you purchase AOS
features. When this command is issued, the entered activation keys are automatically sent to a licensing
server (specified using the command license server on page 1562), and then the features are
automatically licensed on the AOS unit.
This two-step licensing procedure, configuring a license server and activating license keys, replaces the
four-step licensing process introduced in AOS firmware release R11.8.0. For more information about the
AOS feature licensing process, refer to the quick start guide, Licensing AOS Features, available online at
Usage Examples
The following example three activation keys are sent to the licensing server for automatic feature licensing
on the AOS device:
>enable
#license activate key1 key2 key3

license key
Use the license key command to install or remove license keys for the purpose of enabling AOS features
on a device. Variations of this command include:
license key install

license key install file <filename>
license key uninstall all
license key uninstall invalid
license key uninstall unsupported
license key uninstall <serial number>
Syntax Description
install Indicates that a license key is about to be entered into the AOS device.
Once entered, this command prompts the user for input (as shown in the
Usage Examples below) unless the command includes the file <filename>
parameter.
file <filename> Optional. Specifies a file name for installing a license key.
uninstall Specifies removing license keys on the system.
all Specifies removing all license keys.
invalid Specifies removing invalid license keys only.
unsupported Specifies removing unsupported license keys only.
<serial number> Specifies a license serial number to remove.
Default Values
Command History
Functional Notes
AOS uses two types of keys for enabling additional licensed AOS features. The license key is obtained
from the ADTRAN licensing portal and installed on the AOS device in order to activate additional features.
This process of obtaining a license key requires a second key, called a license request key (or a challenge
key). The license request key is a unique key generated by AOS and contains information about the unit
that validates it for a one time use only. Once a license key has been installed, the license request key is
cleared and no longer valid.
The license request key command will not display a key until the license request key generate
command has been issued for the first time. Generating a new license request key clears any previous
license request keys, in which case a warning is issued.

Usage Examples
The following example prepares AOS to receive a license key to enable additional features:
>enable
#license key install
Enter the entire license key. End with two consecutive
carriage returns or the word "quit" on a line by itself:
quit
The following example removes all license keys currently on the device:
>enable
#license key uninstall all

license request key

Use the license request key command to view or generate a license request (challenge) key which is used
to request a license key for enabling AOS features on a device. Variations of this command include:
license request key

license request key generate
Syntax Description
generate Optional. Generates a license request key.
Default Values
Command History
Functional Notes
Usage Examples
The following example generates a license request key:
>enable
#license request key generate
WARNING!
This will generate a new license request key.
You will not be able to install licenses that
were requested using any previous license request key.
This action is irreversible.
Proceed? [yes/no]

The following example displays the current active license request key:
>enable
#license request key

license unit identifier

Use the license unit identifier command to view the unit identification (ID) used for requesting AOS
feature license keys.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
The unit ID is a unique number that identifies a specific AOS unit. It is included in the license request key
sent to the ADTRAN licensing portal.
Usage Examples
The following example displays the current unit identifier:
>enable
#license unit identifier

logout
Use the logout command to terminate the current session and return to the login screen.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example shows the logout command being executed in Enable mode:
>enable
#logout
Session now available
Press RETURN to get started.

mount usbdrive0
Use the mount usbdrive0 command to mount a Universal Serial Bus (USB) flash drive device.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example mounts a USB flash drive device onto the AOS unit:
>enable
#mount usbdrive0

nslookup
Use the nslookup command to view and troubleshoot domain naming system (DNS) information by
querying the configured or specified DNS server. Variations of this command include:
nslookup
nslookup <hostname | ip address>
nslookup <hostname | ip address> server <hostname | ip address>
nslookup <hostname | ip address> server <hostname | ip address> type <type>
nslookup <hostname | ip address> type <type>
nslookup vrf <name>
nslookup vrf <name> <hostname | ip address>
nslookup vrf <name> <hostname | ip address> server <hostname | ip address>
nslookup vrf <name> <hostname | ip address> server <hostname | ip address> type <type>
nslookup vrf <name> <hostname | ip address> type <type>
Syntax Description
<hostname | ip address> Specifies the fully qualified domain name (FQDN) or destination IP
address to be used as the target of the DNS query. IPv4 addresses
should be expressed in dotted decimal notation (for example,
208.61.209.1). IPv6 addresses should be expressed in colon
hexadecimal notation (for example, 2001:DB8:1::1).
server <hostname | ip address> Optional. Specifies the FQDN or IP address of the DNS server to
query.
type <type> Optional. Specifies the type of DNS query. Supported query types
include: A, AAAA, SRV, SOA, CNAME, PTR.
vrf <name> Optional. Specifies the non-default virtual routing and forwarding
(VRF) instance on which the DNS query will be sent.
Default Values
Command History
R13.3.0 Command was introduced.

Usage Examples
The following example returns the result of a DNS A record query for www.example.com from the server
at 198.51.100.1:
>enable
#nslookup www.example.com server 198.51.100.1 type a
DNS Server: 198.51.100.1 53
ANSWER SECTION:
Host : www.example.com
Type :A
TTL : 6662
Address : 198.51.100.100

ping
Use the ping command (at the Enable mode prompt) to verify IPv4 network connectivity. For information
on how to verify IPv6 network connectivity, refer to ping ipv6 on page 517. Variations of this command
include:
ping
ping [ip] <ipv4 address | hostname>
ping [ip] <ipv4 address | hostname> <interface>
ping [ip] <ipv4 address | hostname> data <string>
ping [ip] <ipv4 address | hostname> df-bit [0 |1]
ping [ip] <ipv4 address | hostname> dscp [<value> | afxx | csx | default | ef]
ping [ip] <ipv4 address | hostname> repeat <number>
ping [ip] <ipv4 address | hostname> size <value>
ping [ip] <ipv4 address | hostname> source <ipv4 address>
ping [ip] <ipv4 address | hostname> mef-ethernet <slot/port>
ping [ip] <ipv4 address | hostname> system-control-evc
ping [ip] <ipv4 address | hostname> system-management-evc
ping [ip] <ipv4 address | hostname> timeout <value>
ping [ip] <ipv4 address | hostname> tos <value>
ping [ip] <ipv4 address | hostname> verbose
ping [ip] <ipv4 address | hostname> wait <interval>
ping [ip] vrf <name> <ipv4 address | hostname>
ping [ip] vrf <name> <ipv4 address | hostname> <interface>
ping [ip] vrf <name> <ipv4 address | hostname> data <string>
ping [ip] vrf <name> <ipv4 address | hostname> df-bit [0 |1]
ping [ip] vrf <name> <ipv4 address | hostname> dscp [<value> | afxx | csx | default | ef]
ping [ip] vrf <name> <ipv4 address | hostname> repeat <number>
ping [ip] vrf <name> <ipv4 address | hostname> size <value>
ping [ip] vrf <name> <ipv4 address | hostname> source <ipv4 address>
ping [ip] vrf <name> <ipv4 address | hostname> mef-ethernet <slot/port>
ping [ip] vrf <name> <ipv4 address | hostname> system-control-evc
ping [ip] vrf <name> <ipv4 address | hostname> system-management-evc
ping [ip] vrf <name> <ipv4 address | hostname> timeout <value>
ping [ip] vrf <name> <ipv4 address | hostname> tos <value>
ping [ip] vrf <name> <ipv4 address | hostname> verbose
ping [ip] vrf <name> <ipv4 address | hostname> wait <interval>
settings.

Syntax Description
ip Optional. Specifies an IPv4 ping.
<interface> Optional. Specifies the egress interface when pinging an IPv4 address.
Interfaces are specified in the <interface type> <slot/port | interface id>
format. For example, for an Ethernet interface, use eth 0/1. Type ping
<ipv4 address | hostname> ? to display a list of valid interfaces.
<ipv4 address | hostname> Optional. Specifies the IPv4 address or host name of the system to ping.
example, 10.10.10.1). Entering the ping command with no specified
Internet Protocol version 4 (IPv4) address prompts the user with parameters
for a more detailed ping configuration. Refer to Functional Notes (below) for
more information.
as the data pattern in the ECHO_REQ packets.
set.
(010010), 22 (010100), 23 010110), 31 (011010), 32 (011100), 33 (011110),
41 (100010), 42 (100100), or 43 (100110).
1 to 1024.
range is 1 to 65507 bytes. Except for most switches which have a maximum
of 29000.
ECHO_REQ (or interface) packets. The source IPv4 address must be a
valid address local to the router on the specified virtual routing and
mef-ethernet <slot/port> Optional. Specifies the Metro Ethernet Forum (MEF) Ethernet interface as
the ping target.
system-control-evc Optional. Specifies the system control Ethernet virtual connection (EVC) as
the ping target.
system-management-evc Optional. Specifies the system management EVC as the ping target.

Default Values
By default, the df-bit is set to 0.
Command History
Release 17.2 Command was expanded to include the verbose and wait parameters, also
changes were made to the repeat and timeout values.
Release 17.4 Command was expanded to include the count and interval parameters.
The repeat and wait parameters were removed.
Release A4.01 Command was expanded to return the wait parameter.
Release 18.3.0 Command was expanded to include the optional ip and <interface>
parameters.
Release R10.10.0 Command was expanded to include the df-bit, dscp, system-control-evc,
system-management-evc, and tos parameters.
Release R11.1.0 Functional Notes were enhanced to explain parameter behaviour with
multiple entries.
Functional Notes
The ping command can be issued from both the Basic and Enable modes.
The ping command helps diagnose basic IPv4 network connectivity using the Packet Internet Groper
packets off a system (using a specified IPv4 address). AOS allows executing a standard ping request to a
specified IP address, or provides a set of prompts to configure a more specific ping configuration.

After specifying the target IPv4 address (or hostname) to ping, the following parameters can be entered
multiple times and in any order: data, df-bit, repeat, size, source, and timeout. When entering multiple
instances of the same parameter, the last entry will be used. In the following example syntax, only the last
entries for data, repeat, and size will be used, ignoring previous entries for these parameters:
ping ip 192.0.2.15 size 600 data bbbb repeat 3 size 300 data aaaa repeat 2 verbose dscp cs4 size
200
The following is a list of output messages from the ping command:
! Success
X TTL Expired in Transit
? Unknown Host
* Request Timed Out
The following is a list of available extended ping fields with descriptions:
Extended Commands Specifies whether additional commands are desired for more ping
configuration parameters. Answer yes (y) or no (n).
Source Address Specifies the IPv4 address to use as the source address in the ECHO_REQ
(or interface) packets.
Data Pattern Specifies an alphanumerical string to use (the ASCII equivalent) as the data
pattern in the ECHO_REQ packets.
Sweep Range of Sizes Varies the sizes of the ECHO_REQ packets transmitted.
Sweep Min Size Specifies the minimum size of the ECHO_REQ packet. Valid range is 0 to
65507.
Sweep Max Size Specifies the maximum size of the ECHO_REQ packet. Valid range is the
sweep minimum size to 65507.
Sweep Interval Specifies the interval used to determine packet size when performing the
sweep. Valid range is 1 to 65507.
Verbose Output Specifies an extended results output.
Usage Examples
The following is an example of a successful ping command:
>enable
#ping

VRF Name [-default-]:

Target IP address:192.168.0.30
Repeat count [5]:5
Datagram Size [100]:100
Timeout in seconds [2]:2
Wait interval in milliseconds [100]:100
Extended Commands? [n]:n

!!!!!

ping ethernet
Use the ping ethernet command to initiate a loopback message from one Ethernet operations,
(MEP) to another MEP. These loopback messages are used to test the accessibility of the destination MEP.
ping ethernet <target-mac-address | target-mep-id>

ping ethernet <target-mac-address | target-mep-id> count <number>
ping ethernet <target-mac-address | target-mep-id> data <pattern>
ping ethernet <target-mac-address | target-mep-id> domain <domain name> association <association
name>
ping ethernet <target-mac-address | target-mep-id> domain none association <association name>
ping ethernet <target-mac-address | target-mep-id> drop-eligible
ping ethernet <target-mac-address | target-mep-id> interface <interface>
ping ethernet <target-mac-address | target-mep-id> mep <mep id>
ping ethernet <target-mac-address | target-mep-id> priority <priority>
ping ethernet <target-mac-address | target-mep-id> repeat <number>
ping ethernet <target-mac-address | target-mep-id> size <bytes>
ping ethernet <target-mac-address | target-mep-id> timeout <timeout>
ping ethernet <target-mac-address | target-mep-id> validate-data
ping ethernet <target-mac-address | target-mep-id> verbose
ping ethernet <target-mac-address | target-mep-id> wait <interval>
After specifying the target for the loopback messages, the other parameters can be entered
in any order.
Syntax Description
<target-mac-address | target-mep-id> Specifies the destination for the loopback message. Medium
8191.
count <number> Optional. Specifies the number of loopback messages to send.
data <pattern> Optional. Specifies the pattern to be carried in the data time
length value (TLV) of the loopback message. Pattern is up to four
hexadecimal digits. Pattern range is 0 to ffff.

drop-eligible Optional. Specifies the drop eligible bit value in the virtual local
area network (VLAN) tag.
interface <interface> Optional. Specifies the interface on which the transmitting MEP is
configured. Specify an interface in the format <interface type
mep <mep id> Specifies the MEP ID of the transmitting MEP. MEP ID range is 1
to 8191.
priority <priority> Optional. Specifies the 802.1 priority bits that are sent in the
loopback message. Range is 0 to 7.
repeat <number> Optional. Specifies the number of loopback messages to be sent.
Range is 1 to 1024.
size <bytes> Optional. Specifies the size of the loopback message. Size
ranges from 1 to 60 bytes.
timeout <timeout> Optional. Specifies the time that the MEP will wait for a response
to the loopback message. Range is 0 to 60 seconds.
validate-data Optional. Specifies whether or not the transmitting MEP validates
the contents of the data TLV in the received loopback messages.
verbose Optional. Specifies that the results are in detailed, rather than
summary, format.
wait <interval> Optional. Specifies a minimum time to wait between sending
loopback messages. Valid range is 100 to 60000 milliseconds.
Default Values
By default, the count value is set to 5.
By default, the drop-eligible value is not set.
By default, the interval is set to 1000 milliseconds.
By default, the priority value is the priority specified in the MEP’s configuration.
By default, the validate-data parameter is disabled.
Command History
Release A4.01 Command was expanded to include the Metro Ethernet Forum
(MEF) Ethernet interface and the wait and repeat parameters.

Release A5.01 Command was expanded to include the Gigabit Ethernet

interface.
Functional Notes
The ping ethernet command can be issued from both the Basic and Enable modes.
If the MEP ID is used as the target, the remote MEP must exist in the MEP continuity check message
(CCM) database (meaning the remote MEP is transmitting valid CCMs) so that the MEP ID can be
translated to the MAC address before the loopback message is transmitted.
not required.
This command will not appear in the command line interface (CLI) unless Ethernet OAM
CFM is enabled. To enable Ethernet OAM CFM, refer to the command ethernet cfm on
page 1265.
Usage Examples
The following example initiates the Ethernet ping utility from an MEP in Domain1 association MA1 with a
destination to an MEP with an MEP ID of 201:
>enable
#ping ethernet 201 domain Domain1 association MA1
Legend: ‘!’ = Success, ‘*’ = Request timed out, ‘d’ = Data Mismatch
‘o’ = Out of order, ‘.’ = No reply, ‘e’ = Unknown error.
Sending 5, 100-byte LBRs to MEP 201 from MEP 1, timeout is 2 seconds:

!!!!!

ping ipv6
Use the ping ipv6 command (at the Enable mode prompt) to verify IPv6 network connectivity. For
information on how to verify IPv4 network connectivity, refer to ping on page 509. Variations of this
command include:
ping [ipv6] <ipv6 address>

ping [ipv6] <ipv6 address> <interface>
ping [ipv6] <ipv6 address> data <string>
ping [ipv6] <ipv6 address> destination-option
ping [ipv6] <ipv6 address> df-bit [0 |1]
ping [ipv6] <ipv6 address> dscp [<value> | afxx | csx | default | ef]
ping [ipv6] <ipv6 address> hop-by-hop-option
ping [ipv6] <ipv6 address> repeat <number>
ping [ipv6] <ipv6 address> size <value>
ping [ipv6] <ipv6 address> source <ipv6 address>
ping [ipv6] <ipv6 address> mef-ethernet <slot/port>
ping [ipv6] <ipv6 address> system-control-evc
ping [ipv6] <ipv6 address> system-management-evc
ping [ipv6] <ipv6 address> timeout <value>
ping [ipv6] <ipv6 address> tos <value>
ping [ipv6] <ipv6 address> verbose
ping [ipv6] <ipv6 address> wait <interval>
ping [ipv6] vrf <name> <ipv6 address>
ping [ipv6] vrf <name> <ipv6 address> <interface>
ping [ipv6] vrf <name> <ipv6 address> data <string>
ping [ipv6] vrf <name> <ipv6 address> destination-option
ping [ipv6] vrf <name> <ipv6 address> df-bit [0 |1]
ping [ipv6] vrf <name> <ipv6 address>dscp [<value> | afxx | csx | default | ef]
ping [ipv6] vrf <name> <ipv6 address> hop-by-hop-option
ping [ipv6] vrf <name> <ipv6 address> repeat <interval>
ping [ipv6] vrf <name> <ipv6 address> size <value>
ping [ipv6] vrf <name> <ipv6 address> source <ipv6 address>
ping [ipv6] vrf <name> <ipv6 address> mef-ethernet <slot/port>
ping [ipv6] vrf <name> <ipv6 address> system-control-evc
ping [ipv6] vrf <name> <ipv6 address> system-management-evc
ping [ipv6] vrf <name> <ipv6 address> timeout <value>
ping [ipv6] vrf <name> <ipv6 address> tos <value>
ping [ipv6] vrf <name> <ipv6 address> verbose
ping [ipv6] vrf <name> <ipv6 address> wait <interval>
settings.

Syntax Description
ipv6 Optional. Specifies an IPv6 ping.
<interface> Specifies the egress interface when pinging an IPv6 link-local address (any
address that has the prefix FE80::/64). Interfaces are specified in the
<interface type> <slot/port | interface id> format. For example, for an
Ethernet interface, use eth 0/1. Type ping ipv6 <ipv6 address> ? to display
a list of valid interfaces. This variable is mandatory when pinging a link-local
address. This variable is ignored when using a non-link-local address.
<ipv6 address> Specifies the IPv6 address of the system to ping. IPv6 addresses should be
destination address prompts the user for an egress interface.
as the data pattern in the ICMPv6 ECHO_REQ packets.
destination-option Optional. Includes the destination option in the ICMPv6 ECHO_REQ
packets.
set.
(010010), 22 (010100), 23 010110), 31 (011010), 32 (011100), 33 (011110),
41 (100010), 42 (100100), or 43 (100110).
hop-by-hop-option Optional. Includes the hop-by-hop option in the ICMPv6 ECHO_REQ
packets. This typically causes intermediate routers to process switch the
packets, potentially detecting switching issues in these devices.
1 to 1024.

ICMPv6 ECHO_REQ (or interface) packets. IPv6 addresses should be
destination address prompts the user for an egress interface. The source
IPv6 address must be a valid address local to the router on the specified
virtual routing and forwarding (VRF) instance.
mef-ethernet <slot/port> Optional. Specifies that the Metro Ethernet Forum (MEF) Ethernet interface
is the ping target.
system-control-evc Optional. Specifies that the system control Ethernet virtual connection
(EVC) is the ping target.
system-management-evc Optional. Specifies that the system management EVC is the ping target.
tc <value> Optional. Specifies the traffic class (TC). The <value> can be specified as
decimal 0 to 255, or as hexidecimal
Default Values
By default, the df-bit is set to 0.
Command History
Release R10.10.0 Command was expanded to include the df-bit, dscp, system-control-evc,
system-management-evc, and tos parameters.

Functional Notes
The ping ipv6 command can be issued from both the Basic and Enable modes.
The ping ipv6 command helps diagnose basic IPv6 network connectivity using the Packet Internet Groper
packets off a system (using a specified IPv6 address). AOS allows executing a standard ping ipv6 request
to a specified IPv6 address, or provides keywords to configure a more specific ping ipv6 configuration.
The following is a list of output messages from the ping ipv6 command:
! Success
x TTL Expired in Transit
? Unknown Host
* Request Timed out
e Unknown Error
B Packet too Big
Usage Examples
The following example pings 2001:DB8:1A0::3 with 200 byte ICMPv6 ECHO_REQ packets:
>enable
#ping ipv6 2001:DB8:1A0::3 size 200
Sending 5, 200-byte ICMP Echos to 2001:DB8:1A0::3, timeout is 2 seconds:

!!!!!


Use the ping stack-member command to ping a member of the stack. Variations of this command include:

ping stack-member <number> vrf <name>
Syntax Description
<number> Specified which member of the stack to ping.
vrf <name> Optional. Specifies the virtual routing and forwarding (VRF) where the
stack-member exists.
Default Values
Command History
Functional Notes
The ping stack-member command can be issued from both the Basic and Enable modes.
Usage Examples
The following example pings a member of the stack:
>enable
#ping stack-member 3
'x' = TTL expired in transit
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2.2/3 ms
#

ping twamp
Use the ping twamp command to execute a Two-Way Active Measurement Protocol (TWAMP) type ping
to measure the packet loss, delay, and interpacket delay variation (IPDV) and display the results of the test.
Use the subcommands in any combination, in any order, when specifying the destination site. Variations of
ping twamp
ping twamp <ip address | hostname>
ping twamp <ip address | hostname> control-port <port>
ping twamp <ip address | hostname> data pattern
ping twamp <ip address | hostname> data pattern ascii <pattern>
ping twamp <ip address | hostname> data pattern hex <pattern>
ping twamp <ip address | hostname> data random
ping twamp <ip address | hostname> data zero
ping twamp <ip address | hostname> dscp <value>
ping twamp <ip address | hostname> interval <value>
ping twamp <ip address | hostname> port <port>
ping twamp <ip address | hostname> repeat <value>
ping twamp <ip address | hostname> size <value>
ping twamp <ip address | hostname> source <ip address>
ping twamp <ip address | hostname> source-port <port>
ping twamp <ip address | hostname> timeout <value>
ping twamp <ip address | hostname> verbose
ping twamp <ip address | hostname> wait <value>
ping twamp vrf <name>
ping twamp vrf <name> <ip address | hostname>
ping twamp vrf <name> <ip address | hostname> control-port <port>
ping twamp vrf <name> <ip address | hostname> data pattern
ping twamp vrf <name> <ip address | hostname> data pattern ascii <pattern>
ping twamp vrf <name> <ip address | hostname> data pattern hex <pattern>
ping twamp vrf <name> <ip address | hostname> data random
ping twamp vrf <name> <ip address | hostname> data zero
ping twamp vrf <name> <ip address | hostname> dscp <value>
ping twamp vrf <name> <ip address | hostname> interval <value>
ping twamp vrf <name> <ip address | hostname> port <port>
ping twamp vrf <name> <ip address | hostname> repeat <value>
ping twamp vrf <name> <ip address | hostname> size <value>
ping twamp vrf <name> <ip address | hostname> source <ip address>
ping twamp vrf <name> <ip address | hostname> source-port <port>
ping twamp vrf <name> <ip address | hostname> timeout <value>
ping twamp vrf <name> <ip address | hostname> verbose

ping twamp vrf <name> <ip address | hostname> wait <value>
The subcommands can be used in a string of any available combination. Use the ? after
each specified subcommand for a valid list of arguments and settings.
Syntax Description
<ip address | hostname> Optional. Specifies the IP address or host name of the system to ping. IP
10.10.10.1). Entering the ping twamp command with no specified IP
address prompts the user with parameters for a more detailed ping twamp
configuration.
control-port <port> Optional. Specifies the destination TWAMP control port. Port range is 1 to
65535.
data Optional. Specifies data used to pad packets. The following options are
available:
pattern Pads the packet with a user-specified pattern.
ascii <pattern> Pads the packet with a user-specified ascii pattern.
hex <pattern> Pads the packet with a user-specified hex pattern.
random Pads the packet with random numbers.
zero Pads the packet with all zeros.
dscp <value> Optional. Specifies the differentiated services code point (DSCP) value.
interval <value> Optional. Specifies the interval between consecutive ping TWAMPs (in
milliseconds). Valid range is 5 to 5000.
port <port> Optional. Specifies the destination port for the TWAMP test packets. Valid
repeat <value> Optional. Specifies the number of ping TWAMP packets. Valid range is 1 to
1000.
size <value> Optional. Specifies the datagram size. Valid range is 0 to 1462.
source <ip address> Optional. Specifies the source IP address. IP addresses should be
source-port <port> Optional. Specifies the source port for the TWAMP test packets. Valid range
is 1 to 65535.
timeout <value> Optional. Specifies the timeout value in milliseconds. Valid range is 100 to
60000.
verbose Optional. Displays the detailed two-way ping verbose results for the
specified IP address or host name.
vrf <name> Optional. Specifies the virtual routing and forwarding (VRF) instance within
which the ping is executed. If no VRF is specified, the default (unnamed)
VRF is used.

wait <value> Optional. Specifies the interval (in milliseconds) between consecutive
TWAMP test packets. Range is 5 to 5000.
Default Values
By default, the data is zero, the dscp is 0, the interval value is 20, the port value is 0, the repeat value is
100, the size is 0, and the timeout is 2000 milliseconds.
Command History
Release 17.4 Command was introduced to replace the twping command.
Release 17.6 Command was expanded to include control-port and wait keywords.
Release A4.01 Command was expanded to include the ascii and hex pattern parameters.
Functional Notes
The ping twamp command can be issued from both the Basic and Enable modes.
Usage Examples
The following example executes a TWAMP ping:
>enable
#ping twamp
Server-Greeting)
Setup-Response)
mode=1
keyId=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
--MORE--

port-auth re-authenticate
Use the port-auth re-authenticate command to force the reauthentication of every currently authorized
host on all interfaces in the AOS unit. Variations of this command include:
port-auth re-authenticate
port-auth re-authenticate <interface>
Syntax Description
<interface> Optional. Specifies reauthentication of a specific interface. Interfaces are
specified in the format <interface type [slot/port | slot/port.subinterface id |
1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type
port-auth re-authenticate ? for a complete list of available interfaces.
Default Values
Command History
Usage Examples
The following example specifies that the authorized hosts on the interface eth 1/1 are reauthenticated:
>enable
#port-auth re-authenticate eth 1/1

ramdisk <size>
Use the ramdisk command to create a volatile RAM disk file system and allocate memory in bytes to the
newly created RAM disk. Use the no form of this command to delete the RAM disk.
Not all units are capable of using a RAM disk file system. Use the ? command to display a
list of valid commands at the enable prompt.
Syntax Description
<size> Specifies the size of the RAM disk in bytes. Valid range is 65536 to the
maximum available heap size on the unit. Input for this value allows the use
of the following characters as multipliers: M, m, K, and k.
Default Values
Command History
Usage Examples
The following example creates a volatile RAM disk file system and allocates 128000 bytes of memory:
>enable
#ramdisk 128000
The following example creates a volatile RAM disk file system and uses the multiplier k to allocate 131072
bytes of memory (where 128k is 128 x 1024 = 131072):
>enable
#ramdisk 128k

reload
Use the reload command to perform a manual reload of AOS. Variations of this command include:
reload
reload cancel
reload hard
reload in <delay>
reload soft
reload vcid <vcid>
Performing an AOS reload disrupts data traffic.
Syntax Description
cancel Optional. Deactivates a pending reload command.
hard Optional. Performs a hard reload.
in <delay> Optional. Specifies a delay period in minutes (mm) or hours and minutes
(hh:mm) that AOS will wait before reloading.
soft Optional. Performs a soft reload.
vcid <vcid> Optional. Specifies an ActivChassis member to reload. Valid range is 1 to 8.
VCID values 1 and 2 are for the master and backup device, respectively.
The VCID of the current master device will not be accepted.
Default Values
Command History
Release AC1.0 Command was expanded to include the vcid parameter.
Release R10.10.0 Command was expanded to include the hard and soft parameters.
Usage Examples
The following example reloads the AOS software in 3 hours and 27 minutes:
>enable
#reload in 03:27
The following example reloads the AOS software in 15 minutes:
>enable
#reload in 15

The following example terminates a pending reload command:

>enable
#reload cancel
The following example reloads ActivChassis member 3:
>enable
#reload vcid 3

reload dot11 interface dot11ap <ap interface>

Use the reload dot11 interface dot11ap command to perform a cold start of a wireless access point (AP)
that is currently controlled by the wireless access controller (AC) on which the command is executed.
reload dot11 interface dot11ap <ap interface>

reload dot11 interface dot11ap <ap interface> factory-default
Syntax Description
<ap interface> Specifies the AP interface number to reload. Range is 1 to 8.
factory-default Optional. Specifies reloading the unit with the factory default settings.
Default Values
Command History
Usage Examples
The following example performs a cold start for AP interface 1:
>enable
#reload dot11 interface dot11ap 1
AP 1 reloaded
Router#
2006.12.23 19:14:03 DOT11.Session : AP 1: AP reboot.
2006.12.23 19:14:03 DOT11.Session : AP 1: Control session lost.
2006.12.23 19:14:03 DOT11.Session : AP 1: Control session established.

rename
Use the rename command to rename a file stored in the AOS product. Variations of this command
include:
rename <source filename> <destination filename>

rename cflash <source filename> <destination filename>
rename flash <source filename> <destination filename>
rename usbdrive0 <source filename> <destination filename>
Syntax Description
cflash Optional. Specifies the file to be renamed is on the Compact flash drive.
flash Optional. Specifies the file to be renamed is on the flash drive.
usbdrive0 Optional. Specifies the file to be renamed is on the Universal Serial Bus
(USB) drive.
<source filename> Specifies the file to be renamed.
<destination filename> Specifies the new name of the file.
Default Values
Command History
Functional Notes
If no drive is specified (cflash, flash, or usbdrive0), this command is executed in the first mounted drive.
An error is displayed if you attempt rename the file with the same name, or if a file by the destination
filename already exists.
Files cannot be renamed from one file system to another. For example, a file in flash cannot be renamed in
Cflash).
Usage Examples
The following example renames the file File1 in the flash drive to File3:
>enable
#rename flash File1 File3

run audit security

Use the run audit security command to run a security audit on the AOS device. Variations of this
command include:
run audit security

run audit security log
run audit security log cflash
run audit security log usbdrive0
Once the audit is in process, the session will be blocked until the audit is completed or until
Ctrl+C is issued.
Syntax Description
cflash Optional. Specifies saving the log file to CompactFlash® memory.
log Optional. Specifies saving the audit results to a file named
securityAudit_<timestamp>. The file name has the timestamp attached in
the format yyyymmddhhmmss. If cflash is not specified, the file is saved to
flash memory.
usbdrive0 Optional. Specifies saving the log file to Universal Serial Bus (USB) flash
drive memory.
Default Values
Command History
Release 18.2 Command was expanded to include the usbdrive0 parameter.
Functional Notes
The security audit tool is used to identify possible security violations. The results of the audit can be viewed
by using the show audit security command (refer to show audit security on page 549), or by viewing the
log file using the commands show flash on page 650 or show cflash on page 577.
The show audit security command displays a summary of the security audit results including: the type of
defect, severity, and a brief description. The show audit security detail command lists the summary, as
well as details of the defect and recommends corrective action. It is up to the customer to determine if the
findings are a true risk in their system, and to make the necessary adjustments to their configuration. Some
items could be recorded as possible risks that are not actual risks based on the entire network
configuration.

If two people are logged in simultaneously (for example, one via Telnet and one via the console) and both
try to run the audit security tool, the user who begins the audit first will take precedence. An error message
will be displayed to the second user that an audit is in progress.
The following table lists the configuration items that are audited for security risks.
Violation Type Severity Description

Startup-Config High Indicates that the startup configuration file does not match the
running configuration file. This is determined by comparing the MD5
checksum of both files for a match.
Passwords/Keys High Identifies nonsecure passwords. If a password has MD5 encryption
enabled, the tool tests for common password sequences,
such as qwerty, 1234, abc, xyz, etc. If MD5 is disabled, an alert is
issued if the password:
• Is less than 7 characters.
• Does not contain alphabetic and numeric characters.
• Matches common sequences, such as qwerty, 1234, abc, xyz,
etc.
• Matches the default passwords.
• Matches another password in the system.
• Service password encryption is not enabled.
Firewall High Indicates the firewall is disabled.
Policy-Class High Identifies any of the following access control policy (ACP)
vulnerabilities:
• Stateful inspection is disabled.
• An undefined access control list (ACL) exists in the ACP.
• An interface with a private IP address (10.x.x.x, 172.16.x.x,
192.168.x.x) has an ACP assigned that does not have NAT
configured.
• An interface is enabled without an ACP assigned.
SNMP High Indicates the SNMP agent is enabled and configured to allow
SNMPv1 or SNMPv2. Both of these versions are considered
nonsecure. SNMPv3 group and SNMPv3 user are preferred.
Network Protocols High Identifies any of the following network protocols are enabled and
considered a security risk: HTTP, HTTPS SSLv2, FTP, TFTP, and
Telnet. SSH is suggested as a replacement for Telnet and HTTPS
SSLv3 instead of HTTPS SSLv2.

Violation Type Severity Description

WIFI High Identifies any of the following wireless vulnerabilities:
• Security mode is set to anything but WPA2 (including none).
• Service set identifier (SSID) broadcast is enabled.
• A weak key.
Session Timeout High Identifies the console, HTTP, SSH, or Telnet session timeout is set
to a value greater than 15 minutes. Long session timeouts can
compromise the system. The recommended setting is 15 minutes or
less.
Time-Server High Indicates the time server (SNTP or NTP) is not configured or is
configured but not synchronized. It is important to have a valid
timestamp on all logs generated by the system.
Logging Medium Indicates user activity is not being logged. User activity should be
logged either by enabling syslog or TACACS+ accounting. (The
syslog can be enabled by using the logging forwarding on
command.)
Domain Lookup Medium Indicates domain-lookup is enabled but a DNS server has not
been configured. This allows DNS requests to be broadcast.
Interfaces Medium Identifies the following interface vulnerabilities:
• The ip directed-broadcast is enabled which could make an
interface vulnerable to denial of service attacks.
• A static ACL assigned to an interface. A more secure option is to
enable the firewall and assign an ACP.
Enable Password Low Indicates the enable password is not set for MD5 encryption. MD5
encryption is more secure than standard password encryption.
Banner Low Indicates the default executive banner is still set. It is recommended
that a custom banner be displayed when a user attempts to login.
The banner warns of the legal consequences of unauthorized
access to the unit.
TCL Scripts Low Indicates Tcl scripting is enabled. Scripts could cause damage to
configuration of the unit.
Usage Examples
The following example initiates the security audit and saves the results to a log file in flash memory:
>enable
#run audit security log
Audit Complete

run checkdisk cflash

Use the run checkdisk cflash to run checkdisk to check and fix file system errors. This command should
only be issued promptly after system reboot while voicemail processes are idle. Issuing the command
while voicemail processes are active could result in file system corruption.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example checks and fixes file system errors:
>enable
#run checkdisk cflash

run checkdisk usbdrive0

Use the run checkdisk usbdrive0 to run checkdisk to check and fix file system errors on the Universal
Serial Bus (USB) drive. Variations of this command include:
run checkdisk usbdrive0

run checkdisk usbdrive0 dontfix
Syntax Description
dontfix Specifies the unit to run checkdisk on the USB flash drive without fixing
errors.
Default Values
Command History
Usage Examples
The following example checks and fixes file system errors on the USB flash drive:
>enable
#run checkdisk usbdrive0

run tcl <name>

Use the run tcl command to initiate a tool command language (Tcl) script.
Syntax Description
<name> Specifies the name of the Tcl script file or inline Tcl script to run.
Default Values
Command History
Release R11.1.1 Command was expanded to include inline scripts.
Usage Examples
The following example initiates the test1.tcl Tcl script file:
>enable
#run tcl test1.tcl
Script execution complete

run voipwizard
Use the run voipwizard command to run the Voice over IP (VoIP) Setup Wizard. This wizard configures
the basic settings for running VoIP applications on switchports. After running the wizard, you can view the
log file using the command show voipwizard log on page 1106.
The wizard changes the current configuration of the unit. If the unit has already been
configured, the changes could conflict with current settings. You will be able to review the
changes before applying them to the system.
Syntax Description
No subcommands.
Default Values
There is no default setting for this command.
Command History
Functional Notes
When running the VoIP Setup Wizard, you are given the option of applying the recommended settings or
specifying your own settings. If you enter yes to accept the recommended settings, the wizard will
configure the settings and ask for confirmation before applying them.
If you choose to specify your own settings instead of applying the recommendations, enter no, and the
wizard will step you through the different setting options as shown in the following example:
>enable
#run voipwizard
Welcome to the VoIP Configuration Wizard.
This wizard will assist you in configuring your NetVanta 1234 for
switching. You may automatically apply ADTRAN's recommended VoIP settings or
specify your own port assignments.
WARNING: This will change the current configuration of the unit. If this unit
has already been configured, the following changes may conflict with the
current settings. You will be able to review your changes before they are
applied.
ADTRAN VoIP Recommendation:
Ports assigned as voice ports: (switchport 0/1-24)

Ports assigned as uplink ports: (gigabit-switchport 0/1-4)

Voice port configuration: description voice

spanning-tree edgeport
no shutdown
switchport voice vlan 2
qos trust cos
Uplink port configuration: description uplink

no shutdown
switchport mode trunk
qos trust cos
Global QoS configuration: qos queue-type wrr 25 25 25 expedite

qos cos-map 1 0 1
qos cos-map 2 2 4
qos cos-map 3 3 6
qos cos-map 4 5 7
Would you like to apply this recommendation? [yes/no]
no
What would you like to use as your voice vlan? (1-4094) [default: 2]
What are the types of interfaces you would like to configure as voice ports?
--- Options ---

1. switchport
2. gigabit-switchport
---------------
[default: switchport]
Specify one or more port types. (Examples: 1,2,1-2)

Enter your selection:
1
Selected: switchport
For the 'switchport' interface type, which ports would you like to
assign as voice ports? Enter port numbers or ranges of port numbers separated
by commas. (Example: 1,2,3-9,13,15) [default: 1-24]
1-24
What are the types of interfaces you would like to configure as uplink ports?
--- Options ---

1. switchport
2. gigabit-switchport
---------------
[default: gigabit-switchport]
Specify one or more port types. (Examples: 1,2,1-2)

Enter your selection:
Selected: gigabit-switchport
For the 'gigabit-switchport' interface type, which ports would you like to
assign as uplink ports? Enter port numbers or ranges of port numbers separated
by commas. (Example: 1,2,3-9,13,15) [default: 1-4]
1-4
Would you like to enable port security on all voice ports?

(yes/no) [default: no]
yes
How many mac addresses would you like to allow on each voice
port? (1-132) [default: 2]
Selected VoIP configuration:
Ports assigned as voice ports: (switchport 0/1-24)

Ports assigned as uplink ports: (gigabit-switchport 0/1-4)

no shutdown
qos trust cos
switchport port-security
switchport port-security maximum 2

no shutdown
qos trust cos
Global QoS configuration: qos queue-type wrr 25 25 25 expedite

qos cos-map 1 0 1

qos cos-map 2 2 4
qos cos-map 3 3 6
qos cos-map 4 5 7
Would you like to apply this configuration? [yes/no]
yes
Saving configuration...
Configuration successfully saved!
Thank you for using the VoIP Configuration Wizard.

Goodbye.
Script execution complete
Usage Examples
The following example initiates the VoIP Setup Wizard:
>enable
#run voipwizard

show activchassis
Use the show activchassis command to display information about ActivChassis members. Variations of
show activchassis
show activchassis detail
show activchassis <vcid>
show activchassis <vcid> detail
The output of all show commands can be limited by appending the following modifiers to
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The
include modifier limits output to lines that contain the specified text, the exclude modifier
excludes any lines with the specified text, and the begin modifier displays the first line of
output with the specified text and all lines thereafter.
For specific instructions and examples regarding these modifiers, refer to the introduction
of the Enable Mode Command Set on page 94.
Syntax Description
detail Optional. Specifies that detailed ActivChassis information is displayed,
including the ActivChassis ID (VCID), the connection state, and the role of
the member, as well as additional information.
<vcid> Optional. Specifies that information about a specific ActivChassis member
is displayed. VCID range is 1 to 8. VCID values of 1 and 2 are given to the
master and backup devices, respectively.
Default Values
Command History
Functional Notes
This command is available from both the ActivChassis master and linecard devices’ CLI. In the linecard
command mode, only the master and linecard ActivChassis members are displayed. If the linecard has not
been admitted to the ActivChassis, the command only displays the linecard information.
For more information about the difference between linecard and master devices, and how to access the
CLI for each, refer to the configuration guide Configuring ActivChassis in AOS, available online at

Usage Examples
The following example displays detailed information about all ActivChassis members:
>enable
#show activchassis detail
VCID: 1 (NV1638)
ActivChassisVC Connection State: Connected
Role: Master
Connection Information: none
ActivChassisVC Ports:
Xgiga-switchport 1/1/1
VCID: 4 (NV 1638)

ActivChassisVC Connection Sate: Not Connected
Role: Linecard
Connection Information: “This device has the wrong AOS version. The correct version is AC1.0.”
ActivChassisVC Ports:

show arp
Use the show arp command to display the Address Resolution Protocol (ARP) table. Variations of this
command include:
show arp
show arp realtime
show arp vrf <name>
show arp vrf <name> realtime
Using the realtime argument for this command can adversely affect the performance or
your unit.
Syntax Description
realtime Optional. Displays full-screen output in real time. Refer to the Functional
Notes below for more information.
vrf <name> Optional. Displays information only for the specified virtual routing and
forwarding (VRF). If a VRF is not specified, the default VRF is assumed.
Default Values
Command History
Release 10.1 The realtime display parameter was introduced.
Release 17.1 Command was expanded to include the modifiers begin, exclude, and
include.

Functional Notes
Use the realtime argument for this command to display full-screen output in real time. Information is
continuously updated on the console until you either freeze the data (by pressing the F key) or exit
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed,
increase the terminal length (using the terminal length command; refer to terminal length <number> on
page 1125).
Usage Examples
The following is sample output from the show arp command:
>enable
#show arp
ADDRESS TTL(min) MAC ADDRESS INTERFACE TYPE
10.22.18.3 19 00:E0:29:6C:BA:31 eth 0/1 Dynamic
192.168.20.2 16 00:A0:C8:0D:E9:AD eth 0/2 Dynamic
224.0.0.5 20 01:00:5E:00:00:05 eth 0/2 Permanent

show as-path-list
Use the show as-path-list command to display any AS path lists that have been configured in the router,
along with any permit and deny clauses in each list. Variations of this command include:
show as-path-list
show as-path-list <name>
Syntax Description
<name> Optional. Specifies that the command display only the list matching the
specified AS path list name. If not specified, all AS path lists are displayed.
Default Values
By default, this command displays all AS path lists.
Command History
include.
Release R10.1.0 Command syntax was changed and the ip keyword was removed for all
AOS products.
Usage Examples
In the following example, all AS path lists defined in the router are displayed.
>enable
#show as-path-list
as-path-list AsPathList1:
permit 100
permit 200
permit 300
deny 6500
as-path-list AsPathList2:
permit 400
permit 500

show atm pvc

Use the show atm pvc command to display information specific to the asynchronous transfer mode (ATM)
interface’s permanent virtual circuit (PVC). Variations of this command include the following:
show atm pvc

show atm pvc interfaces atm <interface>
Syntax Description
interfaces atm <interface> Optional. Displays the ATM PVC information for a specific PVC. Specify an
ATM interface (valid range is 1 to 1023) or a subinterface in the format
<interface id.subinterface id> (for example, 1.1). Using this command
without specifying an interface will display all information for all ATM PVCs.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show atm pvc interfaces command:
>enable
#show atm pvc interface atm 1.1
Name VPI VCI Encap Type SC Peak Kbps Avg/Min Kbps Burst Cells Status
atm 1.1 0 200 SNAP N/A 0 0 0 Active

show atm traffic interface atm <interface>

Use the show atm traffic interface atm command to display traffic information specific to the
asynchronous transfer mode (ATM) interface.
Syntax Description
<interface> Specifies an ATM port number. Specify an ATM interface (valid range is 1 to
1023) or a subinterface in the format <interface id.subinterface id> (for
example, 1.1).
Default Values
Command History
include.
Usage Examples
The following is sample output from the show atm traffic command from ATM interface 1:
>enable
#show atm traffic interface atm 1
atm 1 is UP, line protocol is UP
BW 896 Kbit/s
16 maximum active VCCs, 16 VCCs per VP, 1 current VCCs
Queueing strategy: Per VC Queueing
5 minute input rate 32 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
19 packets input, 1357 bytes
0 pkts discarded, 0 error pkts, 0 unknown protocol pkts
45 cells received, 0 OAM cells received
0 packets output, 0 bytes
0 tx pkts discarded, 0 tx error pkts 0 internal tx error pkts
0 cells sent, 0 OAM cells sent

The following is sample output from the show atm traffic command from ATM subinterface 1.1:
#show atm traffic interface atm 1.1

27 Input Packets
0 Output Packets
72 Cells received, 0 OAM cells received
F5 InEndLoopReq: 0 F5 InEndLoopResp: 0 F5 InAIS: 0 F5 InRDI: 0
0 Cells sent, 0 OAM cells sent
F5 OutEndLoopReq: 0 F5 OutEndLoopResp: 0 F5 OutAIS: 0 F5 OutRDI: 0
0 OAM Loopback Successes 0 OAM Loopback Failures

show audit security

Use the show audit security command to display the results of the security audit including: the type of
defect, severity, and a brief description. The security audit must be initiated first using the command run
audit security on page 531. Variations of this command include:
show audit security

show audit security detail
Syntax Description
detail Optional. Displays the details of the security audit and recommends
corrective action.
Default Values
Command History
Functional Notes
The security audit tool is used to identify possible security violations and is initiated by using the command
run audit security on page 531.
The show audit security detail command lists a summary of the results, as well as details of the defect
and recommends corrective action. It is up to the customer to determine if the findings are a true risk in
their system, and to make the necessary adjustments to their configuration. Some items could be recorded
as possible risks that are not actual risks based on the entire network configuration.
Usage Examples
The following is sample output from the show audit security command:
>enable
#show audit security
Using 2214 bytes

**SUMMARY**
-------------------------------------------------------------------------------------------------------------------
Severity Type Description
-------------------------------------------------------------------------------------------------------------------
LOW Enable Password MD5 encryption is not enabled
HIGH Network Protocol FTP server enabled
HIGH Network Protocol TFTP server enabled
HIGH Network Protocol HTTP server enabled
HIGH Network Protocol Telnet enabled
HIGH Policy-Class Private, undefined ACL
HIGH Policy-Class Private, stateless
HIGH Policy-Class Public, stateless
HIGH Policy-Class Public, NAT not enabled
HIGH Policy-Class Interfaces using default policy-class
HIGH Password Weak Passwords
HIGH Password Duplicate Passwords
HIGH Session Timeout Console timeout >= 15 minutes
HIGH Session Timeout Telnet 0 timeout >= 15 minutes
HIGH Session Timeout SSH 0 timeout >= 15 minutes
HIGH SNMP Using SNMPv1/v2, not secure
-------------------------------------------------------------------------------------------------------------------
The following is sample output from the show audit security detail command:
>enable
#show audit security detail
Using 4193 bytes
**DETAIL**
-------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------
ENABLE PASSWORD:
-------------------------------------------------------------------------------------------------------------------
* The enable password is not set for MD5 encryption. MD5 encryption is more
secure than standard password encryption.
-------------------------------------------------------------------------------------------------------------------
NETWORK PROTOCOLS:
-------------------------------------------------------------------------------------------------------------------

* The following protocols are enabled and may be a security risk.

Disable if not needed. Use SSH instead of Telnet and HTTP SSLv3 instead of
HTTP SSLv2.
* FTP
* TFTP
* HTTP
* Telnet
-------------------------------------------------------------------------------------------------------------------
POLICY-CLASS:
-------------------------------------------------------------------------------------------------------------------
* Potential vulnerabilities were found with the following policies. Note: NAT
may not be required on all policies; however, broadcast of IP addresses from the
internal network to the Internet should be restricted. This tool did not take
into account how the policies are used. Depending upon the configuration of your
network, these policies may or may not make your network vulnerable.
***********************************************************************************************
Name Line Description
***********************************************************************************************
Private 2 Allows undefined ACL
Private 3 Allows stateless-inspection
Public 4 Allows stateless-inspection
Public N/A NAT not enabled for
Private interface, eth 0/1
* The following interfaces are enabled but do not have a policy-class

assigned. Not having a policy-class assigned will leave the interface open to
attack.
* vlan 1210
-------------------------------------------------------------------------------------------------------------------
PASSWORDS / KEYS:
-------------------------------------------------------------------------------------------------------------------
* Passwords should be at least 7 characters and have both alphabetic and
numeric characters. Some passwords are considered weak if they match default
passwords or contain common sequences. For example Qwerty123 is considered a
weak password even though it contains both numeric and alphabetic characters.
The following weak passwords were found:
* 1f1965f156e907907d3a8ed5172557a86736(encrypted)
* 2b2d9aa78c8dfb9fca1cf745d72e2e28cc99(encrypted)
* 373fbaa34722617409e24b9d9a707cb09fe3(encrypted)
* 1610d7b313a09983a2de5bb4f1a77997f346(encrypted)
* 24223699587eef35644778c8a901cca82a70(encrypted)
* 46400f529e54aeb56fa224fadb14c111f007(encrypted)

* Each user should have a unique password. The following passwords

are duplicated:
* 2b2d9aa78c8dfb9fca1cf745d72e2e28cc99(encrypted)
* 46400f529e54aeb56fa224fadb14c111f007(encrypted)
-------------------------------------------------------------------------------------------------------------------
SESSION TIMEOUT:
-------------------------------------------------------------------------------------------------------------------
* The following sessions have timeout values of 15 minutes or greater. Long
session timeouts may allow your system to be compromised. To increase
security, set the timeout value to less than 15 minutes.
* Console
* Telnet 0
* Telnet 1
* Telnet 2
* Telnet 3
* Telnet 4
* SSH 0
* SSH 1
* SSH 2
* SSH 3
-------------------------------------------------------------------------------------------------------------------
SNMP:
-------------------------------------------------------------------------------------------------------------------
* The SNMP agent is enabled and is configured to allow SNMPv1 and
SNMPv2 which are not secure. If SNMP is needed, remove the community
names and add SNMPv3 group and SNMPv3 user.
-------------------------------------------------------------------------------------------------------------------

show auto-config
Use the show auto-config command to display the AOS automatic self-configuration feature status and
settings.
Syntax Description
No subcommands.
Default Values
Command History
include.
Release R10.5.0 Output was expanded to include the cause of the last failure.
Usage Examples
The following is sample output from the show auto-config command:
>enable
#show auto-config
Auto-Config is enabled, current status: Downloading.
File transfer method is TFTP
Config Server is 10.10.10.1
Config filename is ADTRAN_CONFIG.cfg
Default filename is [00A0C8AE103A.cfg | adtran_4700254F2.cfg |
adtran_000000000000.cfg], Current: (Disabled)
Maximum retry count is 0 (repeat indefinitely), total retries is 0
Last failure: HTTP: Could not send initial message to HTTP server

show auto-link
Use the show auto-link command to display the auto-link feature configuration and current status.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following is sample output of the show auto-link command:
>enable
#show auto-link
Auto-link: Enabled
Use Http: Enabled
Server URL: 10.14.1.55/aps/DiscoveryProcessor?action=devinfo
Server SERVER: 10.14.1.55
Recontact Interval: 3600 seconds
Last Contact: Tue, June 17, 2008 10:32:01 AM
Next Contact: Tue, June 17, 2008 11:30:23 AM
Status: Discovered

show battery
Use the show battery command to display battery information. Variations of this command include:
show battery
show battery <slot/port>
Syntax Description
<slot/index> Optional. Specifies the slot and port of the battery information in the format
<slot/port>, for example, 0/1.
Default Values
Command History
Release R11.11.0 Command output options were altered and noted in the Functional Notes
section.
Functional Notes
The output information displays the battery status Good, Failure, Charging, Unknown, Not Connected,
or Low. The current power source displays either AC or Battery, indicating where the unit is currently
sourcing power.
Usage Examples
The following example displays battery information for slot 0, port 1:
>enable
#show battery 0/1
Battery 0/1 Information

============================
Battery Status : Good
Current Power Source : AC
Battery Install Date : June 12 2015, 12:40:34

show bgp
Use the show bgp command to display details about Border Gateway Protocol (BGP) configuration on the
AOS device, including the specified route, advertising router IPv4 or IPv6 address, router ID, and the list
of neighbors to which this route is being advertised. Variations of this command include:
show bgp any-vrf ipv4

show bgp any-vrf ipv4 <ipv4 address>
show bgp any-vrf ipv4 <ipv4 address> <subnet mask>
show bgp any-vrf ipv4 summary
show bgp ipv4
show bgp ipv4 <ipv4 address>
show bgp ipv4 <ipv4 address> <subnet mask>
show bgp ipv4 summary
show bgp vrf <name> ipv4
show bgp vrf <name> ipv4 <ipv4 address>
show bgp vrf <name> ipv4 <ipv4 address> <subnet mask>
show bgp vrf <name> ipv4 summary
show bgp any-vrf ipv6
show bgp any-vrf ipv6 <ipv6 address/prefix-length>
show bgp any-vrf ipv6 summary
show bgp ipv6
show bgp ipv6 <ipv6 address/prefix-length>
show bgp ipv6 summary
show bgp vrf <name> ipv6
show bgp vrf <name> ipv6 <ipv6 address/prefix-length>
show bgp vrf <name> ipv6 summary
Syntax Description
any-vrf Optional. Displays BGP information for all virtual routing and forwarding
(VRF) instances.
ipv4 Displays IPv4 BGP route information.
vrf <name> Optional. Displays BGP information for a specific VRF instance.

<subnet mask> Optional. Specifies the subnet mask that corresponds to a range of IPv4
addresses (network) or a specific host. Subnet masks can be expressed in
dotted decimal notation (for example, 255.255.255.0) or as a prefix length
(for example, /24).
<ipv6 address/prefix-length> Optional. Specifies a valid IPv6 address and prefix. IPv6 addresses should
be expressed in colon hexadecimal format (for example,
2001:DB8:3F::/48).
summary Optional. Displays the status of all BGP connections.
Default Values
Command History
include.
in ADTRAN internetworking products. Command was also expanded to
include the any-vrf, ipv4, and vrf <name> parameters.
in ADTRAN voice products. Command was also expanded to include the
ipv6 and <ipv6 address/prefix-length> parameters.
Usage Examples
The following sample output of the show bgp ipv4 summary command shows a summarized list of the
configured BGP neighbors, as well as their status and statistics.
>enable
#show bgp ipv4 summary
BGP router identifier 192.168.3.1, local AS number 304
8 network entries, 5 paths, and 23 BGP path attribute entries
Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State/PfxRcd
10.22.131.1 4 302 95 104 0 0 01:30:06 9
10.22.131.9 4 302 97 105 0 0 01:30:07 21
10.22.132.9 4 303 200 179 0 0 02:43:09 21
10.22.134.1 4 304 166 178 0 0 02:43:15 3
10.22.134.10 4 304 174 179 0 0 02:43:24 7
10.22.134.26 4 304 172 174 0 0 02:41:43 10
10.22.134.34 4 304 164 174 0 0 02:41:40 4

show bgp community

Use the show bgp community command to display only those routes learned using Border Gateway
Protocol (BGP) that match the community numbers specified in the command. If no communities are
specified, all BGP routes containing a community attribute are shown. Variations of this command
include:
show bgp any-vrf ipv4 community

show bgp any-vrf ipv4 community <number>
show bgp any-vrf ipv4 community exact
show bgp any-vrf ipv4 community internet
show bgp any-vrf ipv4 community local-as
show bgp any-vrf ipv4 community no-advertise
show bgp any-vrf ipv4 community no-export
show bgp ipv4 community
show bgp ipv4 community <number>
show bgp ipv4 community exact
show bgp ipv4 community internet
show bgp ipv4 community local-as
show bgp ipv4 community no-advertise
show bgp ipv4 community no-export
show bgp vrf <name> ipv4 community
show bgp vrf <name> ipv4 community <number>
show bgp vrf <name> ipv4 community exact
show bgp vrf <name> ipv4 community internet
show bgp vrf <name> ipv4 community local-as
show bgp vrf <name> ipv4 community no-advertise
show bgp vrf <name> ipv4 community no-export
show bgp any-vrf ipv6 community
show bgp any-vrf ipv6 community <number>
show bgp any-vrf ipv6 community exact
show bgp any-vrf ipv6 community internet
show bgp any-vrf ipv6 community local-as
show bgp any-vrf ipv6 community no-advertise
show bgp any-vrf ipv6 community no-export
show bgp ipv6 community
show bgp ipv6 community <number>
show bgp ipv6 community exact
show bgp ipv6 community internet
show bgp ipv6 community local-as
show bgp ipv6 community no-advertise
show bgp ipv6 community no-export
show bgp vrf <name> ipv6 community
show bgp vrf <name> ipv6 community <number>
show bgp vrf <name> ipv6 community exact
show bgp vrf <name> ipv6 community internet

show bgp vrf <name> ipv6 community local-as

show bgp vrf <name> ipv6 community no-advertise
show bgp vrf <name> ipv6 community no-export
Syntax Description
(VRF) instances.
<number> Optional. Displays routes that contain this value in their community
attribute. This is a numeric value that can be an integer from 1 to
4294967295 or string in the form aa:nn, where the value of aa is the
autonomous system (AS) number and the value of nn is the desired local
preference to be used in the service provider network. Multiple
community-number parameters can be present in the command.
exact Optional. Displays only BGP routes that have the same communities.
internet Optional. Displays routes that contain this value in their community
attribute. This represents the well-known reserved community INTERNET.
local-as Optional. Displays routes that contain this value in their community
attribute. This represents the well-known reserved community string
NO_EXPORT_SUBCONFED. Routes containing this attribute should not
be advertised to external BGP peers.
no-advertise Optional. Displays routes containing this value in the community attribute.
This represents the well-known reserved community string
NO_ADVERTISE. Routes containing this attribute should not be advertised
to any BGP peer.
no-export Optional. Displays routes containing this value in the community attribute.
This represents the well-known reserved community string NO_EXPORT.
Routes containing this attribute should not be advertised to BGP peers
outside a confederation boundary.
Default Values
By default, this command displays all BGP routes.

Command History
include.
include the any-vrf, ipv4, vrf <name>, and exact parameters.
ipv6 parameter.
Usage Examples
In the following example, all BGP routes are displayed whose community numbers match those listed in
the show bgp community command.
>enable
#show bgp ipv4 community local-as 10:405
BGP local router ID is 10.22.131.241, local AS is 302.
Status codes: * valid, > best, i - internal, o - local
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Path
10.22.152.20/30 10.22.131.10 304 302 300 1 3 4 i
10.22.152.24/29 10.22.131.10 304 302 300 1 3 4 5 i
10.22.152.36/30 10.22.131.10 304 302 300 1 3 4 i
10.22.152.52/30 10.22.131.10 304 302 300 1 3 4 i
11.0.0.0/30 10.22.131.10 304 302 300 1 3 4 6 i
12.0.0.0/30 10.22.131.10 304 302 300 1 3 4 6 i
13.0.0.0/30 10.22.131.10 304 302 300 1 3 4 6 i
14.0.0.0/30 10.22.131.10 304 302 300 1 3 4 6 i
Total RIB entries = 8
Information displayed includes: the ID of this router and its autonomous system (AS) number; the
destination Network address of the route learned; the Next-Hop address to that network; the Metric; the
Local Preference (LocPrf) value (set using the command set local-preference); and the AS Path to the
destination network.
The following is sample output for the show bgp ipv4 community command with an exact match
specified. BGP routes with the community numbers specified and only those specified are shown.

>enable
#show bgp ipv4 community 1001 2001 3001 exact
Network NextHop Metric LocPrf Path
* 192.168.11.0/24 10.22.27.251 249 251 i
* 192.168.12.0/24 10.22.27.251 249 251 i
*> 192.168.32.0/24 10.22.27.249 249 i
*> 192.168.33.0/24 10.22.27.249 249 i

show bgp community-list

Use the show bgp community-list command to display Border Gateway Protocol (BGP) routes that are
permitted by the specified community list. Variations of this command include:
show bgp any-vrf ipv4 community-list <list name>

show bgp any-vrf ipv4 community-list <list name> exact
show bgp ipv4 community-list <list name>
show bgp ipv4 community-list <list name> exact
show bgp vrf <name> ipv4 community-list <list name>
show bgp vrf <name> ipv4 community-list <list name> exact
show bgp any-vrf ipv6 community-list <list name>
show bgp any-vrf ipv6 community-list <list name> exact
show bgp ipv6 community-list <list name>
show bgp ipv6 community-list <list name> exact
show bgp vrf <name> ipv6 community-list <list name>
show bgp vrf <name> ipv6 community-list <list name> exact
Syntax Description
(VRF) instances.
<list name> Specifies the name of the community list whose routes you wish to display.
exact Optional. Restricts the routes displayed to only those whose community lists
exactly match those specified in the named community list. If this parameter
is omitted, all routes matching any part of the specified community list will
be displayed.
Default Values

Command History
include.
in ADTRAN internetworking products. The command was also expanded to
in ADTRAN voice products. The command was also expanded to include
the ipv6 parameter.
Functional Notes
Information displayed includes the ID of this router and its autonomous system (AS) number, the
destination Network address of the route learned, the Next-Hop address to that network, the Metric, the
Local Preference (LocPrf) value (set using the command set local-preference * on ????), and the AS
Path to the destination network.
Usage Examples
In the following example, all IPv4 BGP routes are displayed whose community numbers match those
defined in the community list named CList1.
>enable
#show bgp ipv4 community-list CList1
Network Next Hop Metric LocPrf Path
10.22.152.20/30 10.22.131.10 304 302 300 1 3 4 i
10.22.152.24/29 10.22.131.10 304 302 300 1 3 4 5 i
10.22.152.36/30 10.22.131.10 304 302 300 1 3 4 i
10.22.152.52/30 10.22.131.10 304 302 300 1 3 4 i
11.0.0.0/30 10.22.131.10 304 302 300 1 3 4 6 i
12.0.0.0/30 10.22.131.10 304 302 300 1 3 4 6 i
13.0.0.0/30 10.22.131.10 304 302 300 1 3 4 6 i
14.0.0.0/30 10.22.131.10 304 302 300 1 3 4 6 i
20.0.0.0/30 10.22.131.10 304 302 300 1 3 4 5 i
21.0.0.0/30 10.22.131.10 304 302 300 1 3 4 5 i

show bgp neighbors

Use the show bgp neighbors command to display information for the specified Border Gateway Protocol
(BGP) neighbor. Variations of this command include the following:
show bgp any-vrf ipv4 neighbors

show bgp any-vrf ipv4 neighbors <ipv4 address>
show bgp any-vrf ipv4 neighbors <ipv4 address> advertised-routes
show bgp any-vrf ipv4 neighbors <ipv4 address> received-routes
show bgp any-vrf ipv4 neighbors <ipv4 address> routes
show bgp any-vrf ipv4 neighbors <ipv4 address> [mef-ethernet <slot/port> | system-control-evc |
system-management-evc] advertised-routes
system-management-evc] received-routes
system-management-evc] routes
show bgp ipv4 neighbors
show bgp ipv4 neighbors <ipv4 address>
show bgp ipv4 neighbors <ipv4 address> advertised-routes
show bgp ipv4 neighbors <ipv4 address> received-routes
show bgp ipv4 neighbors <ipv4 address> routes
show bgp ipv4 neighbors <ipv4 address> [mef-ethernet <slot/port> | system-control-evc |
show bgp vrf <name> ipv4 neighbors
show bgp vrf <name> ipv4 neighbors <ipv4 address>
show bgp vrf <name> ipv4 neighbors <ipv4 address> advertised-routes
show bgp vrf <name> ipv4 neighbors <ipv4 address> received-routes
show bgp vrf <name> ipv4 neighbors <ipv4 address> routes
show bgp vrf <name> ipv4 neighbors <ipv4 address> [mef-ethernet <slot/port> | system-control-evc |
show bgp any-vrf ipv6 neighbors
show bgp any-vrf ipv6 neighbors <ipv6 address>
show bgp any-vrf ipv6 neighbors <ipv6 address> advertised-routes

show bgp any-vrf ipv6 neighbors <ipv6 address> received-routes

show bgp any-vrf ipv6 neighbors <ipv6 address> routes
show bgp ipv6 neighbors
show bgp ipv6 neighbors <ipv6 address>
show bgp ipv6 neighbors <ipv6 address> advertised-routes
show bgp ipv6 neighbors <ipv6 address> received-routes
show bgp ipv6 neighbors <ipv6 address> routes
show bgp vrf <name> ipv6 neighbors
show bgp vrf <name> ipv6 neighbors <ipv6 address>
show bgp vrf <name> ipv6 neighbors <ipv6 address> advertised-routes
show bgp vrf <name> ipv6 neighbors <ipv6 address> received-routes
show bgp vrf <name> ipv6 neighbors <ipv6 address> routes

Syntax Description
(VRF) instances.
<ipv4 address> Optional. Displays information for the specified neighbor. IPv4 addresses
If no IPv4 address is entered, information for all neighbors is displayed.
<ipv6 address> Optional. Displays information for the specified neighbor. IPv6 addresses
should be expressed in colon hexadecimal format (for example,
2001:DB8:1::1).
If no IPv6 address is entered, information for all neighbors is displayed.
advertised-routes Optional. Displays all routes being advertised to the specified neighbor.
Command output is the same as for show bgp except filtered to only the
BGP routes being advertised to the specified neighbor.
received-routes Optional. Displays all routes (accepted and rejected) advertised by the
specified neighbor. Routes may be rejected by inbound filters, such as
prefix list filters.
routes Optional. Displays all accepted received routes advertised by the specified
neighbor. Routes displayed have passed inbound filtering. This command
output is the same as show ip bgp except the output is filtered to those
learned from the specified neighbor.
mef-ethernet <slot/port> Optional. Displays information for the Metro Ethernet Forum (MEF) Ethernet
interface.
system-control-evc Optional. Displays information for neighbors in the system control Ethernet
virtual connection (EVC).
system-management-evc Optional. Displays information for neighbors in the system management
EVC.
Default Values
Command History
include.
ipv6 and <ipv6 address> parameters.

management EVCs.
Functional Notes
Entries that are not filtered by prefix lists are marked with an asterisk (*) to show they are valid. Entries that
are deemed the best path to advertised route are marked with a caret (>).
Usage Examples
The following are output variations of the show bgp ipv4 neighbors command:
>enable
#show bgp ipv4 neighbors
BGP neighbor is 10.15.43.17, remote AS 100, external link
Configured hold time is 180, keepalive interval is 60 seconds
Default minimum time between advertisement runs is 30 seconds
Connections established 6; dropped 5
Last reset: Interface went down
Connection ID: 15
BGP version 4, remote router ID 8.1.1.1
BGP state is Established, for 01:55:05
Negotiated hold time is 180, keepalive interval is 60 seconds
Message statistics:
InQ depth is 0, OutQ depth is 0
Local host: 10.15.43.18, Local port: 179
Sent Rcvd
Opens:1 1
Notifications: 00
Updates: 0 8
Keepalives: 116116
Unknown: 0 0
Total: 117 125
Foreign host: 10.15.43.17, foreign port: 1048
Flags: passive open
#show bgp ipv4 neighbors 10.15.43.34 advertised-routes

Status codes: * valid, > best, i - internal
Network NextHop Metric Path

*> 1.0.0.0/8 10.15.43.17 1 100 i
*> 2.0.0.0/9 10.15.43.17 1 100 i

#show bgp ipv4 neighbors 10.15.43.17 received-routes


*> 1.0.0.0/8 10.15.43.17 1 100 i
*> 2.0.0.0/9 10.15.43.17 1 100 i
#show ip bgp neighbors 10.15.43.17 routes


*> 1.0.0.0/8 10.15.43.17 1 100 i
*> 2.0.0.0/9 10.15.43.17 1 100

show bgp regexp <expression>

Use the show bgp regexp command to display a summary of the Border Gateway Protocol (BGP) route
table that includes routes whose autonomous system (AS) path matches the specified expression.
show bgp any-vrf ipv4 regexp <expression>

show bgp ipv4 regexp <expression>
show bgp vrf <name> ipv4 regexp <expression>
show bgp any-vrf ipv6 regexp <expression>
show bgp ipv6 regexp <expression>
show bgp vrf <name> ipv6 regexp <expression>
Syntax Description
<expression> Displays routes whose AS path matches the regular expression specified.
(VRF) instances.
Default Values
Command History
include.
ipv6 parameter.

Functional Notes
Entries that are not filtered by prefix lists are marked with an asterisk (*) to show they are valid. Entries that
are deemed the best path to advertised route are marked with a caret (>).
Usage Examples
The following sample output of the show bgp ipv4 regexp _303_ command shows all of the entries in the
BGP database that contain “303” in the AS path.
>enable
#show bgp ipv4 regexp _303_
Network NextHop Metric LocPrf Path
10.22.130.8/29 10.22.132.9 303 304 302 i
* i10.22.130.240/28 0.22.132.1 100 303 300 i
* 10.22.130.240/28 10.22.132.9 303 300 i
10.22.131.0/29 10.22.132.9 303 304 302 i
10.22.131.8/29 10.22.132.9 303 304 302 i
* i10.22.131.16/29 10.22.132.1 0 100 303 i
* 10.22.131.16/29 10.22.132.9 0 303 i
* i10.22.131.240/28 10.22.132.1 100 303 300 i
* 10.22.131.240/28 10.22.132.9 303 300 i
* 10.22.132.0/29 10.22.131.1 0 302 303 i
* 10.22.132.0/29 10.22.131.9 0 302 303 i
* i10.22.132.0/29 10.22.132.1 0 100 303 i
*> 10.22.132.0/29 10.22.132.9 0 303 i
* 10.22.132.8/29 10.22.131.1 0 302 303 i
* 10.22.132.8/29 10.22.131.9 0 302 303 i
* 10.22.132.8/29 10.22.132.9 0 303 i
* i10.22.132.240/28 10.22.132.1 0 100 303 i
*> 10.22.132.240/28 10.22.132.9 0 303 i
10.22.134.0/29 10.22.132.9 303 304 i
10.22.134.8/29 10.22.132.9 303 304 i
10.22.134.16/29 10.22.132.9 303 304 i
10.22.134.24/29 10.22.132.9 303 304 i
10.22.134.32/29 10.22.132.9 303 304 i
10.22.134.40/29 10.22.132.9 303 304 i
10.22.134.48/29 10.22.132.9 303 304 i
10.22.134.56/29 10.22.132.9 303 304 i
10.22.134.64/29 10.22.132.9 303 304 i
10.22.134.80/29 10.22.132.9 303 304 i
10.22.135.0/29 10.22.132.9 303 304 305 i
10.22.135.8/29 10.22.132.9 303 304 305 i

show bridge
Use the show bridge command to display a list of all configured bridge groups (including individual
members of each group). Enter an interface or a bridge number to display the corresponding list. Variations
of this command include:
show bridge
show bridge <interface>
show bridge <number>
Syntax Description
<interface> Optional. Displays all bridge groups associated with the specific interface.
dot11ap 1/1.1. Type the show bridge ? command to display a list of
<number> Optional. Displays a specific bridge group.
Default Values
Command History
interface.
include.
Ethernet interface.

Usage Examples
The following is sample output from the show bridge command:
>enable
#show bridge
Total of 300 station blocks 295 free
Address Action Interface Age Rx Count Tx Count
00:04:51:57:4D:5A forward eth 0/1 0 7133392 7042770
00:04:5A:57:4F:2A forward eth 0/1 0 402365 311642
00:10:A4:B3:A2:72 forward eth 0/1 4 2 0
00:A0:C8:00:8F:98 forward eth 0/1 0 412367 231
00:E0:81:10:FF:CE forward fr 1.17 0 1502106 1486963

show buffers
Use the show buffers command to display the statistics for the buffer pools on the network server.
show buffers
show buffers realtime
Using the realtime argument for this command can adversely affect the performance of
your unit.
Syntax Description
Default Values
Command History
include.
Release R12.1.0 Command was made unavailable for virtual AOS (vAOS) instances.
Functional Notes
page 1125).
The show buffers command is not available on vAOS instances.

Usage Examples
The following is sample output from the show buffers command:
>enable
#show buffers
Buffer handles: 119 of 2000 used.
Pool Size Total Used Available Max. Used
0 1800 1894 119 1775 122
1 2048 64 0 64 0
2 4096 32 0 32 0
3 8192 4 0 4 0

show buffers users

Use the show buffers users command to display a list of the top users of packet buffers. Typically, this
command will only be used as a debug tool by ADTRAN personnel. Variations of this command include:
show buffers users

show buffers users realtime
your unit.
Syntax Description
Default Values
Command History
include.
Functional Notes
page 1125).
The show buffers users command is not available for vAOS instances.

Usage Examples
The following is sample output from the show buffers users command:
>enable
#show buffers users
Number of users: 7
Ran User Count
1 0x0052f4f8 59
2 0x0051a4fc 32
3 0x00528564 8
4 0x0053c1c8 7
5 fixedsize 5
6 0x001d8298 2
7 0x0010d970 1
8 0x00000000 0
9 0x00000000 0
10 0x00000000 0
11 0x00000000 0

show cflash
Use the show cflash command to display a list of all files currently stored in CompactFlash® memory or
details about a specific file stored in CompactFlash memory. Variations of this command include:
show cflash
show cflash <filename>
Syntax Description
<filename> Optional. Displays details for a specified file located in flash memory. Enter
a wildcard (such as *.biz) to display the details for all files matching the
entered pattern.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show cflash command:
>enable
#show cflash
(dir) 0 SystemDefaultPrompts
(dir) 0 VoiceMail
9377163 NV7100A-12-00-23-E.biz
11110890 sip.ld
8767439 NV7100A-11-03-02-E.biz
8771176 NV7100A-11-03-02d-E.biz
8773148 NV7100A-11-03-03-E.biz

show channel-group
Use the show channel-group command to display detailed information regarding port aggregation of a
specified channel group (i.e., channel groups and their associated ports). Variations of this command
show channel-group port-channel load-balance

show channel-group summary
show channel-group <number> summary
Syntax Description
port-channel load-balance Displays the current load-balance scheme.
summary Summarizes the state of all channel groups or of a specific channel group (if
specified by the <number> argument).
<number> Optional. Specifies the channel group using the channel group ID (16).
Default Values
Command History
include.
Usage Examples
The following is sample output from the show channel-group command:
>enable
#show channel-group summary
Channel Group Port channel Associated Ports
-------------------- ----------------- -----------------------
1 1 eth 0/2 eth 0/3
2 2 eth 0/5 eth 0/6 eth 0/7

show clock
Use the show clock command to display the system time and date entered using the clock set command.
Refer to clock set <time> <day> <month> <year> on page 223 for more information. Variations of this
command include:
show clock
show clock detail
Syntax Description
detail Optional. Displays more detailed clock information, including the time source.
Default Values
Command History
include.
Usage Examples
The following example displays the current time and data from the system clock:
>enable
#show clock
23:35:07 UTC Tue Aug 20 2002

show cloudinit output-errors

Use the show cloudinit output-errors command to display any errors that occurred during the boot
process of a virtual AOS (vAOS) instance.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
vAOS has the ability to read special configuration files that are present in a virtual environment, and take
them into consideration when making decisions about its initial configuration. If any errors occur during this
process, they can be displayed using the show cloudinit output-errors command.
Usage Examples
The following example displays any errors that occurred in the vAOS boot process:
>enable
#show cloudinit output-errors

show command-mode
Use the show command-mode command to display the command mode in AOS for a specific set of
configuration commands. There are multiple levels of access within AOS from which users are allowed to
execute configuration commands. This command is used to verify the mode to which access must be
granted to execute a specific set of commands. This command is used for setting privilege levels for users
to access the AOS CLI. Variations of this command include:
do show command-mode
show command-mode
Syntax Description
do Specifies executing an Enable mode command from within the active
configuration mode. Any show command can be entered from any
configuration mode as long as it is preceded by the do command.
Default Values
Command History
Functional Notes
Since this command can be entered from anywhere in AOS, it has two variations. The show
command-mode command can only be issued from within the Enable Configuration mode. The do show
command-mode can only be entered from a configuration mode such as Global, or an interface
configuration mode. The command mode is necessary information for setting specific privilege levels in
AOS. For more information about privilege levels, refer to the command privilege <mode> level <level> on
page 1655 of this guide and the configuration guide Configuring Privilege Levels in AOS CLI available
online at http://supportforums.adtran.com.

Usage Examples
The following example displays the current command mode from within the Enable mode where all show
and debug commands are entered:
>enable
#show command-mode
Command mode is 'exec'
The following example displays the current command mode from within the Global Configuration mode
where a majority of the configuration commands are entered that affect the AOS device on a global level:
>enable
#configuration terminal
(config)#do show command-mode
Command mode is 'config'

show community-list
Use the show community-list command to display any or all defined community lists in the router
configuration. Variations of this command include:
show community-list
show community-list <name>
Syntax Description
<name> Optional. Specifies the name of the community list you wish to display. If this
parameter is omitted, all defined community lists will be displayed.
Default Values
Command History
include.
in ADTRAN products.
Usage Examples
The following example shows two community lists, one of which permits all routes containing community
number 10:67, and another which permits routes containing community number 10:68 and the Internet
community number, but denies routes containing community number 10:45.
>enable
#show community-list
community-list CommList1:
permit 10:67
community-list CommList2:
permit 10:68 internet
deny 10:45

show configuration
Use the show configuration command to display a text printout of the startup configuration file stored in
nonvolatile random access memory (NVRAM).
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show configuration command:
>enable
#show configuration
!
!
no enable password
!
ip subnet-zero
ip classless
ip routing
!
event-history on
no logging forwarding
logging forwarding priority-level info
no logging email
!
ip policy-timeout tcp all-ports 600
ip policy-timeout udp all-ports 60
ip policy-timeout icmp 60

!
!
!
interface eth 0/1
speed auto
no ip address
shutdown
!
interface dds 1/1
shutdown
!
interface bri 1/2
shutdown
!
!
ip access-list standard Outbound
permit host 10.3.50.6
permit 10.200.5.0 0.0.0.255
!
!
ip access-list extended UnTrusted
deny icmp 10.5.60.0 0.0.0.255 any source-quench
deny tcp any any
!
no snmp agent
!
!
!
line con 0
no login
!
line telnet 0
login
line telnet 1
login
line telnet 2
login
line telnet 3
login
line telnet 4
login
!

show connections
Use the show connections command to display information (including time division multiplexing (TDM)
group assignments) for all active connections.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show connections command:
>enable
#show connections
Displaying all connections....
Conn ID From To
_____________________________________________________________
1 atm 1 adsl 1/1
2 ppp 1 t1 2/1, tdm-group 1
3 ppp 1 t1 2/2, tdm-group 1
4 ppp 3 e1 3/1, tdm-group 1

show crypto ca
Use the show crypto ca command to display information regarding certificates and profiles. Variations of
show crypto ca certificates

show crypto ca crls
show crypto ca profiles
Syntax Description
certificates Displays information on all certificates.
crls Displays a summary of all certificate revocation lists (CRLs) for each
certificate authority (CA).
profiles Displays information on all configured CA profiles.
Default Values
Command History
Release 5.1 Command was introduced (enhanced software version only).
include.

Usage Examples
The following is sample output from the show crypto ca certificates command:
>enable
#show crypto ca certificates
CA Certificate
Status: Available
Certificate Serial Number: 012d
Subject Name: /C=FI/O=SSH Communications Security/OU=Web test/CN=Test CA 1
Issuer: /C=FI/O=SSH Communications Security/OU=Web test/CN=Test CA 1
CRL Dist. Pt: /C=FI/O=SSH Communications Security/OU=Web test/CN=Test CA 1
Start date is Jan 9 16:25:15 2003 GMT
End date is Dec 31 23:59:59 2003 GMT
Key Usage:
Non-Repudiation
Key Encipherment
Data Encipherment
CRL Signature
Encipherment Only

show crypto ike

Use the show crypto ike command to display information regarding the Internet key exchange (IKE)
configuration. Variations of this command include the following:
show crypto ike client configuration pool

show crypto ike client configuration pool <name>
show crypto ike policy
show crypto ike policy <value>
show crypto ike remote-id <remote-id>
show crypto ike sa
show crypto ike sa brief
Syntax Description
client configuration pool Displays the list of all configured IKE client configuration pools.
<name> Optional. Displays detailed information regarding the specified IKE client
configuration pool.
policy Displays information on all IKE policies. Indicates if client configuration is
enabled for the IKE policies and displays the pool names.
<value> Optional. Displays detailed information on the specified IKE policy. This
number is assigned using the crypto ike policy command. Refer to crypto
ike on page 1239 for more information.
remote-id <remote-id> Displays information on all IKE information regarding the remote-id. The
remote-id value is specified using the crypto ike remote-id command.
Refer to crypto ike remote-id on page 1243 for more information.
sa Displays all Internet Protocol security (IPsec) security associations (SAs).
sa brief Optional. Displays a brief listing of IPsec SAs.
Default Values

Command History
Release 15.1 Command was expanded to include the brief parameter.
include.
Usage Examples
The following is sample output from the show crypto ike policy command:
>enable
#show crypto ike policy
Crypto IKE Policy 100
Main mode
Using System Local ID Address
Peers:
63.105.15.129
initiate main
respond anymode
Attributes:
10
Encryption: 3DES
Hash: SHA
Authentication: Pre-share
Group: 1
Lifetime: 900 seconds
The following is sample output from the show crypto ike sa brief command:
>enable
#show crypto ike sa brief
Using 3 SAs out of 2000
IKE Security Associations:
(NOTE: The Remote ID may be truncated)
Peer IP Address Lifetime Status IKE Policy Remote ID

10.22.19.4 19800 UP (SA_MATURE) 100 nv1224r
10.22.19.2 0 MM_SA_WAIT 101 UNKNOWN
10.22.19.6 86365 UP (SA_MATURE) 102 security2

show debugging
Use the show debugging command to display a list of all activated debug message categories. Variations
show debugging
show debugging saved-filters
Syntax Description
saved-filters Optional. Displays the last debug filters saved using the command debug
save on page 449.
Default Values
Command History
include.
Release 17.4 Command was expanded to include the saved-filters keyword.
Usage Examples
The following is sample output from the show debugging command:
>enable
#show debugging
debug ip access-list MatchAll
debug firewall
debug ip rip
debug frame-relay events
debug frame-relay llc2
debug frame-relay lmi

The following is sample output from the show debugging saved-filters command:
>enable
#show debugging saved-filters
Saved filters:
debug probe test1

show demand
Use the show demand command to display information regarding demand routing parameters and
statistics. Variations of this command include the following:
show demand
show demand interface demand <interface>
show demand resource pool
show demand resource pool <name>
show demand sessions
Syntax Description
interface demand <interface> Optional. Displays information for a specific demand routing interface.
Valid range is 1 to 1024. Type show demand interface ? for a list of valid
interfaces.
resource pool Optional. Displays all resource pool information.
<name> Optional. Displays resource pool information for a specific resource pool
name.
sessions Optional. Displays active demand sessions.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show demand interface command:
>enable
#show demand int 1
Demand 1 is UP (connected)
Configuration:
Keep-alive is set (10 sec.)
Admin MTU = 1500

Mode: Either, 1 dial entries, idleTime = 120, fastIdle = 20

Resource pool demand
No authentication configured
IP address 10.100.0.2 255.255.255.0
Connect Sequence: Successes = 0, Failures = 0
Seq DialString Technology Successes Busys NoAnswers NoAuths InUse
5 5552222 ISDN 0 0 0 0
Current values:
Local IP address 10.100.0.2, Peer IP address 10.100.0.1
Seconds until disconnect: 63
Queueing method: weighted fair
Output queue: 0/1/428/64/0 (size/highest/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Available Bandwidth 48 kilobits/sec
Bandwidth=64 Kbps
Link through bri 1/3, Uptime 0:01:10
IN: Octets 588, Frames 19, Errors 0
OUT: Octets 498, Frames 18, Errors 0
Last callerID 2565552222, last called num 5552222
The following is sample output from the show demand interface demand command:
>enable
#show demand interface demand 1
demand 1
Idle timer (120 secs), Fast idle timer (20 secs)
Dialer state is data link layer up

Dial reason: answered
Interface bound to resource bri 1/3

Time until disconnect 105 secs
Current call connected 00:00:27
Connected to 2565552222
Number of active calls = 1

Interesting Traffic = list junk
Connect Sequence: Successes = 0, Failures = 0

Seq DialString Technology Successes Busys NoAnswers NoAuths InUse
5 5552222 ISDN0 0 0 0

The following is sample output from the show demand resource pool command:
>enable
#show demand resource pool
Pool demand
Resources: bri 1/3, bri 2/3
Demand Interfaces: demand 1
The following is sample output from the show demand sessions command:
>enable
#show demand sessions
Session 1
Interface demand 1
Local IP address = 10.100.0.2
Remote IP address = 10.100.0.1
Remote Username =
Dial reason: ip (s=, d=)
Link 1
Dialed number = 5552222
Resource interface = bri 1/3, Multilink not negotiated
Connect time: 0:0:13
Idle Timer: 119

show desktop-auditing dhcp

Use the show desktop-auditing dhcp command to display collected network access protection (NAP) and
Dynamic Host Configuration Protocol (DHCP) information for clients connected to the network. The
display of the collected information can be for all connected clients or for a specific client. Variations of
show desktop-auditing dhcp

show desktop-auditing dhcp antispyware 3rd-party
show desktop-auditing dhcp antispyware disabled
show desktop-auditing dhcp antispyware out-of-date
show desktop-auditing dhcp antispyware snoozed
show desktop-auditing dhcp antivirus 3rd-party
show desktop-auditing dhcp antivirus disabled
show desktop-auditing dhcp antivirus out-of-date
show desktop-auditing dhcp antivirus snoozed
show desktop-auditing dhcp auto-updates disabled
show desktop-auditing dhcp auto-updates not-checking
show desktop-auditing dhcp auto-updates not-downloading
show desktop-auditing dhcp auto-updates not-installing
show desktop-auditing dhcp brief
show desktop-auditing dhcp firewall 3rd-party
show desktop-auditing dhcp firewall disabled
show desktop-auditing dhcp firewall snoozed
show desktop-auditing dhcp hostname <hostname>
show desktop-auditing dhcp interface gigabit-switchport <slot/port>
show desktop-auditing dhcp ip <ip address>
show desktop-auditing dhcp local-violators
show desktop-auditing dhcp mac <mac address>
show desktop-auditing dhcp server-restricted
show desktop-auditing dhcp server-violators
Syntax Description
antispyware Optional. Displays NAP information only for clients with the
specified antispyware status.
3rd-party Displays NAP information only for clients with third-party
antispyware.

disabled Displays NAP information only for clients with disabled

antispyware.
out-of-date Displays NAP information only for clients with out-of-date
antispyware.
snoozed Displays NAP information only for clients with inactive
antispyware.
antivirus Optional. Displays NAP information only for clients with the
specified antivirus status.
antivirus software.
antivirus software.
out-of-date Displays NAP information only for clients with out-of-date
antivirus software.
snoozed Displays NAP information only for clients with inactive
antivirus software.
auto-updates Optional. Displays NAP information only for clients with the
specified auto-update status.
auto-updates.
not-checking Displays NAP information only for clients that are not
checking for auto-updates.
not-downloading Displays NAP information only for clients that are not
downloading auto-updates.
not-installing Displays NAP information only for clients that are not
installing auto-updates.
brief Optional. Displays information for all NAP clients in a table
format.
firewall Optional. Displays NAP information only for clients with the
specified firewall state.
firewall software.
firewall software.
snoozed Displays NAP information only for clients with inactive firewall
software is displayed.
hostname <hostname> Optional. Displays NAP information only for the client with the
interface gigabit-switchport <slot/port> Optional. Displays NAP information only for the client using
the specified interface.
ip <ip address> Optional. Displays NAP information only for the client at the

local-violators Optional. Displays NAP information only for clients that

violate the local policy.
mac <mac address> Optional. Displays NAP information only for the client at the
server-restricted Optional. Displays NAP information only for the clients
restricted by the server.
server-violators Optional. Displays NAP information only for the clients that
violate the server policy.
Default Values
Command History
Functional Notes
Output of the show desktop-auditing dhcp command can be limited by specific client or by specific
criteria (feature states), but not by both.
Local policies are defined by using the command desktop-auditing local-policy on page 1250.
For more information about configuring local policies, refer to Desktop Auditing Local Policy Command Set
on page 4380.
For more information about configuring desktop auditing, refer to the Configuring Desktop Auditing in AOS
configuration guide available online at https://supportcommunity.adtran.com.
Usage Examples
The following is sample output from the show desktop-auditing dhcp command:
#show desktop-auditing dhcp

Client MAC/IP: 00:E0:29:0E:D5:E3 / 10.23.220.1 / xpsp3-host
Collected: DHCP
VLAN ID: 100
Source Port: gigabit-switchport 0/2
Date/Time Collected: 2009.08.25 10:33:42
Client NAP: Enabled
Server NAP: Enabled
Client OS Version: Windows XP
Client OS Service Pack: 3
Client Processor Architecture: x86 architecture
Client Firewall: Microsoft
Disabled but Up-To-Date
Client Antivirus: Symantec Antivirus Corporate Edition

Enabled & Up-To-Date

Client Antispyware: None Installed
Client Automatic Security Updates: Enabled, Download, but Don’t Install
Client Security Updates: From 10.10.10.3
Up-To-Date (2009.08.25 10:33:42)
Client Requires Remediation: False
Network Connectivity: Not restricted
The preceding output is for one client. This same information will be displayed for all
connected clients unless one of the filtering parameters is used in conjunction with the
show desktop-auditing dhcp command.
The following is sample output from the show desktop-auditing dhcp brief command. Because of the
brief keyword, the results are displayed in table format.
#show desktop-auditing dhcp brief

Columns: E = Enabled, U = Up-to-date, 3 = 3rd party (not MS), S = Snoozed
C = Check for Updates, D = Download Updates, I = Install Updates
! = Error (not installed, other)
Indicators: + = True, - = False, ? = Unknown State
! = Attention
Server
Response R = Client Requires Remediation, N = Client Network Restricted
Codes: . = No Server Response
Client FireWall AntiVir AntiSpy AutoUpd SecUpd Server

E3S! EU3S! EU3S! ECDI! Severity Response
---------------------------------------------------------------------------------------------------------------------------------------
00:E0:29:0E:D5:E3 +-- +++- +++- ++-- Important
00:E0:29:0E:D5:E4 --- +-+- ----! ++++ Low RN

show dial-backup interfaces

Use the show dial-backup interfaces command to display all configured dial-backup interfaces and the
associated parameters for each.
Syntax Description
No subcommands.
Default Values
Command History
Release 5.1 Command was expanded to include the Point-to-Point Protocol (PPP) dial
backup.
include.
Usage Examples
The following example enters the Enable mode and uses the show command to display dial-backup
interface information:
>enable
#show dial-backup interfaces
Dial-backup interfaces...
fr 1.16 backup interface:
Backup state: idle
Backup protocol: PPP
Call mode: originate
Auto-backup: enabled
Auto-restore: enabled
Priority: 50
Backup delay: 10 seconds
Restore delay: 10 seconds
Connect timeout: 60 seconds
--MORE--

show dialin interfaces

Use the show dialin interfaces command to display information regarding remote console dialin.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show dialin interfaces command:
>enable
#show dialin interfaces
Dialin interfaces...
modem 1/3 dialin interface:
Connection Status: Connected
Caller ID info: name-John Smith number-5551212 time-14:23:10 2/17/2003

show dos counters

Use the show dos counters command to display denial of service (DoS) attack statistics.
Syntax Description
No subcommands.
Default Values
By default, DoS protection in AOS is disabled.
Command History
Usage Examples
The following example displays attack statistics for the AOS unit:
>enable
#show dos counters
DOS Fragment Error 0
DOS ICMP Error 0
DOS L3 Header Error 0
DOS L4 Header Error 1269620
DOS Source MAC equal Destination MAC 0
#

show dos-id
Use the show dos-id command to list all denial of service (DoS) attacks the DoS protection feature
provides protection against, along with their corresponding threat IDs.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
The IDs obtained with the show dos-id command are used in the dos-protection <id> command to add
or remove threat protection for specific threats.
Usage Examples
>enable
#show dos-id
DOS L4 Header Error
TCP pkts w/ control flags and seq# equal to 0 [1]
TCP pkts w/ SYN and FIN bits set [2]
TCP pkts w/ FIN,URG,PSH bits set with ACK bit & seq# equal to 0 [3]
TCP pkts w/ source port equal to destination port [4]
UDP pkts w/ source port equal to destination port [5]
TCP SYN pkts w/source port 0-1023 for the first fragment [6]
DOS L3 Header Error

Source IP equal to Destination IP [20]
DOS ICMP Error

Fragmented ICMP pkts [40]
ICMPV4 ping pkts w/payload greater than specified [41]
ICMPV6 ping pkts w/payload greater than specified [42]
DOS Fragment Error

TCP fragments w/ offset value set to 1 [60]
First TCP fragments w/ TCP header smaller than specified [61]
#

show dot11 access-point

Use the show dot11 access-point command to display information about wireless access points (APs) for
the wireless access controllers (ACs) in the network. Variations of this command include the following:
show dot11 access-point

show dot11 access-point detail
show dot11 access-point mac-address <mac address>
show dot11 access-point mac-address <mac address> detail
show dot11 access-point managed
show dot11 access-point managed detail
show dot11 access-point managed realtime
show dot11 access-point name <name>
show dot11 access-point name <name> detail
show dot11 access-point realtime
show dot11 access-point status available
show dot11 access-point status available detail
show dot11 access-point status download
show dot11 access-point status download detail
show dot11 access-point status init
show dot11 access-point status init detail
show dot11 access-point status no_session
show dot11 access-point status no_session detail
show dot11 access-point status ready
show dot11 access-point status ready detail
show dot11 access-point status recovery
show dot11 access-point status recovery detail
show dot11 access-point status running
show dot11 access-point status running detail
show dot11 access-point status session
show dot11 access-point status session detail
show dot11 access-point unmanaged
show dot11 access-point unmanaged detail
show dot11 access-point unmanaged realtime

your unit.
Syntax Description
mac-address <mac address> Optional. Displays a particular access point (AP) by medium access
control (MAC) address. MAC addresses should be expressed in the
following format xx:xx:xx:xx:xx:xx (for example, 00:A0:C8:00:00:01).
managed Optional. Displays a list of APs managed by this AC.
name <name> Optional. Displays a particular AP by name.
status Optional. Displays APs at a certain status. (Refer to the options below.)
available Optional. Displays APs at available session state.
download Optional. Displays APs at download state.
init Optional. Displays APs at init state.
no_session Optional. Displays APs at no session state.
ready Optional. Displays APs at ready state.
recovery Optional. Displays APs at recovery state.
running Optional. Displays APs at running state.
session Optional. Displays APs at session state.
unmanaged Optional. Displays a list of APs not managed by this AC.
detail Optional. Displays a detailed list of all discovered APs.
realtime Optional. Displays full-screen output in real time. Refer to the
Functional Notes below for more information.
Default Values
Command History
Release 16.1 Command was expanded to include the available session state.
include.
Functional Notes
page 1125).

Usage Examples
The following is sample output from the show dot11 access-point command:
>enable
#show dot11 access-point
Wireless Access Points:
Name MAC-Address AP Status Cfg’d Control Status

------------------------------------------------------------------------------ ------- -----------------------
ADTN1DF857 00:A0:C8:1D:F8:57 Session Y Ctl_by_This_AC

show dot11 clients

Use the show dot11 clients command to display stations associated with all wireless access points (APs).
show dot11 clients interface dot11ap <ap interface>

show dot11 clients mac-address <mac address>
Syntax Description
interface dot11ap Displays stations associated with APs by interface.
<ap interface> Specifies AP interface number. Range is 1 to 8.
mac-address Displays stations associated with APs by medium access control (MAC)
address.
<mac address> Specifies a valid client 48-bit MAC address. MAC addresses should be
expressed in the following format xx:xx:xx:xx:xx:xx (for example,
00:A0:C8:00:00:01).
Default Values
Command History
include.
Usage Examples
The following command initiates a request to display a list of clients for AP interface 1.
>enable
#show dot11 clients interface dot11ap 1
Wireless Access Point Clients:
Ap Station MAC-Address
------ -------------------
1 00:40:96:AB:3B:5E

The following command initiates a request to display a list of clients for MAC address 00:40:96:ab:3b:5e:
>enable
#show dot11 clients mac-address 00:40:96:ab:3b:5e
Wireless Access Point Clients:
Ap Radio Vap Station MAC-Address
------ ------ ------ ---------------------------
1 1 1 00:40:96:AB:3B:5E

show dot11 statistics interface dot11ap

Use the show dot11 statistics interface dot11ap command to display counters of an 802.11 radio and its
virtual access points (VAPs). Variations of this command include the following:
show dot11 statistics interface dot11ap <ap/radio>

show dot11 statistics interface dot11ap <ap/radio.vap>
Syntax Description
<ap> Specifies the wireless access point (AP). Range is 1 to 8.
</radio> Specifies the radio associated with the AP. Range is 1 to 2.
<.vap> Specifies the VAP associated with the radio. Range is 1 to 8.
The radio must be specified in the format <ap/radio>. For example, 2/1 indicates radio 1
on access point 2. The VAP must be specified in the format <ap/radio.vap>. For example,
2/1.1 indicates virtual access point 1 on radio 1 on access point 2.
Default Values
Command History
include.

Usage Examples
The following is sample output for the radio 1 on AP interface 1 using the show dot11 statistics interface
dot11ap command:
>enable
#show dot11 statistics interface dot11ap 1/1
Authentication Count: 17
Deauthentication Count: 48
Association Count: 18
Disassociation Count: 12
Reassociation Count: 0
Wireless MSDU Rx Packets: 346
Wireless Data Rx Packets: 7221
Wireless Multicast Rx Packets: 308
Wireless Management Rx Packets: 675805
Wireless Control Rx Packets: 0
Wireless MSDU Tx Packets: 237259
Wireless Data Tx Packets: 236856
Wireless Multicast Tx Packets: 236812
Wireless Management Tx Packets: 599
Wireless Control Tx Packets: 0

show dns resolver queue

Use the show dns resolver queue command to show information related to the domain naming system
(DNS) queries that are currently scheduled for resolution.Variations of this command include:
show dns resolver queue

show dns resolver queue realtime
your unit.
Syntax Description
Default Values
Command History
Functional Notes
page 1125).
Usage Examples
The following command shows real time information related to DNS queries currently scheduled for
resolution:
>enable
#show dns resolver queue realtime

show dynamic-dns
Use the show dynamic-dns command to show information related to the dynamic domain naming system
(DNS) configuration.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from this command:
>enable
#show dynamic-dns
eth 0/1:
Hostname: host
Is Updated: no
Last Registered IP: 10.15.221.33
Last Update Time: 00:00:00 UTC Thu Jan 01 1970

show dynamic-counter
Use the show dynamic-counter command to show statistics related to the dynamic counter. Variations of
show dynamic-counter
show dynamic-counter average-rates
show dynamic-counter <slot/index>
Syntax Description
average-rates Displays the average rate of frames/packets per second and bits per
second assigned to a queue for the last 30 seconds and 5 minutes.
<slot/index> Specifies the slot and port of the dynamic counter in the format <slot/index>.
For example, 0/1.
Default Values
Command History
Release R13.3.0 Command was expanded to include the average-rates parameter.
Usage Examples
>enable
#show dynamic-counter
Counter| Type | Port/Queue | Bytes | Packets | Avg Rate (kbps) | Status

---------- |------------------|---------------------|------------------|--------------- |----------------------- |------------
0/1 | TX | Gig Eth 1/Q 4 | 74984320 | 1171630 | 5 | ACTIVE
0/2 | CONGEST | Gig Eth 1/Q 4 | 0 |0 |0 | ACTIVE

0/7 | TX | Gig Eth 1/Q 1 | 75063154 |1172856 |6 | ACTIVE

0/8 | CONGEST | Gig Eth 1/Q 1 |0 |0 |0 | ACTIVE
0/9 | TX | Gig Eth 1/Q 0 | 110363758 |1581014 |8 | ACTIVE
0/10 | CONGEST | Gig Eth 1/Q 0 |0 |0 |0 | ACTIVE
0/11 | NONE | NONE |0 |0 |0 | N/A
...

show eps
Use the show eps command to show information related to the external power supply (EPS) power state.
The output of this command indicates if an EPS is connected, if it is delivering power, the available power,
and whether the EPS has failed.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
>enable
#show eps
VCID 1 EPS is connected
VCID 1 EPS is delivering 370 watts
VCID 1 EPS fans are working.
VCID 2 EPS is connected
VCID 2 EPS is delivering 370 watts
VCID 2 EPS fans are working.

show ethernet cfm association

Use the show ethernet cfm association command to display Ethernet operations, administration, and
maintenance (OAM) connectivity fault management (CFM) maintenance association (MA) configuration
and statistical information. Variations of this command include:
show ethernet cfm association

show ethernet cfm association <domain name>
show ethernet cfm association <domain name> <association name>
show ethernet cfm association <domain name> <association name> detail
show ethernet cfm association detail
show ethernet cfm association none <association name>
show ethernet cfm association none <association name> detail
Syntax Description
<domain name> Optional. Specifies that output is limited to associations in the specified
domain.
<association name> Optional. Specifies that output is limited to the specified association.
detail Optional. Specifies the output is displayed in detail, rather than summary,
format.
none Optional. Specifies that no domain name is used.
Default Values
Command History
Functional Notes

Usage Examples
The following is sample output from the show ethernet cfm association command:
>enable
#show ethernet cfm association
--------------------------------------------------------------------------------------------------------------------------------
Index Domain/Association CCM MEP-Cnt
Component VID Sender-ID
--------------------------------------------------------------------------------------------------------------------------------
1 Bogus/Test 1sec 0
1 BenchTest/BenchAssoc 1min 3
giga-eth 0/2 0 none
The following is sample output from the show ethernet cfm association detail command:
>enable
#show ethernet cfm association detail
Domain Name: Bogus
Assoc Name: Test
SNMP Index: 1
CCM Interval: 1sec
Components:
MEP Count: 0
Domain Name: BenchTest

Assoc Name: BenchAssoc
SNMP Index: 1
CCM Interval: 1min
Components:
giga-eth 0/2 (VLAN=0, ID=none)
MEP Count: 3
1 (remote)
2 (remote)
3 (local)

show ethernet cfm domain

Use the show ethernet cfm domain command to display Ethernet operations, administration, and
maintenance (OAM) connectivity fault management (CFM) maintenance domain (MD) configuration and
statistical information. Variations of this command include:
show ethernet cfm domain

show ethernet cfm domain <domain name>
show ethernet cfm domain <domain name> detail
show ethernet cfm domain detail
show ethernet cfm domain none
Syntax Description
<domain name> Optional. Specifies that output is limited to associations in the specified
domain.
detail Optional. Specifies the output is displayed in detail, rather than summary,
format.
none Optional. Specifies that no domain name is used.
Default Values
Command History
Functional Notes

Usage Examples
The following is sample output from the show ethernet cfm domain command:
>enable
#show ethernet cfm domain
----------------------------------------------------------------------------------------------------
Index Domain Lvl Assoc-Count
----------------------------------------------------------------------------------------------------
1 Bogus 5 1
2 BenchTest 5 1
The following is sample output from the show ethernet cfm domain detail command:
>enable
#show ethernet cfm domain detail
Domain Name: Bogus
SNMP Index: 1
Level: 5
Associations: 1
test
Domain Name: BenchTest

SNMP Index: 2
Level: 5
Associations: 1
BenchAssoc

show ethernet cfm mep local

Use the show ethernet cfm mep local command to display configuration and statistical information for all
Ethernet operations, administration, and maintenance (OAM) connectivity fault management (CFM)
maintenance endpoints (MEPs) configured on the system. Variations of this command include:
show ethernet cfm mep local

show ethernet cfm mep local detail
show ethernet cfm mep local domain <domain name> association <association name>
show ethernet cfm mep local fault
show ethernet cfm mep local interface <interface>
show ethernet cfm mep local mep-id <mep id>
show ethernet cfm mep local statistics
Syntax Description
detail Optional. Specifies the format is in detail, rather than summary, format.
domain <domain name> Optional. Specifies that output is limited to MEPs in the specified
domain.
association <association name> Optional. Specifies that output is limited to MEPs in the specified
association.
fault Optional. Specifies that output is limited to only MEP fault information.
interface <interface> Optional. Specifies that output is limited to the MEPs configured on the
specified interface. Specify an interface in the format <interface type
[slot/port | slot/port.subinterface id | interface id |
interface id. subinterface id]>. For example, for an Ethernet
mep-id <mep id> Optional. Specifies that output is limited to MEPs with the specified ID.
MEP ID range is 1 to 8191.
statistics Optional. Specifies that only MEP statistics are displayed.
Default Values

Command History
Ethernet interface.
Functional Notes
Usage Examples
The following is sample output from the show ethernet cfm mep local detail command:
>enable
#show ethernet cfm mep local detail
MEPs configured on this device
MEP-ID: 3
Domain/Assoc: BenchTest/Test
Mac Address: 00:A0:C9:00:D8:B2 Interface: giga-eth 0/2 Vlan: 0
Level: 5 Direction: down Priority: 7
Admin State: up CCM State: yes
Fault Notification Settings

-----------------------------------------------
Highest Allowed Defect: MacStatus
AlarmTime: 2500 ms ResetTime: 10000 ms
SNMP Trap: Disabled
Current Fault State

-----------------------------------
Fault State: Defect Last Reported Fault: 08:41 PM, 09/16/2008
Current Highest Defect: None

Current Defects (Highest to Lowest defect priority):
Xcon CCM: -
Err'd CCM: -
Remote CCM: -
MAC Status: -
RDI: -
Message Statistics
-----------------------------------
CCMs Transmitted: 2787 CCMs Received Out of Sequence: 4
LBRs Transmitted: 0 Next LBM ID: 36
LBRs Received: 30 LBRs Received Out of Order: 0

LBRs with bad data: 0

Next LTM ID: 1 Unexpected LTRs: 0
The following is sample output from the show ethernet cfm mep local fault command:
>enable
#show ethernet cfm mep local fault
MEPs configured on this device
MEP-ID: 3
Domain/Assoc: BenchTest/Test
Mac Address: 00:A0:C9:00:D8:B2 Interface: giga-eth 0/2 Vlan: 0
Level: 5 Direction: down Priority: 7
Admin State: up CCM State: yes
Fault Notification Settings

------------------------------------------------
Highest Allowed Defect: MacStatus
AlarmTime: 2500 ms ResetTime: 10000 ms
SNMP Trap: Disabled
Current Fault State

-------------------------------------
Fault State: Defect Last Reported Fault: 08:41 PM, 09/16/2008
Current Highest Defect: None

Current Defects (Highest to Lowest defect priority):
Xcon CCM: -
Err'd CCM: -
Remote CCM: -
MAC Status: -
RDI:

show ethernet cfm mep remote

Use the show ethernet cfm mep remote command to display configuration and statistical information for
all remote Ethernet operations, administration, and maintenance (OAM) connectivity fault management
(CFM) maintenance endpoints (MEPs) stored on the system. Variations of this command include:
show ethernet cfm mep remote

show ethernet cfm mep remote domain <domain name> association <association name>
show ethernet cfm mep remote domain none association <association name>
show ethernet cfm mep remote interface <interface>
show ethernet cfm mep remote level <level>
show ethernet cfm mep remote local-mep <mep id>
show ethernet cfm mep remote remote-mep <mep id>
Syntax Description
domain <domain name> Optional. Specifies that output is limited to MEPs in the specified
domain.
none Optional. Specifies no domain name is used.
association <association name> Optional. Specifies that output is limited to MEPs in the specified
association.
interface <interface> Optional. Specifies that output is limited to the MEPs configured on
the specified interface. Specify an interface in the format <interface
type [slot/port | slot/port.subinterface id | interface id |
subinterface, use eth 0/1.1. For a list of appropriate interfaces, enter
level <level> Optional. Specifies that output is limited to MEPs in the specified
maintenance level. Levels range from 0 to 7.
local-mep <mep id> Optional. Specifies that output is limited to the remote MEPs for all
local MEPs with the specified ID. MEP ID range is 1 to 8191.
remote-mep <mep id> Optional. Specifies that output is limited to the remote MEPs with the
specified ID. MEP ID range is 1 to 8191.

Default Values
By default, all remote MEPs for all local MEPs are displayed.
By default, MEPs in all levels are displayed.
By default, all remote MEPs are displayed.
Command History
Ethernet interface.
Functional Notes
Usage Examples
The following is sample output from the show ethernet cfm mep remote command:
>enable
#show ethernet cfm mep remote
Local MEP 3
Domain/Assoc: BenchTest/BenchAssoc
Level: 5 VLAN: 0
Interface: giga-eth 0/2
Remote MEPs: (* = static)
ID State Age MAC RDI Port Iface

--------------------------------------------------------------------------------------------------------------
* 1 Ok 165936 00:A0:C8:1F:CE:B0 - No TLV Up
* 2 Ok 165936 00:A0:C8:00:62:F2 - No TLV Up

show ethernet cfm stack

Use the show ethernet cfm stack command to display statistics and information about the Ethernet
operations, administration, and maintenance (OAM) connectivity fault management (CFM) stack.
show ethernet cfm stack

show ethernet cfm stack interface <interface>
show ethernet cfm stack level <level>
show ethernet cfm stack vlan <vlan id>
show ethernet cfm stack vlan none
Syntax Description
interface <interface> Optional. Specifies that output is limited to the specified interface. Specify
| interface id | interface id. subinterface id]>. For example, for an Ethernet
level <level> Optional. Specifies that output is limited a specified maintenance level.
Levels range from 0 to 7.
vlan <vlan id> Optional. Specifies that output is limited to a specific virtual local area
network (VLAN). VLAN ID range is 1 to 4095.
none Optional. Specifies that output is limited to all VLANs.
Default Values
By default, all interfaces are displayed.
By default, all maintenance levels are displayed.
By default, all VLANs are displayed.
Command History
Ethernet interface.

Functional Notes
Usage Examples
The following is sample output from the show ethernet cfm stack command:
>enable
#show ethernet cfm stack
0------------1--------------2-------------3-------------4-------------5-------------6-----------7-------------8
123456789012345678901234567890123456789012345678901234567890
------------------------------------------------------------------------------------------------------------------------
Interface Vlan Lvl Domain/Assoc
MEPID MAC
------------------------------------------------------------------------------------------------------------------------
eth 0/1 0 7 Domain_1/MA_1
1 00:A0:C8:16:96:0D
eth 0/2 20 5 Domain1/Assoc2
2012 00:0a:c8:00:01:03

show ethernet lmi

Use the show ethernet lmi command to display Ethernet local management interface (E-LMI) statistics
and configuration information. Variations of this command include:
show ethernet lmi current

show ethernet lmi current <interface>
show ethernet lmi statistics
show ethernet lmi statistics <interface>
Syntax Description
current Specifies the current status of EVCs that will be sent out with the next E-LMI
message are displayed.
statistics Specifies the E-LMI statistics are displayed.
<interface> Optional. Limits output to a specified E-LMI interface. Specify interfaces in
the format <interface type [slot/port]>. For example, for a Gigabit Ethernet
interface, use gigabit eth 0/1. Type show ethernet lmi statistics ? for a
complete list of interfaces.
Default Values
Command History
Release R11.6.0 Command was expanded to include the current parameter.
Release R13.11.0 The output of this command was expanded to include ELMI forwarding
status.
Usage Examples
The following example displays E-LMI statistics for the Gigabit Ethernet interface:
>enable
#show ethernet lmi statistics gigabit-ethernet 0/1
E-LMI Statistics for giga-eth 0/1
E-LMI Admin Status: Up
E-LMI Operation Status: Up

E-LMI Forwarding Status: Enabled

UNI ID: giga-eth 0/1
Reliability Errors: 0
Status Inquiry Timeouts: 0
Invalid Sequence Number: 0
Invalid Status Request: 0
Protocol Errors: 0
Short Message: 0
Invalid Version: 0
Invalid Message Type: 0
Invalid Mandatory IE: 0
Mandatory IE Missing: 0
Out of Sequence IE: 0
Duplicated IE: 0
Mandatory IE Missing: 0
Unexpected Recognized IE: 0
Last Full Status Inquiry Received: 00:50:35

Last Full Status Sent: 00:50:35
Last Status Check Inquiry Received: 00:00:06
Last Status Check Sent: 00:00:06
Last clearing of counters: never

show ethernet loopback

Use the show ethernet loopback command to display the status and ouput of facility or terminal loopback
objects. Facility loopback objects are used to provision facility media access control (MAC) swap
loopback tests and terminal loopback objects are used to provision Carrier Ethernet Terminal Loopback
tests. Variations of this command include:
show ethernet loopback facility

show ethernet loopback facility <name> <slot>
show ethernet loopback facility slot <slot>
show ethernet loopback terminal
show ethernet loopback terminal <name> <slot>
show ethernet loopback terminal slot <slot>
Syntax Description
facility Specifies the output is for facility loopback objects.
terminal Specifies the output is for terminal loopback objects.
<name> Optional. Specifies that output is limited to the facility or terminal loopback
object with the specified name.
<slot> Optional. Specifies that output is limited to the facility or terminal loopback
object with the specified slot.
slot <slot> Optional. Specifies that output is limited to all facility or terminal loopback
objects on a specified slot.
Default Values
By default, the status and output of all facility or terminal loopback objects are displayed.
Command History
Release R13.7.0 Command was expanded to include the terminal loopback parameter.
Functional Notes
For more information regarding facility loopback objects and facility MAC swap loopback, refer to Facility
MAC Swap Loopback Command Set on page 3727.

For more information regarding Carrier Ethernet Terminal Loopback objects, refer to Carrier Ethernet
Terminal Loopback Command Set on page 3724.
Usage Examples
The following is sample output from the show ethernet loopback facility command:
>enable
#show ethernet loopback facility FACILITY 0
eth-lbk-fac “FACILITY” 0 is Enabled and Running
Matched S-tag : 100
Matched P-bit : na
Matched MAC : DA 00:A0:C8:00:00:01
System MAC : false
Interface : Gigabit Ethernet 0/1

show ethernet oam

Use the show ethernet oam command to display local and remote configuration and statistical information
for Ethernet Link operations, administration, and maintenance (OAM) parameters stored on the system.
show ethernet oam discovery

show ethernet oam discovery interface <interface>
show ethernet oam statistics
show ethernet oam statistics interface <interface>
show ethernet oam status
show ethernet oam status interface <interface>
show ethernet oam summary
Syntax Description
discovery Displays discovery state information between the local OAM client
and the remote peer. If no interface is specified, then information
about all interfaces with Ethernet Link OAM enabled is displayed.
statistics Displays Ethernet Link OAM Protocol Data Unit (PDU) counters by
type, critical link fault records, and link-monitor event logs on a
per-interface basis. If no interface is specified, then PDU information
for all interface with Ethernet Link OAM enabled is displayed.
status Displays the configured Ethernet Link OAM settings, including
link-monitor settings, on a per-interface basis. If no interface is
specified, then configuration for all interfaces with Ethernet Link OAM
enabled is displayed.
summary Displays a summary of the remote peer’s configuration and
capabilities for all interfaces that have Ethernet Link OAM enabled.
interface <interface> Optional. Specifies that output is limited to the specified interface.
slot/port.subinterface id | interface id | interface id. subinterface id]>.
For example, for a Gigabit Ethernet interface, use giga-eth 0/1. For
an Ethernet in the first mile (EFM) group, use efm-group 1/1. For a
list of appropriate interfaces, enter interface ? at the prompt.

Default Values
Command History
Usage Examples
The following is sample output from the show ethernet oam summary command:
>enable
#show ethernet oam summary
Capability codes: L - Link Monitor, R- Remote Loopback
U - Unidrection, V - Variable Retrieval
Local Remote
Interface MAC Address OUI Mode Capability
giga-eth 0/1 00:a0:c8:01:02:03 00A0C8 active LV
The following is sample output from the show ethernet oam discovery command:
>enable
#show ethernet oam discovery
giga-eth 0/1
Local Client
----------------
Administrative configurations:
Mode: active
Unidirection: not supported
Link monitor: not supported
Remote loopback: not supported
MIB retrieval: not supported
Mtu size: 1518
Operational status:
Port status: UP
Discovery state: Send Any
PDU state: Any
Stable: true
Satisfied: true
Remote client
------------------
MAC address: 00:A0:C8:00:00:01
Vendor (oui): 00A0C8

Administrative configuration:
Mode: active
Unidirection: not supported
Link monitor: supported
Remote loopback: not supported
MIB retrieval: supported
Mtu size: 1518
Operational status:
Stable: true
State valid: true

show ethernet y1731 file-save

Use the show ethernet y1731 file-save command to display a specified Y.1731 performance monitoring
log file. Variations of this command include:
show ethernet y1731 file-save <filename>

show ethernet y1731 file-save current frame-delay two-way
show ethernet y1731 file-save current frame-loss single-ended
show ethernet y1731 file-save current frame-loss synthetic single-ended
Syntax Description
<filename> Specifies the filename of the file to be displayed.
current Specifies that the current file of the specified type
should be displayed.
current frame-delay two-way Specifies that the current frame-delay two-way
(ETH-DM) log file should be displayed.
current frame-loss single-ended Specifies that the current single-ended frame-loss
(ETH-LM) log file should be displayed.
current frame-loss synthetic single-ended Specifies that the current single-ended synthetic
frame-loss (ETH-SLM) log file should be displayed.
Default Values
Command History
Usage Examples
The following example displays the contents of the current ETH-LM log file:
(config)#show ethernet y1731 file-save current frame-loss single-ended

Current LM Session Data:
Single-Ended Loss Measurement Data Set

Fileformat Version: 1.02
EVC.Name |EVC.VLAN-ID|EVC.PCP|Device.Serial|Dest.MAC|LM.period|LM.TestID|LM.Suspect|
LM.Start_ToD|LM.End_ToD|LM.PDU-sent|LM.PDU-received|LM.Forward.TX.framecount|LM.Forward.RX.f
ramecount|LM.Backward.TX.framecount|LM.Backward.RX.framecount

show ethernet y1731 linktrace-cache

Use the show ethernet y1731 linktrace-cache command to display information for the Ethernet
operations, administration, and maintenance (OAM) over Y.1731 linktrace cache.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
Enter the command as follows to display Ethernet OAM CFM over Y.1731 linktrace cache information:
>enable
#show ethernet y1731 linktrace-cache

show ethernet y1731 meg

Use the show ethernet y1731 meg command to display information for the Ethernet operations,
administration, and maintenance (OAM) over Y.1731 maintenance entity group (MEG). Variations of this
command include:
show ethernet y1731 meg

show ethernet y1731 meg char-string <string>
show ethernet y1731 meg icc-umc <string>
Syntax Description
char-string <string> Optional. Displays information for a MEG specified using a character string.
icc-umc <string> Optional. Displays information for MEG specified using an ITU-Carrier Code
Unique MEG ID Code (ICC-UMC).
Default Values
Command History
Usage Examples
Enter the command as follows to display information about all configured MEGs:
>enable
#show ethernet y1731 meg

show ethernet y1731 mep local

Use the show ethernet y1731 mep local command to display configuration and statistical information for
all local Ethernet operations, administration, and maintenance (OAM) over Y.1731 maintenance endpoints
(MEPs) configured on the system. Variations of this command include:
show ethernet y1731 mep local

show ethernet y1731 mep local detail
show ethernet y1731 mep local down
show ethernet y1731 mep local down statistics
show ethernet y1731 mep local interface <interface>
show ethernet y1731 mep local interface <interface> statistics
show ethernet y1731 mep local level <level>
show ethernet y1731 mep local level <level> statistics
show ethernet y1731 mep local meg char-string <string>
show ethernet y1731 mep local meg icc-umc <string>
show ethernet y1731 mep local mep-id <id>
show ethernet y1731 mep local mep-id <id> statistics
Syntax Description
detail Optional. Displays information in detailed, rather than summary, format.
down Optional. Displays the output limited to downstream MEPs.
interface <interface> Optional. Displays the output limited to the MEPs configured on the
level <level> Optional. Displays the output limited to MEPs with the specified level.
meg char-string <string> Optional. Displays the output limited to the maintenance entity group
(MEG) specified with a character string.
meg icc-umc <string> Optional. Displays the output limited to the MEG specified with an
ITU-Carrier Code Unique MEG ID Code (ICC-UMC).
mep-id <mep id> Optional. Displays the output limited to MEPs with the specified ID.
statistics Optional. Displays only MEP statistics.

Default Values
Command History
Usage Examples
Enter the command as follows to display information for all configured local MEPs:
>enable
#show ethernet y1731 mep local

show ethernet y1731 mep remote

Use the show ethernet y1731 mep remote command to display configuration and statistical information
for all remote Ethernet operations, administration, and maintenance (OAM) over Y.1731 maintenance
endpoints (MEPs) configured on the system. Variations of this command include:
show ethernet y1731 mep remote

show ethernet y1731 mep remote detail
show ethernet y1731 mep remote down
show ethernet y1731 mep remote down statistics
show ethernet y1731 mep remote interface <interface>
show ethernet y1731 mep remote interface <interface> statistics
show ethernet y1731 mep remote level <level>
show ethernet y1731 mep remote level <level> statistics
show ethernet y1731 mep remote meg char-string <string>
show ethernet y1731 mep remote meg icc-umc <string>
show ethernet y1731 mep remote mep-id <id>
show ethernet y1731 mep remote mep-id <id> statistics
Syntax Description
detail Optional. Displays information in detailed, rather than summary, format.
down Optional. Displays the output limited to downstream MEPs.
interface <interface> Optional. Displays the output limited to the MEPs configured on the
level <level> Optional. Displays the output limited to MEPs with the specified level.
meg char-string <string> Optional. Displays the output limited to the maintenance entity group
(MEG) specified with a character string.
meg icc-umc <string> Optional. Displays the output limited to the MEG specified with an
ITU-Carrier Code Unique MEG ID Code (ICC-UMC).
mep-id <mep id> Optional. Displays the output limited to MEPs with the specified ID.
statistics Optional. Displays only MEP statistics.

Default Values
Command History
Usage Examples
Enter the command as follows to display information for all configured remote MEPs:
>enable
#show ethernet y1731 mep remote

show ethernet y1731 stack

Use the show ethernet y1731 stack command to display statistics and information about the Ethernet
operations, administration, and maintenance (OAM) over Y.1731 stack. Variations of this command
include:
show ethernet y1731 stack

show ethernet y1731 stack interface <interface>
show ethernet y1731 stack level <level>
show ethernet y1731 stack vlan <vlan id>
show ethernet y1731 stack vlan none
Syntax Description
interface <interface> Optional. Displays the output limited to the specified interface. Specify an
interface id | interface id. subinterface id]>. For example, for an Ethernet
level <level> Optional. Displays the output limited to the specified maintenance level.
Levels range from 0 to 7.
vlan <vlan id> Optional. Displays the output limited to the specified virtual local area
network (VLAN). VLAN ID range is 1 to 4095.
none Optional. Displays no output for VLANs.
Default Values
By default, all interfaces are displayed.
By default, all maintenance levels are displayed.
By default, all VLANs are displayed.
Command History

Usage Examples
Enter the command as follows to view all Ethernet OAM Y.1731 stack information:
>enable
#show ethernet y1731 stack

show evc
Use the show evc command to display configuration information for Ethernet virtual connections (EVCs)
and EVC maps. Variations of this command include:
show evc
show evc <name>
show evc <name> counters
show evc <name> counters <queue>
show evc <name> counters <queue> performance-statistics 15-minute
show evc <name> counters <queue> performance-statistics 15-minute <value>
show evc <name> counters <queue> performance-statistics 24-hour
show evc <name> counters <queue> performance-statistics 24-hour <value>
show evc <name> counters performance-statistics 15-minute
show evc <name> counters performance-statistics 15-minute <value>
show evc <name> counters performance-statistics 24-hour
show evc <name> counters performance-statistics 24-hour <value>
show evc-map
show evc-map <name>
Syntax Description
evc <name> Optional. Specifies that information for a specific EVC is displayed. If no
name is specified, information for all EVCs is displayed.
evc-map <name> Optional. Specifies that information for a specific EVC map is displayed. If
no name is specified, information for all EVC maps is displayed.
counters Optional. Displays Metro Ethernet Forum (MEF) counters for the specified
EVC.
counters <queue> Optional. Displays MEF counters for the specified queue number on the
MEN port associated with the EVC. Valid entry for <queue> is 0 through 7.
performance-statistics Optional. Displays aggregate performance statistics.
15-minute Optional. Displays the statistics for a 15-minute period in the last 24 hours.
24-hour Optional. Displays the statistics for a 24-hour period in the last 7 days.
<value> Optional. Specifies which 15-minute period in the last 24 hours or which
24-hour period in the last 7 days is displayed. Range for 15-minute periods
is 1 to 96; range for 24-hour periods is 1 to 7.

Default Values
Command History
Release R11.5.0 Command was expanded to include counters and performance-statistics
parameters.
Release R13.11.0 Output of the show evc <name> counters command was changed to
include ingress and egress Layer 2 bytes collected on both the UNI and NNI
interfaces and displayed on a per-EVC and per-CoS (queue) basis. UNI
and NNI Layer 2 bytes are displayed in Total Egress Bytes and Total
Ingress Bytes output lines beneath the aggregate counters for the EVC or
CoS queue. In addition, Ingress Red Bytes and Ingress Yellow Discard
Bytes have also been included in the command output.
Usage Examples
The following is sample output from the command to display information for all configured EVCs:
>enable
#show evc
All EVC Tags Available in MEN
EVC evc1
S-TAG : --
Admin State : Disabled
EVC Status : Not Running - Disabled
CE-VLAN Preservation : Enabled
The following example displays 15-minute interval performance statistics for EVC-200 in queue 1:
# show evc EVC-200 counters 0 performance-statistics 15-minute 1

EVC-200 Queue 0 15-Minute PM (1)
07:00
Ingress Green Frames : 0
Ingress Green Bytes : 0
Ingress Green Discard Frames : 0
Ingress Green Discard Bytes : 0
Egress Green Frames : 0
Egress Green Bytes : 0
Egress Green Discard Frames : 0
Egress Green Discard Bytes : 0

show event-history
Use the show event-history command to display all entries in the current local event-history log.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The event history provides useful information regarding the status of the system and individual port states.
Use the event history as a troubleshooting tool when identifying system issues. The following is sample
output from the event-history log.
>enable
#show event-history
Using 526 bytes
2002.07.12 15:34:01 T1.t1 1/1 Yellow
2002.07.12 15:34:01 INTERFACE_STATUS.t1 1/1 changed state to down.
2002.07.12 15:34:02 T1.t1 1/1 No Alarms
2002.07.12 15:34:02 INTERFACE_STATUS.t1 1/1 changed state to up.
2002.07.12 15:34:03 INTERFACE_STATUS.eth 0/1 changed state to up.
2002.07.12 15:34:10 OPERATING_SYSTEM Warm Start
2002.07.12 15:34:12 PPP.NEGOTIATION LCP up
2002.07.12 15:34:12 PPP.NEGOTIATION IPCP up

show fan-tach
Use the show fan-tach command to view the unit’s current fan speed.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following example shows the current fan speed on an AOS device with two chassis fans:
>enable
#show fan-tach
Fan Tach (in Percent) %
Chassis Fan 1 45
Chassis Fan 2 45
The following example shows the current fan speed on an AOS device with one central fan:
>enable
#show fan-tach
Fan Tach (in Percent) %
Central Fan 59

show file
Use the show file command to display a specified file to the terminal screen. Variations of this command
include:
show file <filename>

show file <filename> checksum
show file cflash <filename>
show file cflash <filename> checksum
show file flash <filename>
show file flash <filename> checksum
show file ramdisk <filename>
show file ramdisk <filename> checksum
show file usbdrive0 <filename>
show file usbdrive0 <filename> checksum
To display files located in the flash memory on products with CompactFlash® capability,
the flash keyword must be specified whether or not a CompactFlash card is installed.
Not all units are capable of using a RAM disk file system or have a CompactFlash card
installed. Use the show file ? command to display a list of valid commands at the enable
prompt.
The contents of the file are displayed only if the file is less than 300 kilobytes.
The checksum is displayed only if the file is less than 500 kilobytes.
Syntax Description
<filename> Displays information on the specified file. Wildcard entries (such as *.biz)
are not valid for the show file command.
cflash Specifies a file located in CompactFlash memory.
checksum Optional. Displays the message digest 5 (MD5) checksum of the specified
file.
flash Specifies a file located in flash memory.

ramdisk Specifies a file located in volatile RAM disk.

usbdrive0 Specifies a file located in Universal Serial Bus (USB) flash drive memory.
Default Values
Command History
Release 12.1 Command was expanded to include the cflash parameter.
include.
Usage Examples
The following is sample output from the show file cflash command:
>enable
#show file cflash startup-config
Router#show file startup-config
Using 2558 bytes
!
!
hostname “Router”
enable password password
!
clock timezone -6-Central-Time
!
ip subnet-zero
ip classless
ip routing
!
no auto-config
!
event-history on
no logging email
logging email priority-level info
!
no service password-encryption
!
username “admin” password “password”
!
--MORE--

The show file ramdisk command issues the following error message if the file is greater than
300 kilobytes:
>enable
#show file ramdisk NV3130A-17-07-00-26-AE.biz
%Cannot show files larger than 300000 bytes.
The following is sample show file ramdisk <filename> checksum output:
>enable
#show file ramdisk default-config.txt checksum
AA02EC815B93B0E41C738A71C6AFCBC4

show flash
Use the show flash command to display a list of all files currently stored in flash memory. Variations of
show flash
show flash <filename>
Syntax Description
<filename> Optional. Displays details for a specified file located in flash memory. Enter
a wildcard (such as *.biz) to display the details for all files matching the
entered pattern.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show flash command:
>enable
#show flash
Files:
245669 010100boot.biz
1141553 new.biz
821 startup-config
1638 startup-config.old
1175679 020016.biz
2572304 bytes used 4129776 available 6702080 total
System image file is “020100.biz”

show frame-relay
Use the show frame-relay command to display configuration and status parameters for configured virtual
Frame Relay interfaces. Variations of this command include the following:
show frame-relay lmi

show frame-relay pvc
show frame-relay pvc interface frame-relay <interface>
show frame-relay pvc interface frame-relay <interface> realtime
show frame-relay pvc realtime
your unit.
Syntax Description
lmi Displays local management interface (LMI) statistics for each virtual
Frame Relay interface.
pvc Displays permanent virtual circuit (PVC) configuration and statistics
for all virtual Frame Relay interfaces (or a specified interface).
interface frame-relay <interface> Optional. Displays Frame Relay PVC statistics for a specific Frame
Relay interface (for example, fr 1).
Default Values
Command History
Release 10.1 Realtime parameter was introduced.
Release 17.1 Command was expanded to include the modifiers begin, exclude,
and include.

Functional Notes
page 1125).
Usage Examples
The following are sample outputs from various show frame-relay commands:
>enable
#show frame-relay lmi
LMI statistics for interface FR 1 LMI TYPE = ANSI
Num Status Enq. Sent 79 Num Status Msgs Rcvd 71
Num Update Status Rcvd 12 Num Status Timeouts 5
>enable
#show frame-relay pvc
Frame Relay Virtual Circuit Statistics for interface FR 1
Active Inactive Deleted Static
local 2 0 0 2
DLCI = 16 DLCI USAGE = LOCAL PVC STATUS = ACTIVE INTERFACE = FR 1.16
MTU: 1500
input pkts: 355 output pkts: 529 in bytes: 23013
out bytes: 115399 dropped pkts: 13 in FECN pkts: 0
in BECN pkts: 0 in DE pkts: 0 out DE pkts: 0
pvc create time: 00:00:00:12 last time pvc status changed: 00:00:13:18
DLCI = 20 DLCI USAGE = LOCAL PVC STATUS = ACTIVE INTERFACE = FR 1.20
MTU: 1500
input pkts: 0 output pkts: 44 in bytes: 0
out bytes: 22384 dropped pkts: 11 in FECN pkts: 0
in BECN pkts: 0 in DE pkts: 0 out DE pkts: 0
pvc create time: 00:00:01:25 last time pvc status changed: 00:00:13:18

show frame-relay fragment

Use the show frame-relay fragment command to display detailed fragmentation statistics for Frame
Relay subinterfaces with FRF.12 fragmentation enabled. Variations of this command include:
show frame-relay fragment

show frame-relay fragment interface frame-relay <subinterface>
Syntax Description
interface frame-relay <subinterface> Optional. Displays detailed fragmentation statistics for the specified
Frame Relay subinterface. Subinterfaces are expressed in the
format interface id.subinterface id (for example, fr 1.16).
Default Values
Command History
Release 17.1 Command was expanded to include the modifiers begin,
exclude, and include.
Usage Examples
The following are sample outputs from various show frame-relay fragment commands:
>enable
#show frame-relay fragment
interface dlci frag_size rx_frag tx_frag dropped_frag
fr 1.1 17 100 46 48 0
fr 1.2 18 200 42 21 0

>enable
#show frame-relay fragment frame-relay 1.1
DLCI = 17 FRAGMENT SIZE = 100
rx frag. pkts 46 tx frag. pkts 48
rx frag. bytes 4598 tx frag. bytes 4724
rx non-frag. pkts 18 tx non-frag. pkts 28
rx non-frag. bytes 1228 tx non-frag. bytes 1960
rx assembled pkts 23 tx pre-fragment pkts 34
rx assembled bytes 5478 tx pre-fragment bytes 6324
dropped reassembling pkts 0 dropped fragmenting pkts 0
rx out-of-sequence fragments 0
rx unexpected beginning fragment 0

show frame-relay multilink

Use the show frame-relay multilink command to display information associated with the Frame Relay
multilink interface. Variations of this command include:
show frame-relay multilink

show frame-relay multilink detailed
show frame-relay multilink <interface>
show frame-relay multilink <interface> detailed
show frame-relay multilink interface frame-relay <subinterface>
Syntax Description
<interface> Optional. Specifies the display of information for a specific
interface. Enter the show frame-relay multilink ? command for
a complete list of interfaces.
detailed Optional. Displays more detailed information.
interface frame-relay <subinterface> Optional. Displays detailed fragmentation statistics for the
specified Frame Relay subinterface. Subinterfaces are expressed
in the format interface id.subinterface id (for example, fr 1.16).
Default Values
Command History
Usage Examples
The following is sample output from the show frame-relay multilink command:
>enable
#show frame-relay multilink
Bundle: frame-relay 1 is DOWN; class A bundle
Near-end BID: MFR1; Far-end BID: unknown

show garp timer

Use the show garp timer command to display the current configured Generic Attribute Registration
Protocol (GARP) application timer values.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following example displays the current configured GARP application timer values:
>enable
#show garp timer
Timer Timer Value (milliseconds)
-------- --------------------------
Join 200
Leave 600
LeaveAll 10000

show global-policer
Use the show global-policer command to view virtual AOS (vAOS) global policer statistics.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
vAOS global policer statistics reveal valuable information about the data usage of the vAOS instance as it
relates to the license allocated bandwidth for the vAOS instance. Using this information can be beneficial
in determining if data needs are being met by the current license limit or if a higher bandwidth license is
necessary.
The policer statistics are gathered from the interface statistics of the policed interfaces. If an interface’s
counters are cleared, those statistics are not included in the number displayed in the command output. The
current aggregate traffic rate is computed over the configured global rate interval, which applies to the rate
statistics for all interfaces. This interval is configurable via the command statistics rate-interval <value> on
page 1848.
Usage Examples
The following example displays all vAOS global policer statistics:
>enable
#show global-policer
Global Policer
Licensed Aggregate Traffic Rate : 50 Mbps
Current Aggregate Traffic Rate : 15 Mbps (5 minute rate)
Committed Burst Size : 5625000 bytes
Dropped Packets :1000 packets
Dropped Bytes : 64000 bytes
Last Cleared Time : Mon Nov 23 16:43:51 CST 2015
Warning Events
Period : 5 minutes
Rate Threshold : 90% of licensed rate
Dropped Packet Threshold : 10000 packets

show gvrp configuration

Use the show gvrp configuration command to show a GARP VLAN Registration Protocol (GVRP)
configuration summary for the switch.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following example displays a GVRP configuration summary for the switch:
>enable
#show gvrp configuration
Global GVRP Configuration:
GVRP Feature is currently enabled globally.
GVRP Timers (milliseconds)
Join 200
Leave 600
LeaveAll 20000
Port based GVRP Configuration:
GVRP enabled ports
----------------------------------------------------
eth 0/24

show gvrp statistics

Use the show gvrp statistics command to show statistics related to GARP VLAN Registration Protocol
(GVRP). Variations of this command include:
show gvrp statistics

show gvrp statistics interface <interface>
Syntax Description
interface <interface> Optional. Shows the information for the specified interface. Specify an
show gvrp statistics interface ? for a complete list of applicable
interfaces.
Default Values
Command History
include.
Usage Examples
The following example displays statistics related to GVRP for Ethernet interface 0/24:
>enable
#show gvrp statistics interface ethernet 0/24
Name: eth 0/24
Join Empty Received: 0
Join In Received: 272
Empty Received: 30
Leave Empty Received: 0

show hmr
Use the show hmr command to display Session Initiation Protocol (SIP) header manipulation rules (HMR)
statistics from traffic to which an HMR policy is applied. The output can be filtered based on policy, policy
user, rule set, direction, and message type. In addition, you can sort the output by policy, policy user, rule
set, direction, or message type. This command can be used to determine the activity of an HMR policy,
where they policy is most used, and by whom. Variations of this command include:
show hmr
show hmr direction in
show hmr direction out
show hmr message-type request
show hmr message-type response
show hmr policy <name>
show hmr rule-set <name>
show hmr sort direction in
show hmr sort direction out
show hmr sort message-type request
show hmr sort message-type response
show hmr sort policy <name>
show hmr sort user
show hmr user global
show hmr user proxy-server
show hmr user proxy-user
show hmr user <user>
Each of the show hmr command variations can be used multiple times within a single
command. For example, you can display SIP HMR statistics for a specified policy and
direction by entering show hmr policy MYPOLICY1 direction in.
Syntax Description
direction in Optional. Limits the command output to SIP HMR statistics for inbound SIP
traffic.
direction out Optional. Limits the command output to SIP HMR statistics for outbound
SIP traffic.
message-type request Optional. Limits the command output to SIP HMR statistics for request
messages.

message-type response Optional. Limits the command output to SIP HMR statistics for response
messages.
policy <name> Optional. Limits the command output to SIP HMR statistics for a specified
HMR policy.
rule-set <name> Optional. Limits the command output to SIP HMR statistics for a specified
rule set.
sort Optional. Sorts SIP HMR statistics by direction, message type, policy name,
or policy user.
user global Optional. Limits the command output to SIP HMR statistics for the SIP
stack.
user proxy-server Optional. Limits the command output to SIP HMR statistics for SIP proxy
servers.
user proxy-user Optional. Limits the command output to SIP HMR statistics for SIP proxy
users.
user <user> Optional. Limits the command output to SIP HMR statistics for a specified
user.
Default Values
Command History
Usage Examples
The following example displays all HMR statistics:
>enable
#show hmr
Policy: MyPolicy1
Msgs Evaluated: 0
Msgs Altered: 0
User Application: Global inbound request
Rule Set Message Rule Action Seq # Count

----------------------------------------------------------------------------------------------------------
Set 1 Rule1 Modify Variable 10 0
Modify Variable 20 0
Add Header 30 3
Modify Header 40 2

show hosts
Use the show hosts command to display the contents of the domain naming system (DNS) host table.
Output from this command displays both Internet Protocol version 4 (IPv4) and IPv6 entries, as well as
separate server addresses for the DNS client and proxy. Variations of this command include:
show hosts
show hosts realtime
show hosts verbose
show hosts vrf <name>
show hosts vrf <name> realtime
show hosts vrf <name> verbose
Syntax Description
realtime Optional. Displays information in real time.
verbose Optional. Displays the details of the IP name, style, name servers, and host
table entries without the truncation of long IP addresses and host names.
vrf <name> Optional. Displays DNS information for the specified virtual routing and
forwarding (VRF) instance. If no VRF instance is specified, host table
information for the default VRF instance is displayed.
Default Values
Command History
Release 16.1 Command was expanded to include the vrf <name> parameter.
include.
Release 18.3 Command was expanded to include both IPv4 and IPv6 entries in the
output and the realtime keyword.

Functional Notes
The list below describes the fields contained in the DNS host table:
• Flags: Indicate whether the entry is permanent (perm) or temporary (temp).

• Age: Indicates the age of the entry.
• Type: Shows the protocol type as addresses (A) or service (SRV).
• Priority: 1 or 2.
• Address: Displays the IP address for the entry.
Usage Examples
The following example is sample output from the show hosts command:
>enable
#show hosts
Name/address lookup uses domain name service
DNS Proxy is enabled
Name servers are 10.23.115.254
Current proxy server is 10.23.115.254
Current client server is 10.23.115.254
Host Flags Age Type Priority Address/Alias
abc.com temp 193 A -2000:ef0a::1500:37af:362:ed
Archive.msstate.edu temp 16907 A -130.18.80.18
dns11.11nwd.net temp 673 A -200:a50:1a0e::1500:eddf

show http secure-server certificate

Use the show http secure-server certificate command to display information regarding HTTPS private
key and certificates.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following is sample output from the show http secure-server certificate command:
>enable
#show http secure-server certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
70:a2:aa:7c:8e:d8:dd:b2:68:e1:58:65:55:84:69:81:19:91:7b:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=AL, L=Huntsville, O=ADTRAN, Inc., CN=NetVanta
Validity
Not Before: Jun 19 19:11:09 2015 GMT
Not After : Jun 17 19:11:09 2023 GMT
MIIDbzCCAlegAwIBAgIUcKKqfI7Y3bJo4VhlVYRpgRmReykwDQYJKoZIhvcNAQEL
BQAwWTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFMMRMwEQYDVQQHDApIdW50c3Zp
dHN2aWxsZTELMAkGA1UEBhMCVVMwHhcNMTUwNDI5MDY0ODE0WhcNMjMwNDI3MDY0
DTE1MDYxOTE5MTEwOVoXDTIzMDYxNzE5MTEwOVowWTELMAkGA1UEBhMCVVMxCzAJ
BgNVBAgMAkFMMRMwEQYDVQQHDApIdW50c3ZpbGxlMRUwEwYDVQQKDAxBRFRSQU4s

IEluYy4xETAPBgNVBAMMCE5ldFZhbnRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA2x/r4499jQKrXX0810fTkIoGk5jNwkfQ7JkZxSoqX7OPzYSYQ8/E
1UF/fsv0SxlHCTVTVmihLSbkc75fDEs6NL3URGFXBLJJ/Rlg5g3UwdnpUR02GUr3
zP7kXP+UvcuUWD7DqamcD2eS/78sn6kZUVE+ocytr89KDsevU/eRhEvUq2Z3YgIA
3fg3hGYYD2vTSarWOmRd3cFxzw7C2TTUnHCVu+CCVxvOmETFljfHwjOl1KgBBTVe
o2rR+Yyb5RtUiPmyQdVeR8L6OBV0/yToF4/AX73gUiOjMOeiPZ30SQPIJhjumVvV
FC1w8CfHALoDjbpBGqwIuxO9XjqtIdxe7QIDAQABoy8wLTAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBTyhd5mKbpAOtV03ObopcGtuYFg8TANBgkqhkiG9w0BAQsFAAOC
AQEAk3E3ea3esaLf4KgbXvViBlT0/S9+P6gmU88hZcyr6/ArOzpSv0Ne21orByk3
OsBBFoGibMfOYzRL8tPD3b5aqqwjDlXmG2rg8i1W/tLDeyo6xDPrxJEN+3EEqLIP
3EKEVAyL1a6DaeQOvv3B5tN28mmLYCxP5749gcnE3jIH77cCxLrxR1HcvGlelecw
yi8RioKBho/yOl5jCR4VTgDYzXhbrdSheuVAsjoEb1yaNi00sKlJbfIneHlUfYK9
gD0rBw5hoW7QxSx7N/oo3D/7yKxN5aKyCAJwlfyRWeytSrVc9UgoXzD4PNu7UiYz
jtgSsHe4c5Vwx8xS+0G9ttf42w==

show hw-access-list
Use the show hw-access-list command to display hardware access control list (ACL) configuration and
statistics. Variations of this command include:
show hw-access-list
show hw-access-list <name>
Syntax Description
<name> Optional. Specifies a particular hardware ACL to display.
Default Values
Command History
Functional Notes
The show hw-access-list command displays all configured hardware ACLs in the system. All entries in
the ACL are displayed, and a counter indicating the number of frames matching the entry is listed.
Usage Examples
The following is sample output from the show hw-access-list <name> command, using the hardware
ACL NET135:
>enable
#show hw-access-list NET135
Extended IP hardware access list NET135
permit ip 10.22.135.0 0.0.0.255 any log (302 matches)
permit ip any 10.22.135.0 0.0.0.255 log (279 matches)

The following is sample output from the show hw-access-list command which displays information for all
configured hardware ACLs:
>enable
#show hw-access-list
Extended IP hardware access list NET135
permit ip 10.22.135.0 0.0.0.255 any log (131 matches)
permit ip any 10.22.135.0 0.0.0.255 log (110 matches)
Extended MAC hardware access list ADTN
permit mac 00:a0:c8:00:00:00 00:00:00:ff:ff:ff any log (44055 matches)
permit mac any 00:a0:c8:00:00:00 00:00:00:ff:ff:ff log (3011 matches)

show hw-access-map
Use the show hw-access-map command to display hardware access map configuration and statistics.
show hw-access-map
show hw-access-map <name>
Syntax Description
<name> Optional. Displays only the statistics for the named hardware access map.
Default Values
Command History
Usage Examples
The following is sample output from the show hw-access-map <name> command, using the access map
HW-FILTER:
>enable
#show hw-access-map HW-FILTER
Hardware Access Map HW-FILTER
Forward: mac ADTN and ip NET135
VLANs: 2-3

show hw-filter-resource
Use the show hw-filter-resource command to display the used and available hardware filter resources.
This information is valuable when making changes to configured hardware access control lists (ACLs) and
hardware access maps. For more information on hardware ACLs and access maps, refer to the Hardware
ACL and Access Map Command Set on page 4220.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Changing hardware ACL or hardware access map configuration or application causes new information to
be reinstalled on the hardware. It is possible to run out of hardware resources depending on how many
resources are needed to apply the desired change. If there are not enough hardware resources to install
the new criteria, an error message is displayed.
Usage Examples
The following is sample output from the show hw-filter-resource command:
>enable
#show hw-filter-resource
Total Rules: 512
Rules Used: 128

show interfaces
Use the show interfaces command to display configuration parameters and current statistics for all
interfaces (or a specified interface). Variations of this command include the following:
show interfaces
show interfaces description
show interfaces status
show interfaces <interface>
show interfaces <interface> extended
show interfaces <interface> performance-statistics
show interfaces <interface> performance-statistics <x-y>
show interfaces <interface> performance-statistics 15-minute
show interfaces <interface> performance-statistics 15-minute <value>
show interfaces <interface> performance-statistics 24-hour
show interfaces <interface> performance-statistics 24-hour <value>
show interfaces <interface> performance-statistics total-24-hour
show interfaces <interface> realtime
show interfaces <interface> verbose
show interfaces <interface> version
Not all subcommands apply to all interfaces or are available on all AOS units. Type show
interfaces <interface> ? for a list of valid subcommands for the specified interface. Some
subcommands are only valid on AOS units with switchport or gigabit switchport
interfaces. Enter the show interfaces ? command to display a list of valid subcommands
for your specific platform.
your unit.

Syntax Description
dot11ap 1/1.1. Type show interfaces ? for a complete list of valid
interfaces.
description Displays information, such as description, administrative status, line
protocol status, and description for the interfaces.
status Displays information, such as description, type, status, virtual local area
network (VLAN), speed, and duplex for the interfaces. This subcommand is
only available on AOS units with switchport or Gigabit-switchport interfaces.
extended Optional. Displays extended medium attachment unit (MAU) statistics.
performance-statistics Optional. Displays line performance statistics.
<x-y> Optional. Shows a specified interval (x) or range of intervals (x-y). Valid
range is 1 to 96.
total-24-hour Optional. Displays the current 24-hour totals.
verbose Optional. Displays detailed configuration information on the terminal screen
(versus only the nondefault values).
version Optional. Displays current version information (e.g., model and list number,
software version, etc.) for the interface.
Default Values
Command History
Release 6.1 Command was updated to include the performance-statistics parameter
to display RFC 2662 line performance statistics.
Release 10.1 Command was expanded to include the realtime parameter. The primary
rate interface (PRI) was also added.

Release 11.1 Command was expanded to include the description, status, and verbose
parameters. The demand, foreign exchange office (FXO), and serial
interfaces were also added.
include.
Ethernet interface.
Release A5.01 Command was expanded to include the realtime and extended
parameters. The Gigabit Ethernet interface was also added.
Release 18.3 Command was expanded to include the extended parameter.
Release R10.10.0 Command was expanded to include the Ethernet in the first mile (EFM) link
and EFM group interfaces.
Release R10.11.0 Command was expanded to include the T4 interface.
line (VDSL) interfaces.
Release R12.1.0 Command output was modified for virtual AOS (vAOS) instances.
Release 13.1.0 Command was expanded to include the virtual extensible local area
network (VxLAN) tunnel interface.
Functional Notes
page 1125).
Usage Examples
The following is sample output from the show interfaces description command:
>enable
#show interfaces description
Interface Status Protocol Description
eth 0/1 Admin Up Line Up Desk 1
eth 0/8 Admin Up Line Down Desk 8


giga-eth 0/1 Admin Up Line Up Uplink Trunk
giga-eth 0/2 Admin Up Line Down Unused
The following is sample output from the show interfaces status command:
>enable
#show interfaces status
Port Name Status Vlan Duplex Speed Type
eth 0/1 connected trunk a-full a-100 10/100
eth 0/2 notconnected trunk ? ? 10/100

giga-eth 0/1 notconnected trunk ? ? Gig

giga-eth 0/2 notconnected trunk ? ? Gig
The following are samples from various show interfaces commands:
>enable
#show interfaces t1 1/1
t1 1/1 is UP
T1 coding is B8ZS framing is ESF
Clock source is line FDL type is ANSI
Line build-out is 0dB
No remote loopbacks No network loopbacks
DS0 Status: 123456789012345678901234
NNNNNNNNNNNNNNNNNNNNNNNN
Line Status: -- No Alarms --
Current Performance Statistics:
0 Errored Seconds 0 Bursty Errored Seconds
0 Severely Errored Seconds 0 Severely Errored Frame Seconds
0 Unavailable Seconds 0 Path Code Violations
0 Line Code Violations 0 Controlled Slip Seconds
0 Line Errored Seconds 0 Degraded Minutes
#show interfaces modem 1/2

modem 1/2 is UP
Line status: on-hook
Caller ID will be used to route incoming calls
0 packets input 0 bytes 0 no buffer
0 runts 0 giants 0 throttles
0 input errors 0 CRC 0 frame
0 abort 0 ignored 0 overruns
0 packets output 0 bytes 0 underruns
0 input clock glitches 0 output clock glitches
0 carrier lost 0 cts lost
#show interfaces eth 0/1

Ip address is 10.200.1.50
Netmask is 255.255.0.0
MTU is 1500
Fastcaching is Enabled
RIP Authentication is Disabled
RIP Tx uses global version value
RIP Rx uses global version value
#show interfaces dds 1/1

dds 1/1 is UP line protocol is UP
Encapsulation FRAME-RELAY (fr 1)

Loop rate is set to 56000 actual rate is 56000

Clock source is line
Data scrambling is disabled
No Loopbacks
#show interfaces fr 1
TDM group 10 line protocol is UP
Encapsulation FRAME-RELAY (fr 1)
Line Status: -- No Alarms --
Current Performance Statistics:
0 Errored Seconds 0 Bursty Errored Seconds
0 Severely Errored Seconds 0 Severely Errored Frame Seconds
0 Unavailable Seconds 0 Path Code Violations
0 Line Code Violations 0 Controlled Slip Seconds
0 Line Errored Seconds 0 Degraded Minutes
#show interfaces fr 1.100

fr 1.100 is Active
Ip address is 63.97.45.57, mask is 255.255.255.248
Interface-dlci is 100
MTU is 1500 bytes, BW is 96000 Kbit (limited)
Average utilization is 53%
#show interfaces shdsl 1/1

shdsl 1/1 is UP, line protocol is DOWN
Encapsulation FRAME-RELAY IETF (fr 1)
Equipment type is cpe
Line rate is 2056kbps
No alarms.
SHDSL training complete. EOC is up.
No local loopbacks, No remote loopbacks
SNR margin is 18dB currently, 15dB minimum, 30dB maximum

Loop attenuation is 1dB currently, 1dB minimum, 1dB maximum

Current 15-minute performance statistics (115 seconds elapsed):
0 code violations, 0 loss of sync word seconds
0 errored seconds, 0 severely errored seconds
0 unavailable seconds
Packet Statistics:
0 packets input, 0 bytes, 0 no buffer
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame
0 abort, 0 ignored, 0 overruns
32 packets output, 0 bytes, 0 underruns
0 input clock glitches, 0 output clock glitches
If the user has configured a Bc and Be value on the virtual circuit, the bandwidth (BW)
displayed is the sum of those values (Bc + Be). If not, the value for BW is the speed of the
interface. The Average utilization displayed is the average utilization of the displayed
bandwidth. If the bandwidth number is the Bc + Be value, the (limited) text appears (as
shown above).

show interfaces adsl <slot/port>

Use the show interfaces adsl command to display information related to the asymmetric digital subscriber
line (ADSL) port. Variations of this command include:
show interfaces adsl <slot/port>

show interfaces adsl <slot/port> information
show interfaces adsl <slot/port> information atuc
show interfaces adsl <slot/port> information atur
show interfaces adsl <slot/port> information bit-allocation
show interfaces adsl <slot/port> performance-statistics
show interfaces adsl <slot/port> performance-statistics <x-y>
show interfaces adsl <slot/port> performance-statistics total-24-hour
show interfaces adsl <slot/port> performance-statistics total-previous-24-hour
show interfaces adsl <slot/port> version
Syntax Description
<slot/port> Specifies ADSL interface slot and port number.
information Optional. Displays all ADSL interface information.
atuc Optional. Displays only ADSL remote information.
atur Optional. Displays only ADSL local information.
bit-allocation Optional. Displays only ADSL DMT bit-allocation table.
performance-statistics Optional. Displays all 96 stored intervals.
<x-y> Optional. Displays only a specified interval (x) or range of intervals (x-y).
total-24-hour Optional. Displays only the current 24-hour totals.
total-previous-24-hour Optional. Displays only the previous 24-hour totals.
version Optional. Displays current version information (e.g., model and list number,
software version, etc.) for the interface.
Default Values

Command History
include.
Usage Examples
>enable
#show interfaces adsl 1/1 information
adsl 1/1 line information
adsl 1/1 Local Line Information
Vendor Id: 00000000
Serial Number: 00000000
Firmware Version:
ADSL Capabilities G.DMT, G.LITE, ADSL2, ADSL2+
adsl 0/1 Remote Line Information
Vendor Id: 00000000
Firmware Version: 0
ADSL Capabilities G.DMT, G.LITE, ADSL2, ADSL2+

show interfaces cellular

Use the show interfaces cellular command to display configuration parameters and current statistics for a
cellular interface. Variations of this command include the following:
show interfaces cellular <slot/port>

show interfaces cellular <slot/port> hardware
show interfaces cellular <slot/port> profile
show interfaces cellular <slot/port> realtime
show interfaces cellular <slot/port> version
Syntax Description
<slot/port> Specifies cellular interface slot and port number.
hardware Optional. Specifies cellular hardware information is displayed.
profile Optional. Specifies cellular profile information is displayed.
realtime Optional. Specifies display output is shown in real time.
version Optional. Specifies cellular version information is displayed.
Default Values
Command History
Usage Examples
The following example displays cellular hardware information for cellular interface 1/1:
>enable
#show interfaces cellular 1/1 hardware
Electronic Serial Number (ESN) : 0x12345678
Preferred Roaming List (PRL) Version : 12345
Mobile Directory Number (MDN) : 0123456789
Mobile Station ID (MSID) : 0123456789
System ID (SID) : 1234
Network ID (NID) : 12

show interfaces dot11ap

Use the show interfaces dot11ap command to display information related to a wireless access point (AP),
radio, or virtual access point (VAP) interface. Variations of this command include:
show interfaces dot11ap [<ap> | <ap/radio> | <ap/radio.vap>]

show interfaces dot11ap <ap> control-protocol
show interfaces dot11ap [<ap/radio> | <ap/radio.vap>] dot11
Syntax Description
<ap> Specifies the AP. Range is 1 to 8.
</radio> Specifies the radio associated with the AP. Range is 1 to 2.
<.vap> Specifies the VAP associated with the radio. Range is 1 to 8.
control-protocol Optional. Displays properties of the control protocol for the AP.
dot11 Optional. Displays counters of an 802.11 radio’s VAPs.
The radio must be specified in the format <ap/radio> (for example, 2/1 indicates radio 1
on access point 2). The virtual access point must be specified in the format
<ap/radio.vap> (for example, 2/1.1 indicates virtual access point 1 on radio 1 on access
point 2).
Default Values
Command History
include.

Usage Examples
The following is sample output for the AP interface 1 using the show interfaces dot11ap command:
>enable
#show interfaces dot11ap 1
Dot11 AP 1 line protocol is UP
Controller Status: Local AC in control
Ap Version: FW: 1.0 0.4, DRVR: 1.0 0.0, HW: 1.0 0.0
Ap S/N: LBADTN0625XC975
AP MAC address: 00:A0:C8:1D:F8:57
Radio1 - 802.11bg - Enabled, channel 0, address: 00:A0:C8:1D:F8:59
Radio2 - 802.11a - Disabled, channel 0, address: 00:A0:C8:1D:F8:58
Bootup Status: Normal
Ap Status: With Session
Controlling AC: 00:A0:C8:20:E7:D6
802.1Q Encapsulation - Disabled
Auto 100Mbps, Full Duplex
Ethernet Statistics:
Ethernet Rx Packets: 291476
Ethernet Rx Bytes: 20908434
Ethernet Tx Packets: 67346
Ethernet Tx Bytes: 10606783
The following is sample output for the AP interface 1 using the show interfaces dot11ap <ap>
control-protocol command:
>enable
#show interfaces dot11ap 1 control-protocol
AP State: Running with session
Control State: Controlled by this AC
Control Protocol Transmit Bytes: 4080386
Control Protocol Receive Bytes: 9435172
Control Protocol Transmit Packets: 52203
Control Protocol Receive Packets: 65931
Control Protocol Receive Keepalives: 14914
Control Protocol Receive Security Errors: 0
Control Protocol Dropped Packets: 0
Control Protocol Protocol Errors: 0
Control Protocol Protocol No Responses: 0

The following is sample output for the radio interface 1 on AP interface 1 using the show interfaces
dot11ap <ap/radio> dot11 command:
>enable
#show interfaces dot11ap 1/1 dot11
Authentication Count: 17
Deauthentication Count: 48
Association Count: 18
Disassociation Count: 12
Reassociation Count: 0
Wireless MSDU Rx Packets: 346
Wireless Data Rx Packets: 7221
Wireless Multicast Rx Packets: 308
Wireless Management Rx Packets: 667521
Wireless Control Rx Packets: 0
Wireless MSDU Tx Packets: 236613
Wireless Data Tx Packets: 236210
Wireless Multicast Tx Packets: 236166
Wireless Management Tx Packets: 599
Wireless Control Tx Packets: 0

show interfaces efm-group

Use the show interfaces efm-group command to view the interface statistics for the specified Ethernet in
the first mile (EFM) group. Variations of this command include:
show interfaces efm-group all

show interfaces efm-group all connections
show interfaces efm-group <group number>
show interfaces efm-group <group number> connections interval 15-minute <value>
show interfaces efm-group <group number> connections interval 24-hour <value>
show interfaces efm-group <group number> interval 15-minute <value>
show interfaces efm-group <group number> interval 24-hour <value>
Syntax Description
all Displays statistics for all EFM groups.
<group number> Displays statistics for a single EFM group. Range is 1 to 1024.
connections Optional. Displays the statistics for the connected interfaces.
interval 15-minute Optional. Displays the statistics for a 15-minute period in the last 24 hours.
interval 24-hour Optional. Displays the statistics for a 24-hour period in the last 7 days.
<value> Specifies which 15-minute period in the last 24 hours or which 24-hour
period in the last 7 days is displayed. Range for 15-minute periods is 1 to 4;
range for 24-hour periods is 1 to 7.
Default Values
Command History

Usage Examples
The following example shows the statistics for the interfaces connected to EFM group 1 in the first
15-minute period of the last 24 hours:
>enable
#show interfaces efm-group 1 connections interval 15-minute 1
EFM Group 1 Connections (15-Minute Interval 1):
412/900 seconds elapsed in interval
interface shdsl 1/1 connected
NE in sync, FE in sync,
NE in tx, FE in tx
No alarms.
109 fragments input, 1111 fragments output
0 errored fragments, 0 discarded fragments
0 fragments too small, 0 fragments too large
0 fcs errors, 0 coding errors
NE in tx, FE in tx
No alarms.
NE in tx, FE in tx
No alarms.
NE in tx, FE in tx
No alarms.

show interfaces gigabit-switchport <slot/port>

Use the show interfaces gigabit-switchport command to display configuration parameters and current
statistics for gigabit switchport interfaces. These commands are valid only on AOS units with gigabit
switchport interfaces. Variations of this command include the following:
show interfaces gigabit-switchport <slot/port>

show interfaces gigabit-switchport <slot/port> realtime
show interfaces gigabit-switchport <slot/port> switchport
show interfaces gigabit-switchport <slot/port> switchport vlans
Syntax Description
<slot/port> Specifies a gigabit switchport interface slot and port number. Type show
interfaces description for a complete list of valid gigabit switchport
interfaces.
switchport Displays switchport settings and statistics for the specified gigabit
switchport interface.
vlans Optional. Displays the VLAN membership information for a specific
gigabit switchport interface.
Default Values
Command History

Functional Notes
page 1125).
Usage Examples
The following is sample output from the show interfaces gigabit-switchport 0/1 command:
>enable
#show interfaces gigabit-switchport 0/1
giga-swx 0/1 is UP, line protocol is UP
Hardware address is 00:A0:C8:01:2F:55
RJ-45 Shielded
100Mb/s, negotiated full-duplex, configured full-duplex
input flow control is disabled, 0 pause frames received
ARP type: ARPA; ARP timeout is 20 minutes
Last clearing of "show interface" counters: never
0 total jumbo frames
20102647 unicasts, 15808395 broadcasts, 5094052 multicasts input
0 unknown protocol, 9830 discards
0 input errors, 0 runts, 0 giants
0 alignment errors, 0 crc errors
75670 unicasts, 57387 broadcasts, 103812 multicasts output
0 output errors, 0 deferred, 0 discards
0 single, 0 multiple, 0 late collisions
0 excessive collisions
L3 Switch
498 packets input, 0 packets forwarded
0 header errors, 11 discards
The following is sample output from the show interfaces gigabit-switchport 0/1 switchport command:
>enable
#show interfaces gigabit-switchport 0/1 switchport
Name: giga-swx 0/1
Switchport: enabled
Administrative Mode: access
Negotiation of Trunking: access

Access Mode VLAN (configured): 1

Trunking Native Mode VLAN: 1
Trunking VLAN Enabled: 1-4094
Trunking VLAN GVRP Fixed: none
Port Expiration: disabled
Port Security: disabled
Protected: false
The following is sample output from the show interfaces gigabit-switchport 0/1 switchport vlan
command:
>enable
#show interfaces gigabit-switchport 0/1 switchport vlan
Interface Membership Vlans
------------------------------------------------------------------
giga-swx 0/1 Configured 1

show interfaces shdsl <slot/port> splice-detect

Use the show interfaces shdsl splice-detect command to view the bad splice detection test results for the
specified interface. Variations of this command include:
show interfaces shdsl <slot/port> splice-detect 24-hour

show interfaces shdsl <slot/port> splice-detect 24-hour <interval>
Syntax Description
<slot/port> Specifies the slot and port of the interface on which the test was run.
splice-detect 24-hour Displays the bad splice detection test results for the last 24 hours.
<interval> Optional. Specifies that results from one or more of the previous 24-hour
intervals are displayed. Valid interval range is 1 to 7. You can enter a single
interval, or a range of intervals when separated by a dash.
Default Values
Command History
Usage Examples
The following example displays the bad splice detection test results for SHDSL interface 1/1 over the past
24 hours:
#show interfaces shdsl 1/1 splice-detect 24-hour
Current Splice Detect Data
Summary: No Trouble Found
Distance (ft) Count
0 0
200 0
400 0
600 0
800 0
1000 0
1200 0

show interfaces switchport <slot/port>

Use the show interfaces switchport command to display configuration parameters and current statistics
for switchport interfaces. These commands are valid only on AOS units with switchport interfaces.
show interfaces switchport <slot/port> realtime

show interfaces switchport <slot/port> switchport
show interfaces switchport <slot/port> switchport vlans
Syntax Description
<slot/port> Specifies a switchport interface slot and port number. Type show
interfaces description for a complete list of valid switchport interfaces.
switchport Displays switchport settings and statistics for the specified switchport
interface.
vlans Optional. Displays the VLAN membership information for a specific
switchport interface.
Default Values
Command History
Release 10.1 Command was expanded to include the vlans parameter.
include.

Functional Notes
page 1125).
Usage Examples
The following is sample output from the show interfaces switchport 0/1 command:
>enable
#show interfaces switchport 0/1
swx 0/1 is DOWN, line protocol is DOWN
Hardware address is 00:A0:C8:00:61:22
BW is 10000 Kbit
?b/s, negotiated ? duplex, configured full-duplex
input flow control is disabled, 0 pause frames received
ARP type: ARPA; ARP timeout is 20 minutes
Last clearing of "show interface" counters: never
Queueing method: fifo
Output queue: 0/256/0 (size/max total/drops)
Interface Shaper: NOT ENABLED
0 symbol errors, 0 discards
0 input errors, 0 runts, 0 giants
0 alignment errors, 0 crc errors
0 output errors, 0 deferred, 0 discards
0 single, 0 multiple, 0 late collisions
0 excessive collisions
The following is sample output from the show interfaces switchport 0/1 switchport command:
>enable
#show interfaces switchport 0/1 switchport
Name: swx 0/1
Switchport: enabled


The following is sample output from the show interfaces switchport 0/1 switchport vlans command:
>enable
#show interfaces switchport 0/1 switchport vlans
Interface Membership Vlans
------------------------------------------------------------------
swx 0/1 Configured 1

show ip access-lists
Use the show ip access-lists command to display all configured Internet Protocol version 4 (IPv4) access
control lists (ACLs) in the system. Variations of this command include:
show ip access-lists <ipv4 acl name>
Syntax Description
<ipv4 acl name> Optional. Specifies a particular IPv4 ACL to display.
Default Values
Command History
include.
Functional Notes
The show ip access-lists command displays all configured IPv4 ACLs in the system. All entries in the
IPv4 ACL are displayed, and a counter indicating the number of packets matching the entry is listed.
Usage Examples
The following is sample output from the show ip access-lists command, and displays information for IPv4
ACLs:
>enable
#show ip access-lists
Standard IP access list MatchAll
permit host 10.3.50.6 (0 matches)
permit 10.200.5.0 wildcard bits 0.0.0.255 (0 matches)
Extended IP access list UnTrusted
deny icmp 10.5.60.0 wildcard bits 0.0.0.255 any source-quench (0 matches)
deny tcp any any (0 matches)

show ip arp
Use the show ip arp command to display the Address Resolution Protocol (ARP) table. Variations of this
command include:
show ip arp
show ip arp realtime
show ip arp vrf <name>
show ip arp vrf <name> realtime
your unit.
Syntax Description
forwarding (VRF).
Default Values
Command History
include.

Functional Notes
page 1125).
Usage Examples
The following is sample output from the show ip arp command:
>enable
#show ip arp
ADDRESS TTL(min) MAC ADDRESS INTERFACE TYPE
10.22.18.3 19 00:E0:29:6C:BA:31 eth 0/1 Dynamic
192.168.20.2 16 00:A0:C8:0D:E9:AD eth 0/2 Dynamic
224.0.0.5 20 01:00:5E:00:00:05 eth 0/2 Permanent

show ip cache
Use the show ip cache command to display the contents of the Internet Protocol version 4 (IPv4) route
cache for each interface in a given virtual private network (VPN) routing and forwarding (VRF) instance.
The route cache contains information about which egress interface, IPv4 gateway address, and MAC
address to use when forwarding packets to a given destination. Variations of this command include:
show ip cache
show ip cache vrf <name>
Syntax Description
vrf <name> Optional. Specifies a nondefault VRF instance for which to display route
cache information. If no VRF instance is specified, route cache information
for the default VRF instance is displayed.
Default Values
Command History
include.
Functional Notes

Usage Examples
The following is sample output from the show ip cache command for the default VRF (router):
>enable
#show ip cache
DESTINATION INTERFACE NEXT HOP USE COUNT MAC ADDRESS
224.0.0.5 Loopback 127.0.0.1 0
10.22.18.3 eth 0/1 10.22.18.3 0 00:E0:29:6C:BA:31
10.22.18.6 Loopback 127.0.0.1 18
192.168.30.2 eth 0/2 192.168.20.2 0 00:A0:C8:0D:E9:AD
10.22.18.255 Loopback 127.0.0.1 2
255.255.255.255 Loopback 127.0.0.1 2
192.168.20.1 Loopback 127.0.0.1 25
IP routing cache 7 entries

show ip crypto ipsec

Use the show ip crypto ipsec command to display information regarding the Internet Protocol security
(IPsec) configuration. Variations of this command include the following:
show ip crypto ipsec sa

show ip crypto ipsec sa address <ip address>
show ip crypto ipsec sa brief
show ip crypto ipsec sa ffe-id <rapidroute interface ID>
show ip crypto ipsec sa map <name>
show ip crypto ipsec sa profile <name>
show ip crypto ipsec sa remote-id <name>
show ip crypto ipsec timeline
show ip crypto ipsec transform-set
show ip crypto ipsec transform-set <name>
Syntax Description
sa Displays all IPsec security associations (SAs).
sa address <ip address> Optional. Displays all IPsec SAs associated with the designated peer
IP address. IP addresses should be expressed in dotted decimal
notation (for example, 10.10.10.1).
sa brief Optional. Displays a brief listing of IPsec SAs.
sa ffe-id <rapidroute interface ID> Optional. Displays all IPsec SAs associated with a specific
RapidRoute interface. RapidRoute interfaces have a numerical
identifier that ranges between 1 and 16777215. These identifiers are
displayed in the various outputs of the show ip ffe commands
beginning with the command show ip ffe on page 705.
sa map <name> Optional. Displays all IPsec SAs associated with the specified crypto
map.
sa profile <name> Optional. Displays all IPsec SAs associated with the specified IPsec
profile.
sa remote-id Optional. Displays all IPsec SAs associated with the designated peer
remote ID.
timeline Optional. Displays a timeline of VPN tunnel creation and peak number
of tunnels per hour.

transform-set Displays all defined transform sets.

<name> Optional. Displays information for a specific transform set.
Default Values
Command History
Release 15.1 Command was expanded to include the brief parameter.
include.
Release 17.6 Command was expanded to include the ffe-id parameter.
Release A4.01 Command was expanded to include the timeline parameter.
Release R10.5.0 Command syntax was changed to require the ip parameter.
Release R11.9.0 Command was expanded to include the sa profile <name> parameter.
Usage Examples
The following is sample output from the show ip crypto ipsec sa command:
>enable
#show ip crypto ipsec sa
Using 2 SAs out of 4000
Peak concurrent SAs: 2
IPsec Security Associations:
Peer IP Address: 3.3.3.1

Remote ID: 3.3.3.2
Crypto Map: VPN 10
Direction: Inbound
Encapsulation: ESP
SPI: 0xF38B37A1 (4085987233)
FFE ID: 1
RX Bytes: 281728
Selectors: Src:10.0.2.0/255.255.255.0 Port:ANY Proto:ALL IP
Dst:10.0.1.0/255.255.255.0 Port:ANY Proto:ALL IP
Hard Lifetime: 28570
Soft Lifetime: 0
Out-of-Sequence Errors: 0

show ip crypto map

Use the show ip crypto map command to display information regarding Internet Protocol version 4 (IPv4)
crypto map settings. Variations of this command include the following:
show ip crypto map

show ip crypto map interface <interface>
show ip crypto map <name>
show ip crypto map <name> <number>
Syntax Description
interface <interface> Optional. Displays the IPv4 crypto map settings for the specified interface.
dot11ap 1/1.1. Type show crypto map interface ? for a complete list of
valid interfaces.
<name> Optional. Specifies an IPv4 specific crypto map name.
<number> Optional. Specifies an IPv4 specific crypto map number.
Default Values
Command History
include.
Ethernet interface.
Release R10.7.0 Command was changed to include the ip keyword for Internet Protocol
version 6 (IPv6) support.

Usage Examples
The following is sample output from the show ip crypto map command:
>enable
#show ip crypto map testMap
Crypto Map “testMap” 10 ipsec-ike
Extended IP access list NewList
Peers:
63.97.45.57
Transform sets:
esp-des
Security-association lifetimes:
0 kilobytes
86400 seconds
No PFS group configured
Interfaces using crypto map testMap:
eth 0/1

show ip dhcp binding

Use the show ip dhcp binding command to display the Dynamic Host Client Protocol version 4
(DHCPv4) server client table with associated information. Variations of this command include:
show ip dhcp binding

show ip dhcp binding <ipv4 address>
show ip dhcp binding vrf <name>
show ip dhcp binding vrf <name> <ipv4 address>
Syntax Description
<ipv4 address> Optional. Specifies the IPv4 address of the specified client. IPv4 addresses
forwarding (VRF) instance. If a VRF is not specified, the default VRF is
assumed.
Default Values
Command History
Release 17.1 Command was expanded to include the vrf parameter and the modifiers
begin, exclude, and include.
keyword on ADTRAN internetworking products.
keyword on ADTRAN voice products.
Functional Notes

Usage Examples
The following is sample output from the show ip dhcp binding command:
>enable
#show ip dhcp binding
IP Address Client Id Lease Expiration Client Name
10.100.23.64 01:00:a0:c8:00:8f:b3 Aug 15 2002 11:02 AM Router
The following is sample output from the show ip dhcp binding vrf Gray command:
>enable
#show ip dhcp binding vrf Gray
IP Address Client Id Lease Expiration Client Name
192.168.19.2 01:00:e0:29:91:1e:27 Oct 16 2007 10:58 AM Estclair4
192.168.19.3 01:00:e0:81:01:53:01 Oct 16 2007 12:42 PM sylvester
192.168.19.4 01:00:15:c5:6a:69:ec Oct 16 2007 1:35 PM Dell-Wifi06

show ip dhcp lease

Use the show ip dhcp lease command to display all Dynamic Host Client Protocol version 4 (DHCPv4)
lease information for interfaces that have dynamically assigned IPv4 addresses. Variations of this
command include:
show ip dhcp lease

show ip dhcp lease <interface>
Syntax Description
<interface> Optional. Displays the information for the specified interface type. Specify an
show ip dhcp lease ? for a complete list of applicable interfaces.
Default Values
Command History
include.
Ethernet interface.
Release 18.3 Command syntax was changed to remove the hyphen and the client
keyword for ADTRAN internetworking products.
Release R10.1.0 Command syntax was changed to remove the hyphen and the client
keyword for ADTRAN voice products.
group interface.

Usage Examples
The following is sample output from the show ip dhcp lease command:
>enable
#show ip dhcp lease
Interface: ethernet 0/1
Temp IP address: 10.100.23.64 Mask: 0.0.0.0
DHCP Lease server: 10.100.23.207 State: Bound (3)
Lease: 120 seconds
Temp default gateway address: 0.0.0.0
Client-ID: N/A

show ip ffe
Use the show ip ffe command to display current Internet Protocol version 4 (IPv4) RapidRoute fast
forwarding engine (FFE) entries. Variations of this command include:
show ip ffe
show ip ffe destination <ipv4 address>

show ip ffe destination <ipv4 address> egress <interface>
show ip ffe destination <ipv4 address> egress ipsec <rapidroute interface ID>
show ip ffe destination <ipv4 address> egress system-control-evc
show ip ffe destination <ipv4 address> egress system-management-evc
show ip ffe destination <ipv4 address> ingress <interface>

show ip ffe destination <ipv4 address> ingress ipsec <rapidroute interface ID>
show ip ffe destination <ipv4 address> ingress system-control-evc
show ip ffe destination <ipv4 address> ingress system-management-evc
show ip ffe destination-port <port>

show ip ffe destination-port <port> egress <interface>
show ip ffe destination-port <port> egress ipsec <rapidroute interface ID>
show ip ffe destination-port <port> egress system-control-evc
show ip ffe destination-port <port> egress system-management-evc
show ip ffe destination-port <port> ingress <interface>

show ip ffe destination-port <port> ingress ipsec <rapidroute interface ID>
show ip ffe destination-port <port> ingress system-control-evc
show ip ffe destination-port <port> ingress system-management-evc
show ip ffe details

show ip ffe details egress <interface>
show ip ffe details egress ipsec <rapidroute interface ID>
show ip ffe details egress system-control-evc
show ip ffe details egress system-management-evc
show ip ffe details ingress <interface>

show ip ffe details ingress ipsec <rapidroute interface ID>
show ip ffe details ingress system-control-evc
show ip ffe details ingress system-management-evc
show ip ffe egress <interface>

show ip ffe egress <interface> destination <ipv4 address>
show ip ffe egress <interface> destination-port <port>
show ip ffe egress <interface> details
show ip ffe egress <interface> icmp-type <type>
show ip ffe egress <interface> protocol <protocol>

show ip ffe egress <interface> source <ipv4 address>

show ip ffe egress <interface> source-port <port>
show ip ffe egress <interface> type <type>
show ip ffe egress ipsec <rapidroute interface ID>
show ip ffe egress system-control-evc destination <ipv4 address>

show ip ffe egress system-control-evc destination-port <port>
show ip ffe egress system-control-evc details
show ip ffe egress system-control-evc icmp-type <type>
show ip ffe egress system-control-evc protocol <protocol>
show ip ffe egress system-control-evc source <ipv4 address>
show ip ffe egress system-control-evc source-port <port>
show ip ffe egress system-control-evc type <type>
show ip ffe egress system-management-evc destination <ipv4 address>

show ip ffe egress system-management-evc destination-port <port>
show ip ffe egress system-management-evc details
show ip ffe egress system-management-evc icmp-type <type>
show ip ffe egress system-management-evc protocol <protocol>
show ip ffe egress system-management-evc source <ipv4 address>
show ip ffe egress system-management-evc source-port <port>
show ip ffe egress system-management-evc type <type>
show ip ffe icmp-type <type>

show ip ffe icmp-type <type> egress <interface>
show ip ffe icmp-type <type> egress <interface> system-control-evc
show ip ffe icmp-type <type> egress <interface> system-management-evc
show ip ffe icmp-type <type> ingress <interface>

show ip ffe icmp-type <type> ingress <interface> system-control-evc
show ip ffe icmp-type <type> ingress <interface> system-management-evc
show ip ffe icmp-type <type> ipsec <rapidroute interface ID>
show ip ffe ingress <interface>

show ip ffe ingress <interface> destination <ipv4 address>
show ip ffe ingress <interface> destination-port <port>
show ip ffe ingress <interface> details
show ip ffe ingress <interface> icmp-type <type>
show ip ffe ingress <interface> protocol <protocol>
show ip ffe ingress <interface> source <ipv4 address>
show ip ffe ingress <interface> source-port <port>
show ip ffe ingress <interface> type <type>
show ip ffe ingress ipsec <rapidroute interface ID>
show ip ffe ingress system-control-evc destination <ipv4 address>

show ip ffe ingress system-control-evc destination-port <port>

show ip ffe ingress system-control-evc details

show ip ffe ingress system-control-evc icmp-type <type>
show ip ffe ingress system-control-evc protocol <protocol>
show ip ffe ingress system-control-evc source <ipv4 address>
show ip ffe ingress system-control-evc source-port <port>
show ip ffe ingress system-control-evc type <type>
show ip ffe ingress system-management-evc destination <ipv4 address>

show ip ffe ingress system-management-evc destination-port <port>
show ip ffe ingress system-management-evc details
show ip ffe ingress system-management-evc icmp-type <type>
show ip ffe ingress system-management-evc protocol <protocol>
show ip ffe ingress system-management-evc source <ipv4 address>
show ip ffe ingress system-management-evc source-port <port>
show ip ffe ingress system-management-evc type <type>
show ip ffe peak

show ip ffe peak history
show ip ffe protocol <protocol>

show ip ffe protocol <protocol> egress <interface>
show ip ffe protocol <protocol> egress system-control-evc
show ip ffe protocol <protocol> egress system-management-evc
show ip ffe protocol <protocol> ingress <interface>

show ip ffe protocol <protocol> ingress system-control-evc
show ip ffe protocol <protocol> ingress system-management-evc
show ip ffe protocol <protocol> ipsec <rapidroute interface ID>
show ip ffe source <ipv4 address>

show ip ffe source <ipv4 address> egress <interface>
show ip ffe source <ipv4 address> egress system-control-evc
show ip ffe source <ipv4 address> egress system-management-evc
show ip ffe source <ipv4 address> egress <interface> ipsec <rapidroute interface ID>
show ip ffe source <ipv4 address> ingress <interface>

show ip ffe source <ipv4 address> ingress system-control-evc
show ip ffe source <ipv4 address> ingress system-management-evc
show ip ffe source <ipv4 address> ingress <interface> ipsec <rapidroute interface ID>
show ip ffe source-port <port>

show ip ffe source-port <port> egress <interface>
show ip ffe source-port <port> egress system-control-evc
show ip ffe source-port <port> egress system-management-evc
show ip ffe source-port <port> egress <interface> ipsec <rapidroute interface ID>

show ip ffe source-port <port> ingress <interface>

show ip ffe source-port <port> ingress system-control-evc
show ip ffe source-port <port> ingress system-management-evc
show ip ffe source-port <port> ingress <interface> ipsec <rapidroute interface ID>
show ip ffe type <type>

show ip ffe type <type> egress <interface>
show ip ffe type <type> egress system-control-evc
show ip ffe type <type> egress system-management-evc
show ip ffe type <type> egress <interface> ipsec <rapidroute interface ID>
show ip ffe type <type> ingress <interface>

show ip ffe type <type> ingress system-control-evc
show ip ffe type <type> ingress system-management-evc
show ip ffe type <type> ingress <interface> ipsec <rapidroute interface ID>
show ip ffe wildcard

show ip ffe wildcard interface <interface>
show ip ffe wildcard system-control-evc
show ip ffe wildcard system-management-evc
Syntax Description
destination <ipv4 address> Optional. Filters output by a destination IPv4 address. IPv4
addresses should be expressed in dotted decimal notation (for
example, 10.10.10.1).
destination-port <port> Optional. Filters output by destination Transmission Control
Protocol (TCP) or User Datagram Protocol (UDP) port. Ports
range from 0 to 65535.
details Optional. Displays detailed information. Refer to the Functional
Notes for more information about using the details keyword.

egress <interface> Optional. Displays RapidRoute entries for an egress interface.

slot/port.subinterface id | interface id | interface id.subinterface
id | group id]>. For example, for a T1 interface, use t1 0/1; for
an Ethernet subinterface, use eth 0/1.1; for a PPP interface,
use ppp 1; for an EFM group interface, use efm-group 1. Type
show ip ffe egress ? to display a complete list of valid
interfaces.
egress ipsec <rapidroute interface ID> Optional. Displays RapidRoute entries that come from an
Internet Protocol security (IPsec) security association (SA) on a
specified RapidRoute interface. RapidRoute interface
identifiers range from 1 to 16777215.
icmp-type <type> Optional. Displays RapidRoute entries using a specific Internet
Control Message Protocol (ICMP) type. There are three types
of ICMP to choose from:
echo Displays ICMP echo RapidRoute entries.
reply Displays ICMP reply RapidRoute entries.
0 to 255 Displays other ICMP types.
ingress <interface> Optional. Displays RapidRoute entries for an ingress interface.
show ip ffe ingress ? to display a complete list of valid
interfaces.
ingress ipsec <rapidroute interface ID> Optional. Displays RapidRoute entries that go to an IPsec SA
on a specified RapidRoute interface. RapidRoute interface
peak Optional. Displays the current and peak count of RapidRoute
sessions. Information is displayed for each eligible interface
and the global values.
history Optional. Displays a graphical presentation of the peak global
RapidRoute cont per second for the last 60 seconds.
Additionally displays the peak and average global RapidRoute
count per minute for the last 60 minutes, as well as the peak
and average global RapidRoute count per hour for the last
72 hours.
protocol <protocol> Optional. Displays RapidRoute entries that use a specified
protocol. Protocols can be specified by selecting one of the
following:
ah Displays Authentication Header (AH) Protocol
RapidRoute entries.
esp Displays Encapsulating Security Payload (ESP)

Protocol RapidRoute entries.

fragment Displays fragmented (FRAG) RapidRoute
entries.
gre Displays Generic Route Encapsulation (GRE)
icmp Displays ICMP RapidRoute entries.
tcp Displays TCP RapidRoute entries.
udp Displays UDP RapidRoute entries.
0 to 255 Displays other protocol types.
source <ipv4 address> Optional. Displays RapidRoute entries for a specified source
IPv4 address. IPv4 addresses should be expressed in decimal
dotted notation (for example, 10.10.10.1).
source-port <port> Optional. Displays RapidRoute entries for a specified TCP or
UDP source port. Ports range from 0 to 65535.
system-control-evc Optional. Displays RapidRoute entries for the system control
Ethernet virtual connection (EVC).
system-management-evc Optional. Displays RapidRoute entries for the system
management EVC.
type <type> Optional. Displays RapidRoute entries of a specific type.
Specified types include one of the following:
ineligible Displays only ineligible RapidRoute entries.
rejected Displays only rejected RapidRoute entries.
valid Displays only valid RapidRoute entries.
wildcard Optional. Displays wildcards for each IP interface.
interface <interface> Optional. Limits the output to the specified interface. Interfaces
are specified in the format <interface type [slot/port |
show ip ffe wildcard interface ? to display a complete list of
valid interfaces.
Default Values
Command History
include.
Release 17.6 Command was expanded to include the ipsec and gre parameters.

Ethernet interface.
Release R10.5.0 Command was expanded so that the ipsec parameter can be used to filter
the command output.
management EVCs.
Release R11.2.0 Command was expanded to include high level data link control (HDLC)
interface.
group interface.
Release R11.4.0 Command was expanded to include the fragment option for the protocol
parameter.
Release R11.10.0 Command was expanded to include the peak and wildcard parameters.
Release R13.7.0 Command was expanded to include the virtual local area network (VLAN)
interface.
Functional Notes
The show ip ffe command can be further filtered by adding any combination of the following parameters:
destination <ipv4 address>

destination-port <port>
details
egress <interface>
egress ipsec <rapidroute interface ID>
icmp-type <type>
ingress <interface>
ingress ipsec <rapidroute interface ID>
ipsec <rapidroute interface ID>
protocol <protocol>
source <ipv4 address>
source-port <port>
type <type>
For example, the destination <ipv4 address> and source <ipv4 address> parameters can be used in
conjunction with one another. In this case, the command would look like as follows:
#show ip ffe destination 10.10.10.3 source 10.10.10.1

These parameters can be combined in any order and as many times as is necessary to get the desired
output.
The detail keyword must be the last keyword in the command. For example, show ip ffe
destination <ipv4 address> egress <interface> source-port <port> details is acceptable,
but show ip ffe destination <ipv4 address> details egress <interface> is not.

Data for the peak history parameters is presented as a percentage of the value configured with the
command ip ffe max-entries <value> on page 1356. Changing the ip ffe max-entries value clears the
related FFE peak information.
Usage Examples
The following is sample output from the show ip ffe command:
>enable
#show ip ffe
Timeout TCP UDP ICMP AH ESP GRE Other
Age: 30m0s 30m0s 30m0s 30m0s 30m0s 30m0s 30m0s
Inactive: 15s 15s 15s 15s 15s 15s 15s
Type: * valid, ! ineligible, - rejected
Flags: F firewall, N NAT, T altered ToS, D don't fragment, I IPsec
--------------------------------
Ingress: eth 0/1
149 hits, 62553 misses, 0 drops
T Proto Source Destination Specific Age Used Drops Flags
! udp 10.200.2.7 10.200.205.255 3959 137 17s 10 0
! udp 10.200.201.170 10.200.255.255 138 138 16s 0 0
! udp 10.200.7.200 10.200.255.255 138 138 16s 0 0
! udp 10.200.201.198 10.200.255.255 138 138 4s 0 0
! udp 10.200.201.198 10.200.255.255 137 137 7s 2 0
! tcp 172.22.77.208 10.200.1.134 2668 23 6s 36 0
Number of entries: 6 of 6 (4096 maximum)
--------------------------------
Total number of entries: 6 of 6 (16384 maximum)
The following is sample output from the show ip ffe details command:

--------------------------------
Ingress: eth 0/1
* icmp 10.0.1.2 10.0.2.2 echo 13 13s 129 0 I
egress: Outbound ESP SA 2
--------------------------------
Ingress: Inbound ESP SA 1


* icmp 10.0.2.2 10.0.1.2 reply 13 13s 129 0 I
egress: eth 0/1 (10.0.1.2)
--------------------------------
Ingress: Outbound ESP SA 2
* esp 3.3.3.1 3.3.3.2 0x923dbab4 13s 129 0 I
egress: hdlc 1
--------------------------------
The following is sample output from the show ip ffe command when wildcards are in use; any field that
has been wildcarded appears as any:

Exceptions: 0/217/0 (current/max/drops)

Flags: F firewall, N NAT, T altered ToS, D don't fragment, I IPsec, H hardware assist, i ingress filter,
e egress filter
--------------------------------
Ingress: system-management-evc
T Proto ToS Age Used Drops Flags Source Destination
! any any 4m12s 38 0 any 10.17.152.255
! any any 3s 29 0 any 10.17.152.31

The following is sample output from the show ip ffe wildcard command:
>enable
#show ip ffe wildcard
Field Wildcarded
============================= =============================
eth 0/1
Source IP Address :No
Dest IP Address :No (always)
IP Precedence :No
IP DSCP :Yes
IP Protocol (L4) :Yes
TCP Source Port :Yes
TCP Destination Port :Yes
UDP Source Port :Yes
UDP Destination Port :Yes
ICMP Type, Code and ID :Yes
ESP SPI :Yes
GRE Tunnel Key :Yes
eth 0/2
Source IP Address :Yes
IP Precedence :Yes
IP DSCP :Yes
ESP SPI :Yes
GRE Tunnel Key :Yes

show ip ffe summary

Use the show ip ffe summary command to display a summary of all the current Internet Protocol
version 4 (IPv4) RapidRoute fast forwarding engine (FFE) entries.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show ip ffe summary command:
>enable
#show ip ffe summary
Ingress MaxEntries Entries Hits Misses Drops
eth 0/1 4096 1 0 56 0
global 16384 1 0 56 0

show ip flow
Use the show ip flow command to display information regarding the configuration of integrated traffic
monitoring (ITM) on your AOS product. Variations of this command include:
show ip flow cache

show ip flow export
show ip flow interface
Syntax Description
cache Displays a summary of the current state of the cache of nonexpired traffic
flows.
export Displays information on export packets sent to a destination.
interface Displays the ITM configuration of each interface on the router.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show ip flow export command:
#show ip flow export
Traffic Flow export is ENABLED

Version: 9
Export Destinations
10.22.16.132: 9991
vrf BLUE
source ppp 1
10.5.22.203: 30000
11 flows exported in 8 udp datagrams
0 flows failed to export

The following is sample output from the show ip flow cache command:
#show ip flow cache

IP Traffic Flow Cache
Size: 682/4096 entries
8206 total entries added
95545 aging polls, last aging poll occurred 3 seconds ago
The following is sample output from an AOS product with an Ethernet interface and a point-to-point
interface configured for ITM:
#show ip flow interface

eth 0/1
ip flow ingress
ppp 1
ip flow ingress
ip flow egress

show ip flow top-talkers

Use the show ip flow top-talkers command to view information pertinent to integrated traffic monitoring
(ITM) Top Talker configuration and to reveal possible configuration problems. Variations of this
command include:
show ip flow top-talkers

show ip flow top-talkers day
show ip flow top-talkers day detail
show ip flow top-talkers hour
show ip flow top-talkers hour detail
show ip flow top-talkers port
show ip flow top-talkers port detail
output with the specified text and all lines after.
Syntax Description
day Optional. Specifies the display of Top Talker data for the current 24-hour
period.
hour Optional. Specifies the display of Top Talker data for the current hour.
port Optional. Specifies the display of Top Talker monitored port traffic for the
current interval.
detail Optional. Specifies the display of information for previous and current
intervals.
Default Values
Command History

Usage Examples
The following is sample output from the show ip flow top-talkers command:
#show ip flow top-talkers
Current Interval Top Talkers:

1:00 PM to 1:15 PM
Top Traffic Sources: Top Traffic Destinations:

IP Address Packets IP Address Packets
10.100.43.254 1451 10.22.162.3 735
10.100.43.161 860 10.22.166.222 707
10.22.160.253 384 10.22.160.7 407
10.100.43.200 292 224.0.0.6 393
10.22.165.17 222 10.22.130.6 391
Top 5 talkers shown. 742 flows processed.

show ip igmp groups

Use the show ip igmp groups command to display the multicast groups that have been registered by
directly connected receivers using Internet Group Management Protocol (IGMP). If no multicast group IP
address is specified, all groups are shown with this command. Variations of this command include:
show ip igmp groups

show ip igmp groups <multicast address>
Syntax Description
<multicast address> Optional. Displays the IP address of a multicast group. The multicast group IP
address range is 244.0.0.0 to 239.255.255.255 or 224.0.0.0 /4.
Default Values
Command History
include.
Usage Examples
>enable
#show ip igmp groups
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reported
172.0.1.50 Loopback100 00:42:57 00:02:50 172.23.23.1
172.1.1.1 Ethernet0/1 00:05:26 00:02:51 1.1.1.2
172.1.1.1 Loopback100 00:42:57 00:02:51 172.23.23.1

show ip igmp interface

Use the show ip igmp interface command to display multicast-related information per-interface. If no
interface is specified, this command shows information for all interfaces. Variations of this command
include:
show ip igmp interface

show ip igmp interface <interface>
Syntax Description
<interface> Optional. Displays information for a specific interface type. Specify an
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Enter
the show ip igmp interface ? command for a complete list of interfaces.
Default Values
Command History
include.

Usage Examples
The following example is sample output from the show ip igmp interface command:
>enable
#show ip igmp interface
eth 0/1 is UP
Ip Address is 10.22.120.47, netmask is 255.255.255.0
IGMP is enabled on interface
Current IGMP version is 2
IGMP query interval is 60 seconds
IGMP querier timeout is 120 seconds
IGMP max query response time is 10 seconds
Last member query count is 2
Last member query response interval is 1000 ms
IGMP activity: 548 joins, 0 leaves
IGMP querying router is 0.0.0.0
IGMP helper address is disabled

show ip igmp snooping

Use the show ip igmp snooping command to display Internet Group Management Protocol (IGMP)
snooping information. Variations of this command include:
show ip igmp snooping

show ip igmp snooping mrouter
show ip igmp snooping mrouter vlan <vlan id>
show ip igmp snooping vlan
show ip igmp snooping vlan <vlan id>
Global IGMP snooping overrides the virtual local area network (VLAN) IGMP snooping.
If global snooping is disabled, you cannot enable VLAN IGMP snooping. If global
snooping is enabled, you can enable or disable VLAN IGMP snooping. Refer to ip igmp
snooping on page 1399 for more information.
Syntax Description
mrouter Optional. Displays the ports associated with multicast routers.
vlan Optional. Displays whether IGMP snooping is enabled or disabled for all
VLANs.
vlan <vlan id> Optional. Displays whether IGMP snooping is enabled or disabled for a
particular VLAN.
Default Values
Command History
include.

Usage Examples
The following is sample output from the show ip igmp snooping vlan command:
>enable
#show ip igmp snooping vlan 1
Vlan 1: IGMP snooping is enabled on this VLAN
The following is sample output from the show ip igmp snooping mrouter vlan command:
>enable
#show ip igmp snooping mrouter vlan 200
VLAN Ports
-----------------+ ----------------------------------
200 Gi0/2(static)

show ip interfaces
Use the show ip interfaces command to display the status information for all Internet Protocol version 4
(IPv4) interfaces (or a specific IPv4 interface). Variations of this command include:
show ip interfaces
show ip interfaces <ipv4 interface>
show ip interfaces <ipv4 interface> brief
show ip interfaces efm-group <group id>
show ip interfaces mef-ethernet <slot/port>
show ip interfaces system-control-evc
show ip interfaces system-management-evc
To view secondary IP addresses, use the show running-config command.
Syntax Description
<ipv4 interface> Optional. Displays status information for a specific IPv4 interface. Specify
show ip interfaces ? for a complete list of applicable interfaces. If no
interface is specified, status information for all interfaces is displayed.
system-control-evc Optional. Displays status information for the system control Ethernet virtual
connection (EVC).
system-management-evc Optional. Displays status information for the system management EVC.
brief Optional. Displays an abbreviated version of interface statistics for all IPv4
interfaces.
Default Values

Command History
Release 11.1 Demand interface was added.
include.
interface.
management EVCs.
Usage Examples
The following is sample output of the show ip interfaces command, and displays information for IPv4
interfaces:
>enable
#show ip interfaces
eth 0/1 is UP, line protocol is UP
Ip address is 10.10.10.1
Netmask is 255.255.255.0
MTU is 1500
Fastcaching is Enabled
RIP Authentication is Disabled
RIP Tx uses global version value

show ip local policy

Use the show ip local policy command to display information about the route-map used for local
policy-based routing. Variations of this command include the following:
show ip local policy

show ip local policy vrf <name>
Syntax Description
vrf <name> Optional. Displays information for only the specified virtual routing and
forwarding (VRF).
Default Values
Command History
include.
Functional Notes

Usage Examples
The following is sample output (just for the default VRF) from this command:
>enable
#show ip local policy
Local policy routing is enabled, using route-map SAMPLE_RTEMAP
route-map SAMPLE_RTEMAP, permit, sequence 1
Match clauses:
ip address (access-lists): SAMPLE_ACL
Set clauses:
BGP Filtering matches: 0 routes
Policy routing matches: 0 packets 0 bytes
Redistribution Filtering matches: 0 routes

show ip nhrp
Use the show ip nhrp command to display Next Hop Resolution Protocol (NHRP) cache entries.
show ip nhrp
show ip nhrp brief
show ip nhrp interface tunnel <number>
show ip nhrp interface tunnel <number> brief
show ip nhrp <ip address>
show ip nhrp <ip address> brief
Syntax Description
brief Optional. Shortens the output for each entry to fit on a single line.
interface tunnel <number> Optional. Limits entries to only those that correspond to the specified
interface.
<ip address> Optional. Limits entries to those with the specified private tunnel IP address.
Express IP addresses in dotted decimal notation; for example, 10.10.10.1.
Command History
Usage Examples
The following example displays all NHRP cache entries:
>enable
#show ip nhrp
Interface tunnel 1:
Protocol address: 10.10.10.1/32,
Type: static, Flags: unique,
NMBA Address: 1.1.1.1
Created: 33:44:55, Expires: Never

show ip mroute
Use the show ip mroute command to display IP multicasting routing table information. Variations of this
command include:
show ip mroute
show ip mroute all
show ip mroute <ip address>
show ip mroute <interface>
show ip mroute summary
Syntax Description
all Optional. Displays all multicast routes, including those not used to forward
multicast traffic.
<ip address> Optional. Displays IP address of a multicast group. IP addresses should be
<interface> Optional. Specify an interface in the format <interface type [slot/port |
dot11ap 1/1.1. Type show ip mroute ? for a complete list of interfaces.
summary Optional. Displays a single-line summary for each entry in the IP multicast
routing table.
Default Values

Command History
Release 11.1 The all parameter was added.
include.
Ethernet interface.
Usage Examples
The following is sample output from the show ip mroute all command:
>enable
#show ip mroute all
IP Multicast Routing Table
Flags: S - Sparse, C - Connected, P - Pruned, J - Join SPT, T - SPT-bit Set,
F - Register, R - RP-bit Set
Timers: Uptime/Expires
(*, 225.1.0.1), 01:17:34/00:03:25, RP 192.168.0.254, Flags: SC
Forwarding Entry: Yes
Incoming interface: tunnel 2, RPF nbr 172.16.2.10
Outgoing interface list:
eth 0/1, Forward, 01:17:34/00:03:25

show ip nhrp nhs

Use the show ip nhrp nhs command to display a list of configured next-hop server (NHS) servers and
their statuses for each Next Hop Resolution Protocol (NHRP) interface. Variations of this command
include:
show ip nhrp nhs

show ip nhrp interface tunnel <number> nhs
Syntax Description
interface tunnel <number> Optional. Specifies that output is limited to a single tunnel interface.
Default Values
Command History
Usage Examples
The following example displays the NHS servers and their statuses for all configured NHRP interfaces:
>enable
#show ip nhrp nhs
INTERFACE NHS STATUS
tunnel 4 1.1.1.2 UP
tunnel 5 5.5.5.5 DOWN

show ip nhrp traffic

Use the show ip nhrp traffic command to display the Next Hop Resolution Protocol (NHRP) traffic for all
tunnel interfaces. Variations of this command include:
show ip nhrp traffic

show ip nhrp interface tunnel <number> traffic
Syntax Description
interface tunnel <number> Optional. Specifies that output is limited to a single tunnel interface.
Default Values
Command History
Usage Examples
The following example displays NHRP traffic statistics for the tunnel interface 1:
>enable
#show ip nhrp interface tunnel 1 traffic
Interface tunnel 1:
Sent: 1234567890 Total
1234567890 Resolution Requests Resolution Replies:
1234567890 Total, 1234567890 Acknowledged,
1234567890 Prohibited, 1234567890 Insufficient Resources,
1234567890 No Binding, 1234567890 Not Unique
1234567890 Registration Requests Registration Replies:
1234567890 Already Registered
1234567890 Purge Requests
1234567890 Purge Replies Error Indications:
1234567890 Total, 1234567890 Unrecognized Extension,
1234567890 Loop Detected, 1234567890 Protocol Address Unreachable,

1234567890 Protocol Error, 1234567890 SDU Size Exceeded,

1234567890 Invalid Extension, 1234567890 Authentication Failure,
1234567890 Hop Count Exceeded
Received: 1234567890 Total

1234567890 Resolution Requests Resolution Replies:
1234567890 No Binding, 1234567890 Not Unique
1234567890 Registration Requests
Registration Replies:
1234567890 Already Registered
1234567890 Purge Requests
1234567890 Purge Replies
Error Indications:
1234567890 Total, 1234567890 Unrecognized Extension,
1234567890 Loop Detected, 1234567890 Protocol Address Unreachable,
1234567890 Protocol Error, 1234567890 SDU Size Exceeded,
1234567890 Invalid Extension, 1234567890 Authentication Failure,
1234567890 Hop Count Exceeded

show ip ospf
Use the show ip ospf command to display general information regarding Open Shortest Path First version
2 (OSPFv2) processes. Variations of this command include:
show ip ospf
show ip ospf <process id>
Syntax Description
<process id> Optional. Limits the output of this command to a single OSPFv2 process.
Default Values
Command History
include.
Release R11.3.0 Command was expanded to include the <process id> parameter.
Usage Examples
The following is sample output from the show ip ospf command:
>enable
#show ip ospf
Summary of OSPF Process with ID: 192.2.72.101
Supports only single Type Of Service routes (TOS 0)
SPF delay timer: 5 seconds, Hold time between SPFs: 10 seconds
LSA interval: 240 seconds
Number of external LSAs: 0, Checksum Sum: 0x0
Number of areas: 0, normal: 0, stub: 0, NSSA: 0

show ip ospf database

Use the show ip ospf database command to display information from the Open Shortest Path First version
2 (OSPFv2) database regarding a specific router. There are several variations of this command that can be
used to obtain information about different OSPF link state advertisements. The variations are shown
below:
show ip ospf database

show ip ospf database adv-router <router id>
show ip ospf database database-summary
show ip ospf database self-originate
show ip ospf <process id> database
show ip ospf <process id> database adv-router <router id>
show ip ospf <process id> database database-summary
show ip ospf <process id> database self-originate
show ip ospf <process id> <area id> database
show ip ospf <process id> <area id> database adv-router <router id>
show ip ospf <process id> <area id> database database-summary
show ip ospf <process id> <area id> database self-originate
Syntax Description
<area id> Optional. Specifies an OSPF area ID. Refer to network <ipv4 address>
<wildcard mask> area <area id> on page 4118 for more information.
adv-router <router id> Optional. Optional. Limits the output of this command to a single specified
advertising router.
database-summary Optional. Displays a simplified list of LSAs for the specified area.
self-originate Optional. Displays information about LSAs originated from this router.
Default Values
Command History
include.

Release R11.3.0 Command was expanded to include the <process id> and self-originate
parameters.
Usage Examples
The following example shows the database link state summary for all areas:
>enable
#show ip ospf 61 database
OSPF router with ID: 9.8.8.1 (Process ID 61, VRF RED)
Router Link States, Area 0

Adv Router Age Seq # Checksum Link count Bits
9.8.8.1 1705 0x80000093 0x065E 1 None
192.168.120.200 895 0x80000087 0x6271 1 B
Net Link States, Area 0

Adv Router Age Seq # Checksum Rtr Count
192.168.120.2 895 0x80000081 0x0643 2
Summary Net Link States, Area 0

Adv Router Age Seq # Checksum Prefix/Link ID
9.8.8.1 31 0x80000091 0x0F99 9.8.8.1
192.168.120.200 895 0x80000081 0xDE9C 192.168.120.0

Adv Router Age Seq # Checksum Link count Bits
9.8.8.1 1769 0x80000095 0xE95A 2 None

9.8.8.1 31 0x80000091 0x4ED6 10.24.106.0
9.8.8.1 600 0x80000090 0xB11E 192.168.120.0
9.8.8.1 600 0x80000090 0x4015 200.200.200.2
Type 5 AS External Net Link States

9.8.8.1 670 0x80000091 0x69CA 0.0.0.0
9.8.8.1 30 0x80000091 0xBBDA 10.24.204.128

show ip ospf database asbr-summary

Use the show ip ospf database asbr-summary command to display information from the Open Shortest
Path First version 2 (OSPFv2) database regarding a specific router. There are several variations of this
command that can be used to obtain information about different OSPF link state advertisements. The
variations are shown below:
show ip ospf database asbr-summary

show ip ospf database asbr-summary <link-state id>
show ip ospf database asbr-summary <link-state id> adv-router <router id>
show ip ospf database asbr-summary <link-state id> adv-router <router id> internal
show ip ospf database asbr-summary <link-state id> internal
show ip ospf database asbr-summary <link-state id> self-originate
show ip ospf database asbr-summary <link-state id> self-originate internal
show ip ospf database asbr-summary adv-router <router id>
show ip ospf database asbr-summary adv-router <router id> internal
show ip ospf database asbr-summary internal
show ip ospf database asbr-summary self-originate
show ip ospf database asbr-summary self-originate internal
show ip ospf <process id> database asbr-summary
show ip ospf <process id> database asbr-summary <link-state id>
show ip ospf <process id> database asbr-summary <link-state id> adv-router <router id>
show ip ospf <process id> database asbr-summary <link-state id> adv-router <router id> internal
show ip ospf <process id> database asbr-summary <link-state id> internal
show ip ospf <process id> database asbr-summary <link-state id> self-originate
show ip ospf <process id> database asbr-summary <link-state id> self-originate internal
show ip ospf <process id> database asbr-summary adv-router <router id>
show ip ospf <process id> database asbr-summary adv-router <router id> internal
show ip ospf <process id> database asbr-summary internal
show ip ospf <process id> database asbr-summary self-originate
show ip ospf <process id> database asbr-summary self-originate internal
show ip ospf <process id> <area id> database asbr-summary
show ip ospf <process id> <area id> database asbr-summary <link-state id>
show ip ospf <process id> <area id> database asbr-summary <link-state id> adv-router <router id>
show ip ospf <process id> <area id> database asbr-summary <link-state id> adv-router <router id>
internal
show ip ospf <process id> <area id> database asbr-summary <link-state id> internal
show ip ospf <process id> <area id> database asbr-summary <link-state id> self-originate
show ip ospf <process id> <area id> database asbr-summary <link-state id> self-originate internal
show ip ospf <process id> <area id> database asbr-summary adv-router <router id>
show ip ospf <process id> <area id> database asbr-summary adv-router <router id> internal
show ip ospf <process id> <area id> database asbr-summary internal
show ip ospf <process id> <area id> database asbr-summary self-originate
show ip ospf <process id> <area id> database asbr-summary self-originate internal

Syntax Description
<link-state id> Optional. Displays information from a specific link state ID. The value defined
in this field is tied to the advertisement’s loop start (LS) type.
advertising router.
internal Optional. Displays the shortest path first (SPF) calculation results for the
LSAs and whether the LAS was used in route calculation.
Default Values
Command History
Functional Notes
The link state ID differs depending on whether the LSA in question describes a network or a router.
If describing a network, the link state ID is one of the following:

• The network’s IP address. This is true for type 3 summary link advertisements and in autonomous
system external link advertisements.
• An address obtained from the link state ID. If the network link advertisement’s link state ID is masked
with the network’s subnet mask, this will yield the network’s IP address.
If describing a router, the link state ID is always the router’s OSPF router ID.
Usage Examples
The following is sample output from the show ip ospf database asbr-summary command:
>enable
#show ip ospf 1 0 database asbr-summary

OSPF router with ID: 35.35.35.35 (Process ID 1)
Summary ASB Link States, Area 0
Link State age: 153

Link State type: Summary-ASB-LSA (0x0004)
Link State ID: 2.2.2.2
Advertising Router: 92.92.92.92
Sequence Number: 0x800003CC
Checksum: 0xA170
Options:
Length: 28
Metric: 2

show ip ospf database external

Use the show ip ospf external command to display Open Shortest Path First version 2 (OSPFv2)
information for external link state advertisements (LSAs). Variations of this command include:
show ip ospf database external

show ip ospf database external <link-state id>
show ip ospf database external <link-state id> adv-router <router id>
show ip ospf database external <link-state id> self-originate
show ip ospf database external adv-router <router id>
show ip ospf database external self-originate
show ip ospf <process id> database external
show ip ospf <process id> database external <link-state id>
show ip ospf <process id> database external <link-state id> adv-router <router id>
show ip ospf <process id> database external <link-state id> self-originate
show ip ospf <process id> database external adv-router <router id>
show ip ospf <process id> database external self-originate
show ip ospf <process id> <area id> database external
show ip ospf <process id> <area id> database external <link-state id>
show ip ospf <process id> <area id> database external <link-state id> adv-router <router id>
show ip ospf <process id> <area id> database external <link-state id> self-originate
show ip ospf <process id> <area id> database external adv-router <router id>
show ip ospf <process id> <area id> database external self-originate
Syntax Description
advertising router.
Default Values

Command History
include.
Release R11.3.0 Command was expanded to include the <process id>, and self-originate
parameters.
Functional Notes

Usage Examples
The following is sample output from the show ip ospf database external command:
>enable
#show ip ospf 61 database external

Type 5 AS External Net Link States
Link State age: 1626
Link State type: AS External (0x0005)
Sequence Number: 0x80000093
Checksum: 0x65CC
Options: E
Length: 36
Network Mask: 255.255.255.255
Metric Type: 1 (Comparable directly to link state metric)
Metric: 22222
Forward Address: 10.24.106.2
External Route Tag: 0x00000000

show ip ospf database network

Use the show ip ospf database network command to display Open Shortest Path First version 2
(OSPFv2) information for network links state advertisements (LSAs). Variations of this command include:
show ip ospf database network

show ip ospf database network <link-state id>
show ip ospf database network <link-state id> adv-router <router id>
show ip ospf database network <link-state id> self-originate
show ip ospf database network adv-router <router id>
show ip ospf database network self-originate
show ip ospf <process id> database network
show ip ospf <process id> database network <link-state id>
show ip ospf <process id> database network <link-state id> adv-router <router id>
show ip ospf <process id> database network <link-state id> self-originate
show ip ospf <process id> database network adv-router <router id>
show ip ospf <process id> database network self-originate
show ip ospf <process id> <area id> database network
show ip ospf <process id> <area id> database network <link-state id>
show ip ospf <process id> <area id> database network <link-state id> adv-router <router id>
show ip ospf <process id> <area id> database network <link-state id> self-originate
show ip ospf <process id> <area id> database network adv-router <router id>
show ip ospf <process id> <area id> database network self-originate
Syntax Description
advertising router.
Default Values

Command History
include.
parameters.
Functional Notes

Usage Examples
The following is sample output from the show ip ospf database network command:
>enable
#show ip ospf 61 database network
Network Link States, Area 0
Link State age: 60

Link State type: Network-LSA (0x0002)
Checksum: 0x3282
Options: E
Length: 32
Network Mask: 255.255.255.0
Number of Attached Routers: 2
Attached Router: 9.8.8.1

show ip ospf database router

Use the show ip ospf database router command to display Open Shortest Path First version 2 (OSPFv2)
information for router link state advertisements (LSAs). Variations of this command include:
show ip ospf database router

show ip ospf database router <link-state id>
show ip ospf database router <link-state id> adv-router <router id>
show ip ospf database router <link-state id> adv-router <router id> internal
show ip ospf database router <link-state id> internal
show ip ospf database router <link-state id> self-originate
show ip ospf database router <link-state id> self-originate internal
show ip ospf database router adv-router <router id>
show ip ospf database router adv-router <router id> internal
show ip ospf database router internal
show ip ospf database router self-originate
show ip ospf database router self-originate internal
show ip ospf <process id> database router
show ip ospf <process id> database router <link-state id>
show ip ospf <process id> database router <link-state id> adv-router <router id>
show ip ospf <process id> database router <link-state id> adv-router <router id> internal
show ip ospf <process id> database router <link-state id> internal
show ip ospf <process id> database router <link-state id> self-originate
show ip ospf <process id> database router <link-state id> self-originate internal
show ip ospf <process id> database router adv-router <router id>
show ip ospf <process id> database router adv-router <router id> internal
show ip ospf <process id> database router internal
show ip ospf <process id> database router self-originate
show ip ospf <process id> database router self-originate internal
show ip ospf <process id> <area id> database router
show ip ospf <process id> <area id> database router <link-state id>
show ip ospf <process id> <area id> database router <link-state id> adv-router <router id>
show ip ospf <process id> <area id> database router <link-state id> adv-router <router id> internal
show ip ospf <process id> <area id> database router <link-state id> internal
show ip ospf <process id> <area id> database router <link-state id> self-originate
show ip ospf <process id> <area id> database router <link-state id> self-originate internal
show ip ospf <process id> <area id> database router adv-router <router id>
show ip ospf <process id> <area id> database router adv-router <router id> internal
show ip ospf <process id> <area id> database router internal
show ip ospf <process id> <area id> database router self-originate
show ip ospf <process id> <area id> database router self-originate internal

Syntax Description
advertising router.
LSAs and whether the LAS was used in route calculation.
Default Values
Command History
include.
Release R11.3.0 Command was expanded to include the <process id>, internal, and
self-originate parameters.
Functional Notes


Usage Examples
The following is sample output from the show ip ospf database router command:
>enable
#show ip ospf 61 database router
Link State age: 350

Link State type: Router-LSA (0x0001)
Sequence Number: 0x8000009D
Checksum: 0x4210
Options: E
Length: 40
Flags: Area Border Router, AS Boundary Router
Number of Links: 1
Link connected to: Transit network Link
(Link ID} Designated Router address: 5.5.5.5
(Link Data) Router Interface address: 9.8.8.1
TOS 0 Metric: 1

show ip ospf database summary

Use the show ip ospf database summary command to display Open Shortest Path First version 2
(OSPFv2) information for summary link state advertisements (LSAs). Variations of this command include:
show ip ospf database summary

show ip ospf database summary <link-state id>
show ip ospf database summary <link-state id> adv-router <router id>
show ip ospf database summary <link-state id> self-originate
show ip ospf database summary adv-router <router id>
show ip ospf database summary self-originate
show ip ospf <process id> database summary
show ip ospf <process id> database summary <link-state id>
show ip ospf <process id> database summary <link-state id> adv-router <router id>
show ip ospf <process id> database summary <link-state id> self-originate
show ip ospf <process id> database summary adv-router <router id>
show ip ospf <process id> database summary self-originate
show ip ospf <process id> <area id> database summary
show ip ospf <process id> <area id> database summary <link-state id>
show ip ospf <process id> <area id> database summary <link-state id> adv-router <router id>
show ip ospf <process id> <area id> database summary <link-state id> self-originate
show ip ospf <process id> <area id> database summary adv-router <router id>
show ip ospf <process id> <area id> database summary self-originate
Syntax Description
advertising router.
Default Values

Command History
include.
parameters.
Functional Notes

Usage Examples
The following is sample output from the show ip ospf database summary command:
>enable
#show ip ospf 61 database summary
Link State age: 689

Link State type: Summary Network (0x0003)
Checksum: 0x5F4E
Options: E
Length: 28
Network Mask: /24
Metric: 1

show ip ospf interface

Use the show ip ospf interface command to display Open Shortest Path First version 2 (OSPFv2)
information for a specific interface. Variations of this command include:
show ip ospf interface

show ip ospf interface <interface>
show ip ospf interface system-control-evc
show ip ospf interface system-management-evc
Syntax Description
dot11ap 1/1.1. Type show ip ospf interface ? for a complete list of
system-control-evc Optional. Displays OSPF information for the system control Ethernet virtual
connection (EVC)
system-management-evc Optional. Displays OSPF information for the system management EVC.
Default Values
Command History
include.
Release R11.3.0 Command was expanded to include the demand and Ethernet in the first
mile (EFM) group interfaces and the system-control-evc and

Usage Examples
The following example shows OSPF information for the PPP 1 interface.
>enable
#show ip ospf 61 interface
eth 0/1.106 is UP, line protocol is UP
IP address: 10.24.106.10 255.255.255.0, Area: 0
Process ID 61, Router ID: 9.8.8.1, Network type: Broadcast, Cost: 1
Transmit delay: 1, State: DR, Priority: 1
Designated Router (ID): 9.8.8.1, Interface Address: 10.24.106.10
Backup Designated Router (ID): 200.200.200.2, Interface Address: 10.24.106.2
Timer intervals: Hello: 10, Dead: 40, Retransmit: 5
Hello due in: 00:00:08
Number of neighbors: 1, Adjacent neighbors: 1
Adjacent with neighbor: 200.200.200.2 (Backup Designated Router)
loop 97 is UP, line protocol is UP
IP address: 9.8.7.1 255.255.255.0, Area: 1
Process ID 61, Router ID: 9.8.8.1, Network type: Point-to-point, Cost: 1
Transmit delay: 1, State: PTPT, Priority: 1
loop 98 is UP, line protocol is UP
IP address: 9.8.8.1 255.255.255.0, Area: 1
Process ID 61, Router ID: 9.8.8.1, Network type: Point-to-point, Cost: 1
Transmit delay: 1, State: PTPT, Priority: 1

show ip ospf neighbor

Use the show ip ospf neighbor command to display Open Shortest Path First version 2 (OSPFv2)
neighbor information for a specific interface. Variations of this command include:

show ip ospf neighbor detail
show ip ospf neighbor <interface>
show ip ospf neighbor <interface> detail
show ip ospf neighbor <interface> <neighbor id>
show ip ospf neighbor <interface> <neighbor id> detail
show ip ospf neighbor <neighbor id>
show ip ospf neighbor <neighbor id> detail
show ip ospf neighbor system-control-evc
show ip ospf neighbor system-control-evc detail
show ip ospf neighbor system-control-evc <neighbor id>
show ip ospf neighbor system-control-evc <neighbor id> detail
show ip ospf neighbor system-management-evc
show ip ospf neighbor system-management-evc detail
show ip ospf neighbor system-management-evc <neighbor id>
show ip ospf neighbor system-management-evc <neighbor id> detail
Syntax Description
dot11ap 1/1.1. Type show ip ospf neighbor ? for a complete list of
<neighbor id> Optional. Specifies a specific neighbor’s router ID.
detail Optional. Displays detailed information on neighbors.
system-control-evc Optional. Displays OSPF neighbor information for the system control
Ethernet virtual connection (EVC)
system-management-evc Optional. Displays OSPF neighbor information for the system management
EVC.

Default Values
Command History
include.
Ethernet interface.
Release R11.3.0 Command expanded to include the asynchronous transfer mode (ATM),
bridged virtual interface (BVI), demand, Ethernet in the first mile (EFM)
group, Gigabit Ethernet, and loopback interfaces. The command was also
expanded to include the system-control-evc and
Usage Examples
The following example shows detailed information on the OSPF neighbors:
>enable
#show ip ospf neighbor
OSPF router with ID: 9.8.8.1, Process ID 61, VRF RED
Neighbor ID Pri State Dead Time Interface ID Interface

204.204.204.61 1 FULL/BDR 00:00:38 20 eth 0/1.106

show ip ospf summary-address

Use the show ip ospf summary-address command to display a list of all summary address redistribution
information for the system.Variations of this command include:

show ip ospf <process id> summary-address
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following example displays the summary address redistribution information for process 61:
>enable
#show ip ospf 61 summary-address
OSPF Summary Addresses, Process ID 61, VRF RED:
8.7.0.0/255.255.0.0 Metric 11111, Type 1, advertise

show ip pim-sparse
Use the show ip pim-sparse command to display protocol-independent multicast (PIM) configuration
information. Sparse mode or PIM-SM is a routing protocol used to establish and maintain the multicast
distribution tree. Routers can participate in the shared tree (RPT) rooted at the rendezvous point (RP)
router or the shortest path tree (SPT) rooted at a multicast source. PIM-SM also establishes both shared
trees and SPTs. Variations of this command include:
show ip pim-sparse
show ip pim-sparse interfaces <interface>
show ip pim-sparse neighbor
show ip pim-sparse rp-map
show ip pim-sparse rp-set
show ip pim-sparse state
show ip pim-sparse traffic
Syntax Description
interfaces <interface> Optional. Displays PIM-SM configuration and status information for a
specific interface. Specify an interface in the format <interface type [slot/port
| slot/port.subinterface id | interface id | interface id.subinterface id | ap |
dot11ap 1/1.1. Type show ip pim-sparse interface ? to display a list of
neighbor Optional. Displays neighbor adjacency information.
rp-map Optional. Displays active group-to-RP mappings.
rp-set Optional. Displays a list of statically configured RP candidates. The
multicast group IP address is 224.0.0.0 /4 when no access group was
applied to the rp-address command (refer to rp-address <ip address> on
page 4188). Otherwise, it is the name of the access group.
state Optional. Displays multicast route PIM state information.
traffic Optional. Displays active PIM-SM control traffic statistics.
Default Values

Command History
include.
Ethernet interface.
Usage Examples
The following is sample output from the show ip pim-sparse command:
>enable
#show ip pim-sparse
Global PIM Sparse Mode Settings
Join/Prune interval: 60, SPT threshold: 1
The following is sample output from the show ip pim-sparse interfaces command:
>enable
#show ip pim-sparse interfaces
eth 0/1 is UP
PIM Sparse
DR: itself
Local Address: 192.168.1.254
Hello interval (sec): 30, Neighbor timeout (sec): 105
Propagation delay (ms): 500, Override interval (ms): 2500
tunnel 1 is UP
PIM Sparse
DR: 172.16.1.10
tunnel 2 is UP
PIM Sparse
DR: 172.16.2.10
The following is sample output from the show ip pim-sparse neighbor command:
>enable
#show ip pim-sparse neighbor

Port Neighbor Holdtime(sec) Age(sec) Uptime(sec)

------------------------------------------------------------------------------------------------------
tunnel 1 172.16.1.10 105 19 241908
tunnel 2 172.16.2.10 105 23 241913
The following is sample output from the show ip pim-sparse rp-map command:
>enable
#show ip pim-sparse rp-map
Number of group-to-RP mappings: 5
Group address RP address
---------------------------------------------------------
225.1.0.1 192.168.0.254
225.1.0.2 192.168.0.254
225.1.0.3 192.168.0.254
The following is sample output from the show ip pim-sparse rp-set command:
>enable
#show ip pim-sparse rp-set
Group address Static-RP-address
--------------------------------------------------------------
224.0.0.0/4 192.168.0.254
MCAST_ACL_1 192.168.1.254
MCAST_ACL_2 192.168.2.254
MCAST_ACL_3 192.168.3.254
The following is sample output from the show ip pim-sparse state command:
>enable
#show ip pim-sparse state
PIM-SM State Table
Flags: S - Sparse, C - Connected, P - Pruned, J - Join SPT, T - SPT-bit Set,
F - Register, R - RP-bit Set
Timers: Uptime/Expires
(*, 225.1.0.1), 02:42:03/00:03:04, RP 192.168.0.254, Flags: SC

Forwarding Entry: Yes
Incoming interface: tunnel 2, RPF nbr 172.16.2.10
Upstream Join/Prune State: Joined
Register State: No Info
RegStop Timer (sec): stopped
Join/Prune Timer (sec): 57
Override Timer (sec): stopped
Multicast Border Router: 0.0.0.0
Packets Forwarded: 2

Outgoing interface list:

eth 0/1, Forward, 02:42:03/00:03:03
Downstream Join/Prune State: Join
Assert Winner State: No Info
Assert Timer (sec): stopped
Assert Winner: 0.0.0.0
Assert Winner Metric: infinity
Local Membership: Yes
Forwarding State: Forwarding
Inherited output list:
eth 0/1
The following is sample output from the show ip pim-sparse traffic command:
>enable
#show ip pim-sparse traffic
Rx Tx Rx Tx
Port: eth 0/1
Hello: 7 8334 J/P: 0 0
Register: 0 0 RegStop: 0 0
Assert: 0 0
Port: tunnel 1
Hello: 8327 8333 J/P: 0 57
Assert: 0 0
Port: tunnel 2
Hello: 8323 8334 J/P: 0 11949
Assert: 0 0
Total
Hello: 16657 25001 J/P: 0 12006
Assert: 0 0

show ip policy
Use the show ip policy command to display the interfaces which have route maps configured. This
command is used for troubleshooting policy-based routing.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show ip policy command:
>enable
#show ip policy
Interface Route-map
eth 0/1 ISP_A
eth 0/2 ISP_B

show ip policy-class
Use the show ip policy-class command to display the configured session limit and specific host IP
addresses of all current sessions. Refer to ip policy-class <ipv4 acp name> on page 1426 for information
on configuring access policies.Variations of this command include:
show ip policy-class
show ip policy-class <name>
show ip policy-class host-sessions
show ip policy-class <name> host-sessions
Syntax Description
host-sessions Optional. Displays specific host IP addresses of all current sessions.
<name> Optional. Displays policy class information for a specific policy class.
Default Values
Command History
Release 12.1 Command was expanded to include host-sessions.
include.

Usage Examples
The following is sample output from the show ip policy-class command:
>enable
#show ip policy-class
Maximum policy-sessions: 17400

Policy-class “Private”:
136 current sessions (5800 max)
Entry 1 - allow list self self
Entry 2 - nat source list wizard-ics interface ppp 1 overload
Policy-class “Public”:
0 current sessions (5800 max)
The following is sample output from the show ip policy-class host-sessions command:
>enable
#show ip policy-class host-sessions
100 policy-sessions allowed per source address.
Src IP Address Sessions

--------------- --------
192.168.1.100 1
192.168.1.101 35
192.168.1.121 100 (maximum allowed)
Policy-class “Public”:
No limit for policy-sessions allowed per host.
The following is sample output from the show ip policy-class <name> host-sessions command for the
policy class named Private:
>enable
#show ip policy-class Private host-sessions
100 policy-sessions allowed per source address.
Src IP Address Sessions

--------------- --------
192.168.1.100 1
192.168.1.101 35
192.168.1.121 100 (maximum allowed)

show ip policy-sessions
Use the show ip policy-sessions command to display a list of current Internet Protocol version 4 (IPv4)
access control policy (ACP) associations. Refer to ip policy-class <ipv4 acp name> on page 1426 for
information on configuring ACPs. Variations of this command include:
show ip policy-sessions
show ip policy-sessions <ipv4 acp name>
show ip policy-sessions <ipv4 acp name> include-deleted
show ip policy-sessions <ipv4 acp name> timeline
show ip policy-sessions any-vrf
show ip policy-sessions any-vrf include-deleted
show ip policy-sessions any-vrf timeline
show ip policy-sessions include-deleted
show ip policy-sessions pending
show ip policy-sessions timeline
show ip policy-sessions vrf <name>
show ip policy-sessions vrf <name> include-deleted
show ip policy-sessions vrf <name> timeline
Syntax Description
<ipv4 acp name> Optional. Displays policy class associations for the specified IPv4 ACP.
include-deleted Optional. Displays all IPv4 ACP firewall sessions, including active
associations (through which the firewall is allowed to pass traffic), and
associations flagged for deletion (through which the firewall is forbidden to
pass traffic). Associations flagged for deletion will usually be freed within a
few seconds of timeout or deletion, depending on packet congestion;
servicing of packets is given priority. New traffic matching an association will
create a new active association, provided the traffic still matches an ACP
allow or network address translation (NAT) entry. (This parameter is only
valid on the NetVanta 3200.)
timeline Optional. Displays a timeline of IPv4 ACP firewall session creations and
peak numbers of policy sessions per hour over the last 24 hours.
any-vrf Optional. Displays information for all virtual routing and forwardings (VRFs),
including the default.
pending Optional. Displays any currently pending ACP sessions.

vrf <name> Optional. Displays information only for the specified VRF. If a VRF is not
specified, the default unnamed VRF is assumed.
Default Values
Command History
Release 11.1 Command was expanded to include the all parameter.
Release 17.1 Command was expanded to include the parameters vrf and
include-deleted (NetVanta 3200 only), as well as the modifiers begin,
Release 17.5 Command was expanded to include the timeline parameter.
Functional Notes
Usage Examples
The following is sample output from the show ip policy-sessions command, and displays information for
IPv4 ACPs:
>enable
#show ip policy-sessions
Protocol (TTL) [in crypto map] -> [out crypto map] Dest VRF, Dest policy-class
Src IP Address Src Port Dest IP Address Dst Port NAT IP Address NAT Port
-------------------------------------------------------------------------------------------------------------------------------------------
Policy class “Public”:
tcp (13)
192.168.1.142 2621 192.168.19.2 1 10.10.10.1 3000
tcp (13)
192.168.1.142 2622 192.168.19.2 2 10.10.10.1 3001
tcp (13)
192.168.1.142 2623 192.168.19.2 3 10.10.10.1 3002

The following is sample output from the show ip policy-sessions include-deleted command:
>enable
#show ip policy-sessions include-deleted
Src Vrf (if not default), Src policy class:
-------------------------------------------------------------------------------------------------------------------------------------------
Policy class "Private":
Policy class “Private_Aqua”:
Policy class “Private_Black”:
Policy class “Private_Crimson”:
Policy class “Private_Green”:
Policy class “Private_Orange”:
Policy class “Private_Purple”:
Policy class “Private_Yellow”:
Policy class "Public":
Policy class "Public2":
Policy class "self":
udp (60) -> Public2
10.22.160.134 1027 10.22.160.254 53
Policy class "default":
The following is sample output from the show ip policy-sessions any-vrf include-deleted command:
>enable
#show ip policy-sessions any-vrf include-deleted
Src Vrf (if not default), Src policy class:

-------------------------------------------------------------------------------------------------------------------------------------------
Policy class "Private":
Policy class "Public":
Policy class "self":
Policy class "default":
VRF "Green", Policy class "Private":
tcp (418) -> Black, Public
192.168.121.2 35257 192.168.10.19 21 s 192.168.9.2 35257
192.168.121.2 35333 192.168.10.19 20 s 192.168.9.2 2759
192.168.121.2 65283 192.168.10.207 80 s 192.168.9.2 65283
192.168.121.2 1606 192.168.10.209 80 s 192.168.9.2 1606


192.168.121.2 3648 192.168.10.210 80 s 192.168.9.2 3648
192.168.121.3 52429 192.168.10.19 21 s 192.168.9.2 52429
VRF "Green", Policy class "Public":
VRF "Green", Policy class "self":
VRF "Green", Policy class "default":
VRF "Black", Policy class "Private":
VRF "Black", Policy class "Public":
VRF "Black", Policy class "self":
VRF "Black", Policy class "default":
The following is sample output from the show ip policy-sessions timeline command:
#show ip policy-sessions timeline

Period: Feb 08 12:00 - Feb 09 12:00 Current Time: 09 Feb 2009 12:54:46
Hour New Peak

--------- ---------- -------
12:00 13115 818
13:00 13810 769
14:00 13177 748
15:00 13373 753
16:00 14451 982
17:00 13555 831
18:00 13825 741
19:00 14130 827
20:00 13005 870
21:00 13640 803
22:00 13081 781
23:00 13893 799
00:00 13003 783
01:00 14077 937
02:00 13240 854
03:00 12448 803
04:00 12518 1018
05:00 12533 843
06:00 12818 752
07:00 16119 934
08:00 22813 996
09:00 20361 1041
10:00 28474 1221
11:00 20361 1454

#show ip policy-sessions pending

Protocol (TTL, [P]), ALG Name [Flags] [in crypto map] -> [out crypto map]
(P - Persistent. Pending session is duplicated before being made active)
(* - Primary selector, compared when searching the pending session list)
Src IP Address Src Port Dest IP Address Dst Port Policy Class [Selector 1]
Src IP Address Src Port Dest IP Address Dst Port Policy Class [Selector 2]
--------------- -------- ---------------- -------- ------------
udp (53), [0x20040C22 0x00000000]
192.168.48.100 5738 10.22.11.33 0 PRIVATE
* 10.22.11.33 0 10.22.11.48 57388 PUBLIC
udp (60), [0x20040C22 0x00000000]
192.168.48.100 57388 10.22.11.33 0 PRIVATE
* 10.22.11.33 0 10.22.11.48 57388 PUBLIC

show ip policy-stats
Use the show ip policy-stats command to display a list of current Internet Protocol version 4 (IPv4) access
control policy (ACP) statistics. Refer to ip policy-class <ipv4 acp name> on page 1426 for information on
configuring IPv4 ACPs. Variations of this command include:
show ip policy-stats
show ip policy-stats <ipv4 acp name>
Syntax Description
<ipv4 acp name> Optional. Displays policy class statistics for a specific IPv4 ACP.
Default Values
Command History
include.
Usage Examples
The following example displays a list of current IPv4 ACP statistics:
>enable
#show ip policy-stats

show ip prefix-list
Use the show ip prefix-list command to display Border Gateway Protocol (BGP) prefix list information.
show ip prefix-list <name>

show ip prefix-list detail <name>
show ip prefix-list summary <name>
Syntax Description
<name> Shows information for a specific prefix list.
detail Optional. Shows a listing of the prefix list rules and their hit counts.
summary Optional. Shows information about the entire prefix list.
Default Values
Command History
include.
Functional Notes
If the show ip prefix-list command is issued with no arguments, a listing of the prefix-list rules, but no hit
count statistics, is displayed.
Usage Examples
The following example displays information about the prefix list test.
>enable
#show ip prefix-list test
ip prefix-list test: 4 entries
seq 5 permit 0.0.0.0/0 ge 8 le 8
seq 10 deny 0.0.0.0/0 ge 9 le 9
seq 15 permit 0.0.0.0/0 ge 10 le 10
seq 20 deny 0.0.0.0/0 ge 11

show ip protocols
Use the show ip protocols command to display IP routing protocol parameters and statistics. Variations of
show ip protocols
show ip protocols vrf <name>
Syntax Description
vrf <name> Optional. Displays IP routing protocol parameters and statistics for the
specified virtual routing and forwarding (VRF) instance. If no VRF is
specified, statistics displayed are for the default (unnamed) VRF instance.
Default Values
Command History
include.
Release 18.3 Command was expanded to include the vrf <name> parameter.
Usage Examples
The following is sample output from the show ip protocols command:
>enable
#show ip protocols
Sending updates every 30 seconds, next due in 8 seconds
Invalid after 180 seconds, hold down time is 120 seconds
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Ver. Rec Ver.
eth 0/1 2 2
ppp 1 2 2
Routing for networks:
1.1.1.0/24

show ip route
Use the show ip route command to display the contents of the Internet Protocol version 4 (IPv4) route
table. Variations of this command include:
show ip route
show ip route <ipv4 address>
show ip route <ipv4 address> <subnet mask>
show ip route <ipv4 address> longer-prefixes
show ip route <ipv4 address> <subnet mask> longer-prefixes
show ip route bgp
show ip route bgp verbose
show ip route connected
show ip route ospf
show ip route ospf verbose
show ip route rip
show ip route rip verbose
show ip route static
show ip route static verbose
show ip route summary
show ip route summary realtime
show ip route table
show ip route vrf <name>
show ip route vrf <name> <ipv4 address>
show ip route vrf <name> <ipv4 address> <subnet mask>
show ip route vrf <name> <ipv4 address> longer-prefixes
show ip route vrf <name> <ipv4 address> <subnet mask> longer-prefixes
show ip route vrf <name> bgp
show ip route vrf <name> connected
show ip route vrf <name> ospf
show ip route vrf <name> rip
show ip route vrf <name> static
show ip route vrf <name> summary
show ip route vrf <name> table

your unit.
Syntax Description
<subnet mask> Optional. Specifies the subnet mask that corresponds to a range of IPv4
addresses (network) or a specific host. Subnet masks can be expressed in
dotted decimal notation (for example, 255.255.255.0) or as a prefix length
(for example, /24).
bgp Optional. Displays only the IPv4 routes associated with Border Gateway
Protocol (BGP).
connected Optional. Displays only the IPv4 routes for directly connected networks.
longer-prefixes Optional. Displays only the IPv4 routes matching the specified network.
ospf Optional. Displays only the IPv4 routes associated with Open Shortest Path
First version 2 (OSPFv2).
rip Optional. Displays only the IPv4 routes that were dynamically learned
through Routing Information Protocol (RIP).
static Optional. Displays only the IPv4 routes that were statically entered.
summary Optional. Displays a summary of all IPv4 route information.
summary realtime Optional. Displays full-screen output in real time. Refer to the Functional
table Optional. Displays a condensed version of the IPv4 route table.
vrf <name> Optional. Displays only the IPv4 routes for the specified virtual routing and
forwarding (VRF).
Default Values
Command History
Release 16.1 Expanded to include the vrf parameter.
include.
Release A1 Command was expanded to include the verbose parameter.
Release 17.2 Command was enhanced to show the best route to the given IP address
and the longer-prefixes parameter was added.

Functional Notes
page 1125).
Usage Examples
The following example shows how to display IPv4 routes learned via BGP. The values in brackets after a
BGP route entry represent the entry's administrative distance and metric:
>enable
#show ip route bgp
Codes: C - connected, S - static, R - RIP, O - OSPF, B - BGP
IA - OSPF inter area, N1 - OSPF NSSA external type 1
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1
E2 - OSPF external type 2
Gateway of last resort is 10.15.43.17 to network 0.0.0.0
B 1.0.0.0/8 [30/0] via 10.15.43.17, fr 1.17
B 2.0.0.0/9 [30/0] via 10.15.43.17, fr 1.17
B 2.128.0.0/10 [30/0] via 10.15.43.17, fr 1.17
B 2.192.0.0/11 [30/0] via 10.15.43.17, fr 1.17
B 2.224.0.0/12 [30/0] via 10.15.43.17, fr 1.17
B 2.240.0.0/13 [30/0] via 10.15.43.17, fr 1.17
The following example shows output for the show ip route vrf RED summary command.
>enable
#show ip route vrf RED summary
Route Source FIB Local-RIB
Connected 16 16
Static 16 16
Other 31 31
Total 63 63

The following example shows how to display IPv4 routes learned in VRF RED. The values in brackets after
a route entry represent the entry's administrative distance and metric:
>enable
#show ip route vrf RED
IA - OSPF inter area, N1 - OSPF NSSA external type 1
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1
E2 - OSPF external type 2
S 0.0.0.0/0 [1/0] via 192.168.1.1, eth 0/2.301
C 192.168.1.0/24 is directly connected, eth 0/2.301
C 192.168.50.0/30 is directly connected, fr 1.16
C 192.168.54.0/30 is directly connected, ppp 1
C 192.168.55.0/30 is directly connected, hdlc 1
S 192.168.101.0/24 [1/0] via 192.168.50.1, fr 1.16
S 192.168.102.0/24 [1/0] via 192.168.51.1, fr 2.16
S 192.168.106.0/24 [1/0] via 192.168.55.1, hdlc 1
S 192.168.107.0/24 [1/0] via 192.168.56.1, fr 11.16
S 192.168.109.0/24 [1/0] via 192.168.1.253, eth 0/2.301
The following example shows output for the show ip route command. The values in brackets after a route
entry represent the entry's administrative distance and metric:
>enable
#show ip route
E1 - OSPF external type 1, E2 - OSPF external type 2
IA - OSPF inter area
S 0.0.0.0/0 [1/0] via 10.22.18.254, eth 0/1

S 10.22.16.0/24 [1/0] via 10.22.18.254, eth 0/1
S 10.22.17.0/24 [1/0] via 10.22.18.254, eth 0/1
C 10.22.18.0/24 is directly connected, eth 0/1
C 192.168.25.0/31 is directly connected, loop 1
C 192.168.249.0/24 is directly connected, eth 0/2

The following example shows output for the show ip route <ipv4 address> command. This data explains
the resulting route a packet will be sent through.
>enable
#show ip route 10.22.16.16
Routing entry for 10.22.16.0/24
Known via “static”
Distance 1, metric 0, candidate default path
Routing Next Hop(s):
10.22.18.254, via eth 0/1
Route metric is 0
The following example shows output for the show ip route <ipv4 address> longer-prefixes command.
Using the longer-prefixes parameter displays only the matching routes.
>enable
#show ip route 10.22.16.0 longer-prefixes
E1 - OSPF external type 1, E2 - OSPF external type 2
IA - OSPF inter area

show ip route-cache express

Use the show ip route-cache express command to display the addresses currently being express cached in
hardware. Variations of this command include:
show ip route-cache express

show ip route-cache express count
Syntax Description
count Optional. Displays only the total number of entries stored in the route cache.
Default Values
Command History
Usage Examples
The following is sample output from the show ip route-cache express command:
>enable
#show ip route-cache express
DESTINATION MASK GATEWAY
----------------------------------------------------------------------------------------
199.0.50.2 255.255.255.255 10.100.43.251
199.0.45.2 255.255.255.255 10.100.43.251
198.110.47.2 255.255.255.255 10.100.43.251
198.50.42.2 255.255.255.255 10.100.43.251
198.0.46.2 255.255.255.255 10.100.43.251
198.0.41.2 255.255.255.255 10.100.43.251
The following is sample output from the show ip route-cache express count command:
>enable
#show ip route-cache express count
Total number of express routes: 26

show ip route-cache express host-table

Use the show ip route-cache express host-table command to display the hardware host entries currently
used to route packets to directly connected networks in Layer 3 switching. Variations of this command
include:
show ip route-cache express host-table

show ip route-cache express host-table count
Syntax Description
count Optional. Specifies the output is limited to the number of entries stored in
the Address Resolution Protocol (ARP) table.
Default Values
Command History
Usage Examples
The following is sample output from the show ip route-cache express host-table command:
>enable
#show ip route-cache express host-table
DESTINATION MAC ADDRESS INTERFACE
-------------------------------------------------------------------------------------------
10.23.131.254 00:A0:C8:00:7E:D3 vlan 1
20.1.1.2 00:DE:AD:00:55:55 vlan 20
21.1.1.2 00:A0:C8:00:78:A8 vlan 21
22.1.1.2 00:A0:C8:24:7E:6A vlan 22

show ip security
Use the show ip security command to display a list of threats with descriptions, corresponding IDs, default
weights, and current weights. Variations of this command include:
show ip security any-vrf blocked-traffic timeline

show ip security any-vrf threats
show ip security any-vrf threats <id>
show ip security any-vrf threats <id> realtime
show ip security any-vrf threats realtime
show ip security any-vrf threats sort-by first-observed
show ip security any-vrf threats sort-by first-observed realtime
show ip security any-vrf threats sort-by hits
show ip security any-vrf threats sort-by hits realtime
show ip security any-vrf threats sort-by id
show ip security any-vrf threats sort-by id realtime
show ip security any-vrf threats sort-by last-observed
show ip security any-vrf threats sort-by last-observed realtime
show ip security any-vrf threats sort-by weight
show ip security any-vrf threats sort-by weight realtime
show ip security blocked-traffic timeline
show ip security threats
show ip security threats <id>
show ip security threats <id> realtime
show ip security threats realtime
show ip security threats sort-by first-observed
show ip security threats sort-by first-observed realtime
show ip security threats sort-by hits
show ip security threats sort-by hits realtime
show ip security threats sort-by id
show ip security threats sort-by id realtime
show ip security threats sort-by last-observed
show ip security threats sort-by last-observed realtime
show ip security threats sort-by weight
show ip security threats sort-by weight realtime
show ip security vrf <name> blocked-traffic timeline
show ip security vrf <name> threats
show ip security vrf <name> threats <id>
show ip security vrf <name> threats <id> realtime
show ip security vrf <name> threats realtime
show ip security vrf <name> threats sort-by first-observed
show ip security vrf <name> threats sort-by first-observed realtime
show ip security vrf <name> threats sort-by hits
show ip security vrf <name> threats sort-by hits realtime
show ip security vrf <name> threats sort-by id
show ip security vrf <name> threats sort-by id realtime

show ip security vrf <name> threats sort-by last-observed

show ip security vrf <name> threats sort-by last-observed realtime
show ip security vrf <name> threats sort-by weight
show ip security vrf <name> threats sort-by weight realtime
Syntax Description
any-vrf Optional. Displays every available virtual routing and forwarding (VRF) on
the device.
blocked-traffic timeline Optional. Displays an hour-by-hour count of blocked threats and policy
discards.
first-observed Optional. Sorts the threat list by the first-observed threat.
hits Optional. Sorts the threat list by number of hits.
id Optional. Sorts the threat list by threat ID.
<id> Optional. Displays a specific threat as identified by its threat ID.
last-observed Optional. Sorts the threat list by the last-observed threat.
realtime Optional. Lists the threats as they occur in real time rather than historical
threat data.
sort-by <option> Optional. Defines the criteria, by <option>, by which the threat list will be
sorted. If sort-by is not indicated, the list will be sorted using the
descending order of hits. All options will be sorted in descending order with
the exception of threat IDs.
threats Optional. Displays all observed security threats.
vrf <name> Optional. Displays a specified named VRF.
weight Optional. Sorts the threat list by threat weight.
Default Values
Command History
Functional Notes
The show ip security command displays a list of threats with descriptions, corresponding IDs, default
weights, and current weights. For threats that have been observed the number of hits, the time it was first
observed, and the time it was most recently observed is displayed. Threat lists are sorted by hits unless
another option is chosen by the user. All sorting options are displayed in descending order except for
threat IDs. A single ID can be specified to display only that threat’s information. The unnamed default VRF
is implied unless a named VRF or any-vrf is specified. Historical data is displayed unless realtime is
specified. Threats that have been blocked on the default unnamed VRF or any-vrf can also be viewed
using blocked-traffic timeline.

Usage Examples
The following example displays a list of all threats on the default unnamed VRF sorted by threat weight:
>enable
#show ip security threats sort-by weight
The following example displays an hour-by-hour count of all blocked threats on the named VRF MyVRF:
>enable
#show ip security vrf MyVRF blocked-traffic timeline

show ip traffic
Use the show ip traffic command to display all Internet Protocol version 4 (IPv4) traffic statistics.
show ip traffic
show ip traffic netstat
show ip traffic realtime
your unit.
Syntax Description
netstat Optional. Displays active IPv4 Transmission Control Protocol (TCP)
connections.
Default Values
Command History
include.
Release 17.5 Command was expanded to include the netstat keyword.

Functional Notes
page 1125).
Usage Examples
The following example displays all IPv4 traffic statistics:
>enable
#show ip traffic
IP statistics:
Routing discards: 0
Rcvd: 15873 total, 7617 delivered
0 header errors, 0 address errors
0 checksum errors, 0 bad hop counts
Sent: 8281 generated, 4459 forwarded
0 no routes, 0 discards
Frags: 0 reassemble required, 0 reassembled, 0 couldn't reassemble
0 created, 0 fragmented, 0 couldn't fragment
UDP statistics:
Rcvd: 3822 total, 0 checksum errors, 0 no port
Sent: 3822 total
TCP statistics:
Retrans Timeout Algorithm: 0
Min retrans timeout (ms): 0
Max retrans timeout (ms): 0
Max TCP Connections: 0
0 active opens, 64 passive opens, 0 failed attempts
5 establish resets, 1 establish current
3795 segments received, 4459 segments sent, 26 segments retransmitted

show ip urlfilter
Use the show ip urlfilter command to display configured uniform resource locator (URL) filter and server
information.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show ip urlfilter command:
>enable
#show ip urlfilter
Configured for Websense URL filtering.

Filters
-------
Name: “filter1”
Ports: HTTP(80)
Interfaces that filter is applied to:
eth 0/2 inbound
Servers
-------
IP address: 10.100.23.116
Port: 15868
Timeout: 5
Excluded domains
----------------
Permit www.adtran.com
Other Settings

show ip urlfilter exclusive-domain

Use the show ip urlfilter exclusive-domain command to display all configured domains excluded (either
always allowed or always blocked) from uniform resource locator (URL) filtering.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show ip urlfilter exclusive-domain command:
>enable
#show ip urlfilter exclusive-domain
Excluded domains
----------------
Permit www.adtran.com

show ip urlfilter statistics

Use the show ip urlfilter statistics command to display statistics for uniform resource locator (URL) filter
requests and responses.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show ip urlfilter statistics command:
>enable
#show ip urlfilter statistics
Current outstanding requests to filter server: 0

Current response packets buffered from web server: 2
Max outstanding requests to filter server: 3
Max response packets buffered from web server: 5
Total requests sent to filter server: 400
Total responses received from filter server: 400
Total requests allowed: 398
Total requests blocked: 2

show ip urlfilter top-websites

Use the show ip urlfilter top-websites command to display configured uniform resource locator (URL)
filter and top websites reporting information. Variations of this command include the following:
show ip urlfilter top-websites

show ip urlfilter top-websites <number>
show ip urlfilter top-websites all
show ip urlfilter top-websites all <number>
show ip urlfilter top-websites daily
show ip urlfilter top-websites daily <number>
show ip urlfilter top-websites hourly
show ip urlfilter top-websites hourly <number>
Syntax Description
all Optional. Specifies that top websites statistics for all lists will be displayed.
daily Optional. Specifies that top websites statistics in daily increments will be
displayed.
hourly Optional. Specifies that top websites statistics in hourly increments will be
displayed.
<number> Optional. Specifies how many websites to show on the report. Range is 5 to
20 websites.
Default Values
By default, a 15-minute incremented list of the 10 top websites requests is shown.
Command History
include.
Functional Notes
The top websites statistic lists show the previous interval, not the current one. The output shows the period
for which the statistics were collected, as well as the current time so it can be determined when the next
update will occur.

Usage Examples
The following example displays the top 5 websites visited in the last 15 minutes:
#show ip urlfilter top-websites 5
Top Websites Visited
Period: Apr 26 08:55:00--Apr 26 09:10:00 Current Time: 09:15:34
Allow mode: enabled
The visits listed below are visits which were permitted. These statistics do not include websites explicitly
filtered using exclusive domains.
Domain Name Visits Last Visitor Visit Time

www.gmail.com 767 10.22.160.7 Apr 26 08:55:47
www.google.com 540 10.22.160.88 Apr 26 09:05:27
www.adtran.com 67 10.22.160.107 Apr 26 08:59:16
www.cisco.com 67 10.22.160.5 Apr 26 09:01:05
www.partypoker.com 15 10.22.160.45 Apr 26 09:04:43

show ipv6 access-list

Use the show ipv6 access-list command to display all configured Internet Protocol version 6 (IPv6) access
control lists (ACLs) in the system. Variations of this command include:
show ipv6 access-list

show ipv6 access-list <ipv6 acl name>
Syntax Description
<ipv6 acl name> Optional. Specifies a particular IPv6 ACL to display.
Default Values
Command History
Functional Notes
The show ipv6 access-list command displays all configured IPv6 ACLs in the system. All entries in the
IPv6 ACL are displayed, and a counter indicating the number of packets matching the entry is listed.
Usage Examples
The following is sample output from the show ipv6 access-list command, and displays information for the
IPv6 ACL Privatev6:
>enable
#show ipv6 access-list Privatev6
Extended IPv6 access-list Privatev6
deny tcp any eq telnet any (0 matches)
deny tcp any any eq telnet (0 matches)
permit ipv6 any host 2000:1::1 (0 matches)
permit ipv6 host 2000:2::1 any (0 matches)
permit icmpv6 any any (0 matches)

show ipv6 cache

Use the show ipv6 cache command to display the contents of the Internet Protocol version 6 (IPv6) route
cache for each interface in a given virtual private network (VPN) routing and forwarding (VRF) instance.
The route cache contains information about which egress interface, IPv6 gateway address, and MAC
address to use when forwarding packets to a given destination. Variations of this command include:
show ipv6 cache

show ipv6 cache vrf <name>
Syntax Description
vrf <name> Optional. Specifies a nondefault VRF instance for which to display route
cache information. If no VRF instance is specified, route cache information
for the default VRF instance is displayed.
Default Values
Command History
Functional Notes

Usage Examples
The following example displays route cache statistics for the default VRF instance:
>enable
#show ipv6 cache
INGRESS: giga-eth 0/1.1001
DEST: 2001:1111:2222:3333:4444:5555:6666:7777, EGRESS: giga-eth 0/1.1002,
COUNT: 1000000000, GATEWAY: 2001:1111:2222:3333:4444:5555:6666:0001,
MAC: 00:a0:c8:00:00:01, ID: 0x01000000
DEST: 2001::1, EGRESS: ppp 1,
COUNT: 100, GATEWAY: 2001::1:0001,
MAC: n/a, ID: 0x01010000
DEST: 2001::2, EGRESS: ppp 1,
COUNT: 100, GATEWAY: 2001::1:0001,
MAC: n/a, ID: 0x01020000

show ipv6 crypto ipsec sa

Use the show ipv6 crypto ipsec sa command to display information about the Internet Protocol version 6
(IPv6) cryptographic subsystem and IP security (IPsec) security association (SA) configuration on the
AOS device. Variations of this command include:
show ipv6 crypto any-vrf ipsec sa

show ipv6 crypto any-vrf ipsec sa map <name>
show ipv6 crypto any-vrf ipsec sa map <name> inbound
show ipv6 crypto any-vrf ipsec sa map <name> outbound
show ipv6 crypto any-vrf ipsec sa address <ipv6 address>
show ipv6 crypto any-vrf ipsec sa address <ipv6 address> inbound
show ipv6 crypto any-vrf ipsec sa address <ipv6 address> outbound
show ipv6 crypto any-vrf ipsec sa brief
show ipv6 crypto any-vrf ipsec sa brief inbound
show ipv6 crypto any-vrf ipsec sa brief outbound
show ipv6 crypto any-vrf ipsec sa inbound
show ipv6 crypto any-vrf ipsec sa internal-id <id>
show ipv6 crypto any-vrf ipsec sa internal-id <id> inbound
show ipv6 crypto any-vrf ipsec sa internal-id <id> outbound
show ipv6 crypto any-vrf ipsec sa ospfv3
show ipv6 crypto any-vrf ipsec sa ospfv3 inbound
show ipv6 crypto any-vrf ipsec sa ospfv3 outbound
show ipv6 crypto any-vrf ipsec sa outbound
show ipv6 crypto ipsec sa
show ipv6 crypto ipsec sa map <name>
show ipv6 crypto ipsec sa map <name> inbound
show ipv6 crypto ipsec sa map <name> outbound
show ipv6 crypto ipsec sa address <ipv6 address>
show ipv6 crypto ipsec sa address <ipv6 address> inbound
show ipv6 crypto ipsec sa address <ipv6 address> outbound
show ipv6 crypto ipsec sa brief
show ipv6 crypto ipsec sa brief inbound
show ipv6 crypto ipsec sa brief outbound
show ipv6 crypto ipsec sa inbound
show ipv6 crypto ipsec sa internal-id <id>
show ipv6 crypto ipsec sa internal-id <id> inbound
show ipv6 crypto ipsec sa internal-id <id> outbound
show ipv6 crypto ipsec sa ospfv3
show ipv6 crypto ipsec sa ospfv3 inbound
show ipv6 crypto ipsec sa ospfv3 outbound
show ipv6 crypto ipsec sa outbound
show ipv6 crypto vrf <name> ipsec sa
show ipv6 crypto vrf <name> ipsec sa map <name>
show ipv6 crypto vrf <name> ipsec sa map <name> inbound
show ipv6 crypto vrf <name> ipsec sa map <name> outbound

show ipv6 crypto vrf <name> ipsec sa address <ipv6 address>

show ipv6 crypto vrf <name> ipsec sa address <ipv6 address> inbound
show ipv6 crypto vrf <name> ipsec sa address <ipv6 address> outbound
show ipv6 crypto vrf <name> ipsec sa brief
show ipv6 crypto vrf <name> ipsec sa brief inbound
show ipv6 crypto vrf <name> ipsec sa brief outbound
show ipv6 crypto vrf <name> ipsec sa inbound
show ipv6 crypto vrf <name> ipsec sa internal-id <id>
show ipv6 crypto vrf <name> ipsec sa internal-id <id> inbound
show ipv6 crypto vrf <name> ipsec sa internal-id <id> outbound
show ipv6 crypto vrf <name> ipsec sa ospfv3
show ipv6 crypto vrf <name> ipsec sa ospfv3 inbound
show ipv6 crypto vrf <name> ipsec sa ospfv3 outbound
show ipv6 crypto vrf <name> ipsec sa outbound
Syntax Description
any-vrf Optional. Displays IPsec information for all virtual routing and
forwarding (VRF) instances.
vrf <name> Optional. Displays IPsec information for a nondefault VRF instance.
map <name> Optional. Displays IPsec security associations (SAs) created by the
specified crypto map.
address <ipv6 address> Optional. Displays all IPsec SAs associated with the designated peer
IPv6 address. IPv6 addresses should be expressed in colon
hexadecimal notation (X:X:X:X::X). For example, 2001:DB8:1::1..
brief Optional. Displays a brief listing of IPsec SAs.
inbound Optional. Displays inbound IPsec SAs only.
outbound Optional. Displays outbound IPsec SAs only.
internal-id <id> Optional. Displays the IPsec SA with a specified internal ID. Valid
range is 0 to 4294967295.
ospfv3 Optional. Displays IPsec SAs created for Open Shortest Path First
version 3 (OSPFv3) authentication and confidentiality.
Default Values

Command History
Release R10.7 Command was expanded to include the map <name> parameter.
Usage Examples
The following is sample output from the show ipv6 crypto ipsec sa ospfv3 command:
>enable
#show ipv6 crypto ipsec sa ospfv3
Peer IP Address: ::
Direction: Inbound
Encapsulation: ESP transport
SPI: 0x00000BB8 (3000)
RX Bytes: 512
Peer IP Address: ::
Direction: Outbound
Encapsulation: ESP transport
SPI: 0x00000BB8 (3000)
TX Bytes: 512

show ipv6 dhcp

Use the show ipv6 dhcp command to display the Dynamic Host Control Protocol version 6 (DHCPv6)
Unique Identifier (DUID) of the AOS device. The DUID is used to identify the entire DHCPv6 client
device independent of its interfaces and hardware.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays output from the show ipv6 dhcp command:
>enable
#show ipv6 dhcp
The DHCPv6 unique identifier (DUID) of this device is: 0003000100A0C800611F

show ipv6 dhcp binding

Use the show ipv6 dhcp binding command to display details about stateful information assigned and
bound to individual Dynamic Host Control Protocol version 6 (DHCPv6) clients as maintained by the
DHCPv6 server. Variations of this command include:
show ipv6 dhcp binding

show ipv6 dhcp binding <ipv6 address>
show ipv6 dhcp binding <ipv6 address> summary
show ipv6 dhcp binding summary
show ipv6 dhcp binding vrf <name>
show ipv6 dhcp binding vrf <name> <ipv6 address>
show ipv6 dhcp binding vrf <name> <ipv6 address> summary
show ipv6 dhcp binding vrf <name> summary
Syntax Description
<ipv6 address> Optional. Limits the output to a single DHCPv6 client IPv6 address. IPv6
addresses should be expressed in colon hexadecimal format (for example,
2001:DB8:1::1.
summary Optional. Summarizes the command output.
vrf <name> Optional. Limits output to a nondefault virtual routing and forwarding (VRF)
instance. If no VRF is specified, bindings on all VRF instances are
displayed.
Default Values
Command History

Usage Examples
The following example displays all DHCPv6 binding information:
>enable
#show ipv6 dhcp binding
Client: FE80::20F:35FF:FE2E:2AB9 eth 0/2
DUID: 00030001000F352E2AB9
Hostname: <unassigned>
IA PD: IA ID 0x001A0001, T1 302400, T2 483840
Prefix: 55:44:33:22::/64
preferred lifetime 604800, valid lifetime 2592000
expires as 2011/11/23 AD at 13:05:40 CST (56 seconds)
Prefix: 44:33:22:11::/64
expires at 2011.11.23 AD at 13:05:40 CST (56 seconds)
IA NA: IA ID 0x00000001, T1 43200, T2 69120
Address: 2000:3::790DC94:6C36:9562 from pool MYPOOL
expires at 2011.11.23 AD at 13:05:40 (56 seconds)
IA NA: IA ID 0x00000002, T1 43200, T2 69120
Address: 2000:3::4469:960:7C0E:EE6F

show ipv6 dhcp conflict

Use the show ipv6 dhcp conflict command to display detailed information about any addresses deemed as
conflicting by a Dynamic Host Control Protocol version 6 (DHCPv6) client or by the DHCPv6 server
when the client is pinged. Variations of this command include:
show ipv6 dhcp conflict

show ipv6 dhcp conflict <ipv6 address>
show ipv6 dhcp conflict vrf <name>
show ipv6 dhcp conflict vrf <name> <ipv6 address>
Syntax Description
<ipv6 address> Optional. Limits the output to conflicting addresses for the specified client
address. IPv6 addresses should be expressed in colon hexadecimal format
(for example, 2001:DB8:1::1).
vrf <name> Optional. Limits the output to a nondefault virtual routing and forwarding
(VRF) instance. If no VRF is specified, conflicting addresses on all VRF
instances are displayed.
Default Values
Command History
Usage Examples
The following example displays all DHCPv6 conflicting IPv6 addresses:
>enable
#show ipv6 dhcp conflict
Address/Prefix Reason TTL (seconds)
1111:2222:333:4444:5555:66:7777/128 PING 44
1111:2222:333:4444:5555:66:7777/128 DECL 56

show ipv6 dhcp interface

Use the show ipv6 dhcp interface command to display the Dynamic Host Control Protocol version 6
(DHCPv6) mode and settings for interfaces configured for DHCPv6. Variations of this command include:
show ipv6 dhcp interface <interface>

show ipv6 dhcp interface <interface> summary
show ipv6 dhcp interface efm-group <group id>
show ipv6 dhcp interface mef-ethernet <slot/port>
show ipv6 dhcp interface system-control-evc
show ipv6 dhcp interface system-control-evc summary
show ipv6 dhcp interface system-management-evc
show ipv6 dhcp interface system-management-evc summary
Syntax Description
<interface> Specifies the interface for which to display DHCPv6 settings. Specify
interfaces in the format <interface type [slot/port | slot/port.subinterface id |
interface id | interface id.subinterface id>. For example, to specify a
Point-to-Point Protocol (PPP) interface, enter ppp 1. Enter show ipv6 dhcp
interface ? for a list of available interfaces.
mef-ethernet <slot/port> Optional. Displays RapidRoute entries for the Metro Ethernet Forum (MEF)
Ethernet interface.
system-control-evc Specifies DHCPv6 settings for the system control Ethernet virtual
connection (EVC) are displayed.
system-management-evc Specifies DHCPv6 settings for the system management EVC are displayed.
summary Optional. Summarizes the command output.
Default Values
Command History


Release R10.11.0 Command was expanded to include the Metro Ethernet Forum (MEF)
Ethernet interface.
group interface.
Usage Examples
The following example displays the DHCPv6 mode and settings for the eth 0/1 interface:
>enable
#show ipv6 dhcp interface eth 0/1
!
interface Ethernet 0/1
ipv6
ipv6 nd ra suppress
ipv6 address dhcp
ipv6 dhcp client pd prefix1

show ipv6 dhcp pool

Use the show ipv6 dhcp pool command to display the information about each configured Dynamic Host
Control Protocol version 6 (DHCPv6) pool and the general statistics of the current pool assignments.
show ipv6 dhcp pool

show ipv6 dhcp pool <name>
Syntax Description
<name> Optional. Limits the command output to only the statistics for the specified
DHCPv6 server pool.
Default Values
Command History
Usage Examples
The following example displays the configuration of all DHCPv6 server pools:
>enable
#show ipv6 dhcp pool
Pool POOL
Link Addresses:
22::/64
22::/96
Client Identifiers:
112233445566 2
112233445566
Address Prefixes:
22::/64 lifetime 60 30
Host client-identifier AABBCCDD
Hostname: server1

Host client-identifier AABBCCDD1122

Hostname: AACCDDBB
Address: 22::99
Client: FE80::204:E2FF:FE3E:C786 eth 0/2
DUID: 00000000000000000000000000DF
Hostname: winxp
IA NA: IA ID 0x00000001, T1 15, T2 24
Address: 22::19C1:AC2:8277:CB39 from pool POOL
expires at 2011.11.23 AD at 13:33: CST (47 seconds)
Client: FE80::B098:1B0E:27CA:A8AB eth 0/2
DUID: 000100010D86F190019B9324A8E
Hostname: <unassigned>
IA NA: IA ID 0x0E000475, T1 15, T2 24
Address: 22::4CC2:9F4E:3C68:1E55 from pool POOL

show ipv6 ffe

Use the show ipv6 ffe command to display current Internet Protocol version 6 (IPv6) RapidRoute fast
forwarding engine (FFE) entries. Variations of this command include:
show ipv6 ffe
show ipv6 ffe destination <ipv6 address>

show ipv6 ffe destination <ipv6 address> egress <interface>
show ipv6 ffe destination <ipv6 address> egress system-control-evc
show ipv6 ffe destination <ipv6 address> egress system-management-evc
show ipv6 ffe destination <ipv6 address> ingress <interface>

show ipv6 ffe destination <ipv6 address> ingress system-control-evc
show ipv6 ffe destination <ipv6 address> ingress system-management-evc
show ipv6 ffe destination-port <port>

show ipv6 ffe destination-port <port> egress <interface>
show ipv6 ffe destination-port <port> egress system-control-evc
show ipv6 ffe destination-port <port> egress system-management-evc
show ipv6 ffe destination-port <port> ingress <interface>

show ipv6 ffe destination-port <port> ingress system-control-evc
show ipv6 ffe destination-port <port> ingress system-management-evc
show ipv6 ffe details

show ipv6 ffe details egress <interface>
show ipv6 ffe details egress system-control-evc
show ipv6 ffe details egress system-management-evc
show ipv6 ffe details ingress <interface>

show ipv6 ffe details ingress system-control-evc
show ipv6 ffe details ingress system-management-evc
show ipv6 ffe egress <interface>

show ipv6 ffe egress <interface> destination <ipv6 address>
show ipv6 ffe egress <interface> destination-port <port>
show ipv6 ffe egress <interface> details
show ipv6 ffe egress <interface> icmp-type <type>
show ipv6 ffe egress <interface> protocol <protocol>
show ipv6 ffe egress <interface> source <ipv6 address>
show ipv6 ffe egress <interface> source-port <port>
show ipv6 ffe egress <interface> type <type>
show ipv6 ffe egress ipsec <rapidroute interface ID>
show ipv6 ffe egress system-control-evc destination <ipv6 address>

show ipv6 ffe egress system-control-evc destination-port <port>

show ipv6 ffe egress system-control-evc details
show ipv6 ffe egress system-control-evc icmp-type <type>
show ipv6 ffe egress system-control-evc protocol <protocol>
show ipv6 ffe egress system-control-evc source <ipv6 address>
show ipv6 ffe egress system-control-evc source-port <port>
show ipv6 ffe egress system-control-evc type <type>
show ipv6 ffe egress system-management-evc destination <ipv6 address>

show ipv6 ffe egress system-management-evc destination-port <port>
show ipv6 ffe egress system-management-evc details
show ipv6 ffe egress system-management-evc icmp-type <type>
show ipv6 ffe egress system-management-evc protocol <protocol>
show ipv6 ffe egress system-management-evc source <ipv6 address>
show ipv6 ffe egress system-management-evc source-port <port>
show ipv6 ffe egress system-management-evc type <type>
show ipv6 ffe icmp-type <type>

show ipv6 ffe icmp-type <type> egress <interface>
show ipv6 ffe icmp-type <type> egress system-control-evc
show ipv6 ffe icmp-type <type> egress system-management-evc
show ipv6 ffe icmp-type <type> ingress <interface>

show ipv6 ffe icmp-type <type> ingress system-control-evc
show ipv6 ffe icmp-type <type> ingress system-management-evc
show ipv6 ffe ingress <interface>

show ipv6 ffe ingress <interface> destination <ipv6 address>
show ipv6 ffe ingress <interface> destination-port <port>
show ipv6 ffe ingress <interface> details
show ipv6 ffe ingress <interface> icmp-type <type>
show ipv6 ffe ingress <interface> protocol <protocol>
show ipv6 ffe ingress <interface> source <ipv6 address>
show ipv6 ffe ingress <interface> source-port <port>
show ipv6 ffe ingress <interface> type <type>
show ipv6 ffe ingress ipsec <rapidroute interface ID>
show ipv6 ffe ingress system-control-evc destination <ipv6 address>

show ipv6 ffe ingress system-control-evc destination-port <port>
show ipv6 ffe ingress system-control-evc details
show ipv6 ffe ingress system-control-evc icmp-type <type>
show ipv6 ffe ingress system-control-evc protocol <protocol>
show ipv6 ffe ingress system-control-evc source <ipv6 address>
show ipv6 ffe ingress system-control-evc source-port <port>
show ipv6 ffe ingress system-control-evc type <type>

show ipv6 ffe ingress system-management-evc destination <ipv6 address>

show ipv6 ffe ingress system-management-evc destination-port <port>
show ipv6 ffe ingress system-management-evc details
show ipv6 ffe ingress system-management-evc icmp-type <type>
show ipv6 ffe ingress system-management-evc protocol <protocol>
show ipv6 ffe ingress system-management-evc source <ipv6 address>
show ipv6 ffe ingress system-management-evc source-port <port>
show ipv6 ffe ingress system-management-evc type <type>
show ipv6 ffe peak

show ipv6 ffe peak history
show ipv6 ffe protocol <protocol>

show ipv6 ffe protocol <protocol> egress <interface>
show ipv6 ffe protocol <protocol> egress system-control-evc
show ipv6 ffe protocol <protocol> egress system-management-evc
show ipv6 ffe protocol <protocol> ingress <interface>

show ipv6 ffe protocol <protocol> ingress system-control-evc
show ipv6 ffe protocol <protocol> ingress system-management-evc
show ipv6 ffe source <ipv6 address>

show ipv6 ffe source <ipv6 address> egress <interface>
show ipv6 ffe source <ipv6 address> egress system-control-evc
show ipv6 ffe source <ipv6 address> egress system-management-evc
show ipv6 ffe source <ipv6 address> ingress <interface>

show ipv6 ffe source <ipv6 address> ingress system-control-evc
show ipv6 ffe source <ipv6 address> ingress system-management-evc
show ipv6 ffe source-port <port>

show ipv6 ffe source-port <port> egress <interface>
show ipv6 ffe source-port <port> egress system-control-evc
show ipv6 ffe source-port <port> egress system-management-evc
show ipv6 ffe source-port <port> ingress <interface>

show ipv6 ffe source-port <port> ingress system-control-evc
show ipv6 ffe source-port <port> ingress system-management-evc
show ipv6 ffe type <type>

show ipv6 ffe type <type> egress <interface>
show ipv6 ffe type <type> egress system-control-evc
show ipv6 ffe type <type> egress system-management-evc

show ipv6 ffe type <type> ingress <interface>

show ipv6 ffe type <type> ingress system-control-evc
show ipv6 ffe type <type> ingress system-management-evc
show ipv6 ffe wildcard

show ipv6 ffe wildcard system-control-evc
show ipv6 ffe wildcard system-management-evc
show ipv6 ffe wildcard interface <interface>
Syntax Description
destination <ipv6 address> Optional. Filters output by a destination IPv6 address. IPv6
addresses should be expressed in colon hexadecimal notation
(for example, 2001:DB8:1::1).
destination-port <port> Optional. Filters output by destination Transmission Control
Protocol (TCP) or User Datagram Protocol (UDP) port. Ports
range from 0 to 65535.
details Optional. Displays detailed information. Refer to the Functional
Notes for more information about using the details keyword.
egress <interface> Optional. Displays RapidRoute entries for an egress interface.
use ppp 1; for an EFM group interface use efm-group 1. Type
show ipv6 ffe egress ? for a complete list of valid interfaces.
egress ipsec <rapidroute interface ID> Optional. Displays RapidRoute entries that come from an
Internet Protocol security (IPsec) security association (SA) on a
specified RapidRoute interface. RapidRoute interface
icmp-type <type> Optional. Displays RapidRoute entries using a specific Internet
Control Message Protocol (ICMP) type. There are three types
of ICMP to choose from:
echo Displays ICMP echo RapidRoute entries.
reply Displays ICMP reply RapidRoute entries.
0 to 255 Displays other ICMP types.

ingress <interface> Optional. Displays RapidRoute entries for an ingress interface.

use ppp 1; for an EFM group interface use efm-group 1. Type
show ipv6 ffe ingress ? for a complete list of valid interfaces.
ingress ipsec <rapidroute interface ID> Optional. Displays RapidRoute entries that go to an IPsec SA
on a specified RapidRoute interface. RapidRoute interface
peak Optional. Displays the current and peak count of RapidRoute
sessions. Information is displayed for each eligible interface
and the global values.
history Optional. Displays a graphical presentation of the peak global
RapidRoute cont per second for the last 60 seconds.
Additionally displays the peak and average global RapidRoute
count per minute for the last 60 minutes, as well as the peak
and average global RapidRoute count per hour for the last
72 hours.
protocol <protocol> Optional. Displays RapidRoute entries that use a specified
protocol. Protocols can be specified by selecting one of the
following:
ah Displays Authentication Header (AH) Protocol
RapidRoute entries.
esp Displays Encapsulating Security Payload (ESP)
fragment Displays fragmented (FRAG) RapidRoute
entries.
gre Displays Generic Route Encapsulation (GRE)
icmp6 Displays ICMPv6 RapidRoute entries.
tcp Displays TCP RapidRoute entries.
udp Displays UDP RapidRoute entries.
0 to 255 Displays other protocol types.
source <ipv6 address> Optional. Displays RapidRoute entries for a specified source
IPv6 address. IPv6 addresses should be expressed in colon
source-port <port> Optional. Displays RapidRoute entries for a specified TCP or
UDP source port. Ports range from 0 to 65535.
system-control-evc Optional. Displays RapidRoute entries for the system control
system-management-evc Optional. Displays RapidRoute entries for the system
management EVC.

type <type> Optional. Displays RapidRoute entries of a specific type.

Specified types include one of the following:
ineligible Displays only ineligible RapidRoute entries.
rejected Displays only rejected RapidRoute entries.
valid Displays only valid RapidRoute entries.
wildcard Optional. Displays wildcards for each IP interface.
interface <interface> Optional. Limits the wildcard output to the specified interface.
Interfaces are specified in the format <interface type [slot/port |
show ipv6 ffe wildcard interface ? to display a complete list
of valid interfaces.
Default Values
Command History
group interface.
Release R11.4.0 Command was expanded to include the fragment option in the protocol
parameter.
Release R11.10.0 Command was expanded to include the peak and wildcard parameters.
Release R13.7.0 Command was expanded to include the Gigabit Ethernet and virtual local
Functional Notes
The show ipv6 ffe command can be further filtered by adding any combination of the following
parameters:
destination <ipv6 address>

destination-port <port>
details
egress <interface>
egress ipsec <rapidroute interface ID>
icmp-type <type>
ingress <interface>

ingress ipsec <rapidroute interface ID>

protocol <protocol>
source <ipv6 address>
source-port <port>
type <type>
For example, the destination <ipv6 address> and source <ipv6 address> parameters can be used in
conjunction with one another. In this case, the command would look like this:
#show ipv6 ffe destination 2001:DB8:1::1 source 2001:DB8:1::2

These parameters can be combined in any order, and as many times as is necessary to get the desired
output.
The detail keyword must be the last keyword in the command. For example, show ipv6 ffe
destination <ipv6 address> egress <interface> source-port <port> details is acceptable,
but show ipv6 ffe destination <ipv6 address> details egress <interface> is not.
Data for the peak history parameters is presented as a percentage of the value configured with the
command ipv6 ffe max-entries <value> on page 1512. Changing the ipv6 ffe max-entries value clears the
related FFE peak information.
Usage Examples
The following is sample output from the show ipv6 ffe command:
>enable
#show ipv6 ffe
--------------------------------
Ingress: eth 0/1

! udp 2001:db8:1::1 2001:db8:1::9 3959 137 17s 10 0
! udp 2001:db8:1::2 2001:db8:1::8 138 138 16s 0 0
! udp 2001:db8:1::3 2001:db8:1::7 138 138 16s 0 0
! udp 2001:db8:1::4 2001:db8:1::6 138 138 4s 0 0
! udp 2001:db8:1::5 2001:db8:1::5 137 137 7s 2 0
! tcp 2001:db8:1::6 2001:db8:1::4 2668 23 6s 36 0
--------------------------------

The following is sample output from the show ipv6 ffe details command:

--------------------------------
Ingress: eth 0/1
* icmp 2001:db8:1::1 2001:db8:1::2 echo 13 13s 129 0 I
egress: Outbound ESP SA 2
--------------------------------
Ingress: Inbound ESP SA 1
* icmp 2001:db8:1::1 2001:db8:1::2 reply 13 13s 129 0 I
egress: eth 0/1 (2001:db8:1::2)
--------------------------------
Ingress: Outbound ESP SA 2
* esp 2001:db8:1::1 2001:db8:1::2 0x923dbab4 13s 129 0 I
egress: hdlc 1
--------------------------------
The following is sample output from the show ipv6 ffe command when wildcards are in use; any field that
has been wildcarded appears as any:

Exceptions: 0/217/0 (current/max/drops)

Flags: F firewall, N NAT, T altered ToS, D don't fragment, I IPsec, H hardware assist, i ingress filter,
e egress filter
--------------------------------
Ingress: system-management-evc

T Proto ToS Age Used Drops Flags Source Destination

! icmp6 any 8s 4 0 any 2001:db8:1::1, echo-request id: 269
! icmp6 any 30s 1 0 any 2001:db8:1::2, type: 134 id:0
! icmp6 any 5s 48 0 any 2001:db8:1::3, echo-request id: 269
The following is sample output from the show ipv6 ffe wildcard interface eth 0/1 command:
>enable
#show ipv6 ffe wildcard eth 0/1
Field Wildcarded
============================= =============================
eth 0/1
Source IP Address :No
IP Precedence :No
IP DSCP :Yes
ESP SPI :Yes
GRE Tunnel Key :Yes

show ipv6 ffe summary

Use the show ipv6 ffe summary command to display a summary of all the current Internet Protocol
version 6 (IPv6) RapidRoute fast forwarding engine (FFE) entries.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following is sample output from the show ipv6 ffe summary command:
>enable
#show ipv6 ffe summary
Ingress MaxEntries Entries Hits Misses Drops
---------- -------------- ---------- ----- ---------- --------
eth 0/1 4096 1 1000 200 11
eth 0/2.1 4096 1 1123 211 0
eth 0/2.2 4096 1 1467 301 0
------------- --------- ----- ---------- --------
Global 16384 3 3590 712 11

show ipv6 interfaces

Use the show ipv6 interfaces command to display the status information for all Internet Protocol version 6
(IPv6) interfaces (or a specific IPv6 interface). This information includes IPv6 addressing, configured
parameters, and any IPv6 capabilities in use. Variations of this command include:
show ipv6 interfaces

show ipv6 interfaces brief
show ipv6 interfaces <ipv6 interface>
show ipv6 interfaces <ipv6 interface> prefix
show ipv6 interfaces mef-ethernet <slot/port>
show ipv6 interfaces mef-ethernet <slot/port> prefix
show ipv6 interfaces system-control-evc
show ipv6 interfaces system-control-evc prefix
show ipv6 interfaces system-management-evc
show ipv6 interfaces system-management-evc prefix
Syntax Description
brief Optional. Displays an abbreviated version of interface statistics for all IPv6
interfaces.
<ipv6 interface> Optional. Displays status information for a specific IPv6 interface. Specify
an IPv6 interface in the format <interface> <slot/port | interface id>. For
example, Point-to-Point Protocol (PPP) interface, enter ppp 1. If no
interface is specified, status information for all IPv6 interfaces is displayed.
mef-ethernet <slot/port> Optional. Displays status information for the Metro Ethernet Forum (MEF)
Ethernet interface.
system-control-evc Optional. Displays status information for the system control Ethernet virtual
connection (EVC).
system-management-evc Optional. Displays status information for the system management EVC.
prefix Optional. Displays the list of prefixes for the specified IPv6 interface.
Default Values

Command History
Usage Examples
The following is sample output of the show ipv6 interfaces command, and displays information in brief
format for the ethernet 0/1 interface:
>enable
#show ipv6 interfaces brief ethernet 0/1
eth 0/1 [UP/UP]
FE80::2AO:C8FF:FE61:3082
2003::2AO:C8FF:FE61:3082

show ipv6 mld groups link-local

Use the show ipv6 mld groups link-local command to display the known Multicast Listener Discovery
(MLD) groups used by Internet Protocol version 6 (IPv6) features on the AOS router. Variations of this
command include:
show ipv6 mld groups link-local

show ipv6 mld groups link-local <interface>
show ipv6 mld groups link-local vrf <name>
show ipv6 mld groups link-local vrf <name> <interface>
Syntax Description
<interface> Optional. Specifies that only MLD groups registered on the specified
interface are displayed. Specify an IPv6 interface in the format <interface>
<slot/port | interface id>, for example, to use a Point-to-Point Protocol (PPP)
interface, enter ppp 1.
instance for which to display the MLD groups. If a VRF is not specified, MLD
groups for the default (unnamed) VRF are displayed.
Default Values
Command History
Usage Examples
The following example displays the MLD groups used on the Gigabit Ethernet subinterface 0/2.1:
>enable
#show ipv6 mld groups link-local giga-eth 0/2.1
MLD Connected Group Membership
Group Address Interface Uptime Expires
FF02::1 giga-eth 0/2.1 13h32m32s Never
FF02::2 giga-eth 0/2.1 13h32m32s Never
FF02::1:FF00:1234 giga-eth 0/2.1 13h32m32s Never
FF02::1:FF01:2CC giga-eth 0/2.1 13h32m32s Never

show ipv6 mld traffic

Use the show ipv6 mld traffic command to display the Internet Protocol version 6 (IPv6) Multicast
Listener Discovery (MLD) traffic counters. Variations of this command include:
show ipv6 mld traffic

show ipv6 mld traffic vrf <name>
Syntax Description
instance for which to clear the MLD traffic counters. If a VRF is not
specified, MLD counters for the default (unnamed) VRF are displayed.
Default Values
Command History
Usage Examples
The following example displays all MLD traffic counters:
>enable
#show ipv6 mld traffic
MLD Traffic Counters
Elapsed time since counters cleared: Never cleared
Sent Received
Valid MLD Packets 3263 1628
Queries 0 1628
Reports 3263 0
Leaves 0 0
Errors:
Malformed Packets 0
Non link-local source 0
Hop limit not equal to 1 0

show ipv6 named-prefix

Use the show ipv6 named-prefix command to display information about the Internet Protocol version 6
(IPv6) named prefixes configured on the router. Information displayed includes which prefixes are
assigned, how they are configured and delegated, and which interfaces are configured to be addressed
using the named prefix.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays IPv6 named prefix information:
>enable
#show ipv6 named-prefix
!
IPv6 Prefix manualprefix, acquired via Manual configuration
2001::/64 Valid lifetime infinite, preferred lifetime infinite
Ethernet 0/2 (Address command)
IPv6 Prefix delegatedprefix, acquired via DHCP PD

2001:1::/64 Valid lifetime 3202, preferred lifetime 1402
IPv6 Prefix delegatedprefix, acquired via DHCP PD (DEPRECATED BY SERVER)

2001:1::/64 Valid lifetime 132, preferred lifetime 0

show ipv6 neighbors

Use the show ipv6 neighbors command to display the Internet Protocol version 6 (IPv6) Neighbor
Discovery (ND) cache. This cache contains information about IPv6 nodes that have been added to the
cache, including the link-layer IPv6 address and the reachability state of that neighbor. Neighbor cache
entries are created when there is a packet to send to an on-link destination, or when a neighbor solicitation
(NS), router solicitation (RS), or router advertisement (RA) message is received. Variations of this
command include:
show ipv6 neighbors

show ipv6 neighbors <interface>
show ipv6 neighbors <interface> <ipv6 address>
show ipv6 neighbors <interface> statistics
show ipv6 neighbors [mef-ethernet <slot/port> | system-control-evc | system-management-evc]
<ipv6 address>
statistics
show ipv6 neighbors statistics
show ipv6 neighbors vrf <name>
show ipv6 neighbors vrf <name> <ipv6 address>
show ipv6 neighbors vrf <name> statistics
Syntax Description
<interface> Optional. Displays the neighbor cache information for a specified interface.
IPv6 interfaces are specified in the <interface> <slot/port | interface id>
enter ppp 1. If no interface is specified, information for all interfaces is
displayed.
mef-ethernet <slot/port> Optional. Displays the neighbor cache information for the Metro Ethernet
Forum (MEF) Ethernet interface.
system-control-evc Optional. Displays the neighbor cache information for the system control
system-management-evc Optional. Displays the neighbor cache information for the system
management EVC.

<ipv6 address> Optional. Displays the neighbor cache information for a specified IPv6
address. IPv6 addresses should be expressed in colon hexadecimal format
(X:X:X:X::X). For example, 2001:DB8:1::1.
statistics Optional. Displays neighbor cache statistics and protocol interaction
information for the neighbor cache.
vrf <name> Optional. Displays the neighbor cache information for a specified virtual
routing and forwarding (VRF) instance. If no VRF is specified, information
for the unnamed default VRF is displayed.
Default Values
Command History
Functional Notes
Usage Examples
The following is sample output of the show ipv6 neighbors command, which displays all information for
the ND cache:
>enable
#show ipv6 neighbors
IPv6 Address Age Link-layer Addr State Interface
2002::1 0 000f.352.3.2aba REACH eth 0/0
2003::ED9A:D1A3:BB9B:BDFF 0 0013.ce61.65b9 REACH eth 0/1
20FF:11::ED9A:D1A3:BB9B:BDFF 18 0013.ce.61.65b9 STALE eth 0/1
FE80::213:CEFF:FE61:65B9 10 0013.ce.61.65b9 DELAY eth 0/1
FE80::20F:35FF:FE2E:2ABA 1 000f.352e.2aba DELAY eth 0/1

show ipv6 policy-sessions

Use the show ipv6 policy-sessions command to display a list of current Internet Protocol version 6 (IPv6)
access control policy (ACP) associations in the IPv6 firewall. Current associations are active or recently
active sessions allowed through the firewall. Refer to ipv6 policy-class <ipv6 acp name> on page 1541 for
information on configuring IPv6 ACPs. Variations of this command include:
show ipv6 policy-sessions

show ipv6 policy-sessions <ipv6 acp name>
show ipv6 policy-sessions any-vrf
show ipv6 policy-sessions vrf <name>
show ipv6 policy-sessions pending
show ipv6 policy-sessions pending <ipv6 acp name>
show ipv6 policy-sessions pending any-vrf
show ipv6 policy-sessions pending vrf <name>
Syntax Description
<ipv6 acp name> Optional. Displays IPv6 policy class associations for the specified IPv6 ACP.
pending Optional. Displays any currently pending policy sessions.
any-vrf Optional. Displays information for all virtual routing and forwardings (VRFs)
policy sessions.
vrf <name> Optional. Specifies the particular firewall instance for which active policy
sessions will be displayed. If no VRF is specified, policy sessions are
displayed for the default VRF only.
Default Values
Command History

Functional Notes
Usage Examples
The following is sample output from the show ipv6 policy-sessions command and displays information
for IPv6 ACPs:
>enable
#show ipv6 policy-sessions
NOTE: The “Layer 4” info below for TCP and UDP is source port and dest port. For ICMPv6, it is ID and
type/code. For all other protocols, it is unused.
Src VRF (if not default), Src policy-class:

Protocol (TTL) -> Dest VRF, Dest policy-class
Src IPv6 Address Layer 4
Dest IPv6 Address Layer 4
------------------------ ----------
Ipv6 policy-class PRIVATEV6:

icmpv6 (59) -> self
2001:DB8:1:1::2 0
2001:DB8:1:1::1 128/0

show ipv6 policy-stats

Use the show ipv6 policy-stats command to display a list of current Internet Protocol version 6 (IPv6)
access control policy (ACP) statistics. Refer to ipv6 policy-class <ipv6 acp name> on page 1541 for
information on configuring IPv6 ACPs. Variations of this command include:
show ipv6 policy-stats

show ipv6 policy-stats <ipv6 acp name>
Syntax Description
<ipv6 acp name> Optional. Displays policy class statistics for a specific IPv6 ACP.
Default Values
Command History
Usage Examples
The following example displays a list of current IPv6 ACP statistics:
>enable
#show ipv6 policy-stats

show ipv6 prefix-list

Use the show ipv6 prefix-list command to display Internet Protocol version 6 (IPv6) Border Gateway
Protocol (BGP) prefix list information. Variations of this command include:
show ipv6 prefix-list <name>

show ipv6 prefix-list detail <name>
show ipv6 prefix-list summary <name>
Syntax Description
<name> Shows information for a specific prefix list.
detail Optional. Shows a listing of the specified prefix list rules and their hit counts.
summary Optional. Shows summarized information about the specified prefix list.
Default Values
Command History
Functional Notes
If the show ipv6 prefix-list command is issued with no arguments, a listing of the prefix-list rules, but no
hit count statistics, is displayed.
Usage Examples
The following example displays information about the prefix list TEST1.
>enable
#show ipv6 prefix-list TEST1
ipv6 prefix-list TEST1: 4 entries
seq 5 permit 0.0.0.0/0 ge 8 le 8
seq 10 deny 0.0.0.0/0 ge 9 le 9
seq 15 permit 0.0.0.0/0 ge 10 le 10
seq 20 deny 0.0.0.0/0 ge 11

show ipv6 route

Use the show ipv6 route command to display the contents of the Internet Protocol version 6 (IPv6) route
table. This table contains information about IPv6 networks and how to reach them. Variations of this
command include:
show ipv6 route

show ipv6 route <ipv6 address>
show ipv6 route <ipv6 address> longer-prefixes
show ipv6 route <ipv6 prefix/prefix-length>
show ipv6 route <ipv6 prefix/prefix-length> longer-prefixes
show ipv6 route bgp
show ipv6 route bgp verbose
show ipv6 route connected
show ipv6 route ospf
show ipv6 route ospf verbose
show ipv6 route static
show ipv6 route static verbose
show ipv6 route summary
show ipv6 route summary realtime
show ipv6 route vrf <name>
show ipv6 route vrf <name> <ipv6 address>
show ipv6 route vrf <name> <ipv6 address> longer-prefixes
show ipv6 route vrf <name> <ipv6 prefix/prefix-length>
show ipv6 route vrf <name> <ipv6 prefix/prefix-length> longer-prefixes
show ipv6 route vrf <name> bgp
show ipv6 route vrf <name> connected
show ipv6 route vrf <name>
show ipv6 route vrf <name> verbose
show ipv6 route vrf <name> static
show ipv6 route vrf <name> summary
your unit.

Syntax Description
expressed in colon hexadecimal notation (X:X:X:X::X). For example,
2001:DB8:1::1.
<ipv6 prefix/prefix-length> Optional. Specifies the IPv6 prefix. IPv6 prefixes should be expressed in
colon hexadecimal format (X:X::X/<Z>). For example, 2001:DB8:3F::/64.
The prefix length (<Z>) is an integer with a value between 0 and 128.
bgp Optional. Displays IPv6 route information for Border Gateway Protocol
(BGP) configurations.
connected Optional. Displays only the IPv6 routes for directly connected networks.
longer-prefixes Optional. Displays only the IPv6 routes matching the specified network.
ospf Optional. Displays only the Open Shortest Path First version 3 (OSPFv3)
IPv6 routes.
static Optional. Displays only the IPv6 routes that were statically entered.
summary Optional. Displays a summary of all IPv6 route information.
summary realtime Optional. Displays full-screen output in real time. Refer to the Functional
forwarding (VRF).
Default Values
Command History
Release R10.1.0 Command was expanded to include the bgp parameter.
Release R10.5.0 Command was expanded to include the ospf parameter.
Functional Notes
page 1125).

Usage Examples
The following example shows how to display IPv6 routes table information for the IPv6 address prefix
2001::/64:
>enable
#show ipv6 route 2001::/64
Routing entry for 2001::/64
Known via “static”
Distance 1, metric 0
Routing Next Hop(s):
2002::1, via eth 0/1
Route metric is 0
The following example shows output for the show ipv6 route summary command.
>enable
#show ipv6 route summary
Route Source FIB Local-RIB
Connected 3 3
Other 18 18
Total 21 21

show ipv6 route named-prefix

Use the show ipv6 route named-prefix command to display all Internet Protocol version 6 (IPv6) routes
generated by a named prefix.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays all IPv6 routes generated by a named prefix:
>enable
#show ipv6 route named-prefix
Codes: C-connected, S-static, O-OSPF, B-BGP
E1-OSPF external type 1, E2-OSPF external type 2
I-OSPF inter area, NP-named prefix, D-DHCPv6 PD
Gateway of last resort is not set
C 1::/64
is directly connected, eth 0/1
NP 1::1:0:0:0/80
(1/0/0) via 1::1, Loopback

show ipv6 routers

Use the show ipv6 routers command to display information learned from router advertisement (RA)
messages received from locally reachable routers when using Internet Protocol version 6 (IPv6).
show ipv6 routers

show ipv6 routers conflict
show ipv6 routers <interface>
show ipv6 routers <interface> conflict
show ipv6 routers [mef-ethernet <slot/port> | system-control-evc | system-management-evc]
show ipv6 routers [mef-ethernet <slot/port> | system-control-evc | system-management-evc]
conflict
show ipv6 routers vrf <name>
show ipv6 routers vrf <name> conflict
Syntax Description
conflict Optional. Specifies that only information about routers whose
advertisements are in conflict with current configurations are displayed.
<interface> Optional. Displays information for the specified interface. Specify interfaces
in the <interface> <slot/port | interface id> format. For example, to specify a
Point-to-Point Protocol (PPP) interface, enter ppp 1.
mef-ethernet <slot/port> Optional. Displays information for the Metro Ethernet Forum (MEF) Ethernet
interface.
system-control-evc Optional. Displays information for the system control Ethernet virtual
connection (EVC).
system-management-evc Optional. Displays information for the system management EVC.
VRF is displayed.
Default Values

Command History
Functional Notes
Usage Examples
In the following example, RA statistics for all interfaces on the default VRF are displayed:
>enable
#show ipv6 routers
Router FE80::20F:35FF:FE2E:2ABA on Ethernet 0/0, last update 1 min, CONFLICT
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
Preference=Medium
Reachable time 0 (unspecified) ms, Retransmit time 0 (unspecified) ms
Prefix 2002::/64 on-link autoconfig
Valid lifetime 8002, preferred lifetime 2008

show ipv6 traffic

Use the show ipv6 traffic command to display system-wide Internet Protocol version 6 (IPv6) and Internet
Control Message Protocol version 6 (ICMPv6) traffic statistics. Variations of this command include:
show ipv6 traffic

show ipv6 traffic realtime
your unit.
Syntax Description
Default Values
Command History
Functional Notes
page 1125).

Usage Examples
The following example displays all IPv6 traffic statistics:
>enable
#show ipv6 traffic
IPv6 statistics:
Rcvd: 0 total, 9 local destination
0 header errors, 0 address errors
0 truncated, 0 bad hop counts
Sent: 0 locally generated, 59 forwarded
0 no route, 0 discards
Frag: 0 reassemble required, 0 reassembled, 0 couldn’t reassemble
0 created, 0 fragmented, 0 couldn’t fragment

show isdn-group <number>

Use the show isdn-group command to display integrated services digital network (ISDN) group
information.
Syntax Description
<number> Displays information for a specific ISDN group. Valid range is 1 to 255.
Default Values
Command History
include.
Usage Examples
The following example displays information for ISDN group 5:
>enable
#show isdn-group 5

show isdn-number-template
Use the show isdn-number-template command to display integrated services digital network (ISDN)
number templates. Variations of this command include:
show isdn-number-template
show isdn-number-template <value>
Syntax Description
<value> Optional. Displays information about a specific number template. Valid
range is 1 to 255.
Default Values
Command History
include.
Usage Examples
The following example displays information for ISDN number template 0:
>enable
#show isdn-number-template 0
Type ID Prefix Pattern
Subscriber 0 911
#

show isdn resource

Use the show isdn resource command to display integrated services digital network (ISDN) resource
information. Variations of this command include:
show isdn resource

show isdn resource realtime
your unit.
Syntax Description
Default Values
Command History
include.
Functional Notes
page 1125).

Usage Examples
The following example displays ISDN resource information:
>enable
#show isdn resource
--------------------------------------------------------------------------------------------------------------------------------------------
Interface: Channel Trunk: Appearance Slot/Prt: Call
ChannelId State:GID Appearance State B-Channel State
--------------------------------------------------------------------------------------------------------------------------------------------
pri 1:0 Reserved:1 T01:2 TAS_Connect 1/1:21 OutgoingConnect
pri 1:1 Reserved:1 T01:0 TAS_Alerting 1/1:23 IncomingAlertingSent
pri 1:2 Available --- --- --- ---
pri 1:3 Available --- --- --- ---
pri 1:4 Available --- --- --- ---
pri 1:5 Available --- --- --- ---
pri 1:6 Available --- --- --- ---
pri 1:7 Available --- --- --- ---
pri 1:8 Available --- --- --- ---
pri 1:9 Available --- --- --- ---
pri 1:10 Available --- --- --- ---
pri 1:11 Available --- --- --- ---
pri 1:12 Available --- --- --- ---
pri 1:13 Available --- --- --- ---
pri 1:14 Available --- --- --- ---
pri 1:15 Available --- --- --- ---
pri 1:16 Available --- --- --- ---
pri 1:17 Available --- --- --- ---
pri 1:18 Available --- --- --- ---
pri 1:19 Available --- --- --- ---
pri 1:20 Available --- --- --- ---
pri 1:21 Available --- --- --- ---
pri 1:22 Available --- --- --- ---

show license
Use the show license command to display AOS feature license information including: errors, features,
keys, request keys, status and usage. Variations of this command include:
show license [verbose]

show license errors
show license features
show license keys
show license request key
show license status current [verbose]
show license status deprecated [verbose]
show license status inactive [verbose]
show license status installed [verbose]
show license status obsolete [verbose]
show license status partial
show license status reboot [verbose]
show license status remove [verbose]
show license status running [verbose]
show license time
show license usage
Syntax Description
errors Optional. Displays the license errors detected during startup.
features Optional. Displays all licensable features available on the unit.
keys Optional. Displays archived license keys.
request key Optional. Displays the current license request key.
status Displays the license status information.
current Displays the status of current licenses.
deprecated Displays the status of deprecated licenses.
inactive Displays the status of inactive licenses.
installed Displays the status of installed licenses.
obsolete Displays the status of obsolete licenses.
partial Displays information for licenses that have a mixture of statuses.
reboot Displays the status of licenses that will activate upon reboot.

remove Displays the status of licenses that will be removed upon reboot.
running Displays the status of currently active licenses.
time Optional. Displays time-based information about the license (such as
expiration).
usage Optional. Displays license usage information.
verbose Optional. Displays detailed license information.
Default Values
Command History
Release R12.1.0 Command was expanded to include the time parameter. In addition,
command output was modified for virtual AOS (vAOS) instances.
Functional Notes
AOS uses two types of keys for enabling additional licensed AOS features. The license key is requested
This process of requesting a license key requires a second key, called a license request key (or a
challenge key). The license request key is a unique key generated by AOS and contains information about
the unit that validates it for a one time use only. Once a license key has been installed, the license request
key is cleared and no longer valid.
license request keys, whether or not they were used through the ADTRAN licensing portal.
Usage Examples
The following is sample output from the show license keys command:
>enable
#show license keys
********License Status: Current********
-----BEGIN LICENSE KEY-----

License Serial Num: 12345678
License Part Num: 1962SBCF50
Device Serial Num: LBADTN0000000
-----BEGIN BODY-----
RGV2aWNlU2VyaWFsTnVtPUxCQURUTjAwMDAwMDANCkxpY2Vuc2VWZXJzaW9uPWRvY3VtZW50Y
XRpb25fZGVtbw0KRW52ZWxvcGU9V2UgaG9sZCB0aGVzZSB0cnV0aHMgdG8gYmUgc2VsZi1ldmlkZW
50LCB0aGF0IGFsbCBtZW4gYXJlIGNyZWF0ZWQgZXF1YWwsIHRoYXQgdGhleSBhcmUgZW5kb3dlZC
BieSB0aGVpciBDcmVhdG9yIHdpdGggY2VydGFpbiB1bmFsaWVuYWJsZSBSaWdodHMsIHRoYXQgYW

1vbmcgdGhlc2UgYXJlIExpZmUsIExpYmVydHkgYW5kIHRoZSBwdXJzdWl0IG9mIEhhcHBpbmVzcy4=
-----END BODY-----
-----BEGIN AUTHENTICATION-----
Rm91ciBzY29yZSBhbmQgc2V2ZW4geWVhcnMgYWdvIG91ciBmYXRoZXJzIGJyb3VnaHQgZm9ydGgg
b24gdGhpcyBjb250aW5lbnQsIGEgbmV3IG5hdGlvbiwgY29uY2VpdmVkIGluIExpYmVydHksIGFu
ZCBkZWRpY2F0ZWQgdG8gdGhlIHByb3Bvc2l0aW9uIHRoYXQgYWxsIG1lbiBhcmUgY3JlYXRlZCBl
cXVhbC4=
-----END AUTHENTICATION-----
-----END LICENSE KEY-----

show lldp
Use the show lldp command to display the Link Layer Discovery Protocol (LLDP) transmit interval and
transmitted time to live (TTL).
Syntax Description
No subcommands.
Default Values
Command History
include.
Functional Notes
The TTL is calculated by multiplying the transmit interval by the TTL multiplier. For more information, refer
to the command lldp on page 1565.
Usage Examples
The following is sample output for the LLDP timer configuration:
>enable
#show lldp
Global LLDP information:
Sending LLDP packets every 30 seconds
Sending TTL of 120 seconds

show lldp device <name>

Use the show lldp device command to display neighbor information about an adjacent device on the same
IEEE 802 local area network (LAN).
Syntax Description
<name> Specifies the system name of the neighbor to display.
Default Values
Command History
include.
Functional Notes
If there is more than one neighbor with the same system name, all neighbors with that system name will be
displayed.
Usage Examples
The following example shows specific information about a neighbor for the system name Router:
>enable
#show lldp device Router
Chassis ID: 00:A0:C8:02:DD:2A (MAC Address)
System Name: Router
Device Port: eth 0/1 (Locally Assigned)
Holdtime: 30
Platform: NetVanta 3305
Software: Version: 08.00.22.sw1.D, Date: Mon Nov 01 10:28:55 2004
Capabilities: Bridge, Router
Enabled Capabilities: Router
Local Port: eth 0/3
Management Addresses:
Address Type: IP version 4, Address: 10.23.10.10

show lldp interface

Use the show lldp interface command to display Link Layer Discovery Protocol (LLDP) configuration
and statistics for interfaces on this device. Variations of this command include:
show lldp interface

show lldp interface <interface>
Syntax Description
<interface> Optional. Displays the information for the specified interface. Specify an
show lldp interface ? for a complete list of applicable interfaces.
Default Values
Command History
include.
Ethernet interface.

Usage Examples
The following example shows LLDP statistics for the Ethernet 0/1 interface:
>enable
#show lldp interface ethernet 0/1
eth 0/1 (TX/RX)
0 packets input
0 input errors
0 TLV errors, 0 TLVs Discarded
0 packets discarded
8799 packets output
0 neighbor ageouts

show lldp neighbors

Use the show lldp neighbors command to display information about neighbors of this device learned
about via Link Layer Discovery Protocol (LLDP). Variations of this command include:
show lldp neighbors

show lldp neighbors detail
show lldp neighbors <interface>
show lldp neighbors interface <interface> detail
show lldp neighbors med
show lldp neighbors realtime
your unit.
Syntax Description
detail Optional. Shows detailed neighbor information for all LLDP neighbors or
neighbors connected to the specified interface or interface type.
interface <interface> Optional. Displays a summary of all neighbors learned about through the
[slot/port | slot/port.subinterface id | interface id | interface id.subinterface id
| ap | ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1;
for an Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1;
for an ATM subinterface, use atm 1.1; and for a wireless virtual access
point, use dot11ap 1/1.1. Type show lldp neighbors interface ? for a
med Optional. Displays neighbors that are capable of supporting LLDP-Media
Endpoint Discovery (LLDP-MED).
Default Values

Command History
include.
Release 17.2 Command was expanded to include the med parameter.
Ethernet interface.
Release R11.5.0 Command was expanded to include inventory information if transmitted by
the endpoint when using the detail parameter.
Functional Notes
page 1125).
Usage Examples
The following example shows detailed information about a device’s neighbors:
>enable
#show lldp neighbors interface eth 0/3 detail
Chassis ID: 00:A0:C8:02:DD:2A (MAC Address)
System Name: Router
Device Port: eth 0/1 (Locally Assigned)
Holdtime: 38
Platform: NetVanta 3305
Software: Version: 08.00.22.sw1.D, Date: Mon Nov 01 10:28:55 2004
Capabilities: Bridge, Router
Enabled Capabilities: Router
Local Port: eth 0/3
Management Addresses:
Address Type: IP version 4, Address: 10.23.10.10
Interface Type: Interface Index, Interface Id: 2

The following example shows LLDP-MED capable neighbors connected to a device:
>enable
#show lldp neighbors med
Capability Codes: R - Router, B - Bridge, H - Host, D - DOCSIS Device,
W - WLAN Access Point, r - Repeater, T - Telephone
System Name Port ID TTL Cap. Platform Local Int

---------------------------------- --------------------------- --------- ----------- ------------------ -----------------
URL 5000@10.22.41 08:00:0F:2C:AB 96 --B--T-- swx 0/2

show lldp neighbors statistics

Use the show lldp neighbors statistics command to display statistics about Link Layer Discovery
Protocol (LLDP) neighbor table actions.
Syntax Description
No subcommands.
Default Values
Command History
include.
Functional Notes
This command shows information about the changes in this device’s neighbor table. The information
displayed indicates the last time a neighbor was added to or removed from the table, as well as the number
of times neighbors were inserted into or deleted from the table.
System Last Change Time Shows the time at which the most recent change occurred in the neighbor
table.
Inserts Shows the number of times neighbors have been added to the table.
Deletes Shows how many times neighbors have been deleted from the table
because an interface was shut down.
Drops Shows how many times the insertion of a new neighbor into the table failed
because the table was full.
Age Outs Shows how many times neighbors have been removed from the table
because no new updates were received from that neighbor before its time
to live (TTL) timer expired.

Usage Examples
>enable
#show lldp neighbors statistics
System Last Change Time Inserts Deletes Drops Age Outs
10-15-2004 14:24:56 55 3 1 1

show load-protect
Use the show load-protect command to display configuration parameters and current statistics for the load
protect feature.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following is sample output from the show load-protect command:
#show load-protect
Mode: cli
Timeout: 300ms
Congestion method: percentage increase/decrease
increase percentage: 10%
decrease percentage: 90%
Protocol Queue Processed CIR CBS

===================== ========= ========= ========= ====
dhcp: 5 0 0 0
icmp: 2 0 0 0
icmp-unreachable: 6 0 0 0
ipv6-nd: 1 0 0 0
arp: 1 8 0 0
radius: 6 0 0 0
ntp: 6 0 0 0
snmp: 6 0 0 0
ssh: 3 0 0 0

vrrp: 4 0 0 0
vrrpv3: 4 0 0 0
ipv6-hop-by-hop: 6 0 0 0
(default) 0 170 0 0
Queue Weight Processed No Buffers

============ ========= ======== =========
0(default) 1024 170 0
1 128 8 0
2 128 8 0
3 128 8 0
4 128 1231351 0
5 128 8 0
6 128 8 0
7 128 8 0

show logging forwarding

Use the show logging forwarding command to display current configuration settings for the logging
forwarding feature. The AOS syslog event feature is enabled using the command logging forwarding on on
page 1592.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
To display the current configuration of logging forwarding, enter the command as follows:
>enable
#show logging forwarding

show mac address-table

Use the show mac address-table command to display all static and dynamic entries in the medium access
control (MAC) address table for all virtual local area networks (VLANs) and physical interfaces.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show mac address-table command:
>enable
#show mac address-table
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
1 aa:bb:ee:d1:c2:33 STATIC eth 0/18
1 00:00:00:00:00:00 STATIC CPU
2 00:90:2b:7d:30:00 DYNAMIC eth 0/1
2 00:a0:c8:00:8e:a6 DYNAMIC eth 0/1
2 00:a0:c8:00:8f:ba DYNAMIC eth 0/1
2 00:a0:c8:00:8f:73 DYNAMIC eth 0/1
2 00:a0:c8:00:00:00 DYNAMIC eth 0/1
2 00:a0:c8:01:ff:02 DYNAMIC eth 0/1
2 00:a0:c8:01:09:d3 DYNAMIC eth 0/1
2 00:a0:c8:01:13:34 DYNAMIC eth 0/1
2 00:a0:c8:01:14:4a DYNAMIC eth 0/1
2 00:a0:c8:03:95:4b DYNAMIC eth 0/1
2 00:a0:c8:05:00:89 DYNAMIC eth 0/1

show mac address-table address

Use the show mac address-table address command to display all medium access control (MAC)
addresses known by AOS. Variations of this command include the following:
show mac address-table address <mac address>

show mac address-table address <mac address> interface <interface>
show mac address-table address <mac address> interface <interface> vlan <vlan id>
show mac address-table address <mac address> vlan <vlan id>
Syntax Description
<mac address> Specifies a valid 48-bit MAC address. MAC addresses should be expressed
in the following format: xx:xx:xx:xx:xx:xx (for example, 00:A0:C8:00:00:01).
interface <interface> Optional. Shows information for a specific interface. Specify an interface in
the format <interface type [slot/port | slot/port.subinterface id | interface id |
wireless virtual access point, use dot11ap 1/1.1. Type show mac
address-table address interface ? for a list of valid interfaces.
vlan <vlan id> Optional. Specifies a valid virtual local area network (VLAN) interface ID.
Range is 1 to 4094.
Default Values
Command History
include.

Usage Examples
The following is sample output from the show mac address-table address command displays information
regarding a specific MAC address from the MAC address table:
>enable
#show mac address-table address 00:a0:c8:7d:30:00
Mac Address Table
------------------------------------------
-------- -------------------- --------- -----------
2 00:a0:c8:7d:30:00 DYNAMIC eth 0/1
The following is sample output from the show mac address-table address command displays information
regarding a specific MAC address and interface from the MAC address table:
>enable
#show mac address-table address 00:a0:c8:7d:30:00 ethernet 0/1
Mac Address Table
------------------------------------------
-------- -------------------- --------- -----------
2 00:a0:c8:7d:30:00 DYNAMIC eth 0/1
Total Mac Addresses for this criterion: 1
#

show mac address-table aging-time

Use the show mac address-table aging-time command to display information regarding the amount of
time dynamic entries remain in the medium access control (MAC) address table.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show mac address-table aging-time command for a switch
configured with an address-table aging-time:
>enable
#show mac address-table aging-time
Aging Time
----------------
300 Seconds

show mac address-table count

Use the show mac address-table count command to display information regarding the number of medium
access control (MAC) addresses in use (both static and dynamic).
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show mac address-table count command:
>enable
#show mac address-table count
Mac Table Entries:
--------------------------
Dynamic Address Count: 19
Static Address Count: 3
Total Mac Addresses: 23
Total Mac Address Space Available: 8169

show mac address-table dynamic

Use the show mac address-table dynamic command to display all dynamic medium access control
(MAC) addresses learned by AOS. Variations of this command include the following:
show mac address-table dynamic

show mac address-table dynamic address <mac address>
show mac address-table dynamic address <mac address> interface <interface>
show mac address-table dynamic address <mac address> interface <interface> vlan <vlan id>
show mac address-table dynamic address <mac address> vlan <vlan id>
show mac address-table dynamic interface <interface>
show mac address-table dynamic interface <interface> vlan <vlan id>
show mac address-table dynamic vlan <vlan id>
Syntax Description
address <mac address> Optional. Specifies a valid 48-bit MAC address. MAC addresses should be
00:A0:C8:00:00:01).
address-table dynamic interface ? for a list of valid interfaces.
vlan <vlan id> Optional. Specifies a valid virtual local area network (VLAN) interface ID.
Range is 1 to 4094.
Default Values
Command History
include.

Usage Examples
The following is sample output from the show mac address-table dynamic command:
>enable
#show mac address-table dynamic
Mac Address Table
----------------------------
------- -------------------- -------- --------
1 00:a0:c8:7d:30:00 DYNAMIC eth 0/1
1 00:a0:c8:05:89:09 DYNAMIC eth 0/2
1 00:a0:c8:07:d9:d2 DYNAMIC eth 0/5
1 00:a0:c8:07:d9:19 DYNAMIC eth 0/7
1 00:a0:c8:09:95:6b DYNAMIC eth 0/7
1 00:a0:c8:0a:2d:7c DYNAMIC eth 0/12
1 00:a0:c8:f6:e9:a6 DYNAMIC eth 0/24
1 00:a0:c8:01:0a:ef DYNAMIC eth 0/23
1 00:a0:c8:0c:74:80 DYNAMIC eth 0/20
1 00:a0:c8:15:5a:9f DYNAMIC eth 0/7
1 00:a0:c8:6c:71:49 DYNAMIC eth 0/2
1 00:a0:c8:77:78:c1 DYNAMIC eth 0/3
1 00:a0:c8:6b:53:7b DYNAMIC eth 0/4
1 00:a0:c8:72:e6:d6 DYNAMIC giga-eth 0/2
1 00:a0:c8:05:00:e6 DYNAMIC giga-eth 0/1

show mac address-table interface

Use the show mac address-table interface command to display information regarding medium access
control (MAC) address table entries specific to a certain interface. Variations of this command include:
show mac address-table interface <interface>

show mac address-table interface <interface> vlan <vlan id>
Syntax Description
<interface> Shows information for a specific interface type. Specify an interface in the
address-table interface ? for a list of valid interfaces.
vlan <vlan id> Optional. Shows address-table information related to a specific virtual local
area network (VLAN). Valid range is 1 to 4094.
Default Values
Command History
include.

Usage Examples
The following is sample output from the show mac address-table interface eth 0/1 command displaying
MAC address-table entries specifically on Ethernet 0/1:
>enable
#show mac address-table interface ethernet 0/1
Mac Address Table
2 00:90:2b:7d:30:00 DYNAMIC eth 0/1
2 00:a0:c8:05:00:ac DYNAMIC eth 0/1
2 00:a0:c8:05:00:ad DYNAMIC eth 0/1
2 00:a0:c8:05:00:c2 DYNAMIC eth 0/1
2 00:a0:c8:05:01:6e DYNAMIC eth 0/1
2 00:a0:c8:09:95:6b DYNAMIC eth 0/1
2 00:a0:c8:0a:2d:7c DYNAMIC eth 0/1

show mac address-table multicast

Use the show mac address-table multicast command to display all multicast medium access control
(MAC) addresses known by AOS. Variations of this command include the following:
show mac address-table multicast

show mac address-table multicast count
show mac address-table multicast igmp-snooping
show mac address-table multicast igmp-snooping count
show mac address-table multicast user
show mac address-table multicast user count
show mac address-table multicast vlan <vlan id>
show mac address-table multicast vlan <vlan id> count
show mac address-table multicast vlan <vlan id> igmp-snooping
show mac address-table multicast vlan <vlan id> igmp-snooping count
show mac address-table multicast vlan <vlan id> user
show mac address-table multicast vlan <vlan id> user count
Syntax Description
count Optional. Displays the multicast address count.
igmp-snooping Optional. Displays MAC addresses learned via Internet Group Management
Protocol (IGMP) snooping.
user Optional. Displays static MAC addresses entered by the user.
vlan <vlan id> Optional. Displays address table information related to a specific virtual
local area network (VLAN). Valid range is 1 to 4094.
Default Values
Command History
include.

Usage Examples
The following is sample output from the show mac address-table multicast command:
>enable
#show mac address-table multicast
Multicast Mac Address Table
------------------------------------------
------ ------------------- -------- --------
1 01:00:5e:00:01:01 igmp swx 0/10
1 01:00:5e:7f:ff:fa igmp swx 0/24

show mac address-table static

Use the show mac address-table static command to display all static medium access control (MAC)
addresses known by AOS. Variations of this command include the following:
show mac address-table static

show mac address-table static address <mac address>
show mac address-table static address <mac address> interface <interface>
show mac address-table static address <mac address> interface <interface> vlan <vlan id>
show mac address-table static address <mac address> vlan <vlan id>
show mac address-table static interface <interface>
show mac address-table static interface <interface> vlan <vlan id>
show mac address-table static vlan <vlan id>
Syntax Description
address <mac address> Optional. Specifies a valid 48-bit MAC address. MAC addresses should be
00:A0:C8:00:00:01).
address-table static interface ? for a list of valid interfaces.
vlan <vlan id> Optional. Shows address-table information related to a specific virtual local
area network (VLAN). Valid range is 1 to 4094.
Default Values
Command History
include.

Usage Examples
The following is sample output from the show mac address-table static command:
>enable
#show mac address-table static
Mac Address Table
------ ------------------- -------- --------
1 00:a0:c8:00:88:40 STATIC CPU

show mac limits

Use the show mac limits command to display the configured maximum allowed media access control
(MAC) addresses on the AOS device. The current number of MAC addresses and learned MAC addresses
for each interface are displayed.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays the MAC addresses associated with each configured interface:
>enable
#show mac limits
Port Max Allowed Current Learned
Gigabit-Ethernet 0/1 Disabled
Gigabit-Ethernet 0/2 5 2
Gigabit-Ethernet 0/4 Disabled
Global Limit 1024 3

show mail-client
Use the show mail-client command to display statistical summary information for mail agents. Variations
show mail-client
show mail-client <agent name>
Syntax Description
<agent name> Optional. Specifies only statistics for the named mail agent are displayed.
Default Values
Command History
Usage Examples
The following example displays statistical information for mail agent myagent:
>enable
#show mail-client myagent
Mail-client myagent is ENABLED
Capture output when track mail becomes PASS
Send message when track T becomes PASS
Send TO: joesmith@company.com
6 output captures triggered

18 commands captured
6 command errors
2 unrecognized commands
4 truncated commands
5 emails sent
Last email sent on 2/29/2008 at 16:20:10 PM

show mail-client body <agent name>

Use the show mail-client body command to display the current buffer content for the body of the email
message in queue for a specific mail agent.
Syntax Description
<agent name> Specifies the mail agent buffer to display.
Default Values
Command History
Usage Examples
The following example displays the email body buffer content for myagent mail agent:
>enable
#show mail-client body myagent

show media-gateway
Use the show media-gateway command to show cumulative totals for all Realtime Transport Protocol
(RTP) channels. Variations of this command include:
show media-gateway
show media-gateway channel
show media-gateway channel <slot/dsp.channel>
show media-gateway info
show media-gateway session
show media-gateway session <slot/dsp.channel>
show media-gateway summary
show media-gateway summary active
Syntax Description
<slot/dsp.channel> Optional. Specifies the ID of the media gateway channel to be displayed in
the format slot/dsp.channel.
channel Optional. Shows cumulative totals for individual RTP channels.
info Optional. Shows media-gateway information.
session Optional. Shows current RTP sessions.
summary Optional. Shows summary of last active and current RTP sessions.
active Optional. Shows summary of currently active RTP sessions.
Default Values
Command History
include.

Usage Examples
The following example shows sample output from the show media-gateway command:
>enable
#show media-gateway
Media Gateway
1 slots, 2 DSPs, 60 channels
6 total sessions, 1 active sessions,
00:00:11 total session duration
Last clearing of counters: never
Receive
601 total rx packets, 96160 total rx bytes
Jitter Buffer Totals:
0 out of order packets
0 early arrival discards
0 late arrival discards
0 buffer full discards
0 unknown packets
13 flushed packets
Transmit
647 total tx packets, 103520 total tx bytes
#
The following example shows sample output from the show media-gateway info command:
>enable
#show media-gateway info
slot 0, DSP 1
DSP software version: G2.R10.5.0.0
DSP hardware version: Freescale MSC7119
DSP utilization: 49%
maximum DSP utilization: 52%
free packet buffers: 5998
total channels: 30
active channels: 0
DSP uptime: 2d 23:42:10
slot 0, DSP 2
DSP software version: G2.R10.5.0.0
DSP hardware version: Freescale MSC7119
DSP utilization: 49%
maximum DSP utilization: 51%
free packet buffers: 5998
total channels: 30
active channels: 0
DSP uptime: 2d 23:42:04
system uptime: 2d 23:42:18

show mef
Use the show mef command to display Metro Ethernet Forum (MEF) Ethernet component configuration
and state information. Variations of this command include:
show mef
show mef connections
show mef connections discard
show mef connections evc <name>
show mef connections evc-map <name>
show mef connections men-port efm-group <group id>
show mef connections policer <name>
show mef connections uni mef-ethernet <name>
show mef evc-map
show mef evc-map <name>
show mef evc
show mef evc <name>
show mef policer
show mef policer <name>
Syntax Description
connections Optional. Displays information on all MEF Ethernet connections.
discard Optional. Displays discard connections.
evc <name> Optional. Displays connection information on the specified Ethernet
evc-map <name> Optional. Displays connection information on the specified EVC
map.
men-port efm-group <group id> Optional. Displays connection information for the specified Metro
Ethernet network (MEN) Ethernet in the first mile (EFM) group.
policer <name> Optional. Displays connection information on the specified EVC
policer profile.
uni mef-ethernet <name> Optional. Displays connection information on the specified user
network Metro Ethernet interface.
evc-map Optional. Displays the MEN priority and MEN queue information for
all configured EVC maps.

evc-map <name> Optional. Displays the MEN priority and MEN queue information for
the specified EVC map.
evc Optional. Displays status, s-tag, CE VLAN preservation, and
connected EVC map information for all configured EVCs.
evc <name> Optional. Displays status, s-tag, CE VLAN preservation, and
connected EVC map information for the specified EVC.
policer Optional. Displays configuration information for all EVC policer
policies.
policer <name> Optional. Displays configuration information for the specified EVC
policer policy.
Default Values
Command History
Usage Examples
The following is sample output from the show mef command:
#show mef
MEN Configured EVCs for efm-group 1 :
2213 3216
EVC DATA : Admin UP Protocol Connected UP
Connected to MEN Port efm-group 1

Connected to EVC Map DATA
Tag 3216
Preserve CE VLAN No
EVC DEFAULT : Admin UP Protocol Connected UP

Connected to MEN Port efm-group 1
Connected to EVC Map DEFAULT
Tag 2213
Preserve CE VLAN Yes
EVC Map DATA : Admin UP Protocol Connected UP

Connected to UNI mef-ethernet 1/1
Connected to EVC DATA
MEN Priority Inherit
MEN Queue Inherit

EVC Map DEFAULT : Admin UP Protocol Connected UP

Connected to UNI mef-ethernet 1/1
Connected to EVC DEFAULT
MEN Priority Inherit
MEN Queue Inherit
Connection : EVC Map DATA

UNI mef-ethernet 1/1
EVC DATA
MEN Port efm-group 1
Connection Status Connected UP
Connection : EVC Map DEFAULT

UNI mef-ethernet 1/1
EVC DEFAULT
MEN Port efm-group 1
Connection Status Connected UP#

show memory
Use the show memory command to display statistics regarding memory, including memory allocation and
buffer use statistics. Shows how memory is in use (broken down by memory size) and how much memory
is free. Variations of this command include:
show memory heap

show memory heap realtime
show memory uncached-heap
your unit.
Syntax Description
heap Shows how much memory is in use (broken down by memory block size)
and how much memory is free.
uncached-heap Shows how much memory has been set aside to be used without memory
caching, how much memory is being used, and how much memory is free.
Default Values
Command History
include.

Functional Notes
page 1125).
Usage Examples
The following is sample output from the show memory heap command:
>enable
#show memory heap
Memory Heap:
HeapFree: 2935792
HeapSize: 8522736
Block Managers:
Mgr Size Used Free Max-Used
0 0 58 0 58
1 16 1263 10 1273
2 48 1225 2 1227
3 112 432 2 434
4 240 140 3 143
5 496 72 2 74
6 1008 76 1 26
7 2032 25 1 26
8 4080 2 1 3
9 8176 31 1 32
10 16368 8 0 8
11 32752 5 1 6
12 65520 3 0 30
13 131056 0 0 0

show mgcp-endpoint
Use the show mgcp-endpoint command to display configuration statistics for all configured Media
Gateway Control Protocol (MGCP) endpoints. Variations of this command include:
show mgcp-endpoint
show mgcp-endpoint verbose
Syntax Description
Default Values
Command History
Usage Examples
The following is sample output from the show mgcp-endpoint command:
#show mgcp-endpoint
Endpoint: 1
Name : aaln/1
FXS : 0/1
State : Connected
Endpoint: 2
Name : aaln/2
FXS : 0/2
State : Connected
Endpoint: 3
Name : aaln/3
FXS : 0/3
State : Connected
Endpoint: 4
Name : aaln/4
FXS : 0/4
State : Connected

show modules
Use the show modules command displays information on the current system setup. Variations of this
command include:
show modules
show modules detailed
Syntax Description
detailed Optional. Displays more detailed information in the output.
Default Values
Command History
include.
Release R11.1.0 Command was expanded to include the detailed parameter.
Usage Examples
The following example displays the modules installed in the unit.
>enable
#show modules
Slot Port Type Part Number Software Version
0 1 VPN Module 1202368L1 R10.11.0.E
1 1 T3 WAN Not Available Not Available
2 1 E1 VIM Not Available Not Available

show monitor session

Use the show monitor session command to display information regarding a specified monitor session or to
display this information for all sessions. Variations of this command include:
show monitor session <number>

show monitor session all
Syntax Description
<number> Displays information for a single specific monitor session.
all Displays all sessions.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show monitor session command:
>enable
#show monitor session 1
Monitor Session 1
-----------------
Source Ports:
RX Only: None
TX Only: None
Both: eth 0/2, eth 0/3
Destination Port: eth 0/6

show name-server
Use the show name-server command to display the current domain naming system (DNS) name server’s
address and the source of its addresses. Address sources include Dynamic Host Control Protocol version 4
(DHCPv4), DHCP version 6 (DHCPv6), Point-to-Point Protocol and Internet Protocol Control Protocol
(PPP-IPCP), and user configured addresses. Variations of this command include:
show name-server
show name-server realtime
show name-server vrf <name>
show name-server vrf <name> realtime
Syntax Description
realtime Optional. Displays the name server information in real time.
instance for which to display name server address information. If a VRF
instance is not specified, name server information for the default VRF
instance is displayed.
Default Values
Command History

Usage Examples
The following example shows output from the show name-server command:
>enable
#show name-server
Current Name server address Source
---------------------------------------------------------------------------------------------------
2000:ef0a::1500:37ag:362:ed DHCPv6
proxy --> 2000:a50:1a0e::1500:eddf DHCPv6
10.23.115.254 DHCPv4
client --> 192.168.101.1 PPP
8.8.8.8 User
8.8.4.4 User

show network-forensics ip dhcp

Use the show network-forensics ip dhcp command to display collected Dynamic Host Configuration
Protocol (DHCP) information for clients connected to the network. The display of the collected
information can be for all connected clients or for a specific client. Variations of this command include:
show network-forensics ip dhcp

show network-forensics ip dhcp hostname <hostname>
show network-forensics ip dhcp interface gigabit-switchport <slot/port>
show network-forensics ip dhcp ip <ip address>
show network-forensics ip dhcp mac <mac address>
Syntax Description
hostname <hostname> Optional. Displays DHCP information for the client with the
interface gigabit-switchport <slot/port> Optional. Displays DHCP information for the client using the
specified interface.
ip <ip address> Optional. Displays DHCP information for the client at the
mac <mac address> Optional. Displays DHCP information for the client at the
Default Values
Command History

Usage Examples
The following is sample output from the show network-forensics ip dhcp command:
#show network-forensics ip dhcp

Client MAC/IP/Host: 00:E0:29:0E:D5:E3 / 10.23.220.1 / xpsp3-host
VLAN ID: 100
Source Port: gigabit-switchport 0/2
Server Mac/IP: 00:E0:29:0E:D5:E5 / 10.23.220.254
Lease from Time Collected: 3 days from 25 Aug 2009 10:33:42
Client Vendor Class: unknown
The preceding output is for one client. This same information will be displayed for all
connected clients unless one of the filtering parameters is used in conjunction with the
show network-forensics ip dhcp command.

show network-sync
Use the show network-sync command to display the status of the network synchronization (Network
Sync) configuration. Variations of this command include:
show network-sync
show network-sync detail
Syntax Description
detail Optional. Displays details about the configuration.
Default Values
Command History
Usage Examples
The following example displays the status of the Network Sync configuration:
>enable
#show network-sync
Network Sync Status
Primary Source gigabit-ethernet 0/1
Health Down
Secondary Source gigabit-ethernet 0/2
Health Down
Current Source Holdover
Revertive Mode Priority
EEC Option EEC Option 1
ESMC Process Enabled
Holdover Threshold Threshold Holdover when clock source SSM < QL-EEC1

show ntp associations

Use the show ntp associations command to display the active Network Time Protocol (NTP) associations.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example executes show ntp associations:
>enable
#show ntp associations

show ntp status

Use the show ntp status command to display general information about the status on the Network Time
Protocol (NTP).
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example executes show ntp status:
>enable
#show ntp status

show ospfv3
Use the show ospfv3 command to display general information regarding Open Shortest Path First version
3 (OSPFv3) processes on the AOS device. Variations of this command include:
show ospfv3
show ospfv3 <process id>
Syntax Description
Default Values
Command History
Usage Examples
>enable
#show ospfv3
Summary of OSPFv3 Process 61 with ID: 5.5.5.5, VRF RED
Supports IPv6 Address Family
SPF delay timer: 5 seconds, Hold time between SPFs: 10 seconds
LSA interval: 1800 seconds
Number of external LSAs: 4, Checksum Sum: 0x22a04
Number of AS scoped unknown LSAs: 0, Checksum Sum: 0x0
Number of areas: 2, normal: 2, stub: 0, NSSA: 0
Reference bandwidth unit is 100 Mbps
Area (0) 5.5.5.5
Number of interfaces in this area: 2
Authentication type: 0
SPF algorithm execution count: 2
Number of LSAs: 8, Checksum Sum: 0x3f91a
Area (1) 5.5.5.5

Number of interfaces in this area: 1

Authentication type: 0
SPF algorithm execution count: 3
Number of LSAs: 6, Checksum Sum: 0x39601

show ospfv3 database

Use the show ospfv3 database command to display information contained in the Open Shortest Path First
version 3 (OSPFv3) link state database. Variations of this command include:
show ospfv3 database

show ospfv3 database adv-router <router id>
show ospfv3 database database-summary
show ospfv3 <process id> database
show ospfv3 <process id> database adv-router <router id>
show ospfv3 <process id> database database-summary
show ospfv3 <process id> <area id> database
show ospfv3 <process id> <area id> database adv-router <router id>
show ospfv3 <process id> <area id> database database-summary
Syntax Description
<area id> Optional. Limits the output of this command to a single OSPFv3 area. Valid
range is 0 to 4294967295.
adv-router <router id> Optional. Limits the output of this command to a single specified advertising
router.
database-summary Optional. Displays summarized information about the OSPFv3 link state
database.
Default Values
Command History

Usage Examples
The following is sample output from the show ospfv3 database command:
>enable
#show ospfv3 database
OSPFv3 router with ID: 4.4.4.4 (Process ID 61, VRF RED)

Adv Router Age Seq # Fragment ID Link count Bits
4.4.4.4 222 0x8000005A 0 1 B, E
5.5.5.5 215 0x80000066 0 1 B, E

Adv Router Age Seq # Link ID Rtr count
4.4.4.4 225 0x80000001 8 2
Inter Area Prefix Link States, Area 0

Adv Router Age Seq # Prefix
4.4.4.4 595 0x80000057 2001:10:24:204::/64
5.5.5.5 220 0x80000001 2001:10:24:205::/64
Link (Type-8) Link States, Area 0

Adv Router Age Seq# Link ID Interface
4.4.4.4 595 0x80000057 8 eth 0/1.106
5.5.5.5 220 0x80000062 13 eth 0/1.106
Intra Area Prefix Link States, Area 0

Adv Router Age Seq # Link ID Ref-lstype Ref-LSID
4.4.4.4 225 0x80000001 8192 0x2002 8

Adv Router Age Seq # Fragment ID Link count Bits
5.5.5.5 183 0x80000003 0 0 B, E

5.5.5.5 220 0x80000001 2001:10:24:106::/64
5.5.5.5 211 0x80000001 2001:10:24:204::/64
Inter Area Router Link States, Area 1

Adv Router Age Seq # Ref-router
5.5.5.5 211 0x80000001 4.4.4.4

Adv Router Age Seq# Link ID Interface
5.5.5.5 223 0x80000001 14 eth 0/2.1


Adv Router Age Seq # Link ID Ref-lstype Ref-LSID
5.5.5.5 183 0x80000003 0 0x2001 0
External Link States

4.4.4.4 595 0x80000057 2001:7:1::/64
4.4.4.4 595 0x80000057 2001:10:24:202::/64
5.5.5.5 223 0x80000001 2001:8:1::/64
5.5.5.5 223 0x80000001 2001:8:2::/64
The following is sample output from the show ospfv3 database database-summary command:
>enable
#show ospfv3 database database-summary
Area 0 database summary
LSA Type Count
Router 2
Network 1
Link 2
Prefix 1
Inter-area Prefix 2
Inter-area Router 0
Unknown 0
Subtotal 8
External 4
AS Unknown 0
Area 1 database summary

LSA Type Count
Router 1
Network 0
Link 1
Prefix 1
Inter-area Prefix 2
Inter-area Router 1
Unknown 0
Subtotal 6
External 4
AS Unknown 0

show ospfv3 database external

Use the show ospfv3 database external command to display details from the Open Shortest Path First
version 3 (OSPFv3) link state database of external link state advertisements (LSAs). Variations of this
command include:
show ospfv3 database external

show ospfv3 database external <ipv6 address/prefix-length>
show ospfv3 database external <ipv6 address/prefix-length> <link state id>
show ospfv3 database external <ipv6 address/prefix-length> <link state id> adv-router <router id>
show ospfv3 database external <link state id>
show ospfv3 database external <link state id> adv-router <router id>
show ospfv3 database external adv-router <router id>
show ospfv3 <process id> database external
show ospfv3 <process id> database external <ipv6 address/prefix-length>
show ospfv3 <process id> database external <ipv6 address/prefix-length> <link state id>
show ospfv3 <process id> database external <ipv6 address/prefix-length> <link state id> adv-router
<router id>
show ospfv3 <process id> database external <link state id>
show ospfv3 <process id> database external <link state id> adv-router <router id>
show ospfv3 <process id> database external adv-router <router id>
Syntax Description
<ipv6 address/prefix-length> Optional. Limits the output of this command to a single Internet Protocol
version 6 (IPv6) address. Enter IPv6 addresses in colon hexadecimal
format (X:X:X:X::X/<Z>), for example, 2001:DB8::1/64. The prefix length
(<Z>) is an integer with a value between 0 and 128.
<link state id> Optional. Limits the output of this command to a single specified LSA.
router.
Default Values

Command History
Usage Examples
The following is sample output from the show ospfv3 database external command:
>enable
#show ospfv3 database external
External Link States
Link State age: 689

Link State type: AS External-LSA (0x4005)
Link State ID: 0
Checksum: 0xBE61
Length: 36
Prefix Address: 2001:7:1::
Prefix Length: 64, Options: None
Metric: 22222
Link State age: 689

Link State ID: 1
Checksum: 0xAB43
Length: 36
Prefix Address: 2001:10:24:202::
Metric: 22222
Link State age: 317

Link State ID: 2
Checksum: 0x5D34
Length: 52
Metric: 11111
Forwarding Address: 2001:10:24:205::2

Link State age: 317

Link State ID: 3
Checksum: 0x632C
Length: 52
Metric: 11111
Forwarding Address: 2001:10:24:205::2

show ospfv3 database inter-area prefix

Use the show ospfv3 database inter-area prefix command to display details from the Open Shortest Path
First version 3 (OSPFv3) link state database of inter-area prefix link state advertisements (LSAs).
show ospfv3 database inter-area prefix

show ospfv3 database inter-area prefix <ipv6 address/prefix-length>
show ospfv3 database inter-area prefix <ipv6 address/prefix-length> <link state id>
show ospfv3 database inter-area prefix <ipv6 address/prefix-length> <link state id> adv-router
<router id>
show ospfv3 database inter-area prefix <link state id>
show ospfv3 database inter-area prefix <link state id> adv-router <router id>
show ospfv3 database inter-area prefix adv-router <router id>
show ospfv3 <process id> database inter-area prefix
show ospfv3 <process id> database inter-area prefix <ipv6 address/prefix-length>
show ospfv3 <process id> database inter-area prefix <ipv6 address/prefix-length> <link state id>
show ospfv3 <process id> database inter-area prefix <ipv6 address/prefix-length> <link state id>
adv-router <router id>
show ospfv3 <process id> database inter-area prefix <link state id>
show ospfv3 <process id> database inter-area prefix <link state id> adv-router <router id>
show ospfv3 <process id> database inter-area prefix adv-router <router id>
show ospfv3 <process id> <area id> database inter-area prefix
show ospfv3 <process id> <area id> database inter-area prefix <ipv6 address/prefix-length>
<link state id>
<link state id> adv-router <router id>
show ospfv3 <process id> <area id> database inter-area prefix <link state id>
show ospfv3 <process id> <area id> database inter-area prefix <link state id> adv-router <router id>
show ospfv3 <process id> <area id> database inter-area prefix adv-router <router id>
Syntax Description
range is 0 to 4294967295.

router.
Default Values
Command History
Usage Examples
The following is sample output from the show ospfv3 database inter-area prefix command:
>enable
#show ospfv3 database inter-area prefix
Link State age: 728

Link State type: Inter-Area-Prefix-LSA (0x2003)
Link State ID: 0
Checksum: 0x55DE
Length: 36
Metric: 1
Link State age: 353

Link State ID: 1
Checksum: 0xEB98
Length: 36
Metric: 1

Link State age: 353

Link State ID: 2
Checksum: 0xE2A0
Length: 36
Metric: 1
Link State age: 344

Link State ID: 4
Checksum: 0xBBC6
Length: 36
Metric: 1

show ospfv3 database inter-area router

Use the show ospfv3 database inter-area router command to display details from the Open Shortest Path
First version 3 (OSPFv3) link state database of inter-area router link state advertisements (LSAs).
show ospfv3 database inter-area router

show ospfv3 database inter-area router internal
show ospfv3 database inter-area router <ipv6 address/prefix-length>
show ospfv3 database inter-area router <ipv6 address/prefix-length> internal
show ospfv3 database inter-area router <ipv6 address/prefix-length> <link state id>
show ospfv3 database inter-area router <ipv6 address/prefix-length> <link state id> internal
show ospfv3 database inter-area router <ipv6 address/prefix-length> <link state id> adv-router
<router id>
show ospfv3 database inter-area router <ipv6 address/prefix-length> <link state id> adv-router
<router id> internal
show ospfv3 database inter-area router <link state id>
show ospfv3 database inter-area router <link state id> internal
show ospfv3 database inter-area router <link state id> adv-router <router id>
show ospfv3 database inter-area router <link state id> adv-router <router id> internal
show ospfv3 database inter-area router adv-router <router id>
show ospfv3 database inter-area router adv-router <router id> internal
show ospfv3 <process id> database inter-area router
show ospfv3 <process id> database inter-area router internal
show ospfv3 <process id> database inter-area router <ipv6 address/prefix-length>
show ospfv3 <process id> database inter-area router <ipv6 address/prefix-length> internal
show ospfv3 <process id> database inter-area router <ipv6 address/prefix-length> <link state id>
internal
adv-router <router id>
adv-router <router id> internal
show ospfv3 <process id> database inter-area router <link state id>
show ospfv3 <process id> database inter-area router <link state id> internal
show ospfv3 <process id> database inter-area router <link state id> adv-router <router id>
show ospfv3 <process id> database inter-area router <link state id> adv-router <router id> internal
show ospfv3 <process id> database inter-area router adv-router <router id>
show ospfv3 <process id> database inter-area router adv-router <router id> internal
show ospfv3 <process id> <area id> database inter-area router
show ospfv3 <process id> <area id> database inter-area router internal
show ospfv3 <process id> <area id> database inter-area router <ipv6 address/prefix-length>
show ospfv3 <process id> <area id> database inter-area router <ipv6 address/prefix-length> internal
<link state id>

<link state id> internal
<link state id> adv-router <router id>
<link state id> adv-router <router id> internal
show ospfv3 <process id> <area id> database inter-area router <link state id>
show ospfv3 <process id> <area id> database inter-area router <link state id> internal
show ospfv3 <process id> <area id> database inter-area router <link state id> adv-router <router id>
show ospfv3 <process id> <area id> database inter-area router <link state id> adv-router <router id>
internal
show ospfv3 <process id> <area id> database inter-area router adv-router <router id>
show ospfv3 <process id> <area id> database inter-area router adv-router <router id> internal
Syntax Description
range is 0 to 4294967295.
router.
LSAs and whether the LSA was used in route calculation.
Default Values
Command History

Usage Examples
The following is sample output from the show ospfv3 database inter-area router command:
>enable
#show ospfv3 database inter-area router
Inter Area Router Link States, Area 1
Link State age: 394

Link State ID: 3
Checksum: 0x37C6
Length: 32
Options: V6, E, R, AF
Metric: 1
Destination Router: 4.4.4.4

show ospfv3 database link

Use the show ospfv3 database link command to display details from the Open Shortest Path First version
3 (OSPFv3) link state database of link state advertisements (LSAs). Variations of this command include:
show ospfv3 database link

show ospfv3 database link interface <interface>
show ospfv3 database link interface <interface> <link state id>
show ospfv3 database link interface <interface> <link state id> adv-router <router id>
show ospfv3 database link interface <interface> adv-router <router id>
show ospfv3 database link interface [mef-ethernet <slot/port> | system-control-evc |
system-management-evc] <link state id>
system-management-evc] <link state id> adv-router <router id>
system-management-evc] adv-router <router id>
show ospfv3 database link <link state id>
show ospfv3 database link <link state id> adv-router <router id>
show ospfv3 database link adv-router <router id>
show ospfv3 <process id> database link
show ospfv3 <process id> database link interface <interface>
show ospfv3 <process id> database link interface <interface> <link state id>
show ospfv3 <process id> database link interface <interface> <link state id> adv-router <router id>
show ospfv3 <process id> database link interface <interface> adv-router <router id>
show ospfv3 <process id> database link interface [mef-ethernet <slot/port> | system-control-evc |
system-management-evc] <link state id>
system-management-evc] <link state id> adv-router <router id>
system-management-evc] adv-router <router id>
show ospfv3 <process id> database link <link state id>
show ospfv3 <process id> database link <link state id> adv-router <router id>
show ospfv3 <process id> database link adv-router <router id>
show ospfv3 <process id> <area id> database link
show ospfv3 <process id> <area id> database link interface <interface>
show ospfv3 <process id> <area id> database link interface <interface> <link state id>
show ospfv3 <process id> <area id> database link interface <interface> <link state id> adv-router
<router id>
show ospfv3 <process id> <area id> database link interface <interface> adv-router <router id>
show ospfv3 <process id> <area id> database link interface [mef-ethernet <slot/port> |
system-control-evc | system-management-evc] <link state id>

system-control-evc | system-management-evc] <link state id> adv-router <router id>
system-control-evc | system-management-evc] adv-router <router id>
show ospfv3 <process id> <area id> database link <link state id>
show ospfv3 <process id> <area id> database link <link state id> adv-router <router id>
show ospfv3 <process id> <area id> database link adv-router <router id>
Syntax Description
range is 0 to 4294967295.
interface <interface> Optional. Limits the output of this command to a single OSPFv3 interface.
Specify interfaces in the format <interface type [slot/port |
slot/port.subinterface id | interface id | interface id.subinterface id>. For
Enter show ipv6 ospfv3 database link interface ? for a list of available
interfaces.
mef-ethernet <slot/port> Optional. Limits the output of this command to the Metro Ethernet Forum
(MEF) Ethernet interface.
system-control-evc Optional. Limits the output of this command to the system control Ethernet
system-management-evc Optional. Limits the output of this command to the system management
EVC.
router.
Default Values

Command History
Usage Examples
The following is sample output from the show ospfv3 database link command:
>enable
#show ospfv3 database link
Link State age: 813

Link State type: Link-LSA (Interface: eth 0/1.106) (0x0008)
Link State ID: 8
Checksum: 0xEFB2
Length: 56
Options: V6, E, R, DC
Router Priority: 1
Link-Local Address: FE80::CA9C:1DFF:FED6:E0A0
Number of Prefixes: 1
Link State age: 438

Link State ID: 13
Checksum: 0xCD3
Length: 56
Router Priority: 1
Link-Local Address: FE80::2A0:C8FF:FE1F:CC53
Link State age: 441


Link State ID: 14
Checksum: 0xD965
Length: 56
--MORE--

show ospfv3 database network

Use the show ospfv3 database network command to display details from the Open Shortest Path First
version 3 (OSPFv3) link state database of network link state advertisements (LSAs). Variations of this
command include:
show ospfv3 database network

show ospfv3 database network <link state id>
show ospfv3 database network <link state id> adv-router <router id>
show ospfv3 database network adv-router <router id>
show ospfv3 <process id> database network
show ospfv3 <process id> database network <link state id>
show ospfv3 <process id> database network <link state id> adv-router <router id>
show ospfv3 <process id> database network adv-router <router id>
show ospfv3 <process id> <area id> database network
show ospfv3 <process id> <area id> database network <link state id>
show ospfv3 <process id> <area id> database network <link state id> adv-router <router id>
show ospfv3 <process id> <area id> database network adv-router <router id>
Syntax Description
range is 0 to 4294967295.
router.
Default Values
Command History

Usage Examples
The following is sample output from the show ospfv3 database network command:
>enable
#show ospfv3 database network
Link State age: 471

Link State type: Network-LSA (0x2002)
Link State ID: 8
Checksum: 0xB01B
Length: 32
Options: V6, E, R, DC, AF
Number of Attached Routers: 2

show ospfv3 database prefix

Use the show ospfv3 database prefix command to display details from the Open Shortest Path First
version 3 (OSPFv3) link state database of intra-area link state advertisements (LSAs). Variations of this
command include:
show ospfv3 database prefix

show ospfv3 database prefix ref-lsa network
show ospfv3 database prefix ref-lsa network <link state id>
show ospfv3 database prefix ref-lsa network <link state id> adv-router <router id>
show ospfv3 database prefix ref-lsa network adv-router <router id>
show ospfv3 database prefix ref-lsa router
show ospfv3 database prefix ref-lsa router <link state id>
show ospfv3 database prefix ref-lsa router <link state id> adv-router <router id>
show ospfv3 database prefix ref-lsa router adv-router <router id>
show ospfv3 <process id> database prefix
show ospfv3 <process id> database prefix ref-lsa network
show ospfv3 <process id> database prefix ref-lsa network <link state id>
show ospfv3 <process id> database prefix ref-lsa network <link state id> adv-router <router id>
show ospfv3 <process id> database prefix ref-lsa network adv-router <router id>
show ospfv3 <process id> database prefix ref-lsa router
show ospfv3 <process id> database prefix ref-lsa router <link state id>
show ospfv3 <process id> database prefix ref-lsa router <link state id> adv-router <router id>
show ospfv3 <process id> database prefix ref-lsa router adv-router <router id>
show ospfv3 <process id> <area id> database prefix
show ospfv3 <process id> <area id> database prefix ref-lsa network
show ospfv3 <process id> <area id> database prefix ref-lsa network <link state id>
show ospfv3 <process id> <area id> database prefix ref-lsa network <link state id> adv-router
<router id>
show ospfv3 <process id> <area id> database prefix ref-lsa network adv-router <router id>
show ospfv3 <process id> <area id> database prefix ref-lsa router
show ospfv3 <process id> <area id> database prefix ref-lsa router <link state id>
show ospfv3 <process id> <area id> database prefix ref-lsa router <link state id> adv-router
<router id>
show ospfv3 <process id> <area id> database prefix ref-lsa router adv-router <router id>

Syntax Description
range is 0 to 4294967295.
ref-lsa Optional. Limits the output of this command to all referenced LSAs.
network Optional. Limits the output of this command to referenced network LSAs.
router Optional. Limits the output of this command to referenced router LSAs.
router.
Default Values
Command History
Usage Examples
The following is sample output from the show ospfv3 database prefix command:
>enable
#show ospfv3 database prefix
Link State age: 539

Link State type: Intra-Area-Prefix-LSA (0x2009)
Link State ID: 8192
Checksum: 0x1809
Length: 44
Referenced LSA Type: 0x2002
Referenced Link State ID: 8
Referenced Advertising Router: 4.4.4.4
Prefix Length: 64, Options: None, Metric: 0
Link State age: 497

Link State type: Intra-Area-Prefix-LSA (0x2009)

Link State ID: 0
Checksum: 0x44FA
Length: 44
Referenced LSA Type: 0x2001
Referenced Link State ID: 0
Referenced Advertising Router: 5.5.5.5
Prefix Length: 64, Options: None, Metric: 1

show ospfv3 database router

Use the show ospfv3 database router command to display details from the Open Shortest Path First
version 3 (OSPFv3) link state database of router link state advertisements (LSAs). Variations of this
command include:
show ospfv3 database router

show ospfv3 database router internal
show ospfv3 database router <link state id>
show ospfv3 database router <link state id> internal
show ospfv3 database router <link state id> adv-router <router id>
show ospfv3 database router <link state id> adv-router <router id> internal
show ospfv3 database router adv-router <router id>
show ospfv3 database router adv-router <router id> internal
show ospfv3 <process id> database router
show ospfv3 <process id> database router internal
show ospfv3 <process id> database router <link state id>
show ospfv3 <process id> database router <link state id> internal
show ospfv3 <process id> database router <link state id> adv-router <router id>
show ospfv3 <process id> database router <link state id> adv-router <router id> internal
show ospfv3 <process id> database router adv-router <router id>
show ospfv3 <process id> database router adv-router <router id> internal
show ospfv3 <process id> <area id> database router
show ospfv3 <process id> <area id> database router internal
show ospfv3 <process id> <area id> database router <link state id>
show ospfv3 <process id> <area id> database router <link state id> internal
show ospfv3 <process id> <area id> database router <link state id> adv-router <router id>
show ospfv3 <process id> <area id> database router <link state id> adv-router <router id> internal
show ospfv3 <process id> <area id> database router adv-router <router id>
show ospfv3 <process id> <area id> database router adv-router <router id> internal
Syntax Description
range is 0 to 4294967295.

router.
LSAs and whether the LSA was used in route calculation.
Default Values
Command History
Usage Examples
The following is sample output from the show ospfv3 database router command:
>enable
#show ospfv3 database router
Link State age: 575

Link State ID: 0
Sequence Number: 0x8000005A
Checksum: 0x4F23
Length: 40
Options: V6, E, R, DC
Number of Links: 1
Link Metric: 1
Local Interface ID: 8
Neighbor (DR) Interface ID: 8
Neighbor (DR) Router ID: 4.4.4.4
Link State age: 568

Link State ID: 0
Checksum: 0xA3D8
Length: 40
Number of Links: 1


Link Metric: 1
Local Interface ID: 13
Neighbor (DR) Interface ID: 8
Neighbor (DR) Router ID: 4.4.4.4
Link State age: 536

Link State ID: 0
Checksum: 0xA176
Length: 24
Number of Links: 0

show ospfv3 database unknown

Use the show ospfv3 database unknown command to display details from the Open Shortest Path First
version 3 (OSPFv3) link state database of unknown link state advertisements (LSAs). Variations of this
command include:
show ospfv3 database unknown

show ospfv3 database unknown as
show ospfv3 database unknown area
show ospfv3 database unknown link
show ospfv3 database unknown <link state id>
show ospfv3 database unknown <link state id> as
show ospfv3 database unknown <link state id> area
show ospfv3 database unknown <link state id> link
show ospfv3 database unknown <link state id> adv-router <router id>
show ospfv3 database unknown <link state id> adv-router <router id> as
show ospfv3 database unknown <link state id> adv-router <router id> area
show ospfv3 database unknown <link state id> adv-router <router id> link
show ospfv3 database unknown adv-router <router id>
show ospfv3 database unknown adv-router <router id> as
show ospfv3 database unknown adv-router <router id> area
show ospfv3 database unknown adv-router <router id> link
show ospfv3 <process id> database unknown
show ospfv3 <process id> database unknown as
show ospfv3 <process id> database unknown area
show ospfv3 <process id> database unknown link
show ospfv3 <process id> database unknown <link state id>
show ospfv3 <process id> database unknown <link state id> as
show ospfv3 <process id> database unknown <link state id> area
show ospfv3 <process id> database unknown <link state id> link
show ospfv3 <process id> database unknown <link state id> adv-router <router id>
show ospfv3 <process id> database unknown <link state id> adv-router <router id> as
show ospfv3 <process id> database unknown <link state id> adv-router <router id> area
show ospfv3 <process id> database unknown <link state id> adv-router <router id> link
show ospfv3 <process id> database unknown adv-router <router id>
show ospfv3 <process id> database unknown adv-router <router id> as
show ospfv3 <process id> database unknown adv-router <router id> area
show ospfv3 <process id> database unknown adv-router <router id> link
show ospfv3 <process id> <area id> database unknown
show ospfv3 <process id> <area id> database unknown as
show ospfv3 <process id> <area id> database unknown area
show ospfv3 <process id> <area id> database unknown link
show ospfv3 <process id> <area id> database unknown <link state id>
show ospfv3 <process id> <area id> database unknown <link state id> as
show ospfv3 <process id> <area id> database unknown <link state id> area
show ospfv3 <process id> <area id> database unknown <link state id> link

show ospfv3 <process id> <area id> database unknown <link state id> adv-router <router id>
show ospfv3 <process id> <area id> database unknown <link state id> adv-router <router id> as
show ospfv3 <process id> <area id> database unknown <link state id> adv-router <router id> area
show ospfv3 <process id> <area id> database unknown <link state id> adv-router <router id> link
show ospfv3 <process id> <area id> database unknown adv-router <router id>
show ospfv3 <process id> <area id> database unknown adv-router <router id> as
show ospfv3 <process id> <area id> database unknown adv-router <router id> area
show ospfv3 <process id> <area id> database unknown adv-router <router id> link
Syntax Description
range is 0 to 4294967295.
router.
as Optional. Filters the output of this command by unknown LSA autonomous
systems (AS).
area Optional. Filters the output of this command by unknown LSA areas.
link Optional. Filters the output of this command by unknown LSA links.
Default Values
Command History

Usage Examples
The following is sample output from the show ospfv3 database unknown command:
>enable
#show ospfv3 database unknown
Unknown Link States, Area 603979776
Link State age: 273

Link State type: Unknown (0x3FFF)
Link State ID: 1
Sequence Number: 0x808DE8B1
Checksum: 0xF1AE
Length: 40
Scope: Link Local

show ospfv3 interface

Use the show ospfv3 interface command to display Open Shortest Path First version 3 (OSPFv3)
information related to router interfaces. Variations of this command include:
show ospfv3 interface

show ospfv3 interface <interface>
show ospfv3 interface mef-ethernet <slot/port>
show ospfv3 interface system-control-evc
show ospfv3 interface system-management-evc
show ospfv3 <process id> interface
show ospfv3 <process id> interface <interface>
show ospfv3 <process id> interface mef-ethernet <slot/port>
show ospfv3 <process id> interface system-control-evc
show ospfv3 <process id> interface system-management-evc
show ospfv3 <process id> <area id> interface
show ospfv3 <process id> <area id> interface <interface>
show ospfv3 <process id> <area id> interface mef-etherent <slot/port>
show ospfv3 <process id> <area id> interface system-control-evc
show ospfv3 <process id> <area id> interface system-management-evc
Syntax Description
range is 0 to 4294967295.
<interface> Optional. Limits the output of this command to a single OSPFv3 interface.
Enter show ospfv3 interface ? for a list of available interfaces.
EVC.

Default Values
Command History
Usage Examples
The following is sample output from the show ospfv3 interface command:
>enable
#show ospfv3 interface
eth 0/1.106 is UP
Link Local Address FE80::2A0:C8FF:FE1F:CC53, Interface ID 13
Area 0, Process ID 61, VRF RED, Instance ID 0, Router ID 5.5.5.5
Area 1, Process ID 24, VRF RED, Instance ID 1, Router ID 5.5.5.5
Network type Broadcast, Cost: 1
Transmit delay is 1, State BDR, Priority 1
Designated Router (ID) 4.4.4.4, local address FE80::CA9C:1DFF:FED6:E0A0
Backup Designated Router (ID) 5.5.5.5, local address FE80::2A0:C8FF:FE1F:CC53
Timer intervals configured, Hello 10, Dead 40, Retransmit 5
Hello due in 00:00:04
Neighbor Count is 1, Adjacent neighbors count is 1
Adjacent with neighbor 4.4.4.4 (Designated Router)
Suppress hello for 0 neighbor(s)
eth 0/2.1 is UP
Link Local Address FE80::2A0:C8FF:FE1F:CC54, Interface ID 14
Area 1, Process ID 61, Instance ID 0, Router ID 5.5.5.5
Network type Broadcast, Cost: 1
Transmit delay is 1, State DR, Priority 1
Designated Router (ID) 5.5.5.5, local address FE80::2A0:C8FF:FE1F:CC54
Backup Designated Router (ID) 0.0.0.0, local address ::
Timer intervals configured, Hello 10, Dead 40, Retransmit 5
Hello due in 00:00:06
Neighbor Count is 0, Adjacent neighbors count is 0
Suppress hello for 0 neighbor(s)

show ospfv3 neighbor

Use the show ospfv3 neighbor command to display Open Shortest Path First version 3 (OSPFv3)
information related to OSPFv3 neighbors. Variations of this command include:
show ospfv3 neighbor

show ospfv3 neighbor detail
show ospfv3 neighbor <interface>
show ospfv3 neighbor <interface> detail
show ospfv3 neighbor <interface> hostname
show ospfv3 neighbor <interface> hostname detail
show ospfv3 neighbor <interface> <router id>
show ospfv3 neighbor <interface> <router id> detail
show ospfv3 neighbor hostname
show ospfv3 neighbor hostname detail
show ospfv3 neighbor [mef-ethernet <slot/port> | system-control-evc | system-management-evc]
detail
hostname
hostname detail
<router id>
<router id> detail
show ospfv3 neighbor <router id>
show ospfv3 neighbor <router id> detail
show ospfv3 <process id> neighbor
show ospfv3 <process id> neighbor detail
show ospfv3 <process id> neighbor <interface>
show ospfv3 <process id> neighbor <interface> detail
show ospfv3 <process id> neighbor <interface> hostname
show ospfv3 <process id> neighbor <interface> hostname detail
show ospfv3 <process id> neighbor <interface> <router id>
show ospfv3 <process id> neighbor <interface> <router id> detail
show ospfv3 <process id> neighbor [mef-ethernet <slot/port> | system-control-evc |
system-management-evc] detail
system-management-evc] hostname
system-management-evc] hostname detail
system-management-evc] <router id>


system-management-evc] <router id> detail
show ospfv3 <process id> neighbor hostname
show ospfv3 <process id> neighbor hostname detail
show ospfv3 <process id> neighbor <router id>
show ospfv3 <process id> neighbor <router id> detail
show ospfv3 <process id> <area id> neighbor
show ospfv3 <process id> <area id> neighbor detail
show ospfv3 <process id> <area id> neighbor <interface>
show ospfv3 <process id> <area id> neighbor <interface> detail
show ospfv3 <process id> <area id> neighbor <interface> hostname
show ospfv3 <process id> <area id> neighbor <interface> hostname detail
show ospfv3 <process id> <area id> neighbor <interface> <router id>
show ospfv3 <process id> <area id> neighbor <interface> <router id> detail
show ospfv3 <process id> <area id> neighbor [mef-ethernet <slot/port> | system-control-evc |
system-management-evc] detail
system-management-evc] hostname
system-management-evc] hostname detail
system-management-evc] <router id>
system-management-evc] <router id> detail
show ospfv3 <process id> <area id> neighbor hostname
show ospfv3 <process id> <area id> neighbor hostname detail
show ospfv3 <process id> <area id> neighbor <router id>
show ospfv3 <process id> <area id> neighbor <router id> detail
Syntax Description
range is 0 to 4294967295.

<interface> Optional. Limits the output of this command to a single OSPFv3 interface.
Enter show ospfv3 neighbor ? for a list of available interfaces.
EVC.
<router id> Optional. Limits the output of this command to a single specified advertising
router by router ID.
hostname Optional. Limits the output of this command to a single specified router by
router host name.
detail Optional. Specifies that more detailed information is displayed in the
command output.
Default Values
Command History
Usage Examples
The following is sample output from the show ospfv3 neighbor command:
>enable
#show ospfv3 neighbor
OSPFv3 Router with ID (5.5.5.5) (Process ID 61, VRF RED)
Neighbor ID Pri State Dead Time Intf-ID Interface

4.4.4.4 1 FULL/DR 00:00:34 8 eth 0/1.106

show ospfv3 summary-prefix

Use the show ospfv3 summary-prefix command to display details about Open Shortest Path First
version 3 (OSPFv3) redistributed routes that have been summarized using the command summary-prefix
<ipv6 address/prefix-length> on page 4151. Variations of this command include:
show ospfv3 summary-prefix

show ospfv3 <process id> summary-prefix
Syntax Description
Default Values
Command History
Usage Examples
The following is sample output from the show ospfv3 summary-prefix command for process 61:
>enable
#show ospfv3 61 summary-prefix
OSPFv3 Summary Addresses, Process ID 61, VRF RED:
2001:8:7::/48 Metric 11111, Type 1, advertise

show output-chkdsk
Use the show output-chkdsk command to display output from the CFLASH checkdisk that occurs at boot
up. File allocation table (FAT) errors detected or repaired are shown from the last boot up using this
command. If checkdisk passed without incident, the command displays the output File is empty. This
command is only applicable to ADTRAN integrated communications products (ICPs).
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show output-chkdsk command where checkdisk passed:
>enable
#show output-chkdsk
File is empty.
The following is sample output from the show output-chkdsk command where errors were detected and
repaired. An explanation of the errors found follows the output:
>enable
#show output-chkdsk
## 'SystemDefaultPrompts' The '.' entry has a non-zero size (repaired).
## 'SystemDefaultPrompts' The '..' entry points to cluster 2 (should be root directory - repaired).
## Cluster 583 chains to 435, but 583 is already used in another chain.
## Terminated subsequent instance of cross-linked chain starting at 205 at cluster 394.
## 'VoiceMail' The '.' first entry was not found.
## 'VoiceMail' Found 2 checksum mismatches (repaired).
## 'VoiceMail/Messages' Found 3 trailing entries (repaired).
## 'VoiceMail' Found 2 duplicate entries (repaired).

The following errors are minor and can be ignored.
## 'SystemDefaultPrompts' The '.' entry has a non-zero size (repaired).

## 'SystemDefaultPrompts' The '..' entry points to cluster 2 (should be root directory - repaired).
The following errors are more serious, but have been repaired. They indicate that the FAT has been
corrupted. In some instances, major files may be lost (if they were corrupt or were contained within a
corrupt directory).
## Found 20 orphaned clusters (not free and not used - repaired).

## Cluster 583 chains to 435, but 583 is already used in another chain.
## Terminated subsequent instance of cross-linked chain starting at 205 at cluster 394.
The following error results in the removal of the entire directory:
## 'VoiceMail' The '.' first entry was not found.
The following errors are minor. They indicate that some corruption has occurred, specifically with the
naming units of the files involved. In most cases, these can be repaired without data loss.
## 'VoiceMail' Found 2 checksum mismatches (repaired).

## 'VoiceMail' Found 15 invalid names (repaired).
## 'VoiceMail/Messages' Found 3 trailing entries (repaired).
## 'VoiceMail' Found 2 duplicate entries (repaired).

show output-errors
Use the show output-errors command to display the startup error log. If no errors are encountered during
startup, the command displays the output File is empty.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example shows output from the show output-errors command:
>enable
#show output-errors
File is empty.

show output-startup
Use the show output-startup command to display startup configuration output line by line. This output
can be copied into a text file and then used as a configuration editing tool.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show output-startup command:
>enable
#show output-startup
!
#!
#hostname "UNIT_2"
UNIT_2#no enable password
UNIT_2#!
UNIT_2#ip subnet-zero
UNIT_2#ip classless
UNIT_2#ip routing
UNIT_2#!
UNIT_2#event-history on
UNIT_2#no logging forwarding
UNIT_2#logging forwarding priority-level info
UNIT_2#no logging email
--MORE--

show over-temperature protection

Use the show over-temperature protection command to display current status for the over temperature
protection feature.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
The shutdown threshold is not user defined and cannot be changed on the unit. For more information
about over temperature protection configuration, refer to the Over-Temperature Protection Command Set
on page 4431.
This command is not available for vAOS instances.
Usage Examples
The following is sample output from the show over-temperature protection command:
>enable
#show over-temperature protection
Over-Temperature Protection Status
Admin State : Enabled

Warning Threshold : 70C 158F
Recovery Threshold : 70C 158F
Shutdown Threshold : 75C 167F

show packet-capture
Use the show packet-capture command to display packet capturing statistics and verify the
packet-capture configuration. Variations of this command include:
show packet-capture captures

show packet-capture captures memory-usage
show packet-capture captures memory-usage realtime
show packet-capture captures sip-calls
show packet-capture captures sip-calls realtime
show packet-capture captures realtime
show packet-capture interfaces
show packet-capture interfaces realtime
show packet-capture memory-usage
show packet-capture memory-usage captures
show packet-capture memory-usage captures realtime
show packet-capture memory-usage captures sip-calls
show packet-capture memory-usage captures sip-calls realtime
show packet-capture memory-usage interfaces
show packet-capture memory-usage interfaces realtime
show packet-capture memory-usage realtime
show packet-capture sip-calls
show packet-capture sip-calls realtime
show packet-capture
show packet-capture verbose realtime
Syntax Description
captures Displays the active captures of every configured packet-capture.
interfaces Displays the interfaces with attached packet-captures and any observed
Netifs.
memory-usage Displays packet capturing memory usage statistics. These statistics can be
further limited by active captures, Session Initiation Protocol (SIP) calls, and
interfaces.
sip-calls Displays the active calls of every SIP packet-capture.
realtime Optional. Displays the command output in realtime.
verbose Optional. Displays detailed packet-capture information.

Default Values
Command History
Usage Examples
The following example displays the active captures of every configured packet-capture:
>enable
#show packet-capture captures
Active Captures:
CapturID Packet-capture State Size Start
331 1CAPTURE open 24 2011.03.15 23:50:10
332 2CAPTURE exporting 24 2011.03.15 23:48:27
Export Jobs (ongoing or recently completed):

CaptID Sent Destination Status
332 151K 10.17.127.251:69 In progress

show port-auth
Use the show port-auth command to view port authentication information. Variations of this command
include:
show port-auth
show port-auth detailed
show port-auth detailed interface <interface>
show port-auth interface <interface>
show port-auth statistics
show port-auth statistics interface <interface>
show port-auth summary
show port-auth summary interface <interface>
show port-auth supplicant
show port-auth supplicant interface <interface>
show port-auth supplicant summary
show port-auth supplicant summary interface <interface>
Syntax Description
detailed Optional. Displays detailed port authentication information.
statistics Optional. Displays port authentication statistics.
summary Optional. Displays a summary of port authentication settings.
supplicant Optional. Displays port authentication supplicant information.
interface <interface> Optional. Displays port authentication information for the specified interface.
dot11ap 1/1.1. Type show port-auth interface ? for a list of valid
interfaces.
Default Values

Command History
include, and the supplicant keyword.
Release R.11.5.0 Command was expanded to include media access control (MAC)
authentication bypass information.
Usage Examples
The following example displays the port authentication information:
>enable
#show port-auth
Global Port-Authentication Parameters:
re-authentication enabled: False
reauth-period: 3600
quiet-period: 60
tx-period: 30
supp-timeout: 30
server-timeout: 30
reauth-max: 2
Port-Authentication Port Summary:
* MAB - MAC Authentication Bypass
Interface Status Type Mode Authorized
---------------------------------------------------------------------------------------------------
eth 0/1 disabled port-based n/a n/a
eth 0/2 disabled port-based:MAB auto not authorized


Port Authentication Port Details:
Port-Authentication is disabled on eth 0/1
Port-Authentication is enabled on eth 0/2
Status not authorized
Auth Mode port-based
Port-Control auto
Multiple Hosts Allowed disabled
MAC Auth Bypass enabled
Supplicant MAC n/a
Current Identifier 0

show port-security
Use the show port-security command to display port security information. Variations of this command
include:
show port-security
show port-security address
show port-security interface <interface>
show port-security interface <interface> address
show port-security port-expiration
show port-security port-expiration detailed
Syntax Description
address Optional. Displays a list of secure medium access control (MAC) addresses
for all interfaces currently configured for port security.
interface <interface> Optional. Filters the output to include only information for the specified
dot11ap 1/1.1. Type show port-security interface ? for a complete list of
valid interfaces.
port-expiration Optional. Displays the ports currently participating in port expiration and the
amount of time left until the port is shut down.
detailed Optional. Displays information for all interfaces, even if not configured for
port expiration.
Default Values
Command History
include.
Release 18.3 Command was expanded to include the 10 gigabit switchport interface.

Usage Examples
The following displays all secure MAC addresses related to the Ethernet 0/1 interface:
>enable
#show port-security interface eth 0/1 address
VLAN Mac Address Type of Entry Interface Remaining Time
--------------------------------------------------------------------------------------------------------------
1 00:a0:c8:0a:c6:4a Dynamic-Secure eth 0/1 --
1 00:a0:c8:0a:c6:4b Dynamic-Secure eth 0/1 --
--------------------------------------------------------------------------------------------------------------
Dynamic Address Count: 2
Static Address Count: 0
Sticky Address Count: 0
Total Address Count: 2

show power inline

Use the show power inline command to display power information (in watts) for devices connected to
Power over Ethernet (PoE) interfaces. The command also displays the PoE interfaces that can be powered,
whether the interfaces are powered or not, and the IEEE class for the device(s) connected to the PoE
interfaces. Variations of this command include:
show power inline

show power inline <slot/port>
show power inline <slot/port> realtime
show power inline vcid <vcid>
your unit.
Syntax Description
<slot/port> Optional. Specifies the slot/port of a PoE interface. If specified, the
command only displays information related to that interface.
vcid <vcid> Optional. Specifies the virtual chassis ID of an ActivChassis member. If
specified, the command only displays information related to that member.
Valid VCID range is 1 to 8. VCID values 1 and 2 are given to the
ActivChassis master and backup devices, respectively.
Default Values
Command History
Release 11.1 The realtime display parameter was added.
include.
Release R10.7.0 Command was expanded to include the vcid parameter.

Functional Notes
page 1125).
Usage Examples
The following example displays power information for all PoE interfaces:
>enable
#show power inline
Interface Admin Oper Power (watts) Class
eth 0/1 auto off n/a n/a
eth 0/2 auto off n/a n/a
--MORE--

show power-supply
Use the show power-supply command to display the power supply status.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following example displays the power supply status:
>enable
#show power-supply
Power supply 1 is OK.
Power supply 2 is not present.

show pppoe
Use the show pppoe command to display all Point-to-Point Protocol over Ethernet (PPPoE) settings and
associated parameters.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following example enters the Enable mode and uses the show command to display PPPoE
information:
>enable
#show pppoe
ppp 1
Outgoing Interface: eth 0/1
Outgoing Interface MAC Address: 00:A0:C8:00:85:20
Access-Concentrator Name Requested: FIRST VALID
Access-Concentrator Name Received: 13021109813703-LRVLGAOS90W_IFITL
Access-Concentrator MAC Address: 00:10:67:00:1D:B8
Session Id: 64508
Service Name Requested: ANY
Service Name Available:
PPPoE Client State: Bound (3)
Redial retries: unlimited
Redial delay: 10 seconds
Backup enabled all day on the following days:
Sunday Monday Tuesday Wednesday Thursday Friday Saturday

show pppoe system-control-evc

Use the show pppoe system-control-evc command to display the Point-to-Point Protocol over Ethernet
(PPPoE) settings for the system control Ethernet virtual connection (EVC).
Syntax Description
No subcommands.
Default Values
No defaults are necessary for this command.
Command History
Usage Examples
Enter the command as follows to display the PPPoE information for the system control EVC:
>enable
#show pppoe system-control-evc

show policer
Use the show policer command to display Ethernet virtual connection (EVC) traffic policer configuration
and state information. Variations of this command include:
show policer
show policer <name>
Syntax Description
<name> Optional. Displays information about the connected EVC policer profile. If
no name is specified, information for all policers is displayed.
Default Values
Command History
Usage Examples
Enter the command as follows to display information for all configured EVC policers:
>enable
#show policer
Policer “policer1”
Policer Status : Disabled
Configured CIR : 0 kbps
Configured EIR : 600000 kbps
Configured CBS : 3125 bytes
Configured EBS : 12500 bytes
Mode : Not applied

show privilege
Use the show privilege command to display the current user’s privilege level.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays the user’s current privilege level as 1:
>enable
#show privilege
Current privilege level is 1

show probe
Use the show probe command to display probe configuration and statistics. Refer to Network Monitor
Probe Command Set on page 4047 for information on configuring probe objects. Variations of this
show probe
show probe <name>
show probe <name> realtime
show probe responder icmp-timestamp
show probe responder icmp-timestamp realtime
show probe responder twamp
show probe responder twamp realtime
show probe responder udp-echo
show probe responder udp-echo realtime
show probe <name> statistics
show probe <name> statistics history
show probe statistics
show probe statistics history
your unit.
Syntax Description
<name> Optional. Displays configuration and statistics for a specific probe.
responder Displays the specified probe responder statistics.
icmp-timestamp Optional. Displays the Internet Control Message Protocol (ICMP) timestamp
probe responder statistics.
twamp Optional. Displays the Two-Way Active Measurement Protocol (TWAMP)
probe responder statistics.
udp-echo Optional. Displays the User Datagram Protocol (UDP) echo probe
responder statistics.
statistics Optional. Displays measured probe statistics.
history Optional. Displays the history of all measured probe statistics.

Default Values
Command History
include.
Release 17.2 Command was expanded to include the probe responder options.
Release R13.5.0 Command output of show udp echo command was updated to include
visibility of UDP echo probe responder hardware fast forwarding engine
(FFE) support.
Functional Notes
A probe must be created first using the probe command. Issuing the shutdown command at the probe
configuration prompt will disable a probe, causing it to cease traffic generation. While a probe is shutdown,
it will not fail.
page 1125).
Output from the show probe responder udp-echo command can vary depending on whether the
hardware FFE feature is enabled or disabled on the AOS device. When hardware FFE is enabled, the
Rcvd and Sent columns of the command output appear as N/A, and the FFE Hits and Drops columns of
the output display current packet FFE and drop information. When hardware FFE is disabled, the
command output displays current received (Rcvd) and sent (Sent) packet information and displays N/A for
the FFE Hits and Drops columns.
Usage Examples
The following is sample output of the show probe probe_A command:
>enable
#show probe probe_A
Current State: PASS Admin. Status: DOWN
Type: ICMP Echo Period: 30 sec Timeout: 500 msec
Hostname: www.adtran.com
Tracked by: track_1
Tests Run: 121 Failed: 0
Time in current state: 25 days 2 hours, 34 minutes, 32 seconds

The following is sample output of the show probe responder twamp command:
>enable
#show probe responder twamp
0--------------1----------------2----------------3----------------4---------------5----------------6----------------7---------------8
12345678901234567890123456789012345678901234567890123456789012345678901234567890
TWAMP-Test: 360 rcvd, 360 sent
TWAMP-Control: 20 sessions opened, 18 sessions closed,
3 sessions rejected, 2 sessions active
The following is sample output of the show probe responder icmp-timestamp command:
>enable
#show probe responder icmp-timestamp
0--------------1----------------2----------------3----------------4---------------5----------------6----------------7---------------8
12345678901234567890123456789012345678901234567890123456789012345678901234567890
ICMP Timestamp: 125 rcvd, 125 sent
The following is sample output of a TWAMP type probe named Houston:
>enable
#show probe Houston
0--------------1----------------2----------------3----------------4---------------5----------------6----------------7---------------8
12345678901234567890123456789012345678901234567890123456789012345678901234567890
Probe Houston:
Current State: PASS Admin. Status: UP
Type: TWAMP Period: 60 Timeout: 1500
Source: 192.168.1.255:17001 Destination: 10.10.20.254:17000
Data Size: 14 Num-packets 100 DSCP: 0
Data pad: Zero
Send-schedule: 20 msec Type: periodic
Authentication Mode: open Key: not set
Tracked by: Nothing
Tests Run: 194 Failed: 1
Tolerance: not set
Time in current state: 1 days, 2 hours, 50 minutes, 7 seconds
Packet Loss fail pass
Round Trip 1000 1000
The following is sample output of the show probe responder udp-echo command:
>enable
#show probe responder udp-echo
Admin. Status: UP
Rcvd Sent FFE Hits Drops
41 41 N/A N/A
N/A N/A 19

show processes
Use the show processes command to display process statistic information. Variations of this command
include:
show processes cpu

show processes cpu history
show processes cpu realtime
show processes history
show processes queue
show processes stack
your unit.
Syntax Description
cpu Displays information about current active processes.
cpu history Displays historical CPU utilization in graph form over the previous 1 minute,
1 hour, and 72 hour periods.
realtime Displays full-screen CPU output in real time. Refer to the Functional Notes
below for more information.
history Displays process switch history.
queue Displays process queue utilization.
stack Displays the process stack usage.
Default Values
Command History
Release 10.1 New option was introduced.
include.
Release 17.5 Command was expanded to include the stack parameter.

Release R11.3.0 Command was expanded to include the cpu history parameter.
Functional Notes
page 1125).
Usage Examples
The following is sample output from the show processes cpu command:
>enable
#show processes cpu
System load: 1sec:3.30% 1min:3.51% 5min:3.51% Min: 0.00% Max: 100.00%
Context switch load: 0.12%
Invoked Exec Time Runtime Load %%
Task Id Task Name PRI STA (count) (sec) (sec) (1sec)
1 Idle 0 W 116153 975 966830 96.68
3 PC Config 7 S 28509 8940 15347 1.53
4 PacketRouting 44 W 7418 7 1909 0.19
5 Timer 46 W 54628 12 1356 0.14
6 CallControlQue~ 37 W 108 3 0 0.00
7 IsdnStackQueue 39 W 44 3 0 0.00
8 Thread Pool 4 W 45 204 0 0.00
9 con0 46 W 348 14 0 0.00
10 Driver Control 8 W 0 98 0 0.00
11 FrontPanel 43 W 8617 106 2189 0.22
12 eth01 46 W 2701 55 625 0.06
13 ICP Session 8 W 44 27 0 0.00
--MORE--
The following is sample output from the show processes history command:
>enable
#show processes history
CurrentTime Task Name
---------------------------------------------
9970752 PC Config
9970752 FrontPanel
9970752 TIDSPActiveQ
9970752 Timer
9970744 Idle
9970744 FramerBaseThread

9970741 Idle
9970741 PCI Bridge
9970735 Idle
9970735 SnmpThread
9970734 Idle
The following is sample output from the show processes cpu history command:
>enable
#show processes cpu history
#: Average load % per interval
@: Maximum load % per interval
Most current interval starts on the left.
Previous 1 minute system load:
100
90
80 ####
70 ########
60 #########
50 ###########
40 ################ #####
30 ## ## ########## #################### ##########
20 ###########################################################
10 ###########################################################
0 +++++++++1+++++++++2+++++++++3+++++++++4+++++++++5+++++++++6
0 0 0 0 0 0
seconds
Previous 1 hour system load:

100
90
80
70
60
50 @ @@@ @
40 @@@@@@@@@@@@@@@@@@@@ @ @@@ @ @ @@
30 @@@@@@@@@##########@#######@@ @@@@@@@@ @@@@@@@@ @ @@@ @ @@
20 ############################################### @@@#########
10 ############################################################
0 +++++++++1+++++++++2+++++++++3+++++++++4+++++++++5+++++++++6
0 0 0 0 0 0
minutes

Previous 72 hours system load:

100
90
80
70
60
50 @@@
40 @@ @@@ @@@##@
30 @@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@ @@@@@@####@ @
20 ########@@#######@@@######@@@#########@@#######@@@@@@@@@@@@########@@@@@
10 ########################################################################
0 +++++++++1+++++++++2+++++++++3+++++++++4+++++++++5+++++++++6+++++++++7++
0 0 0 0 0 0 0
hours

show qos
Use the show qos command to display information regarding quality of service (QoS) and 802.1p class of
service (CoS) settings. Variations of this command include:
show qos cos-map

show qos dscp-cos
show qos interface <interface>
show qos queuing
Syntax Description
cos-map Displays the CoS priority-to-queue map. The map outlines which CoS
priority is associated with which queue.
dscp-cos Displays the differentiated services code point (DSCP) to CoS map
settings.
interface <interface> Displays the configured values for default CoS and trust settings on a
specific interface. Specify an interface in the format <interface type [slot/port
| slot/port.subinterface id | interface id | interface id.subinterface id | ap |
dot11ap 1/1.1. Type show qos interface ? for a complete list of valid
interfaces.
queuing Displays the type of queuing being used. If weighted round robin (WRR)
queuing is enabled, the command also displays the weight of each queue.
Default Values
Command History
Release 7.1 Command was expanded to include the dscp-cos parameter.
include.

Usage Examples
The following is sample output from the show qos cos-map command for a NetVanta switch product:
>enable
#show qos cos-map
CoS Priority: 0 1 2 3 4 5 6 7
Priority Queue: 1 1 2 2 3 3 4 4
The following is sample output from the show qos cos-map command for a carrier Ethernet product:
>enable
#show qos cos-map
VLAN Priority: 0 1 2 3 4 5 6 7
Queue: 1 0 2 3 4 5 6 7
The following is sample output from the show qos interface command for Ethernet 0/8 interface:
>enable
#show qos interface ethernet 0/8
Ethernet 0/8
trust state: trusted
default CoS: 0
The following is sample output from the show qos queuing command with WRR queuing enabled:
>enable
#show qos queuing
Queue-type: wrr
Expedite queue: disabled
wrr weights:
qid - weight
1 - 12
2 - 45
3 - 55
4 - 65

show qos map

Use the show qos map command to display information about the quality of service (QoS) map. This
information differs based on how a particular map entry is defined. Variations of this command include the
following:
show qos map

show qos map <name>
show qos map <name> <number>
show qos map interface <interface>
show qos map interface <interface> extended
Syntax Description
<name> Optional. Specifies the name of a defined QoS map.
<number> Optional. Specifies one of the map’s defined sequence numbers.
interface <interface> Optional. Displays the QoS map information for a specific interface. Specify
show qos map interface ? command for a complete list of interfaces.
extended Optional. Includes the broadcast, multicast, and unicast counts in the
display output.
Default Values
Command History
interface.
include.

Ethernet interface.
group, system control Ethernet virtual connection (EVC) and the system
management EVC.
Release R11.4.0 Output for show qos map interface command was changed to include
packet match statistics.
Release R11.5.0 Command was expanded to include the extended parameter.
Release R13.11.0 Output for the show qos map interface command for Gigabit Ethernet
subinterfaces was changed to include Layer 3 ingress and egress bytes for
both the UNI and NNI on a per-subinterface per-queue basis. Ingress and
egress bytes are displayed in the Ingress Aggregate Bytes and Egress
Aggregate Bytes output lines of the command output.
Usage Examples
The following example shows all QoS maps and all entries in those maps:
>enable
#show qos map
qos map priority
map entry 10
match IP packets with a precedence value of 6
priority bandwidth: 400 (kilobits/sec) burst: default
map entry 20
match ACL icmp
map entry 30
match RTP packets on even destination ports between 16000 and 17000
map entry 50
match ACL tcp
map entry 60
match IP packets with a dscp value of 2
set dscp value to 6
map entry 70
match NetBEUI frames being bridged by the router
qos map tcp_map
map entry 10
match ACL tcp
set precedence value to 5
map entry 20

The following example shows the QoS map named priority and all entries in that map:
>enable
#show qos map priority
qos map priority
map entry 10
map entry 20
match ACL icmp
map entry 30
match RTP packets on even destination ports between 16000 and 17000
map entry 50
match ACL tcp
map entry 60
match IP packets with a dscp value of 2
set dscp value to 6
map entry 70
match NetBEUI frames being bridged by the router
The following example shows only QoS map named priority with the sequence number 10:
>enable
#show qos map priority 10
qos map priority
map entry 10
The following examples show QoS map interface statistics associated with the applied map for the Frame
Relay 1 interface:
>enable
#show qos map interface frame-relay 1
fr 1
qos-policy out: priority
map entry 10
budget 145/10000 bytes (current/max)
priority bandwidth: 400 (kilobits/sec)
packets matched on interface: 27289
packets dropped: 0
map entry 20
match IP packets with a DSCP value of af41
class bandwidth: 40 (% of remaining)

conversation: 235
packets matched: 23457
packets dropped: 0
>enable
#show qos map int gig 0/2.1
giga-eth 0/2.1
qos-policy out: MAP_OUT
map entry 11
match ip dscp af11
set egress-queue value to 0
packets matched: 7, bytes matched: 1022
5 minute offered rate 0 bits/sec
map entry 12
match ip dscp af12
map entry 13
match ip dscp af13
map entry default
giga-eth 0/2.1
qos-policy in: MAP_IN (enabled)
map entry 11
match ip dscp af11
set DSCP value to 0
5 minute offered rate 0 bits/sec, drop rate 0 bits/sec
map entry 12
match ip dscp af12
set DSCP value to 0
map entry 13
match ip dscp af13
set DSCP value to 0
5 minute offered rate 16 bits/sec, drop rate 0 bits/sec

map entry default


show queue <interface>

Use the show queue command to display conversation information associated with an interface queue.
This command shows summary and per-conversation information. The per-conversation details are only
displayed if the interface has sufficient traffic to be congested and packets are being held in the interface
queue. Variations of this command include:
show queue <interface>

show queue <interface> child
Syntax Description
<interface> Displays the queueing information for the specified interface. Specify an
the show queue ? command to display a list of valid interfaces.
child Optional. Displays the subqueue statistics.
Default Values
Command History
interface.
include.
Release 17.4 Command was expanded to include the child keyword.
Release 17.5 Command was expanded to include the asynchronous transfer mode (ATM)
and Frame Relay interfaces.
Ethernet interface.

Usage Examples
The following is sample output from the show queue command:
>enable
#show queue ethernet 0/2
Queueing method: weighted fair
Output queue: 4/222/540/64/176 (size/highest/max total/threshold/drops)
Conversations 0/4/256 (active/max active/max total)
Available Bandwidth 15000 kilobits/sec
(depth/weight/matches/discards) 4/32768/32456/0
Conversation 178, linktype: ip, length: 936
source: 10.22.13.34, destination: 10.22.2.3, id: 0xddc6, ttl: 127,
TOS: 0 prot: 6 (tcp), source port 1086, destination port 20

show queue interfaces

Use the show queue interfaces command to display the contents and queuing method for Layer 3 interface
queues. Variations of this command include:
show queue interfaces efm-group

show queue interfaces efm-group <slot/group>
show queue interfaces efm-group <slot/group> counters
show queue interfaces efm-group <slot/group> counters <queue>
show queue interfaces efm-group <slot/group> performance-statistics 15-minute
show queue interfaces efm-group <slot/group> performance-statistics 15-minute <value>
show queue interfaces efm-group <slot/group> performance-statistics 24-hour
show queue interfaces efm-group <slot/group> performance-statistics 24-hour <value>
show queue interfaces efm-group <slot/group> <queue>
show queue interfaces efm-group <slot/group> <queue> performance-statistics 15-minute
show queue interfaces efm-group <slot/group> <queue> performance-statistics 15-minute <value>
show queue interfaces efm-group <slot/group> <queue> performance-statistics 24-hour
show queue interfaces efm-group <slot/group> <queue> performance-statistics 24-hour <value>
show queue interfaces gigabit-ethernet
show queue interfaces gigabit-ethernet <slot/port>
show queue interfaces gigabit-ethernet <slot/port> counters
show queue interfaces gigabit-ethernet <slot/port> counters <queue>
show queue interfaces gigabit-ethernet <slot/port> counters nni
show queue interfaces gigabit-ethernet <slot/port> performance-statistics 15-minute
show queue interfaces gigabit-ethernet <slot/port> performance-statistics 15-minute <value>
show queue interfaces gigabit-ethernet <slot/port> performance-statistics 24-hour
show queue interfaces gigabit-ethernet <slot/port> performance-statistics 24-hour <value>
show queue interfaces gigabit-ethernet <slot/port> <queue>
show queue interfaces gigabit-ethernet <slot/port> <queue> performance-statistics 15-minute
show queue interfaces gigabit-ethernet <slot/port> <queue> performance-statistics 15-minute
<value>
show queue interfaces gigabit-ethernet <slot/port> <queue> performance-statistics 24-hour
show queue interfaces gigabit-ethernet <slot/port> <queue> performance-statistics 24-hour <value>
Syntax Description
efm-group <slot/group> Displays queue information for a specific EFM group. Valid EFM group
range is 1 to 1024. If the slot and group are not specified, queue information
for all EFM groups is displayed.

gigabit-ethernet <slot/port> Displays queue information for the Gigabit Ethernet interface. If the slot and
port are not specified, queue information for all Gigabit Ethernet interfaces
is displayed.
counters Optional. Displays Metro Ethernet Forum (MEF) user network interface
(UNI) counters for the specified interface. If <queue> is specified, displays
only the counters for the specified queue on the specified interface.
<queue> Optional. Limits the output of this command to a single queue associated
with the interface. Valid range is 0 to 7.
nni Optional. Displays Metro Ethernet Forum (MEF) network-to-network
interface (NNI) counters for the specified interface.
performance-statistics Optional. Displays aggregate performance statistics.
Default Values
Command History
Release R11.5.0 Command was expanded to include counters and performance-statistics
parameters.
Release R13.11.0 Command was expanded to include the nni parameter. In addition,
command output was changed to include ingress and egress Layer 2 bytes.
Usage Examples
The following example displays queue information for the Gigabit Ethernet interface 1/1:
>enable
#show queue interfaces gigabit-ethernet 1/1
Queuing method: fifo
Output queue: 0/256/0 (size/max total/drops)

show queue priority max-configured

Use the show queue priority max-configured command to display the configured maximum number of
priority queues for quality of service (QoS) maps. Priority queues are configured using the command
priority queue-limit <value> on page 4470.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays the QoS map priority queue limit:
>enable
#show queue priority max-configured
Total maximum configured priority queue-limit: 256

show queuing
Use the show queuing command to display information associated with configured queuing methods.
show queuing
show queuing fair
Syntax Description
fair Optional. Displays only information on the weighted fair queuing (WFQ)
configuration.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show queuing command:
>enable
#show queuing
Interface Discard threshold Conversation subqueues
fr 1 64 256
fr 2 64 256
ppp 1 64 256

show radius statistics

Use the show radius statistics command to display various statistics from the remote authentication
dial-in user service (RADIUS) subsystem. These statistics include number of packets sent, number of
invalid responses, number of timeouts, average packet delay, and maximum packet delay. Statistics are
shown for both authentication and accounting packets.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show radius statistics command:
>enable
#show radius statistics
Auth. Acct.
Number of packets sent: 3 0
Number of invalid responses: 0 0
Number of timeouts: 0 0
Average delay: 2 ms 0 ms
Maximum delay: 3 ms 0 ms

show ramdisk
Use the show ramdisk command to display a list of all files currently stored in volatile random access
memory (RAM) disk memory or details about a specific file stored in RAM disk memory. Variations of
show ramdisk
show ramdisk <filename>
Not all units are capable of using a RAM disk file system. Use the show ? command to
display a list of valid commands at the enable prompt.
Syntax Description
<filename> Optional. Displays details for a specified file located in RAM disk file
system. Enter a wildcard (such as *.biz) to display the details for all files
matching the entered pattern.
Default Values
Command History
Release 17.7 Command was introduced for AOS units limited to only 16 Megabytes of
flash memory.
Usage Examples
The following is sample show ramdisk output displaying the contents of the RAM disk, space occupied by
each file, the total RAM disk space allocated, available space, and used space:
>enable
#show ramdisk
10005125 NV3130A-17-07-00-26-AE.biz

show route-map
Use the show route-map command to display any route maps that have been configured in the router. This
command displays any match and set clauses associated with the route map, as well as the number of
incoming routes that have matched each route map. Route maps can be used for Border Gateway Protocol
(BGP) and PBR. Variations of this command include:
show route-map
show route-map <name>
Syntax Description
<name> Optional. Displays only the route map matching the specified name.
Default Values
By default, this command displays all defined route maps.
Command History
include.
Usage Examples
In the example below, all route maps in the router are displayed.
>enable
#show route-map
route-map RouteMap1, permit, sequence 10
Match clauses:
community (community-list filter): CommList1
Set clauses:
local-preference 250
Match clauses:
community (community-list filter): CommList2

Set clauses:
local-preference 350
Match clauses:
ip address (access-lists): Acl1
Set clauses:
metric 100
Match clauses:
Set clauses:
metric 200
Match clauses:
length 150 200
Set clauses:
ip next-hop: 10.10.11.254
Match clauses:
Set clauses:
ip next-hop: 10.10.11.14
In the example below, only RouteMap2 is displayed.
>enable
#show route-map RouteMap2
Match clauses:
Set clauses:
metric 100
--MORE--

show rps
Use the show rps command to show information related to the redundant power supply (RPS) power state.
The output of this command indicates if an RPS is connected, if it is delivering power, the available power,
and whether the RPS has failed.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
>enable
#show rps
VCID 1 RPS is connected
VCID 1 RPS is not delivering power
VCID 2 RPS is connected
VCID 2 RPS is not delivering power

show rtp media sessions

Use the show rtp media sessions command to display all of the anchored Realtime Transport Protocol
(RTP) flow associations and the number of relayed packets per association currently active in an anchored
RTP flow. In addition, the time to live (TTL) and the session type (digital signal processor (DSP), media
anchored, or transcoded) for the association is displayed.
Syntax Description
No subcommands.
Default Values
Command History
Release R10.4.0 Command was introduced and replaced the show ip rtp media-anchoring
sessions command.
Usage Examples
The following example displays a summary of all gathered media statistics:
>enable
#show rtp media sessions
CallID Anchored Address Remote Address TTL Pkts Ovrd Type Sess
------------------------------------------------------------------------------------------------------------------------------------
7 10.10.10.1:40008 10.10.10.2:2230 45 108062 No Audio Xcode
7 10.17.250.12:40010 10.17.250.14:10262 45 108063 No Audio Xcode
7 10.10.10.1:40009 10.10.10.2:2231 44 432 No Audio Xcode
7 10.17.250.12:40011 10.17.250.14:10263 44 432 No Audio Xcode

show rtp quality-monitoring

Use the show rtp quality-monitoring command to display a summary of all voice quality monitoring
(VQM) statistics gathered from monitoring inbound Realtime Transport Protocol (RTP) streams across the
network.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays a summary of all gathered VQM statistics:
#show rtp quality-monitoring

Voice Quality Monitoring is ENABLED
Jitter Buffer: adaptive 10/50/100 ms (min/nominal/max)
Quality Active Streams Call History All Streams MOS range

---------- --------------------- ---------------- ---------------- ----------------
Excellent 60 50 13462 4.40 - 4.00
Good 20 37 3456 3.99 - 3.60
Fair 3 1 45 3.59 - 2.60
Poor 1 7 7 2.59 - 0.00
----------- --------------------- --------------- --------------- ----------------
Totals: 84 95 16970
(Note: Statistics for All Streams are updated at call completion and do not include currently active
streams. Call history statistics are available for up to 100 streams.)
History thresholds:
MOS (LQ/CQ/PQ): 3.0/3.0/3.0

Loss: 20 pkts
Out-of-order packets: 300 pkts
Jitter: 300 ms
Notification thresholds:
Metric Info Notice Warning Error
---------------- -------- ----------- ----------- --------
PQ MOS 4.4 4.0 3.6 2.6
LQ MOS 4.4 4.0 3.6 2.6
Loss N/A 25 50 100 pkts
Out-of-order N/A N/A 50 100 pkts
Jitter N/A 20 100 300 ms
Traps: ENABLED at Notice
Traps sent: 14

show rtp quality-monitoring active-calls

Use the show rtp quality-monitoring active-calls command to display the voice quality monitoring
(VQM) statistics gathered from monitoring active calls on inbound Realtime Transport Protocol (RTP)
streams across the network. These statistics can be sorted by mean opinion score (MOS), jitter, or lost or
out-of-order packets. Variations of this command include:
show rtp quality-monitoring active-calls

show rtp quality-monitoring active-calls call-id <string>
show rtp quality-monitoring active-calls degradation
show rtp quality-monitoring active-calls detail
show rtp quality-monitoring active-calls from-uri <string>
show rtp quality-monitoring active-calls sort-by jitter
show rtp quality-monitoring active-calls sort-by loss
show rtp quality-monitoring active-calls sort-by lq-mos
show rtp quality-monitoring active-calls sort-by out-of-order
show rtp quality-monitoring active-calls sort-by pq-mos
show rtp quality-monitoring active-calls source-uri <string>
show rtp quality-monitoring active-calls to-uri <string>
Syntax Description
call-id <string> Optional. Displays active call statistics based on a substring of the Call-ID.
degradation Optional. Displays possible sources of voice quality degradation for active
calls.
detail Optional. Displays details of all available active call statistics.
from-uri <string> Optional. Displays active call statistics based on a substring of the From
URI.
sort-by jitter Optional. Displays active call statistics with the highest amount of jitter first.
sort-by loss Optional. Displays active call statistics with the highest number of lost
packets first.
sort-by lq-mos Optional. Displays active call statistics with the lowest listening quality (LQ)
MOS first.
sort-by out-of-order Optional. Displays active call statistics with the highest number of
out-of-order packets first.
sort-by pq-mos Optional. Displays active call statistics with the lowest perceived quality
(PQ) MOS first.

source-uri <string> Optional. Displays active call statistics based on a substring of the
URI/extension from which the RTP stream is sourced.
to-uri <string> Optional. Displays active call statistics based on a substring of the To
uniform resource identifier (URI) or extension to which this RTP stream is
destined.
Default Values
By default, only the most commonly used statistics are shown.
Functional Notes
These statistics will not be available if VQM is disabled.
Command History
Usage Examples
In the following example, VQM active call statistics are sorted by lost packets:
#show rtp quality-monitoring active-calls sort-by loss

Displaying 30 estimated stream statistics from 15 completed calls
RTP stream: 3.3.3.3 : 50000, ppp 1 -> 1.1.1.1 : 3000, vlan 1

To: 5551234@voip.com
Call-start (duration): 11 Apr 2010 20:58:39 (93 s)
MOS LQ: 3.800
MOS PQ: 3.800
Loss: 413 pkts
Out-of-order: 30 pkts
Jitter (max): 20 ms
CODEC: g711
RTP stream: 1.1.1.1 : 3000, vlan 1 -> 3.3.3.3: 50000, ppp 1

From: 5551235@voip.com
MOS LQ: 3.800
MOS PQ: 3.800
Loss: 0 pkts
Jitter (max): 1 ms
CODEC: g711
--MORE--

show rtp quality-monitoring call-history

Use the show rtp quality-monitoring call-history command to display the voice quality monitoring
(VQM) statistics gathered from previously monitored calls on inbound Realtime Transport Protocol (RTP)
streams. These calls are stored in the VQM call history. These statistics can be sorted by mean opinion
score (MOS), jitter, or lost or out-of-order packets. Variations of this command include:
show rtp quality-monitoring call-history

show rtp quality-monitoring call-history call-id <string>
show rtp quality-monitoring call-history degradation
show rtp quality-monitoring call-history detail
show rtp quality-monitoring call-history from-uri <string>
show rtp quality-monitoring call-history sort-by jitter
show rtp quality-monitoring call-history sort-by loss
show rtp quality-monitoring call-history sort-by lq-mos
show rtp quality-monitoring call-history sort-by out-of-order
show rtp quality-monitoring call-history sort-by pq-mos
show rtp quality-monitoring call-history source-uri <string>
show rtp quality-monitoring call-history to-uri <string>
show rtp quality-monitoring call-history degradation
show rtp quality-monitoring call-history detail
Syntax Description
call-id <string> Optional. Displays past call statistics based on a substring of the Call-ID.
degradation Optional. Displays possible sources of voice quality degradation for past
calls.
detail Optional. Displays details of all available past call statistics.
from-uri <string> Optional. Displays past call statistics based on a substring of the From URI.
sort-by jitter Optional. Displays past call statistics with the highest amount of jitter first.
sort-by loss Optional. Displays past call statistics with the highest number of lost packets
first.
sort-by lq-mos Optional. Displays past call statistics with the lowest listening quality (LQ)
MOS first.
sort-by out-of-order Optional. Displays past call statistics with the highest number of out-of-order
packets first.

sort-by pq-mos Optional. Displays past call statistics with the lowest perceived quality (PQ)
MOS first.
source-uri <string> Optional. Displays past call statistics based on a substring of the
URI/extension from which the RTP stream is sourced.
to-uri <string> Optional. Displays past call statistics based on a substring of the To uniform
resource identifier (URI) or extension to which this RTP stream is destined.
Default Values
Functional Notes
These statistics will still be available even if VQM is disabled.
Command History
Usage Examples
In the following example, VQM past call statistics are sorted by lost packets:
#show rtp quality-monitoring call-history sort-by loss

Displaying 30 estimated stream statistics from 15 completed calls
RTP stream: 3.3.3.3 : 50000, ppp 1 -> 1.1.1.1 : 3000, vlan 1

MOS LQ: 3.800
MOS PQ: 3.800
Loss: 413 pkts
CODEC: g711
RTP stream: 1.1.1.1 : 3000, vlan 1 -> 3.3.3.3: 50000, ppp 1

From: 5551235@voip.com
MOS LQ: 3.800
MOS PQ: 3.800
Loss: 0 pkts
CODEC: g711
--MORE--

show rtp quality-monitoring endpoints

Use the show rtp quality-monitoring endpoints command to display the voice quality monitoring
(VQM) statistics gathered on inbound Realtime Transport Protocol (RTP) streams for all voice endpoints.
These statistics can be sorted by mean opinion score (MOS), jitter, or lost or out-of-order packets.
show rtp quality-monitoring endpoints

show rtp quality-monitoring endpoints sort-by jitter
show rtp quality-monitoring endpoints sort-by loss
show rtp quality-monitoring endpoints sort-by lq-mos
show rtp quality-monitoring endpoints sort-by out-of-order
show rtp quality-monitoring endpoints sort-by pq-mos
show rtp quality-monitoring endpoints summary
Syntax Description
sort-by jitter Optional. Displays voice endpoint statistics with the highest amount of jitter
first.
sort-by loss Optional. Displays voice endpoint statistics with the highest number of lost
packets first.
sort-by lq-mos Optional. Displays voice endpoint statistics with the lowest listening quality
(LQ) MOS first.
sort-by out-of-order Optional. Displays voice endpoint statistics with the highest number of
sort-by pq-mos Optional. Displays voice endpoint statistics with the lowest perceived quality
(PQ) MOS first.
summary Optional. Displays a summary of all voice endpoint VQM statistics.
Default Values
Functional Notes

Command History
Usage Examples
In the following example, VQM endpoint statistics are summarized:
#show rtp quality-monitoring endpoints summary

Displaying 2 estimated endpoint statistics from 50 completed calls
RTP source: 3.3.3.3, ppp 1

Quality Completed Calls MOS range
----------- ------------------------ -----------------
Excellent 0 4.40 - 4.00
Good 0 3.99 - 3.60
Fair 24 3.59 - 2.60
Poor 3 2.59 - 0.00
----------- ------------------------ -----------------
Totals: 27 (of the last 100 recorded calls)
RTP source: 5.5.5.5, ppp 1

show rtp quality-monitoring interface

Use the show rtp quality-monitoring interface command to display the voice quality monitoring (VQM)
statistics gathered from monitored calls on inbound Realtime Transport Protocol (RTP) streams across
interfaces with VQM enabled. These statistics can be sorted by mean opinion score (MOS), jitter, or lost or
out-of-order packets. Variations of this command include:
show rtp quality-monitoring interface

show rtp quality-monitoring interface <interface>
show rtp quality-monitoring interface <interface> detail
show rtp quality-monitoring interface detail
show rtp quality-monitoring interface <interface> sort-by jitter
show rtp quality-monitoring interface sort-by jitter
show rtp quality-monitoring interface <interface> sort-by loss
show rtp quality-monitoring interface sort-by loss
show rtp quality-monitoring interface <interface> sort-by lq-mos
show rtp quality-monitoring interface sort-by lq-mos
show rtp quality-monitoring interface <interface> sort-by out-of-order
show rtp quality-monitoring interface sort-by out-of-order
show rtp quality-monitoring interface <interface> sort-by pq-mos
show rtp quality-monitoring interface sort-by pq-mos
show rtp quality-monitoring interface <interface> summary
show rtp quality-monitoring interface summary
Syntax Description
detail Optional. Displays details of all available VQM interface statistics.
<interface> Optional. Displays VQM statistics for a specific interface. Specify the
interface id | interface id.subinterface id]>. For example, for an Ethernet
subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; and for an ATM
subinterface, use atm 1.1.
sort-by jitter Optional. Displays VQM interface statistics with the highest amount of jitter
first.
sort-by loss Optional. Displays VQM interface statistics with the highest number of lost
packets first.
sort-by lq-mos Optional. Displays VQM interface statistics with the lowest listening quality
(LQ) MOS first.

sort-by out-of-order Optional. Displays VQM interface statistics with the highest number of
sort-by pq-mos Optional. Displays VQM interface statistics with the lowest perceived quality
(PQ) MOS first.
summary Optional. Displays a summary of VQM interface statistics.
Default Values
Functional Notes
Command History
Ethernet interface.
Usage Examples
In the following example, a summary of all VQM interface statistics is shown:
#show rtp quality-monitoring interface summary

ppp 1
----------- ------------------------ -----------------
Excellent 0 4.40 - 4.00
Good 2 3.99 - 3.60
Fair 34 3.59 - 2.60
Poor 3 2.59 - 0.00
----------- ------------------------ -----------------
vlan 1
----------- ------------------------ -----------------
Excellent 36 4.40 - 4.00
Good 1 3.99 - 3.60
Fair 0 3.59 - 2.60
Poor 0 2.59 - 0.00
----------- ------------------------ -----------------

show rtp quality-monitoring reporter

Use the show rtp quality-monitoring reporter command to display voice quality monitoring (VQM)
reporter statistics. Variations of this command include:
show rtp quality-monitoring reporter

show rtp quality-monitoring reporter realtime
show rtp quality-monitoring reporter <name>
show rtp quality-monitoring reporter <name> realtime
your unit.
Syntax Description
<name> Optional. Specifies that only the statistics for the named VQM reporter are
displayed.
realtime Optional. Specifies that output is displayed in real time.
Default Values
Command History
Functional Notes
Output of the show rtp quality-monitoring reporter command displays the reporter name (Name), the
queue volume or how many reports are waiting to send requests or receive responses (Depth), how many
successful responses have been received (Success), how many failure responses have been received
(Failed), how many requests have been transmitted (Request), how many challenge responses have
been received (Chalnge), how many requests did not receive responses at all (Rollovr), and how many
reports were discarded because the retry limit was exceeded (Discard).

Usage Examples
The following is sample output from this command showing VQM reporter statistics for all configured VQM
reporters:
>enable
#show rtp quality-monitoring reporter
Name Depth Success Failed Request Chalnge Rollovr Discard
-----------------------------------------------------------------------------------------------------------------
Test 1 4 0 0 36 0 36 6
Test 2 4 0 0 36 0 36 6
Test 3 0 0 10 10 0 0 0
Test 4 0 0 10 10 0 0 0
Test 5 0 0 0 0 0 0 0

show rtp resources

Use the show rtp resources command to display Realtime Transfer Protocol (RTP) resource information.
show rtp resources

show rtp resources debug
Syntax Description
debug Optional. Activates the RTP resources event debug messages.
Default Values
Command History
Release 14.1 Command was expanded to include more options.
include.
Usage Examples
The following is sample output from the show rtp resources command:
>enable
#show rtp resources
DSP Channel Type Port Status
------------------------------------------------------------------------
0/1 1 RTP N/A Available
--MORE--

checksum Optional. Displays the encrypted message digest 5 (MD5) version

of the running configuration.
counter-profile Optional. Displays the current running configuration for all
counter profiles.
counter-profile <slot/index> Optional. Displays the current running configuration for the
specified counter profile. Specify a counter profile in the format
<slot/index>. For example, 0/1.
dynamic-counter Optional. Displays the current running configuration for all
counter profiles.
dynamic-counter <slot/index> Optional. Displays the current running configuration for the
specified counter profile. Specify a counter profile in the format
<slot/index>. For example, 0/1.
evc Optional. Displays the current running configuration for all EVCs.
evc <name> Optional. Displays the current running configuration for the
specified EVC.
evc-map Optional. Displays the current running configuration for all EVC
maps.
evc-map <name> Optional. Displays the current running configuration for the
specified EVC map.
ethernet loopback facility Optional. Displays the current running configuration for all facility
loopback objects.
ethernet loopback terminal Optional. Displays the current running configuration for all
terminal loopback objects.
<name> <slot> Optional. Displays the current running configuration for the facility
or terminal loopback object with the specified name and slot
identifier.
slot <slot> Optional. Displays the current running configuration for all facility
or terminal loopback objects with the specified slot identifier.
hmr Optional. Displays the current running configuration for Session
Initiation Protocol (SIP) header manipulation rules (HMR).
hmr policy Optional. Displays the configured SIP HMR policies in the
running configuration.
hmr policy <name> Optional. Displays the specified SIP HMR policy in the running
configuration.
hmr rule-set Optional. Displays the configured SIP HMR rule sets in the
running configuration.
hmr rule-set <name> Optional. Displays the specified SIP HMR rule set in the running
configuration.
ip access-lists Optional. Displays the current running configuration for all
configured IPv4 access control lists (ACLs).

interface <interface> Optional. Displays the current running configuration for a

particular interface. Specify an interface in the format <interface
type [slot/port | slot/port.subinterface id | interface id | interface
id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth
0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface,
use atm 1.1; and for a wireless virtual access point, use dot11ap
1/1.1. Type show running-config interface ? for a complete list
ip-crypto Optional. Displays the current running configuration for all IPv4
Internet Protocol security (IPsec) virtual private network (VPN)
settings.
ip mgcp Optional. Displays the current running configuration for all Media
Gateway Control Protocol (MGCP) parameters.
ip nat pool Optional. Displays the current running configuration for IPv4
network address translation (NAT) pool parameters.
ip policy-class Optional. Displays the current running configuration for all
configured IPv4 access control policies (ACPs).
ip rtp Optional. Displays the current running configuration for all IPv4
Realtime Transport Protocol (RTP) parameters.
ip security monitor Optional. Displays the current running configuration for all IPv4
security monitor parameters.
ip urlfilter Optional. Displays the current running configuration for all IPv4
uniform resource locator (URL) filters.
license Optional. Displays the current running configuration for all
software licenses.
license key Optional. Displays the current running configuration for all
software license keys.
mef Optional. Displays the current running configuration for all Metro
Ethernet Forum (MEF) components.
network-sync Optional. Displays the current running configuration for network
synchronization (Network Sync).
packet-capture Optional. Displays the current running configuration for all
configured packet captures.
<name> Optional. Limits output to a single packet capture.
policer Optional. Displays the current running configuration for all
policers.
policer <name> Optional. Displays the current running configuration for the
specified policer.
probe Optional. Displays the current configuration for all running
probes.
qos-map Optional. Displays the current running configuration for all
configured quality of service (QoS) maps.

quality-monitoring Optional. Displays the current running configuration for voice

quality monitoring (VQM).
queue Optional. Displays the current running configuration for all
queues.
queue interface <interface> Optional. Displays the current running configuration for all queues
on the specified interface. Specify an interface in the format
<interface type [slot/group | slot/port | interface id>. For example,
for an EFM group interface, use efm-group 1/3; or for a Gigabit
Ethernet interface, use gigabit-ethernet 0/1. Type show
running-config queue interface ? for a complete list of valid
interfaces.
router bgp Optional. Displays the current Border Gateway Protocol (BGP)
configuration.
router ospf Optional. Displays the Open Shortest Path First version 2
(OSPFv2) configuration.
router ospfv3 Optional. Displays the OSPF version 3 (OSPFv3) configuration.
<process id> Optional. Limits output to a single OSPFv3 process. Valid range
is 1 to 65535.
router pim-sparse Optional. Displays the current global protocol-independent
multicast-sparse mode (PIM-SM) configuration.
router rip Optional. Displays the Routing Information Protocol (RIP)
configuration.
sdp Optional. Displays the current running configuration for all
Session Description Protocol (SDP) parameters.
shaper Optional. Displays the current running configuration for all traffic
shapers.
shaper <name> Optional. Displays the current running configuration for the
specified traffic shaper.
sip Optional. Displays the current running configuration for all
Session Initiation Protocol (SIP) parameters.
sip proxy failover Optional. Displays the current running configurations for SIP
proxy failover.
sip proxy user-template <name> Optional. Displays the current running configuration for the
specified SIP proxy user template.
srtp-profile Optional. Displays the current running configuration for any
configured Secure Realtime Transfer Protocol (SRTP) profiles.
system-control-evc Optional. Displays the current running configuration for the
system control Ethernet virtual connection (EVC).
system-management-evc Optional. Displays the current running configuration for the
system management EVC.
tcl script <name> Optional. Displays the specified tool command language (Tcl)
script.

tls-profile Optional. Displays the current running configuration for any

configured Transport Layer Security (TLS) profiles.
track Optional. Displays the current running configuration for all tracks.
vcid <vcid> Optional. Displays the current running configuration for the
specified virtual chassis ID of an ActivChassis member. Valid
VCID range is 1 to 8. VCID values 1 and 2 are given to the
ActivChassis master and backup devices, respectively.
verbose Optional. Displays the entire running configuration to the terminal
screen (versus only the nondefault values).
Default Values
Command History
Release 9.1 Command was expanded to include the high level data link
control (HDLC) and tunnel interfaces.
Release 11.1 Demand, foreign exchange office (FXO), and serial interfaces
were added. The ip-crypto and router pim-sparse keywords
were added.
Release 13.1 Command was expanded to include the ip rtp, ip sdp, probe and
track subcommands.
exclude, and include, and the ip urlfilter and
quality-monitoring keywords.
Release A1 Command was introduced in the AOS voice products.
Release A2 Command was expanded to include the mgcp parameter.
Release 17.4 Command was expanded to include the ip nat pool parameter.
Release 17.5 Command was expanded to include the security monitor
parameter.
Release A4.01 Command was expanded to include the Ethernet in the first mile
(EFM) group interface and the ip sip proxy user-template
parameter. Command was expanded to include the Metro
Ethernet Forum (MEF) parameter and the MEF Ethernet
interface.
Release 17.9 Command was changed to require the ip keyword for the
access-list and policy-class parameters for ADTRAN
Release A4.05 Command was expanded to include the asymmetric digital
subscriber line (ADSL) interface.
Release 18.2 Command was expanded to include the ip sip proxy failover
parameter.

Release A5.01 Command was expanded to include the Gigabit Ethernet and
Release R10.1.0 Command was expanded to include the hmr parameters.
Command was also changed to require the ip keyword for the
access-list and policy-class parameters for ADTRAN voice
products.
Release R10.4.0 Command was expanded to include the license and license key
parameters.
Release R10.5.0 Command was expanded to include the auto-config, router
ospf, router ospfv3, and router rip parameters.
Release R10.7.0 Command was expanded to include the auto-link,
packet-capture, and vcid parameters.
Release R10.8.0 Command syntax was changed to remove the ip keyword from
the sdp and sip parameters.
Release R10.11.0 Command was expanded to include the counter-profile,
dynamic-counter, and network-sync parameters.
Release R11.1.0 Command was expanded to include the very high-speed digital
subscriber line (VDSL) interfaces and the ethernet loopback
facility and tcl script parameter.
Release R11.3.0 Command was expanded to include the <process id> parameter
for OSPFv2.
Release R11.5.0 Command was expanded to include the evc, evc-map, policer,
queue, queue interface efm-group, queue interface
gigabit-ethernet, shaper, srtp profile, system-control-evc,
system-management-evc, and tls profile parameters.
Release R11.7.0 Command was expanded to include the 10 Gigabit switchport
interface.
Release R13.7.0 Command was expanded to include the terminal loopback
parameter.
Usage Examples
The following is sample output from the show running-config command:
>enable
#show running-config
!
no enable password
!
ip subnet-zero
ip classless
ip routing
!
event-history on


no logging email
!
!ip policy-timeout tcp all-ports 600
!
interface eth 0/1
--MORE--

show running-config ipv6

Use the show running-config ipv6 command to display all the nondefault parameters contained in the
current Internet Protocol version 6 (IPv6) running configuration file. Specific portions of the running
configuration may be displayed, based on the command entered. Variations of this command include the
following:
show running-config ipv6 access-lists

show running-config ipv6 access-lists verbose
show running-config ipv6 crypto
show running-config ipv6 crypto verbose
show running-config ipv6 dhcp pool <name>
show running-config ipv6 dhcp pool <name> verbose
show running-config ipv6 policy-class
show running-config ipv6 policy-class verbose
Syntax Description
access-lists Displays the current running configuration for all configured IPv6
access control lists (ACLs).
crypto Displays the current running configuration for all configured IPv6
crypto functions.
dhcp pool <name> Displays the current running configuration for the specified
Dynamic Host Control Protocol version 6 (DHCPv6) server
address pool.
policy-class Displays the current running configuration for all configured IPv6
access control policies (ACPs).
verbose Optional. Displays the entire running configuration to the terminal
screen (versus only the nondefault values).
Default Values
Command History
Release 18.3 Command was expanded to include the dhcp pool parameter.
Release R10.7.0 Command was expanded to include the crypto parameter.

Usage Examples
The following example displays the IPv6 ACLs in the unit’s running configuration:
>enable
#show running-config ipv6 access-lists
ipv6 access-list extended Privatev6
deny tcp any eq telnet any
deny tcp any any eq telnet
permit ipv6 any host 2000:1::1
permit icmp any any
The following example displays the configured IPv6 ACPs in the unit’s running configuration:
>enable
#show running-config ipv6 policy-class
ipv6 policy-class UNTRUSTED
allow list localservicev6
discard list Webtraffic

show running-config voice

Use the show running-config voice command to show running voice configurations. Variations of this
show running-config voice

show running-config voice ani
show running-config voice ani verbose
show running-config voice ani-list
show running-config voice ani-list verbose
show running-config voice ani-list <name>
show running-config voice ani-list <name> verbose
show running-config voice autoattendant
show running-config voice autoattendant verbose
show running-config voice class-of-service
show running-config voice class-of-service verbose
show running-config voice class-of-service <name>
show running-config voice class-of-service <name> verbose
show running-config voice directory
show running-config voice directory verbose
show running-config voice grouped-trunk
show running-config voice grouped-trunk verbose
show running-config voice grouped-trunk <name>
show running-config voice grouped-trunk <name> verbose
show running-config voice line
show running-config voice line verbose
show running-config voice line <number>
show running-config voice line <number> verbose
show running-config voice mail
show running-config voice mail verbose
show running-config voice match
show running-config voice match ani
show running-config voice match ani verbose
show running-config voice mgcp-endpoint
show running-config voice mgcp-endpoint verbose
show running-config voice mgcp-endpoint <index>
show running-config voice mgcp-endpoint <index> verbose
show running-config voice music-on-hold
show running-config voice music-on-hold mode
show running-config voice music-on-hold player
show running-config voice music-on-hold player <name>
show running-config voice music-on-hold preferredCodec
show running-config voice named-digit-timeouts
show running-config voice named-digit-timeouts verbose
show running-config voice named-digit-timeouts <name>
show running-config voice named-digit-timeouts <name> verbose

show running-config voice operator-group

show running-config voice operator-group verbose
show running-config voice paging-group
show running-config voice paging-group verbose
show running-config voice paging-group <extension>
show running-config voice paging-group <extension> verbose
show running-config voice pickup-group
show running-config voice pickup-group <name>
show running-config voice queue
show running-config voice queue <extension>
show running-config voice queue verbose
show running-config voice queue <extension> verbose
show running-config voice ring-group
show running-config voice ring-group verbose
show running-config voice ring-group <name>
show running-config voice ring-group <name> verbose
show running-config voice ring-option
show running-config voice ring-option verbose
show running-config voice ring-option <name>
show running-config voice ring-option <name> verbose
show running-config voice speed-dial
show running-config voice speed-dial verbose
show running-config voice spre
show running-config voice spre verbose
show running-config voice spre-map
show running-config voice spre-map verbose
show running-config voice status-group
show running-config voice status-group verbose
show running-config voice status-group <name>
show running-config voice status-group <name> verbose
show running-config voice trunk
show running-config voice trunk verbose
show running-config voice trunk <Txx>
show running-config voice trunk <Txx> verbose
show running-config voice trunk-list
show running-config voice trunk-list verbose
show running-config voice trunk-list <name>
show running-config voice trunk-list <name> verbose
show running-config voice user
show running-config voice user verbose
show running-config voice user <number>
show running-config voice user <number> verbose
show running-config voice user <name>
show running-config voice user <name> verbose
show running-config voice user <name> <last name>
show running-config voice user <name> <last name> verbose

show running-config voice verbose
Syntax Description
ani Optional. Displays automatic number identification (ANI) substitution
configurations.
ani-list Optional. Displays all ANI list configurations.
ani-list <name> Optional. Deploys a specific ANI list configuration.
autoattendant Optional. Displays auto attendant configuration.
class-of-service Optional. Displays all voice class of service (CoS) configurations.
class-of-service <name> Optional. Displays voice CoS configurations for the specified rule set.
directory Optional. Displays voice directory configuration.
grouped-trunk Optional. Displays all voice trunk group configurations.
grouped-trunk <name> Optional. Displays voice trunk group configurations for the specified trunk.
line Optional. Displays the voice line configuration.
line <number> Optional. Displays the voice line configuration for a specified extension.
mail Optional. Displays voicemail configuration.
match Optional. Displays all substitution configurations.
match ani Optional. Displays ANI substitution configurations.
mgcp-endpoint Optional. Displays all Media Gateway Control Protocol (MGCP) endpoint
configurations.
mgcp-endpoint <index> Optional. Displays a specific MGCP endpoint configuration.
music-on-hold Optional. Displays all Music on Hold (MoH) configurations.
music-on-hold mode Optional. Displays all MoH mode configurations.
music-on-hold player Optional. Displays all MoH player configurations.
music-on-hold player <name> Optional. Displays the MoH player configuration for the specified player.
named-digit-timeouts Optional. Displays all named-digit-timeouts.
named-digit-timeouts <name> Optional. Displays configuration for the specified named-digit-timeout.
operator-group Optional. Displays operator group configuration.
paging-group Optional. Displays all handset paging group configurations.
paging-group <extension> Optional. Displays handset paging group configuration for the specified
paging group.
pickup-group Optional. Displays all call pickup group configurations.

pickup-group <name> Optional. Displays call pickup group configuration for the specified call
pickup group.
queue Optional. Displays all call queue configurations.
queue <extension> Optional. Displays call queue configuration for the specified call queue.
ring-group Optional. Displays all configured ring groups.
ring-group <name> Optional. Displays ring group configurations for the specified ring group.
ring-option Optional. Displays all ring option configurations.
ring-option <name> Optional. Displays ring option configurations for the specified ring option.
speed-dial Optional. Displays all entries for speed-dial entries.
spre Optional. Displays entire special prefix (SPRE) related configuration,
including mode, overrides, local maps, and network template.
spre-map Optional. Displays only the SPRE mapping configuration.
status-group Optional. Displays all status group information.
status-group <name> Optional. Displays information on the specified status group.
trunk Optional. Displays all voice trunk configurations.
trunk <Txx> Optional. Displays voice trunk configurations for the specified trunk. Use
the trunk's two-digit identifier following T (for example, T99).
trunk-list Optional. Displays all trunk list configurations.
trunk-list <name> Optional. Displays a specific trunk list configuration.
user Optional. Displays all configured voice users.
<number> Optional. Displays voice user configurations for the specified number.
<name> Optional. Displays voice user configurations for the specified name. Enter
the first or last name.
<last name> Optional. Displays voice user configurations for the specified name. Enter
the last name only.
verbose Optional. Displays detailed information on all or on the specified voice
running configurations.
Default Values
Command History
Release 11.1 Command was expanded.
include parameters.

Release A2 Command was expanded to include the ani-list, match, mgcp-endpoint,

named-digit-timeouts, trunk-list, and user parameters.
Release A2.03 Command was expanded to include the spre and spre-map parameters.
Release A2.04 Command was expanded to include the paging-group parameter.
Release A4.01 Command was expanded to include the pickup-group parameter, voice
queue, and music-on-hold.
Release R10.7.0 Command was expanded to include the ring-option parameter.
Usage Examples
The following is sample output from the show running-config voice command:
>enable
#show running-config voice
!
voice hold-reminder 15
voice flashhook mode interpreted
!
voice dial-plan 1 local 8000
!
voice class-of-service set1
billing-codes
!
voice class-of-service set2
!
voice class-of-service “set 1"
!
voice codec-list trunk
default
codec g711ulaw
codec g729
!
voice codec-list “list 1"
!
voice codec-list list1
!
voice trunk T99 type t1-rbs supervision wink role network
!
voice trunk T01 type sip
!
!
!
--MORE--

show schedule
Use the show schedule command to display information regarding the schedule configuration.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show schedule command:
>enable
#show schedule
Schedule entry: DELAY-AFTER-BOOT (active)
Schedule entry: DELAY (inactive)
Technology Review
The scheduler provides a method for configuring a feature to operate during a specific time schedule and
to receive feedback when the feature should disable or enable. The goal of the scheduler is to eliminate
redundant code while providing an understandable, streamlined application program interface (API) for
rapid feature development with schedules. The show schedule command displays how many features are
scheduled and whether they are active or inactive.

show sfp-info interface <interface>

Use the show sfp-info interface gigabit-switchport command to display small form-factor pluggable
(SFP) transceiver module serial ID information for the specified interface.
Syntax Description
dot11ap 1/1.1. Type show spanning-tree interface ? for a complete list of
valid interfaces.
Default Values
Command History
Functional Notes
Fields in the show command output reported as Unspecified are not applicable to the module type. Refer
to the Usage Examples for more information.
Usage Examples
The following is sample output from the show sfp-info interface gigabit-switchport <slot/port>
command:
>enable
#show sfp-info interface gigabit-switchport 0/25
SFP Manufacturer: FINISAR CORP.

Identifier: SFP Transceiver
Connector: LC
SONET Compliance Code: Unspecified

Gigabit Ethernet Compliance Code: 100BASE-SX

Fiber Channel Link Length: Intermediate Distance <I>
Fiber Channel Transmitter Technology: Shortwave laser w/o OFC <SN>
Fiber Channel Transmitter Media: Multi-Mode, 62.5m <M6>
Fiber Channel Speed: 200 MB/sec
Encoding: 8B10B
Nominal Bit Rate: 2100 Mb/s
Supported Single-Mode Link Length <Km units>: Unspecified
Supported Single-Mode Link Length <100m units>: Unspecified
Supported Multi-Mode <50micron> Link Length <10m units>: 30
Supported Multi-Mode <62.5micron> Link Length <10m units>: 15
Supported Link Length Copper: Unspecified
Vendor OUI: 00:90:65
Vendor Part Number: FTRJ8519P1BNL
Vendor Revision: A
Options: LOS, TX_DISABLE
Bitrate, Max: Unspecified
Bitrate, Min: Unspecified
Vendor Serial Number: PA41HCB
Datecode: Jul 31. 2005

show sfp-info summary

Use the show sfp-info summary command to display a summary of all of the small form-factor pluggable
(SFP) transceiver modules currently installed in the unit.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
This command displays the interface in which the module is installed, the manufacturer of the module, and,
if supported, the Rx power, Tx power, and temperature.
Usage Examples
The following is sample output from the show sfp-info summary command:
>enable
#show sfp-info summary
Interface SFP Manufacturer Rx Power Tx Power Temperature

---------------------------------------------------------------------------------------------------------------
xgiga-swx 1/2/1 OPNEXT, INC. 0.56mW 0.57mW 33 Celsius
xgiga-swx 4/2/1 MergeOptics GmbH 0.67mW 0.45mW 37 Celsius
xgiga-swx 4/2/1 OPNEXT, INC. 0.63mW 0.57mW 34 Celsius
xgiga-swx 5/2/1 FCI MergeOptics 0.59mW 0.64mW 34 Celsius
xgiga-swx 5/2/2 Molex Inc. mW mW Celsius
xgiga-swx 6/2/1 Molex Inc. mW mW Celsius
xgiga-swx 6/2/2 Axcen Photonics 0.15mW 0.00mW 26 Celsius

show sftp sftp-client mypubkey

Use the show sftp sftp-client mypubkey command to display the Secure File Transfer Protocol SFTP
secure shell (SSH) public key information.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays SFTP SSH DSA and RSA public key hashes:
>enable
#show sftp sftp-client mypubkey
DSA Hash: ---- BEGIN SSH2 PUBLIC KEY ----

Comment: Adtran DSA Public key
AAAAB3NzaC1kc3MAAAEBALq7iC0mltbBGo2EzQ3ZDekHl3t2DLa08mP1AxrDdZdl
0HPTjHbVWrLOFnd3Om2yv8LXrKIKnlM0GhMlAB6ZcDjQjyr8s/Ey9fLZmxBdYKt3
8GP0OFLk2zEeYRv6XzFIYAu1sbcfmTU18SV+9m3X+TkhKvP/1jKYSSwDRyNDYTWJ
9Ap+HLRY09tLIvn9cL9mwDCG1rNSlsZ+y0uuYGOwGECLfCxuPc9gZbtMzdd6URqz
tze37XZTBOKyvz2AQrjRux9LNp13DZOB+R1SzNw2fhbPxalzeOXVVLxA7Gvty3YX
8PtyDfxu8KOqNIUVkhXxFf3OJMSyoXSCKC6GPIgxQSkAAAAVANrLmgntjpU7H2Ln
4jFsjjRekvP1AAABAGc4rfqF1ivIJ+AZlRlYRmtjk47zoZ2AU7alotVnaM8jK+U7
qJOWccGZeIUl69Y7xOZ9H3QG0W+LD4bpERJVCrUQxWWxdITOIphAM/OIeIcE1czW
tDUemFoAeg503n9rQuvNiSQ5+qhVsGWC9zhdo4AAZ2Crw/Epn54K778rpDjvzxcW
sesX7Vp3tsXHbZ6RGxdqFCJHytY0xNj033RaKSeAq4aZwbUMCYmrb1iS1hl1CHYM
b1kTsd7MYZQQ12e5UvVPySSNrN1R4ocDQy5qDi/UC5HfKe5MdLp5tM9ZWAjipDGk
3XjKO6UKMPT9cPa6iZ1fUXgwnam7xOSwtFU1HiEAAAEBAJ4bnLz7NxH3lTxn3e62
t+Qhgzri17tM9sl3B3yMWNv4h0EiFkM/9k+4zOBYan3JUt7VQnuxZ7DYkPeymE6h
ZML4QYBhSNMoW6SSseDuF52zGOk48tD9MzbBb/OabmIlmCwlRbiaYCzC0/ZNUaZs

ZhWGiNSbzR9As8qzYz4Hyr2EFImkgmO4zSV53u//hIXtNKgrTxmh73PFixaX86op
9nty+Ivva8iNDu1yRfLsd7XZeHjgcMymsgQEwKeU/0AhSJJ1rCIB83WA8eESCbSo
IZokzb0kreD+g+kbSfWFDXy16L9YpzOeUj6096e/fUMD/Dv8PNt5Ql7+imZ+HmHw
VuI=
---- END SSH2 PUBLIC KEY ----
RSA Hash: ---- BEGIN SSH2 PUBLIC KEY ----

Comment: Adtran RSA Public key
AAAAB3NzaC1yc2EAAAABAwAAAQEA+OYNfxP0JhhrTomlfnu+dxztHWoZRzCLTKbP
SGAC5NxsoXHQhVW8TOSpIv4KXDjhUnD0EGza8oDcdBjwOKVgQetcx55oL16NRIWj
Tm8oLBQXx+KlksSNvlx5jEZDen5ZxHKs6WiFc6OgV3+Xn/zJWeKopm8YpbxklZoR
XIwsJlhWFLKwuZH2q9DNhkLiuR2PbTDvV/qTnG2Qd/SLYZRPs9N8/LZjeZWCDyEo
pEHRrN6SnAxLoifJThpbDNsVXrS/x++iXOiDDulNiUoaFWbnWaM2bdI360Frp/FI
miz6vf5LAOzZ7hsT+tQzLCcHM/cjPAr9JCA+9YrZgIMJcv45qw==
show shaper
Use the show shaper command to display configuration information for Ethernet virtual connection
(EVC) traffic shapers. Variations of this command include:
show shaper
show shaper <name>
Syntax Description
<name> Optional. Specifies that information for a single traffic shaper is displayed.
Default Values
By default, no traffic shapers are configured.
Command History
Usage Examples
Enter the command as follows to display information for all configured EVC traffic shapers:

>enable
#show shaper
Name State Status
1 Disabled Disabled
Attributes:
Configured Rate : 1000000 kbps
Mode : Not applied

show sip
Use the show sip command to display Session Initiation Protocol (SIP) statistical and registration
show sip auxiliary-transactions

show sip resources
show sip statistics
show sip user-registration
show sip user-registration <user>
show sip user-registration detail
show sip user-registration user-agent
Syntax Description
auxiliary-transactions Displays SIP auxiliary transaction information.
resources Displays SIP server resource information.
statistics Displays SIP server statistic information.
user-registration Displays local SIP server registration information for all users.
<user> Optional. Displays local SIP server registration information for the specified
user.
detail Optional. Displays a detailed listing of the local SIP server registration
information for all users.
user-agent Optional. Displays the SIP user agent information for all users.
Default Values
Command History
Release 11.1 Resources, statistics, and user-registration parameters were added.
Release 15.1 Name-service name-table parameter was added.
include.
Release 17.3 Command was altered to remove the name-service name-table
parameter, which was replaced with the show voip name-service
name-table command.

Release R10.5.0 Command was expanded to include the auxiliary-transactions parameter.

Release R10.8.0 Command was expanded to include the <user>, detail, and user-agent
parameters.
Usage Examples
The following is sample output from the show sip statistics command:
>enable
#show sip statistics
Invites transmitted: 36
Invites received: 26
Invite Retransmits transmitted: 11

Invite Retransmits received: 0
Non-Invites transmitted: 1869
Non-Invites received: 1911
Non-Invite Retransmits transmitted: 12

Non-Invite Retransmits received: 41
Responses transmitted: 1982

Responses received: 3535
Response Retransmits transmitted: 45

Response Retransmits received: 0
The following is sample output from the show sip user-registration command:
>enable
#show sip user-registration
User IP Address Port Transport Expires

------------------------------------------------------------------------------------------------------
9001 10.10.10.1 5060 UDP 2081
9002 10.10.10.2 5060 UDP 3419
Total phones registered: 2

show sip location

Use the show sip location command to display Session Initiation Protocol (SIP) statistical and registration
show sip location

show sip location dynamic
show sip location static
Syntax Description
dynamic Optional. Displays SIP location database dynamic entries.
static Optional. Displays SIP location database static entries.
Default Values
Command History
Release 12.1 Command output was updated.
include.
Usage Examples
The following is sample output from the show sip location static command:
>enable
#show sip location static
User IP Address Port Expires Source
-----------------------------------------------------------------------------
9001 1.1.1.2 5060 52 Registrar
9002 10.10.10.2 5060 3336 Registrar

show sip proxy

Use the show sip proxy command to display Session Initiation Protocol (SIP) proxy statistical and
registration information. Variations of this command include:
show sip proxy monitor

show sip proxy registration
show sip proxy registration extended
show sip proxy registration range <range>
show sip proxy registration range <range> extended
show sip proxy registration range <range> realtime
show sip proxy registration realtime
show sip proxy registration user <user>
show sip proxy registration user <user> extended
show sip proxy registration user <user> realtime
show sip proxy registration verbose
show sip proxy resources
show sip proxy resources realtime
show sip proxy user
show sip proxy user extended
show sip proxy user realtime
show sip proxy user verbose
your unit.
Syntax Description
monitor Displays SIP proxy monitor status.
registration Displays the SIP Proxy registration status for SIP proxy users.
range <range> Optional. Specifies a range of consecutive extensions to display, for
example, 2565551000-2565551200.
user <user> Optional. Specifies a single user extension to display.
resources Displays SIP proxy resource information.
user Displays SIP proxy user database information.
extended Optional. Displays the extended form of SIP proxy user database.

realtime Optional. Displays SIP proxy information in real time. Refer to the
Default Values
Command History
include.
Release 17.3 Command was expanded to include the extended modifier.
Release A2.03 Command was expanded to include the verbose modifier.
Release A5.02 Command was expanded to include the registration, range <range>, and
user <user> parameters.
Release R10.9.0 Command was expanded to include the monitor parameter.
Functional Notes
page 1125).
Usage Examples
The following is sample output from the show sip proxy monitor command:
>enable
#show sip proxy monitor
Proxy Server Monitor: Admin UP

Polling mode: On failure
Continuous interval: 30
Delay: Min <min> Max <max> | Disabled
Recovery no-response interval: 5 - 60
Recovery responses needed: 3 Interval 10
Servers:
Address Port Status Poll
---------------------------------------- ------ -------- -------------------
10.255.3.2 5060 DOWN Next poll 12 seconds
10.17.233.254 5060 UP*

10.17.1.254 5060 UP
The following is sample output from the show sip proxy resources command:
>enable
#show sip proxy resources
Type Name Allocated Currently in Use Max Used

-----------------------------------------------------------------------------------------------------------------------
Proxy proxyPoolElements 630 0 0

show sip secure remote-user

Use the show sip secure remote-user command to display Session Initiation Protocol (SIP) security
statistics pertaining to remote users attempting to access the system. Variations of this command include:
show sip secure remote-user

show sip secure remote-user blacklist
show sip secure remote-user dropped-requests
Syntax Description
blacklist Optional. Displays UDP SIP security blacklist entries.
dropped-requests Optional. Displays UDP SIP security dropped requests due to failed
authentication attempts.
Default Values
Command History
Functional Notes
These statistics display the number of dropped SIP requests and the type, such as REGISTER and
INVITE, that were encountered on the configured secure port. Other requests include ACK, CANCEL,
OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INFO, REFER, MESSAGE, and UPDATE requests. The
output also displays the number of suspect entries with summary information which includes the IPv4
address and voice user attempting a call. Once the number of failed attempts from an IPv4 address,
regardless of its source port, exceeds the blacklist attack threshold, a blacklist entry is recorded and the
IPv4 address is removed from the suspect list.
A maximum number of 100 combined entries can be stored in the suspect and blacklist entry tables. If the
maximum number is exceeded, the oldest entries from the suspect list are removed as needed to make
room for new blacklist entries, and no new suspect entries are added. When there are no suspect entries
left to sacrifice for space, no more blacklists entries will be added until blacklist entries are removed either
manually (using the command clear sip secure remote-user on page 207) or through timeouts.

Usage Examples
The following is sample output from the show sip secure remote-user command:
>enable
#show sip secure remote-user
Dropped SIP Request Information:
Port Protocol Registers Invites Other Requests

------- ------------ ------------- ---------- ----------------------
2112 UDP 0 33 0
Number of secure ports: 1
Suspect Entries:
10.10.23.2 : 2112 / UDP
User/Agent: 2565551234/Adtran-SIP-IP706/v2.4.0.3
Timeout (seconds): 600
Total suspect entries: 1
Blacklisted Entries:
10.10.19.1 : 2112 / UDP
User/Agent: 2565556789/Adtran-SIP-IP706/v2.4.0.3
Timeout (seconds): 3600
Total blacklisted entries: 1
* Port, protocol, and User/Agent values taken from first suspect SIP message

show sip trunk-registration

Use the show sip trunk-registration command to display Session Initiation Protocol (SIP) statistical and
registration information. Variations of this command include the following:
show sip trunk-registration

show sip trunk-registration realtime
show sip trunk-registration registrar
show sip trunk-registration subscription
show sip trunk-registration verbose
show sip trunk-registration registrar realtime
show sip trunk-registration registrar <Txx>
show sip trunk-registration registrar <Txx> realtime
show sip trunk-registration registrar <Txx> <name>
show sip trunk-registration registrar <Txx> <name> realtime
show sip trunk-registration subscription <Txx>
show sip trunk-registration subscription <Txx> realtime
show sip trunk-registration subscription <Txx> <name>
show sip trunk-registration subscription <Txx> <name> realtime
show sip trunk-registration <Txx>
show sip trunk-registration <Txx> realtime
show sip trunk-registration <Txx> <name>
show sip trunk-registration <Txx> <name> realtime
your unit.
Syntax Description
<Txx> Optional. Specifies the trunk identity; where xx is the trunk’s two-digit
identifier (e.g., T01).
<name> Optional. Specifies the name associated with the trunk.
realtime Optional. Displays local SIP client registration information in real time. Refer
to the Functional Notes below for more information.
registrar Optional. Displays the SIP trunk registrar IP address information. Refer to
the Functional Notes below for more information.

subscription Optional. Displays SIP trunk registration subscription information.

verbose Optional. Displays detailed SIP trunk registration information.
Default Values
Command History
include.
Release A5.01 Command was expanded to include the registrar parameter
Release R13.4.0 Command was expanded to include the verbose parameter.
Release R13.8.0 Command was expanded to include the subscription parameter.
Functional Notes
increase the terminal length (using the command terminal length <number> on page 1125).
Use the registrar to show the ip address of the registrar that each number is using on a SIP trunk.
Numbers on the same SIP trunk can use different registrars if sip-server validation is enabled (using the
command sip-server validation register on page 5126).
Usage Examples
The following is sample output from the show sip trunk-registration command:
>enable
#show sip trunk-registration
Ext Register Expire Grant Success Redirect Challenge Failed Timeout

---------------------------------------------------------------------------------------------------------------------------
4433 NO 0 0 0 0 0 0 #

show smdr
Use the show smdr command to display the statistics for station message detail record (SMDR) reporting.
The output for this command includes each item from the configured SMDR output format (refer to the
command voice logging smdr format on page 1914).
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example is sample output from the show smdr command:
>enable
#show smdr
SMDR Formatting:
CALLID[10]
Date(MM/DD/YYYY)[10]
Start Time(HH.MM.SS)[8]
Billable Mins[6]
Billing Code[4]
Call Type[2]
Originating Slot[2]
Originating Port[2]
Originating Name[15]
Originating Number[15]
Destination Slot[2]
Destination Port[2]
Destination Name[15]
Destination Number[15]
Conference ID[3]

show snmp
Use the show snmp command to display the system Simple Network Management Protocol (SNMP)
current configuration. Variations of this command include the following:
show snmp engineID
show snmp group
show snmp user
Syntax Description
engineID Displays the hex string that defines the current local engine ID settings.
group Displays the list of all groups entered.
user Displays the list of all users entered.
Default Values
Command History
Release 13.1 Command was expanded to include the engineID, group, and user
options.
include.
Usage Examples
The following is sample output from the show snmp command for a system with SNMP disabled, and the
default chassis and contact parameters:
>enable
#show snmp
Chassis: Chassis ID
Contact: Customer Service
0 Rx SNMP packets
0 Bad community names
0 Bad community uses
0 Bad versions
0 Silent drops

The following is sample output from the show snmp group command for a situation in which a group
called securityV3auth was defined (via the snmp-server group command) using version 3 and
authentication, and no access control list:
>enable
#show snmp group
Group: securityV3auth Security Model: v3
Read View: default Write View: <not specified>
Notify View: default

show sntp
Use the show sntp command to display the system Simple Network Time Protocol (SNTP) parameters and
current status of SNTP communications.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following example displays the SNTP parameters and current status:
>enable
#show sntp

show spanning-tree
Use the show spanning-tree command to display the status of the spanning-tree protocol. Variations of
show spanning-tree
show spanning-tree <number>
show spanning-tree detail
show spanning-tree detail active
show spanning-tree realtime
show spanning-tree <number> realtime
show spanning-tree summary
Using the realtime argument for this command may adversely affect system performance
and should be used with discretion.
Syntax Description
<number> Optional. Displays spanning tree for a specific bridge group. This command is
only applicable to routers configured for bridging.
detail Optional. Displays detailed spanning tree information.
active Optional. Displays detailed information about all active interfaces.
realtime Optional. Displays full-screen spanning tree information in real time.
summary Optional. Displays a summary of all port states.
Default Values
Command History
Release 10.1 Command was expanded to include the realtime parameter.
include.
Release 17.5 Command was expanded to include the detail, active, and summary
keywords.

Functional Notes
page 1125).
Usage Examples
The following is sample output from the show spanning-tree command:
>enable
#show spanning-tree
Spanning Tree enabled protocol ieee
Root ID Priority 32768
Address 00:a0:c8:00:88:41
We are the root of the spanning tree
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768
Address 00:a0:c8:00:88:41
Aging Time 300
Interface Role Sts Cost Prio. Nbr. Type
eth 0/2 Desg FWD 19 128.2 P2p
giga-eth 0/1 Desg FWD 4 128.25 P2p
giga-eth 0/2 Desg FWD 4 128.26 P2p

show spanning-tree active

Use the show spanning-tree active command to display the spanning-tree status on active interfaces only.
show spanning-tree active

show spanning-tree active detail
Syntax Description
detail Optional. Displays the spanning-tree protocol status in detail.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show spanning-tree active command:
>enable
#show spanning-tree active
Spanning Tree enabled protocol ieee
Root ID Priority 32768
Address 00:a0:c8:00:88:41
We are the root of the spanning tree
Bridge ID Priority 32768
Address 00:a0:c8:00:88:41
Aging Time 300
--MORE--

show spanning-tree blockedports

Use the show spanning-tree blockedports command to display ports that are currently in a blocked state.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show spanning-tree blockedports command:
>enable
#show spanning-tree blockedports
Blocked Interfaces List
------------------------------------
eth 0/3
giga-eth 0/2
p-chan 1
Number of blocked ports (segments) in the system: 3

show spanning-tree interface <interface>

Use the show spanning-tree interface command to display spanning-tree protocol information for a
particular interface. Variations of this command include:
show spanning-tree interface <interface>

show spanning-tree interface <interface> active
show spanning-tree interface <interface> active detail
show spanning-tree interface <interface> cost
show spanning-tree interface <interface> edgeport
show spanning-tree interface <interface> inconsistency
show spanning-tree interface <interface> priority
show spanning-tree interface <interface> rootcost
show spanning-tree interface <interface> state
Syntax Description
dot11ap 1/1.1. Type show spanning-tree interface ? for a complete list of
valid interfaces.
active Optional. Displays information for an active interface.
active detail Optional. Displays detailed spanning-tree protocol information for an active
interface.
cost Optional. Displays only spanning-tree protocol path cost information.
edgeport Optional. Displays information for all interfaces configured as edgeports.
inconsistency Optional. Displays information for all interfaces with port inconsistencies.
priority Optional. Displays only spanning-tree protocol priority information.
rootcost Optional. Displays only spanning-tree protocol root path cost information.
state Optional. Displays only spanning-tree protocol state information.
Default Values

Command History
include.
Release R10.10.0 Command was expanded to include the inconsistency parameter.
Usage Examples
The following is sample output from the show spanning-tree interface ethernet command:
>enable
#show spanning-tree interface ethernet 0/2
Interface Role Sts Cost Prio. Nbr. Type
------------------- ------------------- ------------------ ----------- ------------- ---------------
eth 0/2 Desg LIS 19 128.2 P2p

show spanning-tree pathcost method

Use the show spanning-tree pathcost method command to display the default pathcost method being
used.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show spanning-tree pathcost method command. In this case,
32-bit values are being used when calculating path costs:
>enable
#show spanning-tree pathcost method
Spanning tree default pathcost method used is long

show spanning-tree root

Use the show spanning-tree root command to display information regarding the spanning-tree protocol
root. Variations of this command include:
show spanning-tree root

show spanning-tree root address
show spanning-tree root cost
show spanning-tree root detail
show spanning-tree root forward-time
show spanning-tree root hello-time
show spanning-tree root id
show spanning-tree root max-age
show spanning-tree root port
show spanning-tree root priority
show spanning-tree root priority system-id
Syntax Description
address Optional. Displays the address of the spanning-tree root.
cost Optional. Displays the path cost of the spanning-tree root.
detail Optional. Displays the spanning-tree root information in detail.
forward-time Optional. Displays the forward-time of the spanning-tree root.
hello-time Optional. Displays the hello-time of the spanning-tree root.
id Optional. Displays the ID of the spanning-tree root.
max-age Optional. Displays the maximum age of the spanning-tree root.
port Optional. Displays the port of the spanning-tree root.
priority Optional. Displays the priority of the spanning-tree root.
priority system-id Optional. Displays the priority and system-id of the spanning-tree root.
Default Values

Command History
include.
Usage Examples
The following is sample output from the show spanning-tree root command:
>enable
#show spanning-tree root
Root ID Root Cost Hello Time Max Age Fwd Dly Root Port
-------------------- -------------- ------------- ------------ -------------- ----------------
8191 00:a0:c8:b9:bb:82 108 2 20 15 eth 0/1

show srtp media sessions

Use the show srtp media sessions command to display media sessions that were negotiated to use Secure
Realtime Transfer Protocol (SRTP) and to display key information about the SRTP session.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays information about SRTP media sessions:
>enable
#show srtp media sessions
----------- ---- ---- ----- ------------------------
| SRTP | SRTCP |
Call ID | Auth Encr | Encr | Crypto
----------- ---- ---- ----- ------------------------
1 Yes Yes Yes AES_CM_128_HMAC_SHA1_80
Anchored: 10.19.247.5:10000
Remote: 10.100.254.4:19888

Anchored: [::]:10002
Remote: 127.0.0.1:10002

Anchored: 10.19.247.5:10001
Remote: 10.100.254.4:19889
There are 3 active media sessions.

show ssh port-forward

Use the show ssh port-forward command to display a summary of secure shell (SSH) port forward
information.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following is sample output from the show ssh port-forward command:
>enable
#show ssh port-forward
Local Port: 22
URL of Remote User: AOS@10.23.153.22:5037
Status: Waiting for Connection
If the port forward has an active connection, the status will display as Forwarding instead
of Waiting for Connection.

show ssh-server
Use the show ssh-server command to display the system’s public key for secure shell (SSH) connections.
show ssh-server detail

show ssh-server key-hash
show ssh-server mypubkey
show ssh-server mypubkey fingerprint md5
show ssh-server mypubkey fingerprint sha1
Syntax Description
detail Displays the configured SSH server security parameters used for
established SSH connections.
key-hash Specifies displaying the SSH server public key hash of a given key string in
SHA1 Digital Signature Standard (DSS) format.
mypubkey Specifies displaying the SSH server public key.
fingerprint md5 Specifies displaying the MD5 fingerprint of SSH server public key.
fingerprint sha1 Specifies displaying the SHA1 fingerprint of SSH server public key.
Default Values
Command History
Release R13.12.0 Command was expanded to include the detail parameter.

Usage Examples
The following is sample output from the show ssh-server command:
>enable
#show ssh-server mypubkey
---- BEGIN SSH2 PUBLIC KEY ----
Comment: Adtran DSA Public key
AAAAB3NzaC1kc3MAAACBAKZf6qtRHGHjPfOP3drwO1m28l4fpN5X5c8ArkeKhV3a
TzY404uwCsSvfYQUw/s24E+989MWZxLUO0Ib+nV+hWlK0nxI85bQPIvOjaWNtbgg
OfNdz4VyNcLxxzsiJqNhQpGQ3LW2zQ7fsP9pM5ALAs7MDOaSdNja58aUgEMY1ta5
AAAAFQC1r9L5Mkax780fOnwkDB6eIaNjCwAAAH97vSxdyRel4IucL4Ckn7Y/zVwF
eLpwHiVP41MN7dO2aApuWvsygLU/FUAouv/3PRug/bAAS56w2/JLKVvyo1aRPNHA
vgPFEDodqLc+dnC1bXFu1VR69ntQYTEe6iReLlwzeEPLwTW5ucGHddXVbP2jG3R+
JEmGGt87P3JxicCjAAAAgAajR0ptcBY1jOye/kO8soQz/Dv2FqO4tW/yjFaV0E1J
v+vyAMUKUgocqebciS9RofjRTZ7W153z6JIpoFRnpOC+ynIVrBRUD+/1BgqJTI6G
0VtKm6A/K+qSaSd6dhKOAAWA1C0zsJDSkhKqYwRa1ziNC7TUFHIj/n1OvIo1PdzC

show stack
Use the show stack command to view the status of all the switches configured for stacking. Displays the
mode of the switch as either master or member. If the mode is master, this command also gives the status
of the stack members. Variations of this command include:
show stack
show stack candidates
show stack candidates realtime
show stack realtime
show stack topology
show stack topology realtime
your unit.
Syntax Description
candidates Optional. Displays all units that have registered with this stack master. This
option is only available on a switch configured as a stack master.
topology Optional. Displays the stack topology. This option is only available on a
switch configured as a stack master.
realtime Optional. Displays full-screen output in real time. Refer to Functional Notes
below for more information.
Default Values
Command History
include.

Functional Notes
The stack candidates are a list of units that could be added to the stack. They are not yet members.
page 1125).
Usage Examples
The following example displays the configuration of the switch stack while in stack-master mode:
>enable
#show stack
Stack mode is MASTER
Management Vlan is 2386, firmware version is 08.00.18.D
Stack network is 169.254.0.0/24
Stack members...
Member Mac Address Mgmt IP Address Source Interface State
2 00:A0:C8:02:CF:C0 169.254.0.2 Stack port Up
3 00:A0:C8:00:8C:20 169.254.0.3 Stack port Up
#
Member Specifies the stack member's Unit ID.

Mac Address Specifies the stack member's medium access control (MAC) address.
Mgmt IP Address Specifies the stack member's IP address.
Source Interface Specifies the interface that the stack member was learned from.
State Specifies the stack member’s state: Up (member is up and functioning
properly); Down (member was at one time functioning, but contact has
been lost); Waiting (waiting for the unit to register; when registered, it will
be added to the stack); Denied (the unit could not be added to the stack
because the stack protocol versions were not compatible).
The following example displays the configuration of the switch stack while in stack-member mode:
>enable
#show stack
Stack mode is STACK-MEMBER
My Unit ID is 3, management Vlan is 2386
Stack management network is 169.254.0.0/24
Stack Master info:
Master is “Switch”, learned via giga-eth 0/1
IP address is 169.254.0.1, MAC address is 00:DE:AD:00:65:83
#

The following example displays all units that have registered with this stack-master:
>enable
#show stack candidates
Displaying all known Stack candidates...
MAC Address System Name Source Interface AOS Revision
00:A0:C8:00:8C:20 LabSwitch1 stack port 08.00.18
00:A0:C8:00:F5:6C LabSwitch2 stack port 08.00.19.D
00:A0:C8:02:CF:C0 LabSwitch3 stack port 08.00.20.D
#

show startup-config
Use the show startup-config command to display a text printout of the startup configuration file stored in
nonvolatile random access memory (NVRAM). Variations of this command include:
show startup-config
show startup-config checksum
Syntax Description
checksum Optional. Displays the message digest 5 (MD5) checksum of the unit’s
startup configuration.
Default Values
Command History
include.
Functional Notes
This command is used in conjunction with the show running-config checksum command to determine
whether the configuration has changed since the last time it was saved.
Usage Examples
The following is sample output from the show startup-config command:
>enable
#show startup-config
!
!
no enable password
!
ip subnet-zero
ip classless
ip routing
!

event-history on
no logging email
!
ip policy-timeout tcp all-ports 600
!
!
!
interface eth 0/1
speed auto
no ip address
shutdown
!
interface dds 1/1
shutdown
!
interface bri 1/2
shutdown
!
!
ip access-list standard MatchAll
permit host 10.3.50.6
permit 10.200.5.0 0.0.0.255
!
!
ip access-list extended UnTrusted
deny icmp 10.5.60.0 0.0.0.255 any source-quench
deny tcp any any
!
no snmp agent
!
!
!

show storm-control interfaces <interface>

Use the show storm-control interfaces to display configuration parameters and current statistics for all
interfaces configured with storm control. Variations of this command include the following:
show storm-control interfaces <interface> broadcast burst

show storm-control interfaces <interface> broadcast rate
show storm-control interfaces <interface> multicast-unknown burst
show storm-control interfaces <interface> multicast-unknown rate
show storm-control interfaces <interface> unicast-unknown burst
show storm-control interfaces <interface> unicast-unknown rate
Syntax Description
<interface> Specifies which interface information to display. Specify an interface in the
format <interface type [slot/port]>. For example, for a Gigabit switchport
interface, enter gigabit-switchport 0/3, or for a 10 Gigabit switchport enter
xgigabit-switchport 1/1. Type show storm-control interfaces ? for a
broadcast burst Displays the configured burst rate for broadcast traffic.
broadcast rate Displays the configured storm control rate for broadcast traffic.
multicast-unknown burst Displays the configured burst rate for unknown multicast traffic.
multicast-unknown rate Displays the configured storm control rate for unknown multicast traffic.
unicast-unknown burst Displays the configured burst rate for unknown unicast traffic.
unicast-unknown rate Displays the configured storm control rate for unknown unicast traffic.
Default Values
Command History

Usage Examples
The following example displays storm control broadcast rate information for gigabit-switchport 0/3:
>enable
#show storm-control interfaces gigabit switchport 0/3 broadcast rate

show switchports
Use the show switchports command to display switchport information. Variations of this command
include:
show switchports
show switchports vlans
Syntax Description
vlans Optional. Displays the switchport vlan membership.
Default Values
Command History
Usage Examples
The following is sample output from the show switchports command:
>enable
#show switchports
Name: swx 0/1
Switchport: enabled
Protected: false

Name: swx 0/2

Switchport: enabled
Protected: false

show system
The show system command shows the system version, timing source, power source, and alarm relay
status.
Syntax Description
No subcommands.
Default Values
Command History
include.
Functional Notes
In vAOS instances, the output of this command does not include checksum information, boot ROM or
hardware versions, or boot system images names.
Usage Examples
The following is sample output from the show system command:
>enable
#show system
ADTRAN, Inc. OS version 07.00.20
Checksum: 3B2FCC0F, built on Tue Jun 01 13:36:36 2004
Boot ROM version 07.00.20
Checksum: 604D, built on: Tue Jun 01 13:59:11 2004
Copyright (c) 1999-2004, ADTRAN, Inc.
Platform: Total Access 900
Serial number TechPub
Flash: 8388608 bytes DRAM: 33554431 bytes
ICP uptime is 0 days, 0 hours, 53 minutes, 50 seconds
System returned to ROM by External Hard Reset
Current system image file is “070020.biz”

Boot system image file is “070020.biz”

Power Source: AC
Primary System clock source config: t1 0/1
Secondary System clock source config: t1 0/1
Active System clock source: t1 0/1

show system-control-evc
Use the show system-control-evc command to display configuration information for the system control
Ethernet virtual connection (EVC). Variations of this command include:
show system-control-evc
show system-control-evc performance-statistics 15-minute
show system-control-evc performance-statistics 15-minute <interval>
show system-control-evc performance-statistics 24-hour
show system-control-evc performance-statistics 24-hour <interval>
Syntax Description
performance-statistics Optional. Displays performance statistics for the system control EVC.
15-minute Displays cumulative performance statistics for the last 15 minutes.
24-hour Displays cumulative performance statistics for the last 24 hours.
<interval> Optional. Limits output to a range of historical intervals. Valid range is 1 to
96.
Default Values
No default values necessary.
Command History
Usage Examples
Enter the command as follows to display configuration information for the system control EVC:
>enable
#show system-control-evc
System Control EVC
S-TAG : --
EVC Status : Connection not configured
IP : 0.0.0.0
Subnet : 255.255.255.255
Connections : None

System Control EVC Ethernet Info:

0 input errors

show system-management-evc
Use the show system-management-evc command to display configuration information for the system
management Ethernet virtual connection (EVC). Variations of this command include:
show system-management-evc
show system-management-evc performance-statistics 15-minute
show system-management-evc performance-statistics 15-minute <interval>
show system-management-evc performance-statistics 24-hour
show system-management-evc performance-statistics 24-hour <interval>
Syntax Description
performance-statistics Optional. Displays performance statistics for the system management EVC.
15-minute Displays cumulative performance statistics for the last 15 minutes.
24-hour Displays cumulative performance statistics for the last 24 hours.
<interval> Optional. Limits output to a range of historical intervals. Valid range is 1 to
96.
Default Values
No default values necessary.
Command History
Usage Examples
Enter the command as follows to display configuration information for the system management EVC:
>enable
#show system-management-evc
System Management EVC
S-TAG : --
EVC Status : SHUTDOWN
IP : 0.0.0.0
Subnet : 255.255.255.255
Connections : None

System Management EVC Ethernet Info:

0 input errors

show system mtu

Use the show system mtu command to display the current system maximum transmission unit (MTU)
setting.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following is sample output from the show system mtu command:
>enable
#show system mtu
MTU size is 9216 bytes

show tacacs+ statistics

Use the show tacacs+ statistics command to display terminal access controller access control system
(TACACS+) client statistics.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show tacacs+ statistics command:
>enable
#show tacacs+ statistics
Authentication Authorization Accounting
Packets sent: 0 0 0
Invalid responses: 0 0 0
Timeouts: 0 0 0
Average delay: 0ms 0ms 0ms
Maximum delay: 0ms 0ms 0ms
Socket Opens: 0
Socket Closes: 0
Socket Aborts: 0
Socket Errors: 0
Socket Timeouts: 0
Socket Failed Connections: 0
Socket Packets Sent: 0
Socket Packets Received: 0

show tcp info

Use the show tcp info command to display Transmission Control Protocol (TCP) control block
information in AOS. This information is for troubleshooting and debug purposes only. For more detailed
information, you can optionally specify a particular TCP control block. When a particular TCP control
block is specified, the system provides additional information regarding crypto map settings that the show
tcp info command does not display. Variations of this command include:
show tcp info

show tcp info realtime
show tcp info <control block>
show tcp info <control block> realtime
your unit.
Syntax Description
<control block> Optional. Specifies a particular TCP control block for more detailed information.
Default Values
Command History
include.

Functional Notes
page 1125).
Usage Examples
The following is sample output from the show tcp info command:
>enable
#show tcp info
TCP TCB Entries
ID STATE LSTATE OSTATE TYPE FLAGS RPORT LPORT SWIN SRT INTERFACE
0 FREE FREE FREE SRVR 0 0 0 0 0 NONE
1 LISTEN FREE FREE CONN 0 0 21 0 0 NONE
5 FREE FREE FREE SRVR 0 0 0 0 0 NONE
--MORE--

show tech
Use the show tech command to save technical information to a file named showtech.txt.
Syntax Description
No subcommands.
Default Values
Command History
include.
Functional Notes
The show tech command runs a script that creates a showtech.txt file in flash memory that contains the
command output from the following show commands:
Not all listed show commands apply to all ADTRAN products.
show version
show modules
show flash
show cflash
show running-config verbose
show interfaces
show atm pvc
show dial-backup interfaces
show frame-relay lmi
show frame-relay pvc
show ip bgp neighbors

show ip bgp summary

show ip mroute
show ip bridge
show spanning-tree
show ip interfaces
show connections
show arp
show ip traffic
show tcp info
show ip protocols
show ip route
show event-history
show output-startup
show processes cpu
show buffers
show buffers users
show memory heap
show debugging
Usage Examples
The following example creates a showtech.txt file and displays it to the terminal screen:
>enable
#show tech
Opening and applying file.....
Done.

show temperature
Use the show temperature command to display the unit temperature.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show temperature command:
>enable
#show temperature
Temperature: 33 degrees C

show thresholds
Use the show thresholds command to display thresholds currently crossed for all DS1 interfaces.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show thresholds command.
>enable
#show thresholds
t1 1/1:
SEFS 15 min threshold exceeded
UAS 15 min threshold exceeded
SEFS 24 hr threshold exceeded
UAS 24 hr threshold exceeded
t1 1/2:
No thresholds exceeded

show timing-domain
Use the show timing-domain command to display the system timing domains.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following is sample output from the show timing-domain command:
>enable
#show timing-domain
Timing Domain Source Config Table
Domain Interface Config Source Status
1 t1 0/1 Primary Line Alarm
1 t1 0/2 None System Available
2 t1 0/3 None System Available
2 t1 0/4 Primary Line Alarm
Timing Domain System Config Table
Domain: 1 Active Source: System
Primary Interface Source Status
t1 0/1 t1 0/1 Alarm
Secondary Interface Source Status
Domain: 2 Active Source: System
Primary Interface Source Status
t1 0/4 t1 0/4 Alarm
Secondary Interface Source Status

show tls profile

Use the show tls profile command to display the content of configured Transport Layer Security (TLS)
profiles on the AOS device. Variations of this command include:
show tls profile

show tls profile <name>
Syntax Description
<name> Optional. Limits output to a single TLS profile.
Default Values
Command History
Usage Examples
The following example displays the content of the configured TLS profile TLS_PROFILE1:
>enable
#show tls profile TLS_PROFILE1
Name: TLS_PROFILE1
tls-version: 1.2
authentication: server
ca-profile:PROFILE1
allow-self-signed-cert: no
Identities Validated:
ip-address
fqdn configured
Ciphersuite list:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
SSL_DES_192_EDE3_CBC_WITH_MD5

show tls sessions

Use the show tls sessions command to display information about each active Transport Layer Security
(TLS) session.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays TLS session information:
>enable
#show tls sessions
Application: SIP
Version: TLS v1.2
Ciphersuite: AES256-SHA
Session ID: kKnKqvAM70IkGRBxzVHdVb8F8vkHpsL28A3D89xDGjA=
Role: Client-only
Local: 192.0.2.243:10459
Peer: 198.51.100.4:5061
Peer Certificate:
Subject: CN = voip.example.com
SAN IP Address: 2001:DB8:64FE::4 198.51.100.4 (Validated)
SAN FQDN: ipv6.voip.example.com ipv4.ents.adtran.com voip.example.com (Validated)
There are 1 active TLS sessions.

show tls statistics

Use the show tls statistics command to display a summary of statistics for Transport Layer Security (TLS)
configurations.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays a statistical summary for TLS configurations:
>enable
#show tls statistics
TLS Connection Requests
Total:2
Passed:2
Failed:0
TLS Handshake
Passed:2
Failed:0
TLS Connections
Dropped:0
Closed:1

show toneservices resources

Use the show toneservices resources command to display digital signal processor (DSP) tone
information.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show toneservices resources command:
>enable
#show toneservices resources
DSP Channel Type Port Status

-------------------------------------------------------------

show track
Use the show track command to display track object configuration and statistics. Refer to Network
Monitor Track Command Set on page 4083 for information on configuring track objects. Variations of this
show track
show track <name>
show track <name> realtime
your unit.
Syntax Description
<name> Optional. Displays information only for the track object specified.
Default Values
Command History
include.
Functional Notes
page 1125).

Usage Examples
The following is sample output from the show track command:
>enable
#show track track_1
Current State: PASS
Dampening Interval: 30 seconds
Test Value: probe_A (PASS) AND probe_B (FAIL)
Track Changes: 3
Time in current state: 25 days 2 hours, 34 minutes, 32 seconds

show udp info

Use the show udp info command to display User Datagram Protocol (UDP) session information.
show udp info

show udp info realtime
show udp info <number>
show udp info <number> realtime
your unit.
Syntax Description
<number> Optional. Specifies ID of session to display. Valid range is 0 to 31.
Default Values
Command History
include.
Functional Notes
page 1125).

Usage Examples
The following example shows sample output from the show udp info command:
>enable
#show udp info
UDP Session Entries
ID Local Port IP Address Socket
--- --------------- ----------------- -----------
2 520 0.0.0.0 1
3 0 0.0.0.0 4
4 161 0.0.0.0 5
5 8 127.0.0.1 7
6 10 0.0.0.0 11
7 6 127.0.0.1 16
8 4 127.0.0.1 17
9 14 127.0.0.1 18
10 12 127.0.0.1 19

show usbdrive0
Use the show usbdrive0 command to display a list of all files currently stored in Universal Serial Bus
(USB) flash drive memory. Variations of this command include:
show usbdrive0
show usbdrive0 <filename>
Syntax Description
<filename> Optional. Displays details for a specified file located in USB flash drive
memory. Enter a wildcard (such as *.biz) to display the details for all files
matching the entered pattern.
Default Values
Command History
Usage Examples
The following is sample output from the show usbdrive0 command:
>enable
#show usbdrive0
Files:
245669 010100boot.biz
1141553 new.biz
821 startup-config
1638 startup-config.old
1175679 020016.biz

show usb attached-devices

Use the show usb attached-devices command to display statistics for universal serial bus (USB) devices
attached to the USB wireless wide area network (WWAN) network interface module (NIM) or the USB
port on the AOS unit. The output from this command includes the attached device identification, the
product identification, the device class, the device manufacturer and model, and the slot and port used by
the device. Variations of this command include:
show usb attached-devices

show usb attached-devices detail
The NetVanta USB WWAN NIM supports cellular connections through a USB cellular
modem provided by the service provider. For more information about configuring the
NetVanta USB WWAN NIM or the cellular interface, refer to Cellular Interface Command
Set on page 2090 or the USB WWAN NIM and the Cellular Interface configuration guide
Syntax Description
detail Displays all available device statistics.
Default Values
Command History
Release 18.2 Command was expanded to include the detail parameter.
Functional Notes
The output of the show usb attached-devices commands is device-dependent, and some USB LTE
modems may not respond with any output.

Usage Examples
The following is sample output from the show usb attached-devices command:
>enable
#show usb attached-devices
USB Device attached
VendorID: 1410
ProductID: 6000
DeviceClass: 0x2 (Communications)
Manufacturer: Novatel Wireless Inc.
Product: Novatel Wireless CDMA
Slot/Port: 1/1
Number of Endpoints: 13
Endpoints: 1 INTERRUPT IN, 2 BULK IN, 2 BULK OUT, 4 BULK IN, 4 BULK OUT, 9 BULK IN, 9 BULK
OUT, 10 BULK IN, 10 BULK OUT, 5 BULK IN, 6 BULK OUT, 7 BULK IN, 8 BULK OUT
The following is sample output from the show usb attached-devices command if an unknown device is
attached to the 3G USB NIM:
>enable
USB Device attached
VendorID: 1457
ProductID: 1544
DeviceClass: 0x7 (Printer)
Manufacturer: Unknown
Product: Unknown
Serial Number: Unknown
Slot/Port: 1/1
Number of Endpoints: 0
Endpoints:
The following is sample output from the show usb attached-devices command if no USB device is
attached to the 3G USB NIM:
>enable
No USB Device attached

show users
Use the show users command to display the name (if any) and state of users authenticated by the system.
show users
show users realtime
your unit.
Syntax Description
Default Values
Command History
include.
Functional Notes
page 1125).

Displayed information includes:
• Connection location (for remote connections, this includes Transmission Control Protocol (TCP)
information)
• User name of authenticated user
• Current state of the login (in process or logged in)
• Current enabled state
• Time the user has been idle on the connection
Usage Examples
The following is sample output from the show users command:
>enable
#show users
- CONSOLE 0 'adtran' logged in and enabled
Idle for 00:00:00
- TELNET 0 (172.22.12.60:3998) 'password-only' logged in (not enabled)
Idle for 00:00:14
- FTP (172.22.12.60:3999) 'adtran' logged in (not enabled)
Idle for 00:00:03

show version
Use the show version command to display the current ADTRAN Operating System (AOS) version
information.
Syntax Description
No subcommands.
Default Values
Command History
include.
Functional Notes
In vAOS instances, the output of this command does not include checksum information, boot ROM or
hardware versions, or boot system images names.
Usage Examples
The following is sample output from the show version command:
>enable
#show version
ADTRAN, Inc. OS version A5.01.00.E

Mainline Version: M04
Checksum: 894C9C39
Built on: Fri Sep 09 11:31:09 2011
Upgrade key: 29be9733e227e21d8f7d4af849dc7603
Hardware version C.1
Boot ROM version A3.01.00
Checksum: 6A26

Built on: Wed Jul 08 16:52:15 2009

Copyright (c) 1999-2009, ADTRAN, Inc.
Platform: Netvanta 6334, part number 17006334G1, CLEI code is N/A
Serial number LBADTN0940AD077
Flash: 67108864 bytes DRAM: 134217727 bytes

show vlan
Use the show vlan command to display current virtual local area network (VLAN) information. Variations
show vlan
show vlan brief
show vlan brief realtime
show vlan id <vlan id>
show vlan id <vlan id> realtime
show vlan name <name>
show vlan name <name> realtime
show vlan realtime
your unit.
Syntax Description
brief Optional. Shows an abbreviated version of the VLAN information (brief
description).
id <vlan id> Optional. Shows information regarding a specific VLAN, specified by a VLAN
interface ID (valid range: 1 to 4094).
name <name> Optional. Shows information regarding a specific VLAN, specified by a VLAN
interface name (up to 32 characters).
Default Values

Command History
Release 15.1 The realtime display parameter was added to show vlan id and show vlan
name.
include.
Functional Notes
page 1125).
Usage Examples
The following is sample output from the show vlan command:
>enable
#show vlan
VLAN Name Status Ports
------------------ -------------------- -------------- -----------
-1 Default active eth 0/5, eth 0/6, eth 0/8, eth 0/13, eth 0/14, eth 0/15,
eth 0/16, eth 0/17, eth 0/18, eth 0/19, eth 0/20,
eth 0/21, eth 0/22, eth 0/23, eth 0/24, giga-eth 0/1,
giga-eth 0/2
2 accounting active eth 0/1, eth 0/2
3 VLAN0003 active eth 0/3, eth 0/4, eth 0/7, eth 0/9, eth 0/10, eth 0/11,
eth 0/12
VLAN Type MTU
------------------ --------------- --------------
-1 enet 1500
2 enet 1500
3

The following is an example of the show vlan name command that displays VLAN 2 (accounting
VLAN) information:
>enable
#show vlan name accounting
VLAN Name Status Ports
------------------- ---------------- ------------- ----------------
-2 accounting active eth 0/1, eth 0/2
VLAN Type MTU

------------------- ---------------- -------------
-2 enet 1500

show voice alias

Use the show voice alias command to display alias parameters. Aliases are used to mask identity settings,
such as names and extensions. Variations of this command include:
show voice alias

show voice alias global
show voice alias group
show voice alias system
show voice alias user
Syntax Description
global Optional. Displays global aliases.
group Optional. Displays group aliases.
system Optional. Displays system aliases.
user Optional. Displays user aliases.
Default Values
Command History
include.
Usage Examples
The following example shows sample output from the show voice alias command:
>enable
#show voice alias
Alias Translation Type

----------------- --------------- ------------------
MyAlias 4433 Global
Total Displayed: 1

show voice available

Use the show voice available command to list foreign exchange station (FXS) ports that are not associated
with a user.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following example displays FXS ports that are not associated with a user:
>enable
#show voice available
Interface
-------------
fxs 0/1
fxs 0/2

show voice conference local

Use the show voice conference local command to view current conference sessions. Variations of this
command include:
show voice conference local all

show voice conference local session <number>
Syntax Description
all Displays current status of all local conference sessions.
session <number> Displays current status of the specified local conference session.
Default Values
Command History
Usage Examples
The following example displays information about all local active conference sessions:
>enable
#show voice conference local all
ID Originator (FXS) Remote1 Remote2 RtpRsrc

---- ---------------------- -------------------- -------------------- -------------
1 2001 (0/1) T01 (2565551234) T02 (2568675309) 0/1.(1,2,3)
2 2004 (0/4) 2002 (FXS 0/2) 3001 (SIP) 0/2.(1,4,5)
The following example only displays information for local conference session 2:
>enable
#show voice conference local session 2
ID Originator (FXS) Remote1 Remote2 RtpRsrc

---- -------------------- -------------------- -------------------- ----------------
2 2004 (0/4) 2002 (FXS 0/2) 3001 (SIP) 0/2.(1,4,5)

show voice dial-plan

Use the show voice dial-plan command to view number display templates. Variations of this command
include:
show voice dial-plan

show voice dial-plan <number>
Syntax Description
<number> Optional. Displays information about a specific number display template.
Default Values
Command History
include.
Usage Examples
The following example displays information about number display template 1:
>enable
#show voice dial-plan 1
Type ID Pattern
------------------------------------------------------------------
Always Permitted 1 NXXNXXXXXX

show voice did

Use the show voice did command to display direct inward dialing (DID) information. Variations of this
command include:
show voice did

show voice did groups
show voice did other
show voice did users
Syntax Description
groups Optional. Displays all DID entries for ring groups.
other Optional. Displays all nonuser and nonring group DID entries.
users Optional. Displays all DID entries for users.
Default Values
Command History
include.
Usage Examples
The following example displays DID entries for ring groups:
>enable
#show voice did groups

show voice directory

Use the show voice directory command to display direct inward dialing (DID) information. Variations of
show voice directory

show voice directory <name>
Syntax Description
<name> Optional. Specifies the name on the directory to display. Only extensions
included in the specified directory will appear.
Default Values
Command History
include.
Usage Examples
The following example displays all extensions sorted by extension number:
>enable
#show voice directory
Directory Name: SYSTEM
User Name External Extension
------------------------------------------------------
John Smith 5006
Jane Doe 5005
Directory Name: Engineering

User Name External Extension
--------------------------------------------------------
John Doe Yes 5551212

show voice door-phone

Use the show voice door-phone command to display the door phone account settings. A door phone is
used to communicate with visitors prior to them entering an establishment.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following example shows sample output from the show voice door-phone command:
>enable
#show voice door-phone
First Last Ext Interface Description

-------------------------------------------------------------------------------------
Front Door 4430 virtual Front Door of Building

show voice extensions

Use the show voice extensions command to display all of the current voice extensions and their status.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following example displays all extensions and the status of the extension:
>enable
#show voice extension
AccountID Idle/Ring/Busy Available DND FWD

---------------------------------------------------------------------------------------
T01 Idle * - -
T06 Idle * - -
T02 Idle * - -
5200 Idle * - -
6000 Idle * - -
6001 Idle * - -
6002 Idle * - -
6003 Idle * - -
T03 Idle * - -
2 Idle * - -
1234 Idle * - -

show voice grouped-trunk

Use the show voice grouped-trunk command to display all voice trunk groups.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following example displays all voice trunk groups:
>enable
#show voice grouped-trunk
Name Resource-Selection Description

---------------------------------------------------------------------------
SIP linear SIP trunk
DSX linear DSX trunk
DXS linear DXS trunk

show voice line

Use the show voice line command to display voice line stations. Variations of this command include:
show voice line

show voice line <station>
Syntax Description
<station> Optional. Displays a specific voice line station name or extension on the
system base on the valid voice line descriptors entered into the system.
Default Values
Command History
include.
Usage Examples
The following example shows sample output from the show voice line command:
>enable
#show voice line
Line: 4444
Trunk: not configured
Registered Endpoints: 0
Call State: IDLE
Active Endpoints: N/A
DSP Resource: N/A
Line: Sales
Trunk: not configured
Registered Endpoints: 0
Call state: IDLE
--MORE--

show voice loopback calls

Use the show voice loopback calls command to display the status of the loopback call(s).
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays all voice loopback calls:
>enable
#show voice loopback calls
ID Extension Codec Status Number Duration (hour:min:sec)
------------------------------------------------------------------------------------------------------------------------------------
1 1123 <ENDED (invalid number) -> 8837655 :01
2 1123 Calling -> 4001 :05
3 1123 <ENDED (no appearances) <- 4001 :01
4 1123 G729 Connected -> 4001 :07

show voice mail

Use the show voice mail command to display voice mail information for the system or a specific user.
show voice mail

show voice mail <number>
show voice mail notify-schedule <number>
Syntax Description
<number> Optional. Displays voice mail information for the specified user’s extension.
notify-schedule <number> Optional. Displays the voice mail notification schedule for the specified
user’s extension.
Default Values
Command History
include.
Usage Examples
The following example shows sample output from the show voice mail command:
>enable
#show voice mail
New Num Total Time Total Time Greeting
AccountID VM COS Msg Msg Used Free Time
--------------------------------------------------------------------------------------------------------------------------------------------
1000 - - 00:00:00 00:00:00 00:00
2000 - - 00:00:00 00:00:00 00:00
2001 normal_voicemail 38 38 00:09:54 00:00:06 00:02


2016 executive_voi... 74 74 00:18:11 00:11:49 00:02
2017 executive_voi... 75 75 00:11:03 00:18:57 00:01
2020 executive_voi... 73 73 00:20:41 00:09:19 00:01
0 - - 00:00:00 00:00:00 00:00
The following is sample output for the show voice mail <number> command for extension 2017:
>enable
#show voice mail 2017
Voicemail information for account:?:5T

VM Class of Service: executive_voicemail
Standard Greeting: 00:09 Total Voicemail Usage: 00:11:04
Alternate Greeting: 00:10 Total Voicemail Free: 00:18:56
Recorded Name: 00:01
Message 1 of 75
Time/Date: 00:28:16 CST Sun Feb 07 2106
Calling Party: UNKNOWN (UNKNOWN)
Length: 00:00
Status: Old
The following is sample output for the show voice mail notify-schedule <number> command for
extension 2017:
>enable
#show voice mail notify-schedule 2017
Start End Email1 Email2

---------------------------------------------------------------------------------------------
Sun 12:00 am Mon 7:59 am ---- ----
Mon 8:00 am Thu 11:59 pm Yes ----
Fri 12:00 am Sat 11:59 pm ---- ----

show voice match

Use the show voice match command to display voice automatic number identification (ANI) substitution
parameters. Variations of this command include:
show voice match

show voice match ani <template>
Syntax Description
match Displays all substitution configurations.
ani <template> Optional. Displays a specific ANI substitution entry.
Default Values
Command History
Functional Notes
Valid characters for templates are as follows:
0-9 Match the exact digit(s) only

X Match any single digit 0 through 9
N Match any single digit 2 through 9
M Match any single digit 1 through 8
$ Match any number string dialed
[] Match any digit in the list within the brackets (for example, [1,4,6])
,() Formatting characters that are ignored but allowed
- Use within brackets to specify a range, otherwise ignored
The following are example template entries using wildcards:
1) NXX-XXXX Match any 7-digit number beginning with 2 through 9

2) 1-NXX-NXX-XXXX Match any number with a leading 1, then 2 through 9, then any 2 digits,
then 2 through 9, then any 6 digits
3) 555-XXXX Match any 7-digit number beginning with 555
4) XXXX$ Match any number with at least 5 digits

5) [7,8]$ Match any number beginning with 7 or 8

6) 1234 Match exactly 1234
Some template number rules:
1) All brackets must be closed with no nesting of brackets and no wildcards within the brackets.
2) All brackets can hold digits and commas, for example: [1239]; [1,2,3,9]. Commas are implied between
numbers within brackets and are ignored.
3) Brackets can contain a range of numbers using a hyphen, for example: [1-39]; [1-3,9].
4) The $ wildcard is only allowed at the end of the template, for example: 91256$; XXXX$.
Usage Examples
The following example displays voice substitution information:
>enable
#show voice match
ani - match: 2323

substitute: 5555

show voice music-on-hold statistics

Use the show voice music-on-hold statistics command to display music on hold player statistics.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays music on hold player statistics:
>enable
#show voice music-on-hold statistics
MOH Player Codec IpAddress Port

System PCMU 10.17.20.38 3002 default player
MOH Player NumRegApps Codec Play Status File Name

System 1 PCMU Playing welcome.wav

show voice named-digit-timeouts

Use the show voice named-digit-timeouts command to view configured named digit timeouts (NDTs)
and their values. The output for this command includes the default NDT value. Variations of this command
include:
show voice named-digit-timeouts

show voice named-digit-timeouts <name>
Syntax Description
<name> Optional. Displays information about a specific named digit timeout.
Default Values
Command History
Usage Examples
The following example displays all named digit timeouts and their timeout value:
>enable
#show voice named-digit-timeouts
Name Timeout Value (secs)
--------------------------------------------------------------------------------
default 4
long 10
longer 12
longest 16
short 6
shorter 5
shortest 2

show voice operator-group

Use the show voice operator-group command to display all operator groups.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following example displays all operator groups:
>enable
#show voice operator-group
Operator-group: 0 Call distribution type: all
Number of calls allowed: 1
Number of rings before coverage: 4
Extension Firstname Lastname Logged In

-------------------------------------------------------------------------------------
2001 John Smith *
Order # of Rings Call Coverage Action

---------------------------------------------------------------------
1 0 Auto Attendant
2 2 None
3 2 None
4 2 None
5 2 None

show voice phone-files

Use the show voice phone-files command to display files required for Session Initiation Protocol (SIP)
phone configuration.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following example shows sample output from the show voice phone-files command:
>enable
#show voice phone-files
03/02/2006 16:03 PM 216 0004f203f69c.cfg

03/02/2006 16:03 PM 687 5001-0004f203f69c.cfg
03/02/2006 16:03 PM 216 0004f203b0d6.cfg
03/14/2006 16:03 PM 306 polycom.cfg
7 File(s) 132516 bytes
0 Dir(s) 0 bytes

show voice pickup-group

Use the show voice pickup-group command to display all configured call pickup groups (or a specific
group). Variations of this command include:
show voice pickup-group

show voice pickup-group <name>
Syntax Description
<name> Optional. Specifies a particular call pickup group to display.
Default Values
Command History
Usage Examples
The following is sample output from the show voice pickup-group command:
(config)#show voice pickup-group

Pickup Group: Group1
Description: 4th floor sales
Pickup Group Extension: 8508
Members Firstname Lastname

-----------------------------------------------
0330 Vickie Spinaker
2003 Marc Starkalous
2013 Patrick Wales
2007 Drew Lever
2006 Sarah Williams
1012 Jessica Thomas

show voice quality-stats

Use the show voice quality-stats command to display voice quality statistical information. Variations of
show voice quality-stats

show voice quality-stats active
show voice quality-stats active realtime
show voice quality-stats <id>
show voice quality-stats <id> realtime
your unit.
Syntax Description
active Displays all quality statistics for active calls.
<id> Specifies an identity number of a call to obtain detailed statistics.
Default Values
Command History
include.

Functional Notes
page 1125).
Usage Examples
The following example displays voice quality statistics for all active calls:
>enable
#show voice quality-stats active
Start Lost Discard Delay

ID Time From To Duration Codec Pkts Pkts Avg Max
------------------------------------------------------------------------------------------------------------------------------------------
4236 3:02 pm 5152222 5157744 6:55 G711 2 0 50 50

show voice queue

Use the show voice queue command to display the status of the call queuing feature. Variations of this
command include:
show voice queue

show voice queue <extension>
show voice queue detail
show voice queue detail <extension>
Syntax Description
<extension> Optional. Specifies the extension of the call queue to display.
detail Optional. Displays detailed call queue information.
Default Values
Command History
Usage Examples
The following example displays status information for the call queue at extension 6407:
>enable
#show voice queue 6407
Call Queue: 6407 Call distribution type: ring-all
Name: TSqueue
Description: Tech Support Call Queue
Max allowed number of queued calls: 16

Operation: active
State: unlocked
Current queue stats:

Calls: 1
Longest Wait: 30

24 Hour Stats:
calls queued: 87
calls Abandoned: 1 calls overflowed:
longest wait time: 30 average wait time: 13
Members Firstname Lastname Logged In

----------------------------------------------------------------------------------------------------------------------------------
2013 Patrick Wales *
2004 John Taylor *
2003 Marc Starkalous *#

show voice ring-group

Use the show voice ring-group command to display all ring groups. Variations of this command include:
show voice ring-group

show voice ring-group <number>
Syntax Description
<number> Optional. Displays information about a specific ring group extension.
Default Values
Command History
include.
Usage Examples
The following example displays all ring groups:
>enable
#show voice ring-group
ring-group 1234 type: linear
description:
First Last Ext Logged In
------------------------------------------------------------------------
Order NumRings Action
------------------------------------------------------------------------
1 2 None
2 2 None
3 2 None
4 2 None
5 2 None

ring-group 2 type: linear

description:
First Last Ext Logged In
------------------------------------------------------------------------
Order NumRings Action
------------------------------------------------------------------------
1 2 None
2 2 None
3 2 None

show voice speed-dial

Use the show voice speed-dial command to display system speed dial information. Variations of this
command include:
show voice speed-dial

show voice speed-dial <number>
Syntax Description
<number> Optional. Displays information about a specific speed dial number. Valid
range is 1 to 99.
Default Values
Command History
include.
Usage Examples
The following example displays information on speed dial number 50:
>enable
#show voice speed-dial 50
speed-dial - ID: 50
Name: Main Office
Number: 4000

show voice spre

Use the show voice spre command to display all special prefix (SPRE) code mappings. Functions with no
SPRE code assigned are not displayed. Variations of this command include:
show voice spre local

show voice spre network
Syntax Description
local Displays all SPRE codes used locally.
network Displays all SPRE codes passed through to the network.
Default Values
Command History
Release A1.02 Command was expanded to include the modifiers begin, exclude, and
include.
Usage Examples
The following example displays all local SPRE codes:
>enable
#show voice spre local
Current SPRE Handling Mode: Local
SPRE Code Description

-------------------------------------------------------------------------------------------------------------------
** Hands Free Auto-Answer
*20n System Mode 0=Deflt, 1=Night, 2=Lunch, 3=Wknd, 7=Override

*21xxxx Billing Code
*25nn System Speed Dial

*30 Page-Overhead
*31x Page intercom (0=all, 1-9=zone)
*32 Forward Notification Cancel
*33xxxx Call Forward + Extension
*34xxxx*pppp*nxxxxxx Call Forward Remote
*35 Call Forward Cancel
*36xxxx*pppp* Remote Call Forward Cancel
*37 Door Phone
*38 Door Unlock
*39x Do Not Disturb Enable/Disable
*44 Permanent Hold

*46xxxx*pppp* Hotel Login
*47pppp* Hotel Logout
*52xxxx* Pickup Extension

*55xxxx* Group Login
*56xxxx* Group Logout
*57pppp* User Station/Phone Lock
*58pppp* User Station Unlock
*61nnxxxx Program User Speed Dial

*62nn Call User Speed Dial
*63xxxx*pppp* MACA Login
*64pppp* MACA Logout
*65 Cancel Camp-on
*66 Camp on a Busy Extension
*67 Block Call-ID delivery for this call only
*69 Call Return
*70 Disable Call Waiting on a per call basis

*72 Call last dialed number
*74xxxx* CallQueue Login
*76xxxx* CallQueue Logout
*77z Call Park + Zone
*78z Call Park Retrieve
*79[pw-old]*[pw-new]* Set Account Password
*86xxxx Send User Directly to Voicemail

*88 Transfer
*90xxxx Class of Service Override (xxxx=Override Passcode)

*95xxxx Set Message Waiting
*96xxxx Clear Message Waiting
*97x Auto-Answer Do Not Disturb
*98 Voicemail

show voice status-group

Use the show voice status-group command to display information on all voice status groups or on a
specified group. Variations of this command include:
show voice status-group

show voice status-group <name>
Syntax Description
<name> Optional. Displays all users within the specified status group.
Default Values
Command History
include.
Usage Examples
The following example displays all voice status group extensions:
>enable
#show voice status-group
Status-group: Sales Team

Description:
Type Member ID Display Name Status
-----------------------------------------------------------------------
user 2001 Martha Idle
user 3002 Dan Idle
user 3003 Betty Idle
user 3004 Chris Idle
user 4001 Jami Idle
Number of members: 5

show voice switchboard

Use the show voice switchboard command to display all voice switchboard extensions.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following example displays all voice switchboard extensions:
>enable
#show voice switchboard
Ext
----
1234
2
5200
6000
6001
6002
6003

show voice system-mode

Use the show voice system-mode command to display the current system mode running on the unit.
Specifying a day will display any transitions configured for that day. Variations of this command include:
show voice system-mode

show voice system-mode sunday
show voice system-mode monday
show voice system-mode tuesday
show voice system-mode wednesday
show voice system-mode thursday
show voice system-mode friday
show voice system-mode saturday
Syntax Description
[sunday - saturday] Optional. Displays the specified system mode programmed in the unit.
Choose from Sunday through Saturday.
Default Values
No default values are valid for this command.
Command History
Usage Examples
The following example shows sample output from the show voice system-mode monday command:
>enable
#show voice system-mode monday
Current system-mode: default
System-mode transition - Day: monday
Mode @ time: lunch @ 12:00
Mode @ time: default @ 13:00
Mode @ time: night @ 17:00

The following is sample output from the show voice system-mode command:
>enable
#show voice system-mode
Current system-mode: weekend

show voice trunk

Use the show voice trunk command to display all voice trunks. Variations of this command include:
show voice trunk

show voice trunk <trunk id>
show voice trunk connects <trunk id>
show voice trunk server-cache
Syntax Description
connects Optional. Displays all trunk voice interface connections.
<trunk id> Optional. Displays voice trunk information for a specific trunk ID. Use T01,
T02, and so on for the trunk ID.
server-cache Optional. Displays information contained in the voice trunk Session Initiation
Protocol (SIP) server cache.
Default Values
Command History
include.
Release R13.8.0 Command was expanded to include the server-cache parameter.

Usage Examples
The following example displays all voice trunks:
>enable
#show voice trunk
Busy Busy Busy Non Busy Busy Non Busy
Trunk Resource Admin. Admin. Attempts Attempts Attempts Attempts
Name Selection Config. Status Today Today Total Total
--------------------------------------------------------------------------------------------------------------------------------------------
T01 linear Not Busy Not Busy 0 0 0 7
T06 linear Not Busy No Connects 0 0 0 0
T02 linear Not Busy Not Busy 0 0 0 27
T03 linear Not Busy No Connects 0 0 0 0

show voice trunk monitor

Use the show voice trunk monitor command to display the configuration settings for Session Initiation
Protocol (SIP) trunks used for SIP trunk failover on the AOS system. Displayed settings include any trunks
configured with SIP trunk failover, any configured recovery delay, and the address, port, and status of any
failover servers.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays the configuration information for SIP trunks used in a failover situation:
>enable
#show voice trunk monitor
Trunk: T01
Delay Min 3600
Servers:
Address | Port | Status
111.111.111.111 | 5060 | Up *
222.222.222.222 | 5060 | Down
2001:0DB8:AC10:FE01:0000:0000:0000:0000 | 12345 | Delay Remaining 97 s

show voice users

Use the show voice users command to display all voice user stations. Variations of this command include:
show voice users

show voice users did
show voice users extension
show voice users last
show voice users location
Syntax Description
did Optional. Displays all users included in the directory.
extension Optional. Displays directory entries sorted by extensions.
last Optional. Displays directory entries sorted by last name.
location Optional. Displays the location of users in the directory.
Default Values
Command History
include.
Release A4.03 Command was expanded to include the location parameter.
Usage Examples
The following example displays all voice users:
>enable
#show voice users
First Last Ext Interface Description
--------------------------------------------------------------------------------------------
Janet Smith 5200 virtual
Bill Jones 6000 virtual
Sam Sampson 6001 virtual

show voice users sip

Use the show voice users sip command to display a list of Session Initiation Protocol (SIP) users with
their associated ports.
Syntax Description
No subcommands.
Default Values
Command History
include.
Usage Examples
The following is sample output from the show voice users sip command:
>enable
#show voice users sip
First Last Extension Interface MAC Address IP Address

-----------------------------------------------------------------------------------------------------------------------
Fronia Cobins 4430 Unregistered user - Unable to resolve port
Gorge Owens 4440 Unregistered user - Unable to resolve port
Heather Virginia 4450 Unregistered user - Unable to resolve port
Total number of configured SIP voice users: 3

show voip name-service cache

Use the show voip name-service cache command to view Voice over Internet Protocol (VoIP) name
service information stored in the cache.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
The information displayed in the show command output consists of two columns. The left column lists the
host name of an entry in the VoIP Name Service Name Table. This corresponds with the entries shown in
the output of the command show voip name-service name-table on page 1104. The right column shows
the corresponding last resolved IP address(es) of the entry. An IP address of all zeros indicates the
particular host has not been resolved. In the event all domain naming system (DNS) servers are
unreachable and a particular host name cannot be refreshed, the DNS uses the cached address to resolve
the particular host.
Usage Examples
The following example displays name service information stored in the cache:
>enable
#show voip name-service cache
Name Last Resolved Address

----------------------------------------------------------------------------------------------------
test2.pprice.voice.test.adtran.com 1.2.3.3
bogus3.pprice.voice.test.adtran.com 1.2.3.3
test.pprice.voice.test.adtran.com 0.0.0.0

show voip name-service name-table

Use the show voip name-service name-table command to view Voice over Internet Protocol (VoIP) name
service information in the name table.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
The following information is displayed in the show command output:
• Name - Indicates the name of the service.

• Proto - Indicates the protocol.
• Tpt - Indicates the transport method used, either User Datagram Protocol (UDP) or Transmission
Control Protocol (TCP).
• LastSrc - Indicates the last software object that requested this domain naming system (DNS) entry be
cached. Valid options are trunk, route, manual, proxy, MGCP, or derived.
• Interval - Indicates when the entry will expire.
• Users - Indicates the number of software objects using this entry.
• Resolved - Indicates whether or not the DNS has been able to resolve this entry.

Usage Examples
The following example displays name service information in the name table:
>enable
#show voip name-service name-table
Name Proto Tpt LastSrc Interval Users Resolved
--------------------------------------------------------------------------------------------------------------------------------------------
pq.adtran.com SIP UDP trunk 0h 59m 47s 2 Yes
bw2.pq.adtran.com SIP UDP trunk 0h 59m 46s 2 Yes
Technology Review
VoIP name service maintains a list of service names relevant to VoIP transactions while also facilitating
access between VoIP-related queries to the external DNS server and the internal DNS client. Service
names are automatically entered and deleted from the internal service name table when configured or not
configured for VoIP-related subsystems. The VoIP name service begins polling external DNS servers for
recently added service names to preemptively resolve service names before they are deleted. Using the
show voip name-service name-table command will show the status of added service names.

show voipwizard log

Use the show voipwizard log command to display the log file from the Voice over IP (VoIP) Setup
Wizard.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays the VoIP Setup Wizard log file:
>enable
#show voipwizard log
VCID: 1 (NV1638)
Using 19358 bytes
*********** SUMMARY *************

Ports successfully assigned as voice ports: (switchport 0/1-24)
Ports successfully assigned as uplink ports: (gigabit-switchport 0/1-4)

no shutdown
qos trust cos
no shutdown
qos trust cos
--MORE--

show vrf
Use the show vrf command to display the configured virtual routing and forwardings (VRFs) and the
interfaces associated with each one (or a specific VRF). Variations of this command include:
show vrf
show vrf <name>
show vrf interfaces
show vrf interfaces <name>
To view secondary IP addresses, use the show running-config command.
Syntax Description
<name> Optional. Displays information for only the specified VRF.
interfaces Optional. Displays information about interfaces associated with all
configured VRFs.
Default Values
Command History
include.
Release 17.8 The keyword ip was removed from this command.
Functional Notes

Usage Examples
The following is sample output from the show vrf command:
>enable
#show vrf
Name Default RD Interfaces
-Default- 0:0 eth 0/1
ppp 1
Engineering 100:1 vlan 11
vlan 12
Accounting 100:2 vlan 21
vlan 22
The following is sample output from the show vrf interfaces command:
>enable
#show vrf interfaces
Interface IP Address VRF Protocol
eth 0/1 10.0.0.1 DOWN
ppp 1 10.0.1.1 UP
vlan 11 1.1.1.1 Engineering UP
vlan 12 1.1.2.1 Engineering UP
vlan 21 2.1.1.1 Accounting UP

show vrrp
Use the show vrrp command to display configuration and operating data for Virtual Router Redundancy
Protocol (VRRP) configurations. Variations of this command include:
show vrrp
show vrrp brief
show vrrp interface <interface>
show vrrp interface <interface> group <number>
show vrrp statistics
show vrrp statistics interface <interface>
show vrrp statistics interface <interface> group <number>
Syntax Description
brief Optional. Limits the amount of data shown.
group <number> Optional. Displays data or statistics for a specified VRRP group on the
specified interface. Group numbers range from 1 to 255.
interface <interface> Optional. Displays data or statistics for all VRRP groups or a specified
group on the specified interface. Specify an interface in the format
id.subinterface id]>. For example, for an Ethernet subinterface, use
atm 1.1; and for a virtual local area network (VLAN) interface, use vlan 1.
Type show vrrp interface ? for a complete list of valid interfaces.
statistics Optional. Displays statistics for all VRRP groups on all interfaces.
Default Values
Command History
include.
Ethernet interface and the gigabit switchport interface.

Functional Notes
Although VRRP group virtual router identifiers (VRIDs) can be numbered between 1 and 255, only two
VRRP routers per interface are supported.
Usage Examples
The following example gives sample output from the show vrrp statistics command:
eth 0/1
Group 1
Became Master: 3
Priority Zero Packets Sent: 1
Priority Zero Packets Received: 0
Advertisements Sent: 105134
Advertisements Received: 241
Advertisements Interval Errors: 0
Advertisements TTL Errors: 0
Advertisements Address List Errors: 0
Advertisements Packet Length Errors: 0
Group 2
Became Master: 1
Priority Zero Packets Sent: 0
Priority Zero Packets Received: 0
Advertisements Sent: 897
Advertisements Received: 1628
Advertisements Interval Errors: 0
Advertisements TTL Errors: 0
Advertisements Address List Errors: 0
Advertisements Packet Length Errors: 0

show vrrpv3
Use the show vrrpv3 command to display configuration and operating data for Virtual Router
Redundancy Protocol version 3 (VRRPv3) configurations. Variations of this command include:
show vrrpv3
show vrrpv3 brief
show vrrpv3 interface <interface>
show vrrpv3 interface <interface> group <vrid>
show vrrpv3 interface <interface> group <vrid> ipv4
show vrrpv3 interface <interface> group <vrid> ipv6
show vrrpv3 statistics
show vrrpv3 statistics interface <interface>
show vrrpv3 statistics interface <interface> group <vrid>
show vrrpv3 statistics interface <interface> group <vrid> ipv4
show vrrpv3 statistics interface <interface> group <vrid> ipv6
Syntax Description
brief Optional. Limits the amount of data displayed.
interface <interface> Optional. Displays data or statistics for all VRRPv3 groups or a specified
group on the specified interface. Specify an interface in the format
id.subinterface id]>. For example, for an Ethernet subinterface, use
atm 1.1; and for a virtual local area network (VLAN) interface, use vlan 1.
Type show vrrp interface ? for a complete list of valid interfaces.
group <vrid> Optional. Displays data or statistics for a specified VRRPv3 group virtual
router IDs (VRIDs) on the specified interface. Group VRIDs range from 1 to
255.
ipv4 Optional. Displays data or statistics for the VRRPv3 group’s IPv4 address
family.
ipv6 Optional. Displays data or statistics for the VRRPv3 group’s IPv6 address
family.
statistics Optional. Displays statistics for all VRRPv3 groups on all interfaces.
Default Values

Command History
Functional Notes
Usage Examples
The following example gives sample output from the show vrrpv3 command:
>enable
#show vrrpv3
eth 0/1
Group 1 - Address-Family IPv6
State: Master
Administrative state: UP
Description:
Configured Priority: 100, Actual Priority: 100
Number of Addresses: 1
Virtual Link-Local Address: FE80::7890
Virtual Global Address: 00:00:5E:00:02:01
Virtual MAC Address: 00:00:5E:00:02:01
Accept-Mode is enabled
Advertisement interval: 1 second(s)
Preemption: Enabled - delay 0 second(s)
Last Transition: 0:00:00:02
Master Router Address: FE80::2A0:C8FF:FE23:21E0 (local) Priority: 100

show vxlan
Use the show vxlan command to display information regarding virtual extensible local area network
(VxLAN) configuration on your AOS product. Variations of this command include:
show vxlan host

show vxlan host tunnel <interface id>
show vxlan host vni <number>
show vxlan peers
show vxlan peers tunnel <interface id>
show vxlan vni
show vxlan vni tunnel <interface id>
Syntax Description
host Displays information, sorted by tunnel ID, for active VxLAN tunnels on this
device.
host tunnel <interface id> Optional. Displays VxLAN information for the specified tunnel interface.
Valid tunnel range is 1 to 1024.
host vni <number> Optional. Displays VxLAN information for the specified VNI. Valid VNI range
is 1 to 677215.
peers Displays information, sorted by tunnel ID, for all VxLAN peers connected to
this device.
peers tunnel <interface id> Optional. Displays information for the VxLAN peer connected to the
specified tunnel interface. Valid tunnel range is 1 to 1024.
vni Displays information, sorted by VNI, for all active VxLAN tunnels.
vni tunnel <interface id> Optional. Displays VxLAN information, sorted by VNI, for the specified
tunnel interface.Valid VNI range is 1 to 1024.
Default Values
Command History

Usage Examples
The following is sample output from the show vxlan command:
>enable
#show vxlan host vni 100
DestnationMac TunnelId VniId DestinationVtep Type TTL(Sec)
00:11:22:33:44:AD 1 100 10.0.2.15 DYNAMIC 1477
>enable
#show vxlan peers
Tunnel ID Source IP Destination IP Dest port MTU
1 10.0.2.17 10.0.2.15 4789 1464
>enable
#show vxlan vni tunnel 1
Source interface Vlan-id VNI Tunnel
eth 0/2.1 2 100 tunnel 1

sip check-sync
Use the sip check-sync command to send a check-sync notification to all IP phones registered to the unit.
When an IP phone receives this check-sync notification, the phone will check for possible configuration
changes stored on the server. Variations of this command include the following:
sip check-sync
sip check-sync firmware-upgrade
sip check-sync <user name or ip address>
Syntax Description
firmware-upgrade Optional. Specifies a check-sync to be used when upgrading phone
firmware.
<user name or ip address> Optional. Specifies the phone to contact with configuration changes.
Default Values
Command History
Usage Examples
The following example notifies all IP phones to check for a change in configuration:
>enable
#sip check-sync

ssh <url>
Use the ssh <url> command to create a secure shell (SSH) client connection between the AOS unit and
another device. Variations of this command include:
ssh <url>
ssh <url> port <port>
ssh <url> port <port> source-interface <interface>
ssh <url> source-interface <interface>
ssh vrf <name> <url>
ssh vrf <name> <url> port <port>
ssh vrf <name> <url> port <port> source-interface <interface>
ssh vrf <name> <url> source-interface <interface>
Syntax Description
<url> Specifies the uniform resource locator (URL) of the far end device. The
format of the URL string must be user@<ip address | hostname>, for
example, MGARCIA@10.10.10.1 or MGARCIA@domain.com. IPv4 and
IPv6 addresses as well as hostnames are supported in the URL definition.
Optionally, you may include a password for the SSH connection using the
format user:password@<ip address | hostname>, for example,
MGARCIA:password@10.10.10.1.
port <port> Optional. Specifies a port to use for connecting with the remote device
instead of the default SSH port 22. Valid range is 1 to 65535.
source-interface
<interface> Optional. Specifies the interface to be used as the source IP address for the
SSH connection. Specify an interface in the format <interface type [slot/port
| slot/port.subinterface id | interface id | interface id.subinterface id>. For
eth 0/1.1; for a PPP interface, use ppp 1; and for an ATM subinterface, use
atm 1.1. Type ssh <url> source-interface ? for a complete list of valid
interfaces.
vrf <name> Optional. Specifies the virtual routing and forwarding (VRF) instance to use
to contact the target host.
Default Values
When SSH client connections are created, by default they use port 22 and the default VRF.
Command History
Functional Notes
If you do not specify a password when using this command, you will be prompted for a password from the
far end machine after entering the command.

Usage Examples
The following example creates an SSH client connection for the user MGARCIA on a target host of
10.10.10.1, using the default SSH port:
>enable
#ssh MGARCIA@10.10.10.1

ssh key regenerate

Use the ssh key regenerate command to generate a new digital signature algorithm (DSA) or
Rivest-Shamir-Adleman (RSA) key pair for SSH connections. When a new key file is generated, it erases
the old key file. Variations of this command include:
ssh key regenerate

ssh key regenerate dsa
ssh key regenerate rsa
ssh key regenerate sftp
ssh key regenerate sftp dsa
ssh key regenerate sftp rsa
Syntax Description
dsa Optional. Limits the key generation to only DSA keys.
rsa Optional. Limits the key generation to only RSA keys.
sftp Optional. Limits the key generation to only SFTP keys (DSA and RSA).
sftp dsa Optional. Limits the key generation to only SFTP DSA keys.
sftp rsa Optional. Limits the key generation to only SFTP RSA keys.
Default Values
By default, a key file is generated when the system boots for the first time.
Command History
Release R12.2.0 Command was expanded to include the dsa and rsa parameters, as well as
support for RSA keys.
Release 13.11.0 Command was expanded to include the sftp, sftp dsa, and sftp rsa
parameters, as well as support for SFTP keys.
Functional Notes
When the ssh key regenerate command is entered without the optional dsa, rsa, or sftp keywords, by
default, all key types are regenerated.
Usage Examples
The following example generates a new DSA key file for SSH connections:
#ssh key regenerate dsa

ssh port-forward
Use the ssh port-forward command to create a secure shell (SSH) tunnel between the AOS unit and
another device. Variations of this command include:
ssh port-forward <port-forward port> <url>

ssh port-forward <port-forward port> <url> myprivkey dsa
ssh port-forward <port-forward port> <url> password <password>
ssh port-forward <port-forward port> <url> port <port>
ssh port-forward <port-forward port> <url> port <port> myprivkey dsa
ssh port-forward <port-forward port> <url> port <port> password <password>
ssh port-forward <port-forward port> <url> port <port> privkey <filename>
ssh port-forward <port-forward port> <url> privkey <filename>
The maximum number of simultaneous port forward sessions is 10. However, this number
could be reduced if there are not enough TCP resources due to other applications using
them.
Syntax Description
<port-forward port> Specifies the forwarded port on the local unit.
<url> Specifies the uniform resource locator (URL) of the far end listening
address. The format of the URL string must be user@server:remote-port,
for example, MGARCIA@10.10.10.1:7000. Optionally, you may include the
IP address of an interface on the remote machine using the format
user@server:remote-port:FarEndListenAddress, for example,
MGARCIA@10.10.10.1:7000:10.10.10.2. If a far end listen address is not
included as part of the URL, localhost is assumed and only those users
logged into the remote machine can use the tunnel.
myprivkey dsa Optional. Specifies to use the AOS unit’s digital signature algorithm (DSA)
password <password> Optional. Specifies a password to use for SSH authentication.
port <port> Optional. Specifies a port to use for underlying SSH protocol instead of the
default SSH port 22. Valid range is 1 to 65535.
privkey <filename> Optional. Specifies a private key file to use for SSH authentication.
Default Values
Command History

Functional Notes
Port forwarding via SSH is a technology that uses a secure tunnel between a local computer and a remote
computer in order to relay data from other services. Because the tunnel is secure, it can be used to forward
data from services that are inherently insecure. Port forwards on AOS devices support the following
applications: Hypertext Transfer Protocol (HTTP), Hypertext Transfer Protocol Secure (HTTPS), SSH, and
Telnet.
To use this feature, your network must allow encrypted outbound sessions to be created through your
firewall. Most firewalls allow encrypted outbound sessions by default.
If you do not specify a password when using this command, you will be prompted for a password for the far
end machine after entering the command.
Usage Examples
The following example creates a port forward (between the AOS device and machine 10.10.10.1) using
port 22 as the local forwarded port 7000 as the forward port on 10.10.10.1. The user name on the remote
machine is MGARCIA, and the password is PASSWORD
>enable
#ssh port-forward 7000 MGARCIA@10.10.10.1 password PASSWORD

telnet

Syntax Description
<ip address | hostname> Specifies the IP address or host name of the remote system. IP addresses
Default Values
Command History
Functional Notes
Usage Examples
>enable
#telnet 10.200.4.15
User Access Login:
Password:

>enable
#telnet 10.200.4.15 port 8010
User Access Login:
Password:

telnet stack-member <unit id>

Use the telnet stack-member command to Telnet to a stack member.
Syntax Description
<unit id> Specifies unit ID of the stack member to connect via a Telnet session.
Default Values
Command History
Functional Notes
This command is only available when in stack-master mode.
Usage Examples
The following example Telnets to a member of the stack:
>enable
#telnet stack-member 3
Trying Stack Member 3...Press Ctrl+C to abort

telnet vrf <name> stack-member <number>

Use the telnet vrf stack-member command to open a Telnet session (through AOS) with a member of the
stack.
Syntax Description
vrf <name> Specifies the virtual routing and forwarding (VRF) where the stack member
exists.
stack-member <number> Specifies which member of the stack to which to Telnet.
Default Values
Command History
Functional Notes
Usage Examples
The following example opens a Telnet session with stack member 3 of the VRF red:
>enable
#telnet vrf red stack-member 3
Trying Stack Member 3...Press Ctrl+C to abort

terminal length <number>

The terminal length command sets the number of rows (lines) for a terminal session. Use the no form of
this command to return to the default value. This command is only valid for the current session and returns
to the default (24 rows) when the session closes.
Syntax Description
<number> Specifies the number of rows for a terminal session. Range is 0 to 480 lines.
Setting the terminal length to 0 disables paging.
Default Values
The default setting for this command is 24 rows.
Command History
Usage Examples
The following example sets the number of rows for a terminal session to 30.
>enable
#terminal length 30

test cable-diagnostics
Use the test cable-diagnostics command to generate a report concerning various cabling states and issues
related to the physical condition of an Ethernet cable connected to the specified port. Variations of this
command include:
test cable-diagnostics switchport <slot/port>

test cable-diagnostics gigabit-switchport <slot/port>
Running a cable diagnostics test will disrupt traffic on the port being tested.
Syntax Description
switchport <slot/port> Specifies that the cable diagnostics test be run on the indicated 10/100
Mbps switchport.
gigabit-switchport <slot/port> Specifies that the cable diagnostics test be run on the indicated
10/100/1000 Mbps gigabit switchport.
Default Values
Command History
Usage Examples
The following example runs a cable diagnostics test on switchport 0/1:
#test cable-diagnostics switchport 0/1

traceroute
Use the traceroute command to display the Internet Protocol version 4 (IPv4) routes a packet takes to
reach the specified destination. Variations of this command include:
traceroute
traceroute [ip] <ipv4 address | hostname>
traceroute [ip] <ipv4 address | hostname> <interface>
traceroute [ip] <ipv4 address | hostname> mef-ethernet <slot/port>
traceroute [ip] <ipv4 address | hostname> system-control-evc
traceroute [ip] <ipv4 address | hostname> system-management-evc
traceroute [ip] <ipv4 address | hostname> source <ipv4 address>
traceroute [ip] <ipv4 address | hostname> <interface> source <ipv4 address>
traceroute [ip] <ipv4 address | hostname> mef-ethernet <slot/port> <ipv4 address>
traceroute [ip] <ipv4 address | hostname> system-control-evc source <ipv4 address>
traceroute [ip] <ipv4 address | hostname> system-management-evc source <ipv4 address>
traceroute [ip] vrf <name> <ipv4 address | hostname>
traceroute [ip] vrf <name> <ipv4 address | hostname> <interface>
traceroute [ip] vrf <name> <ipv4 address | hostname> mef-ethernet <slot/port>
traceroute [ip] vrf <name> <ipv4 address | hostname> system-control-evc
traceroute [ip] vrf <name> <ipv4 address | hostname> system-management-evc
traceroute [ip] vrf <name> <ipv4 address | hostname> source <ipv4 address>
traceroute [ip] vrf <name> <ipv4 address | hostname> <interface> source <ipv4 address>
traceroute [ip] vrf <name> <ipv4 address | hostname> mef-ethernet <slot/port> <ipv4 address>
traceroute [ip] vrf <name> <ipv4 address | hostname> system-control-evc source <ipv4 address>
traceroute [ip] vrf <name> <ipv4 address | hostname> system-management-evc source <ipv4
address>
Syntax Description
ip Optional. Specifies an IPv4 trace.
<interface> Optional. Specifies the egress interface to use for the trace. Interfaces are
specified in the <interface type> <slot/port | interface id> format. For
example, for an Ethernet interface, use eth 0/1. Type traceroute <ipv4
address | hostname> ? to display a list of valid interfaces.
mef-ethernet <slot/port> Optional. Specifies the Metro Ethernet Forum (MEF) Ethernet interface is
used for the trace.
system-control-evc Optional. Specifies the system control Ethernet virtual connection (EVC) is
used for the trace.
system-management-evc Optional. Specifies the system management EVC is used for the trace.
<ipv4 address | hostname> Optional. Specifies the IPv4 address or host name of the remote system’s
route to trace.
source <ipv4 address> Optional. Specifies the IPv4 address of the interface to use as the source of
the trace. IPv4 addresses should be expressed in dotted decimal notation
(for example, 10.10.10.1).

vrf <name> Optional. Specifies the virtual routing and forwarding (VRF) where the route
exists.
Default Values
Command History
Release 18.3 Command was expanded to include the <interface> and ip parameters.
Functional Notes
The traceroute command can be issued from both the Basic and Enable modes.
Usage Examples
The following is sample output from the traceroute command:
>enable
#traceroute 192.168.0.1
Tracing route to 192.168.0.1 over a maximum of 30 hops
1 22ms 20ms 20ms 192.168.0.65
2 23ms 20ms 20ms 192.168.0.1

traceroute ethernet
Use the traceroute ethernet command to initiate a linktrace message from one Ethernet operations,
(MEP) to another MEP. These linktrace messages are used to trace the packet route to a destination MEP.
traceroute ethernet <target-mac-address | target-mep-id>

traceroute ethernet <target-mac-address | target-mep-id> domain <domain name> association
<association name>
traceroute ethernet <target-mac-address | target-mep-id> domain none association <association
name>
traceroute ethernet <target-mac-address | target-mep-id> fdb-only
traceroute ethernet <target-mac-address | target-mep-id> interface <interface>
traceroute ethernet <target-mac-address | target-mep-id> mep <mep id>
traceroute ethernet <target-mac-address | target-mep-id> sorted
traceroute ethernet <target-mac-address | target-mep-id> timeout <timeout>
traceroute ethernet <target-mac-address | target-mep-id> ttl <value>
After specifying the target for the linktrace messages, the other parameters can be entered
in any order.
Syntax Description
<target-mac-address | target-mep-id> Specifies the destination for the linktrace message. Medium
8191.
fdb-only Optional. Specifies that the maintenance points on the route
only use their forwarding database, and not their continuity
check message (CCM) database when deciding if/how to
forward linktrace messages.
interface <interface> Optional. Specifies the interface on which the transmitting MEP
is configured. Specify an interface in the format <interface type

mep <mep id> Optional. Specifies the MEP ID of the transmitting MEP. MEP ID
range is 1 to 8191.
sorted Optional. Specifies the traceroute utility waits until all traceroute
results have been received and sorted by hop count before
displaying them.
timeout <timeout> Optional. Specifies the time that the MEP will wait for a
response to the linktrace message. Range is 0 to 60 seconds.
ttl <value> Optional. Specifies the time to live (TTL) field of the linktrace
message. Range is 0 to 255.
Default Values
By default, the ttl value is set to 5 seconds.
Command History
(MEF) Metro Ethernet interface and the gigabit switchport
interface.
Release A5.01 Command was expanded to include the Gigabit Ethernet
interface.
Functional Notes
The traceroute ethernet command can be issued from both the Basic and Enable modes.
If the MEP ID is used as the target, the remote MEP must exist in the MEP CCM database (meaning the
remote MEP is transmitting valid CCMs) so that the MEP ID can be translated to the MAC address before
the linktrace message is transmitted.
not required.

Usage Examples
The following example initiates the Ethernet traceroute utility from a MEP with the ID 1 to an MEP with an
MEP ID of 201:
>enable
#traceroute ethernet 201 mep 1
TTL 255. LTM Timeout is 5 seconds

Tracing route to MEPID 201 (00:10:94:00:00:06)
from MEPID 1
in Domain_1/MA_1
MD Level 7, vlan 0
Traceroute sent via interface eth 0/1
--------------------------------------------------------------------------------------------------------------------------------------------
Hops Mac Flags Ingress-Action Relay Action
PrevHop Egress-Action
--------------------------------------------------------------------------------------------------------------------------------------------
00:A0:C8:16:96:0D EgOK
00:10:94:00:00:04 EgOK
00:10:94:00:00:00 EgOK
4 00:10:94:00:00:06 (Eg) Terminal InNoTLV RLY_HIT
00:10:94:00:00:05
Destination reached
Remember that linktrace can be a tree-structure, and is not always linear. The PrevHop for
Hop 3 in the previous example tells you the MAC of Hop 2. This gives you a way to trace
the linktrace message when a tree-structure exists. Refer to Section J.5 of IEEE 802.1ag

traceroute ipv6
Use the traceroute ipv6 command to display the IPv6 nodes traversed to reach the specified destination.
traceroute ipv6 <ipv6 address>

traceroute ipv6 <ipv6 address> <interface>
traceroute ipv6 <ipv6 address> mef-ethernet <slot/port>
traceroute ipv6 <ipv6 address> system-control-evc
traceroute ipv6 <ipv6 address> system-management-evc
traceroute ipv6 <ipv6 address> <interface> source <ipv6 address>
traceroute ipv6 <ipv6 address> mef-ethernet <slot/port> <ipv6 address>
traceroute ipv6 <ipv6 address> system-control-evc source <ipv6 address>
traceroute ipv6 <ipv6 address> system-management-evc source <ipv6 address>
traceroute ipv6 <ipv6 address> source <ipv6 address>
traceroute ipv6 vrf <name> <ipv6 address>
traceroute ipv6 vrf <name> <ipv6 address> <interface>
traceroute ipv6 vrf <name> <ipv6 address> mef-ethernet <slot/port>
traceroute ipv6 vrf <name> <ipv6 address> system-control-evc
traceroute ipv6 vrf <name> <ipv6 address> system-management-evc
traceroute ipv6 vrf <name> <ipv6 address> <interface> source <ipv6 address>
traceroute ipv6 vrf <name> <ipv6 address> mef-ethernet <slot/port> source <ipv6 address>
traceroute ipv6 vrf <name> <ipv6 address> system-control-evc source <ipv6 address>
traceroute ipv6 vrf <name> <ipv6 address> system-management-evc source <ipv6 address>
traceroute ipv6 vrf <name> <ipv6 address> source <ipv6 address>
Syntax Description
<interface> Optional. Specifies the egress interface when tracing a route to an IPv6
link-local address (any address that has the prefix FE80::/64). Interfaces
are specified in the <interface type> <slot/port | interface id> format. For
example, for an Ethernet interface, use eth 0/1. Type traceroute ipv6 <ipv6
address> ? to display a list of valid interfaces. This variable is ignored when
using a non-link-local address.
<ipv6 address> Specifies the IPv6 address of the remote system’s route to trace. IPv6
addresses should be expressed in colon hexadecimal format (X:X:X:X::X).
For example, 2001:DB8:1::1. Entering the traceroute ipv6 command using
a link-local destination address prompts the user for an egress interface.
mef-ethernet <slot/port> Optional. Specifies the Metro Ethernet Forum (MEF) Ethernet interface is
used for the trace.
used for the trace.
system-management-evc Optional. Specifies the system management EVC is used for the trace.
probing packets. The source IPv6 address must be a valid address local to
the router on the specified virtual routing and forwarding (VRF) instance.

Default Values
Command History
Functional Notes
The traceroute ipv6 command can be issued from both the Basic and Enable modes.
platforms supporting multiple VRF instances (multi-VRF) have an unnamed default VRF instance
Usage Examples
The following is sample output from the traceroute ipv6 command:
>enable
#traceroute ipv6 2001:DB8:1A0::3
Tracing route to over a maximum of 30 hops
1 2ms 2ms 3ms 2001:DB8:0:F820::5
2 102ms 109ms 102ms 2001:DB8:1A0::3

undebug all
Use the undebug all command to disable all activated debug messages.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example disables all activated debug messages:
>enable
#undebug all

verify-file
Use the verify-file command to validate a boot image file located in a specified memory location
(CompactFlash®, system flash, RAM disk, or USB flash drive). AOS initiates the validation process
automatically before an image can be set as the primary boot image. This command is used as a
precautionary step before erasing the primary boot image. Variations of this command include:
verify-file cflash <filename>

verify-file flash <filename>
verify-file ramdisk <filename>
verify-file usbdrive0 <filename>
Not all units are capable of using a RAM disk file system, CompactFlash card, or
Universal Serial Bus (USB) flash drive. Use the verify-file ? command to display a list of
valid commands at the enable prompt.
Syntax Description
<filename> Specifies the name of the file to validate.
cflash Indicates the specified file is located on the CompactFlash card.
flash Indicates the specified file is located in the system flash memory.
ramdisk Indicates the specified file is located in the volatile RAM disk.
usbdrive0 Indicates the specified file is located in the USB flash drive memory.
Default Values
Command History
Release R12.1.0 Command version verify-file flash <filename> was made unavailable for
virtual AOS (vAOS) instances.
Functional Notes
The verify-file flash <filename> command is not available on vAOS instances.
Usage Examples
The following example validates the NV3120A-17-05-01-00-E.biz file (located in the volatile RAM disk) as
a possible candidate for the boot system file:
>enable
#verify-file ramdisk NV3120A-17-05-01-00-E.biz
Valid file signature

vlan database
Use the vlan database command to enter the Virtual Local Area Network (VLAN) Database
Configuration mode. Refer to the section VLAN Database Command Set on page 3346 for more
information.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enters the VLAN Configuration mode:
>enable
#vlan database

voice dsp capture

Use the voice dsp capture command to initiate digital signal processor (DSP) captures. Use the no form of
voice dsp capture cancel

voice dsp capture start
voice dsp capture start <value>
voice dsp capture stop
Syntax Description
cancel Cancels the current DSP capture and discards the captured files.
start Starts the command line interface (CLI) wizard that prompts the user for the
necessary information to initiate a DSP capture.
<value> Optional. Specifies a DSP capture starting on a specific channel on DSP
0/1. The valid channel number range is 1 to 32.
stop Stops the current DSP capture and downloads the captured files to FLASH.
Default Values
By default, the DSP capture is disabled.
Command History
Functional Notes
The voice DSP captures are used to help diagnose voice issues. The channel numbers for this command
correspond to those seen in the show and debug commands (for example, the first channel is 1, not 0).
Output is received on all console sessions notifying you of a running DSP capture or download. Closing
the CLI session on which the capture was started will cancel the current capture. This method of DSP
capture is valid on AOS Release 15.1 or later, replacing the en8 int voip 0/1 method.
Usage Examples
The following example starts a DSP capture:
#voice dsp capture start

DSP Slot [0]: 0
DSP Port [1]: 1
DSP Channel [1]:1
%Warning! Performance of this unit may be degraded during a DSP capture!
Continue and start DSP Capture? [y/n] y
DSP UTILITIES. Voice Capture A DSP capture is active on VoIP 0/1 on channel 1dsp capture

voice loopback-call
Use the voice loopback-call command to initiate and terminate voice loopback calls. Variations of this
command include:
voice loopback-call start from <number> to <number>

voice loopback-call stop account <number>
voice loopback-call stop all
voice loopback-call stop id <number>
Syntax Description
start from <number> Starts a loopback call from the specified extension number (loopback
account).
to <number> Specifies the extension number to call.
stop Stops active loopback calls.
account <number> Terminates the call(s) for the specific account.
all Terminates all loopback calls.
id <number> Terminates a specific loopback call based on the identity number of the call.
Default Values
By default, no loopback accounts are configured.
Command History
Usage Examples
The following example starts a voice loopback call:
>enable
#voice loopback-call start from 5555 to 6100

wall <message>
Use the wall command to send messages to all users currently logged into the AOS unit.
Syntax Description
<message> Sends a message to all users logged into the command line interface (CLI).
Default Values
Command History
Usage Examples
The following example sends the message “Reboot in 5 minutes if no objections” to the CLI screen of
everyone currently connected:
>enable
#wall Reboot in 5 minutes if no objections

write
Use the write command to save the running configuration to the unit’s nonvolatile random access memory
(NVRAM) or a Trivial File Transfer Protocol (TFTP) server. Also, use the write command to clear
NVRAM or to display the running configuration on the terminal screen. Entering the write command with
no other arguments copies your configuration changes to the unit’s NVRAM. Once the save is complete,
the changes are retained even if the unit is shut down or suffers a power outage. Variations of this
command include:
write
write dynvoice-config
write erase
write memory
write network
write terminal
Syntax Description
dynvoice-config Optional. Writes dynvoice configuration information to the unit’s NVRAM.
erase Optional. Erases the configuration files saved to the unit’s NVRAM.
memory Optional. Saves the current configuration to NVRAM.
network Optional. Saves the current configuration to the network TFTP server.
terminal Optional. Displays the current configuration on the terminal screen.
Default Values
Command History
Usage Examples
The following example saves the current configuration to the unit’s NVRAM:
>enable
#write memory

Command Reference Guide Global Configuration Mode Command Set
GLOBAL CONFIGURATION MODE COMMAND SET
To activate the Global Configuration mode, enter the configure terminal command at the Enable mode
prompt. For example:
>enable
#configure terminal
(config)#
The following commands are common to multiple command sets and are covered in a centralized section
of this guide. For more information, refer to the sections listed below:
do on page 81
end on page 82
exit on page 83
shutdown on page 93
aaa accounting commands begin on page 1147

aaa authentication commands begin on page 1156
aaa authorization commands begin on page 1168
aaa group server on page 1176
aaa local authentication attempts max-fail <number> on page 1178
aaa on on page 1179
aaa processes <value> on page 1180
activchassis commands begin on page 1181
arp <ip address> <mac address> arpa on page 1187
as-path-list <name> on page 1188
auto-config commands begin on page 1189
auto-link commands begin on page 1208
banner on page 1213
battery <slot/port> on page 1214
boot config on page 1215
boot system on page 1217
boot voip on page 1220
bridge irb on page 1221
bridge <number> protocol ieee on page 1223
clock on page 1224

Global Configuration Mode Command Set Command Reference Guide
clock set <time> <day> <month> <year> on page 1225

clock timezone <value> on page 1226
community-list <name> on page 1228
counter-profile <slot/index> on page 1229
crypto commands begin on page 1230
data-call on page 1246
data-plane cpu mode on page 1248
desktop-auditing dhcp on page 1249
desktop-auditing local-policy on page 1250
desktop-auditing timeout <days> on page 1251
domain-list <domain> on page 1252
domain-lookup on page 1253
domain-name <domain name> on page 1255
domain-proxy on page 1257
dos-protection on page 1259
dot11ap access-point-control on page 1260
dynamic-counter <slot/index> on page 1261
enable password <password> on page 1262
ethernet ce-vlan-tpid <value> on page 1264
ethernet cfm on page 1265
ethernet cfm domain on page 1266
ethernet cfm log-changes on page 1268
ethernet flow-control-accept on page 1269
ethernet lmi on page 1271
ethernet loopback facility <name> <slot> on page 1272
ethernet loopback system mac address on page 1273
ethernet loopback terminal <name> <slot> on page 1274
ethernet nni on page 1275
ethernet s-tag-tpid <data> on page 1276
ethernet y1731 enable on page 1277
ethernet y1731 file-save consumption-limit on page 1278
ethernet y1731 file-save directory flash <directory> on page 1281
ethernet y1731 file-save interval <interval> on page 1283
ethernet y1731 file-save lifetime on page 1285
ethernet y1731 linktrace-cache on page 1287
ethernet y1731 meg on page 1288
evc <name> on page 1289
evc-map <name> on page 1290
event-history on on page 1291

event-history priority on page 1292

event-history size <size> on page 1294
exception memory minimum <value> on page 1295
exception report on page 1296
ffe wildcard on page 1297
filesystem throttle on page 1298
ftp authentication <listname> on page 1299
garp timer <value> on page 1300
global-policer warning on page 1301
global-policer warning threshold dropped-packets <number> on page 1302
global-policer warning threshold rate-percent <percent> on page 1303
gvrp on page 1304
hmr intercept on page 1305
hmr policy <name> on page 1306
hmr rule-set <name> on page 1307
hmr set public-variable <variable> new-value <pattern> on page 1308
host on page 1309
hostname <name> on page 1311
http commands begin on page 1312
hw-access-map <name> on page 1329
interface efm-group on page 1331
interface mef-ethernet <slot/port> on page 1332
interface range <interface type> <slot/port> - <slot/port> on page 1333
interface tunnel <number> on page 1334
ip commands begin on page 1336
ip firewall commands begin on page 1359
ip mgcp commands begin on page 1411
ip rtp commands begin on page 1447
ip urlfilter commands begin on page 1485
ipv6 commands begin on page 1492
ipv6 firewall commands begin on page 1515
isdn-group <number> on page 1557
isdn-number-template on page 1558
led status-led startup-state on page 1561
license server on page 1562
line on page 1563
lldp on page 1565
load-protect commands begin on page 1567
logging forwarding commands begin on page 1573

mac access-list standard <name> on page 1598

mac address-table aging-time <value> on page 1599
mac address-table static <mac address> on page 1600
mac hw-access-list extended <name> on page 1601
mail-client <agent name> on page 1603
mef evc <name> on page 1604
mef evc-map <name> on page 1605
mef policer <name> on page 1606
mef qos on page 1607
modem countrycode <value> on page 1609
monitor session <number> on page 1612
name-server on page 1614
network-forensics ip dhcp on page 1616
network-sync on page 1617
no activchassis on page 1618
ntp commands begin on page 1621
over-temperature protection on page 1643
packet-capture <name> on page 1644
policer <name> on page 1645
policy-class max-sessions <number> on page 1646
portal-list <name> <portal1 portal2 portal3...> on page 1647
port-auth commands begin on page 1648
port-channel load-balance on page 1653
power-supply shutdown automatic on page 1654
privilege <mode> level <level> on page 1655
probe on page 1658
probe responder on page 1660
procare on page 1661
procloud on page 1662
qos commands begin on page 1663
queue interface on page 1670
queue time-constant wred <value> on page 1671
radius-server on page 1672
radius-server host on page 1674
resource-utilization on page 1676
restricted boot on page 1677
rtcp on page 1678
route-map on page 1679
router commands begin on page 1681

schedule <name> on page 1687

sdp grammar hold on page 1689
sdp grammar ptime on page 1690
service password-encryption on page 1691
sfp trap threshold alarm time-interval <value> on page 1692
shaper <name> on page 1693
sip commands begin on page 1694
sip grammar commands begin on page 1699
sip proxy commands begin on page 1720
sip timer commands begin on page 1764
snmp agent on page 1776
snmp ifmib alias long on page 1777
snmp-server commands begin on page 1778
sntp retry-timeout <value> on page 1824
sntp server on page 1825
sntp wait-time <value> on page 1826
spanning-tree commands begin on page 1827
srtp-profile <profile name> on page 1837
ssh-server <port> on page 1838
ssh-server authentication on page 1839
ssh-server cipher on page 1840
ssh-server kex on page 1841
ssh-server mac on page 1842
ssh-server pubkey-chain on page 1843
stack on page 1846
statistics rate-interval <value> on page 1848
system-control-evc on page 1849
system-management-evc on page 1850
system mtu <size> on page 1851
tacacs-server on page 1852
tacacs-server host on page 1853
tcl run <name> track <track name> on page 1855
tcl script <name> <delimiter> on page 1856
telnet on page 1857
telnet-server <port> on page 1859
test template match <string> to <pattern> on page 1860
tftp commands begin on page 1863
thresholds on page 1867
timing-source on page 1869

tls-profile <profile name> on page 1870

track <name> on page 1871
username <username> password <password> on page 1872
vlan <vlan id> on page 1874
voice commands begin on page 1875
voip name-service host on page 1969
voip name-service verification attempts <number> interval <seconds> on page 1971
vrf forwarding <name> on page 1973
vrf <name> route-distinguisher on page 1974

aaa accounting commands <level>

Use the aaa accounting commands command to create and define a default or named accounting method
list for use with authentication, authorization, and accounting (AAA) accounting services. The accounting
commands method lists specify the types of information recorded when users access specified command
levels (privileged or unprivileged). Use the no form of this command to disable the accounting commands
method list. Variations of this command include:
aaa accounting commands <level> default none

aaa accounting commands <level> default stop-only group <name>
aaa accounting commands <level> default stop-only group tacacs+
aaa accounting commands <level> <listname> none
aaa accounting commands <level> <listname> stop-only group <name>
aaa accounting commands <level> <listname> stop-only group tacacs+
Syntax Description
<level> Specifies whether the method list applies to Level 1 (unprivileged) or
Level 15 (privileged) commands.
<listname> Creates and names the accounting commands method list to use rather
than the default list.
default Creates and defines the default accounting commands method list to use
rather than a named list.
none Specifies that no accounting methods are used.
stop-only Records accounting information only when the connection terminates.
group <name> Specifies using a subset of terminal access controller access-control
system (TACACS+) servers for keeping accounting records. Subsets are
named server groups previously created using the command aaa group
server on page 1176. A server group must be configured to use this
method.
group tacacs+ Specifies using all TACACS+ servers for keeping accounting records.
TACACS+ servers must be configured to use this method. Refer to the
Functional Notes for more information.
Default Values
By default, AAA accounting is disabled and no accounting command method lists are defined.
Command History

Functional Notes
AAA accounting is an AAA service that helps track the services and resources that network users are
accessing and using. Accounting works by sending records of user activity to a configured server that can
be used by network administrators to monitor network management, client billing, and auditing. In AOS,
AAA accounting can record the commands users are entering using the aaa accounting commands
command to create method lists that monitor specified command levels.
Before AAA accounting method lists can be configured or applied, AAA must be enabled. To enable AAA,
use the command aaa on on page 1179.
Each AAA accounting method list relies on a combination of accounting methods. Each method must be
entered into the list in the order that they are to be performed. Although these methods can be entered in
any order, each can only be used once. The exception is the group <name> method that can be entered
multiple times to accommodate multiple configured server groups. When specifying methods for the AAA
accounting commands method list, it is important to remember that no additional parameters are available
when using the none option, and that group tacacs+ or group <name> methods are not available until
after specifying stop-only. Once you have specified stop-only as a method, you can specify group
tacacs+ and group <name> in any order or combination. If the unit fails to make a connection with the first
group listed, it will try the next group specified.
The two types of method lists created using the aaa accounting commands command are a default list
and a named list. A default list is one that is created and automatically applied to all line interfaces at the
global level. A named method list is one that does not perform any action until it is manually applied to an
interface. Named AAA accounting commands method lists are applied to line interfaces using the
accounting commands command from the appropriate line interface configuration mode (Line (Console)
Interface Command Set on page 2006, Line (Telnet) Interface Command Set on page 2039, or Line (SSH)
Interface Command Set on page 2023).
To use TACACS+ servers to record command accounting information (TACACS+ are the only servers
available for AOS AAA accounting; RADIUS servers are not supported), the TACACS+ servers must be
configured prior to creating the method list. You can configure all TACACS+ servers in the system using
the command tacacs-server on page 1852. You can configure individual TACACS+ servers using the
command tacacs-server host on page 1853. Once the TACACS+ servers have been configured, you can
use all TACACS+ servers for maintaining accounting records by using the group tacacs+ method. If you
only want to use some of the available TACACS+ servers for accounting, you can create a named server
group and add the TACACS+ servers to the group. Server groups are created using the command aaa
group server on page 1176 and servers are added to the group as outlined in the TACACS+ Group
For more information about AAA accounting, or AAA configuration in general, refer to the Configuring AAA
in AOS configuration guide available online at https://supportcommunity.adtran.com.
Usage Examples
The following example creates a list called myList and specifies that accounting records are generated for
all Level 1 commands when the connection terminates, and that these records are received by all
configured TACACS+ servers:
(config)#aaa accounting commands 1 myList stop-only group tacacs+

aaa accounting connection

Use the aaa accounting connection command to create and define a default or named accounting method
list for use with authentication, authorization, and accounting (AAA) accounting services. The accounting
connection method lists are used to specify the types of information recorded about outbound connections
made from the AOS unit. Use the no form of this command to disable the accounting connection method
list. Variations of this command include:
aaa accounting connection default none

aaa accounting connection default start-stop group <name>
aaa accounting connection default start-stop group tacacs+
aaa accounting connection default stop-only group <name>
aaa accounting connection default stop-only group tacacs+
aaa accounting connection <listname> none
aaa accounting connection <listname> start-stop group <name>
aaa accounting connection <listname> start-stop group tacacs+
aaa accounting connection <listname> stop-only group <name>
aaa accounting connection <listname> stop-only group tacacs+
Syntax Description
default Creates and defines the default accounting connection method list to use
rather than the named list.
<listname> Creates and names the accounting connection method list to create and
use rather than the default list.
start-stop Records accounting information when the connection begins and when the
connection terminates.
method.
Default Values
By default, AAA accounting connection is disabled and no accounting connection method lists are defined.
Command History

Functional Notes
AAA accounting can record information about outbound connections made from the network access server
using the aaa accounting connection command to create method lists that monitor outbound
connections.
accounting connection method list, it is important to remember that no additional parameters are available
when using the none option, and that group tacacs+ or group <name> methods are not available until
after specifying start-stop or stop-only. Once you have specified start-stop or stop-only as a method,
you can specify group tacacs+ and group <name> in any order or combination. If the unit fails to make a
connection with the first group listed, it will try the next group specified.
The two types of method lists created using the aaa accounting connection command are a default list
interface. Named AAA accounting connection method lists are applied to line interfaces using the
accounting connection command from the appropriate line interface configuration mode (Line (Console)
To use TACACS+ servers to record connection accounting information (TACACS+ are the only servers
available for AOS AAA accounting; RADIUS servers are not supported), the TACACS+ servers must be
use all TACACS+ servers for maintaining accounting records by using the group tacacs+ method. If you
only want to use some of the available TACACS+ servers for accounting, you can create a named server
group and add the TACACS+ servers to the group. Server groups are created using the command aaa
group server on page 1176 and servers are added to the group as outlined in the TACACS+ Group

Usage Examples
The following example creates a list called myList and sends the connection information to all TACACS+
servers when the connection terminates:
(config)#aaa accounting connection myList stop-only group tacacs+
The following example creates a list called myList and sends the connection information to the TACACS+
servers when the connection is made and when the connection terminates:
(config)#aaa accounting connection myList start-stop group tacacs+

aaa accounting exec

Use the aaa accounting exec command to create and define a default or named accounting method list for
use with authentication, authorization, and accounting (AAA) accounting services. AAA executive
accounting method lists are used to specify the types of information recorded about inbound connections
made by connecting to the line interfaces and creating a terminal session. Use the no form of this command
to disable the accounting exec method list. Variations of this command include:
aaa accounting exec default none

aaa accounting exec default start-stop group <name>
aaa accounting exec default start-stop group tacacs+
aaa accounting exec default stop-only group <name>
aaa accounting exec default stop-only group tacacs+
aaa accounting exec <listname> none
aaa accounting exec <listname> start-stop group <name>
aaa accounting exec <listname> start-stop group tacacs+
aaa accounting exec <listname> stop-only group <name>
aaa accounting exec <listname> stop-only group tacacs+
Syntax Description
default Creates and defines the default accounting exec method list to use rather
than the named list.
<listname> Creates and names the accounting exec method list to use rather than the
default list.
start-stop Records accounting information when the connection begins and when the
connection terminates.
method.
Default Values
By default, AAA accounting exec is disabled and no accounting exec method lists are defined.
Command History

Functional Notes
AAA accounting can record information about inbound connections (made by connecting to the line
interfaces and creating a terminal session) using the aaa accounting exec command to create method
lists that monitor inbound connections.
accounting exec method list, it is important to remember that no additional parameters are available when
using the none option, and that group tacacs+ or group <name> methods are not available until after
specifying start-stop or stop-only. Once you have specified start-stop or stop-only as a method, you
can specify group tacacs+ and group <name> in any order or combination. If the unit fails to make a
The two types of method lists created using the aaa accounting exec command are a default list and a
named list. A default list is one that is created and automatically applied to all line interfaces at the global
level. A named method list is one that does not perform any action until it is manually applied to an
interface. Named AAA accounting exec method lists are applied to line interfaces using the accounting
exec command from the appropriate line interface configuration mode(Line (Console) Interface Command
Set on page 2006, Line (Telnet) Interface Command Set on page 2039, or Line (SSH) Interface Command
Set on page 2023).
To use TACACS+ servers to record exec accounting information (TACACS+ are the only servers available
for AOS AAA accounting; RADIUS servers are not supported), the TACACS+ servers must be configured
prior to creating the method list. You can configure all TACACS+ servers in the system using the command
tacacs-server on page 1852. You can configure individual TACACS+ servers using the command
tacacs-server host on page 1853. Once the TACACS+ servers have been configured, you can use all
TACACS+ servers for maintaining accounting records by using the group tacacs+ method. If you only
want to use some of the available TACACS+ servers for accounting, you can create a named server group
and add the TACACS+ servers to the group. Server groups are created using the command aaa group
server on page 1176 and servers are added to the group as outlined in the TACACS+ Group Command
Set on page 4492.
Usage Examples
The following example creates a list called myList and sends the connection/login records to the
TACACS+ servers when the connection is terminated:
(config)#aaa accounting exec myList stop-only group tacacs+

aaa accounting suppress null-username

Use the aaa accounting suppress null-username command to specify that authentication, authorization,
and accounting (AAA) accounting records for users with a NULL user name are not sent to the AAA
accounting server.
Syntax Description
No subcommands.
Default Values
By default, records of all user accounts, including NULL user names, are sent to the server.
Command History
Functional Notes
Null users are those users whose user name string is NULL. Users might have this user name if they came
in on a line whose record type is none (typically, these are users that authenticated with a password-only
login or no login).
Usage Examples
The following example specifies that users with the user name NULL are not sent to the server:
(config)#aaa accounting suppress null-username

aaa accounting update

Use the aaa accounting update command to specify how often authentication, authorization, and
accounting (AAA) accounting records are sent to the accounting server(s). Use the no form of this
command to return to the default setting. Variations of this command include:
aaa accounting update newinfo

aaa accounting update periodic <value>
Syntax Description
newinfo Specifies that information is sent to the server only when there is new
recorded information.
periodic <value> Specifies the time interval (in minutes) between sending accounting records
to the server. Interval range is 1 to 2147483647.
Default Values
By default, accounting records are sent to the server every 5 minutes.
Command History
Usage Examples
The following example specifies that accounting records are sent to the accounting server every 60
minutes:
(config)#aaa accounting update periodic 60

aaa authentication banner <banner>

Use the aaa authentication banner command to specify the banner shown during authentication,
authorization, and accounting (AAA) login/authentication. Using the no form of this command returns the
banner to the default message.
Syntax Description
banner <banner> Sets the banner shown before user authentication is attempted. The banner
can be multiple lines. Enter a delimiter (such as #) to begin recording the
typed text message used for the banner. The message must end with the
same delimiter to indicate that the message is complete. The text delimiters
are not displayed to the screen during operation.
Default Values
By default, the authentication banner is User Access Verification.
Command History
Usage Examples
The following example changes the authentication banner to read User Login Authentication:
(config)#aaa authentication banner #
Enter TEXT message. End with the character '#'.
User Login Authentication:#
(config)#

aaa authentication enable default

Use the aaa authentication enable default command to create and define the default authentication,
authorization, and accounting (AAA) authentication method list used for access to the Enable (privileged)
mode. Use the no form of this command to disable the authentication method list. Variations of this
command include:
aaa authentication enable default enable

aaa authentication enable default group radius
aaa authentication enable default group tacacs+
aaa authentication enable default group <name>
aaa authentication enable default line
aaa authentication enable default none
Each method parameter after default specifies the authentication method to be attempted
in the order in which they are to be tried. Multiple methods can be specified for
authentication, but the authentication procedure is dependent upon the entry order of the
methods.
Syntax Description
none Specifies that no authentication methods are used. If this method is
entered, it should come at the end of the list of authentication methods in
the command entry. This method should only be used to prevent a lock-out
situation.
line Specifies using the line password (Telnet 0 through 4 or console 0 through
1) for authentication. The line password must be configured to use this
method (using the password <password> command from the appropriate
line interface configuration mode prompt).
enable Specifies using the Enable mode password for authentication. The Enable
mode password must be defined to use this method (using the command
enable password <password> on page 1262).
group radius Specifies that all defined remote authentication dial-in user service
(RADIUS) servers are used for authentication. RADIUS servers must be
configured to use this method. Refer to the Functional Notes for more
information.
group tacacs+ Specifies that all defined terminal access controller access-control system
plus (TACACS+) servers are used for authentication. TACACS+ servers
must be configured to use this method. Refer to the Functional Notes for
more information.
group <name> Specifies using a subset of TACACS+ or RADIUS servers for
authentication. Subsets are named server groups previously created using
the command aaa group server on page 1176. A server group must be
configured to use this method.

Default Values
If the Enable mode password is used as an authentication method and the authentication request is going
to a RADIUS server, the user name $enabl15$is sent by default. If the request is going to a TACACS+
server, the user name used for login authentication is sent by default.
If no default methods list is configured, the unit uses the Enable mode password for authentication. If no
password is configured, consoles are allowed access (this prevents a lock-out condition).
Command History
Release 11.1 The group tacacs+ command was added.
Functional Notes
AAA authentication is an AAA service that helps verify user logins, user access to the Enable mode, and
port usage. Authentication works by verifying user credentials with those stored on a server. In AOS, AAA
authentication can verify a user’s permission to access Enable mode by using the aaa authentication
enable default command to create the default method list that monitors user permissions.
Before AAA authentication method lists can be configured or applied, AAA must be enabled. To enable
AAA, use the command aaa on on page 1179.
Each AAA authentication method list relies on a combination of authentication methods. Each method
must be entered into the list in the order that they are to be performed. Although these methods can be
entered in any order, each can only be used once. The exception is the group <name> method that can be
entered multiple times to accommodate multiple configured server groups. If the unit fails to make a
For security reasons, ADTRAN recommends that the local authentication method be used
instead of the none authentication method. Using the local authentication method
prevents unauthorized users from gaining access to the device during a period in which
the links to all authentication servers are down. The local user database contained within
the AOS device will always be available and serves as the last line of defense.
The type of method lists created using the aaa authentication enable default command is a default list. A
default list is one that is created and automatically applied to all line interfaces at the global level.
To use TACACS+ servers to perform Enable mode authentication, the TACACS+ servers must be
use all TACACS+ servers for authentication by using the group tacacs+ method. If you only want to use
some of the available TACACS+ servers for authentication, you can create a named server group and add
the TACACS+ servers to the group. Server groups are created using the command aaa group server on
page 1176 and servers are added to the group as outlined in the TACACS+ Group Command Set on page
4492.

To use RADIUS servers to perform Enable mode authentication, the RADIUS servers must be configured
prior to creating the method list. You can configure all RADIUS servers in the system using the command
radius-server on page 1672. You can configure individual RADIUS servers using the command
radius-server host on page 1674. Once the RADIUS servers have been configured, you can use all
RADIUS servers for authentication by using the group radius method. If you only want to use some of the
available RADIUS servers for authentication, you can create a named server group and add the RADIUS
servers to the group. Server groups are created using the command aaa group server on page 1176 and
servers are added to the group as outlined in the RADIUS Group Command Set on page 4483.
For more information about AAA authentication, or AAA configuration in general, refer to the Configuring
AAA in AOS configuration guide available online at https://supportcommunity.adtran.com.
Usage Examples
The following example specifies using the line password as the first method of authentication and using the
Enable mode password as the second:
(config)#aaa authentication enable default line enable

aaa authentication fail-message <message>

Use the aaa authentication fail-message command to specify the authentication, authorization, and
accounting (AAA) authentication fail message. This message is displayed if user authentication fails. Use
the no form of this command to return to the default message.
Syntax Description
<message> Specifies the message shown if user authentication fails. The message can
be multiple lines. Enter a delimiter (such as #) to begin recording the typed
text message displayed after a failed authentication attempt. The message
must end with the same delimiter to indicate that the message is complete.
The text delimiters are not displayed to the screen during operation.
Default Values
By default, the authentication fail message banner is set to Authentication failed.
Command History
Usage Examples
The following example changes the authentication fail message to Failed Authentication. Please try
again.:
(config)#aaa authentication fail-message #

Enter TEXT message. End with the character ‘#’.
Failed Authentication. Please try again.
(config)#

aaa authentication login

Use the aaa authentication login command to create and define a default or named method list for use
with authentication, authorization, and accounting (AAA) authentication services. The AAA
authentication login method list specifies the methods used to authenticate a user upon login. Use the no
form of this command to disable the authentication login method list. Variations of this command include:
aaa authentication login default enable

aaa authentication login default group radius
aaa authentication login default group tacacs+
aaa authentication login default group <name>
aaa authentication login default line
aaa authentication login default local
aaa authentication login default none
aaa authentication login <listname> enable
aaa authentication login <listname> group radius
aaa authentication login <listname> group tacacs+
aaa authentication login <listname> group <name>
aaa authentication login <listname> line
aaa authentication login <listname> local
aaa authentication login <listname> none
Each method parameter after default or <listname> specifies the authentication method
to be attempted in the order in which they are to be tried. Multiple methods can be
specified for authentication, but the authentication procedure is dependent upon the entry
order of the methods.
Syntax Description
default Creates and defines the default login authentication method list to use
<listname> Creates and names the login authentication method list to use rather than
the default list.
situation.
line Specifies using the line password (Telnet 0 through 4 or console 0 through
1) for authentication. The line password must be configured to use this
method (using the password <password> command from the appropriate
line interface configuration mode prompt).
enable Specifies using the Enable mode password for authentication. The Enable
mode password must be defined to use this method (using the command
enable password <password> on page 1262).

local Specifies using the local user name for authentication. User names must be
in the local user name database to use this method. User names are set
using the command username <username> password <password> on page
1872.
information.
group tacacs+ Specifies that all defined terminal access controller access-control system
plus (TACACS+) servers are used for authentication. TACACS+ servers
more information.
group <name> Specifies using a subset of TACACS+ or RADIUS servers for
authentication. Subsets are named server groups previously created using
the command aaa group server on page 1176. A server group must be
Default Values
By default, AAA authentication login method lists are not defined. Once a default list is defined, it is
automatically applied to all line interfaces unless a named list is created and applied manually.
Command History
Release 11.1 The group tacacs+ command was added.
Functional Notes
authentication can verify a user’s permission to access the unit by using the aaa authentication login
command to create a method list that monitors user access permissions.

The two types of method lists created using the aaa authentication login command are a default list and
a named list. A default list is one that is created and automatically applied to all line interfaces at the global
interface. Named AAA login authentication method lists are applied to line interfaces using the login
authentication <listname> command from the appropriate line interface configuration mode (Line
(Console) Interface Command Set on page 2006, Line (Telnet) Interface Command Set on page 2039, or
Line (SSH) Interface Command Set on page 2023).
To use TACACS+ servers to perform login authentication, the TACACS+ servers must be configured prior
to creating the method list. You can configure all TACACS+ servers in the system using the command
TACACS+ servers for authentication by using the group tacacs+ method. If you only want to use some of
the available TACACS+ servers for authentication, you can create a named server group and add the
TACACS+ servers to the group. Server groups are created using the command aaa group server on page
1176 and servers are added to the group as outlined in the TACACS+ Group Command Set on page 4492.
To use RADIUS servers to perform login authentication, the RADIUS servers must be configured prior to
creating the method list. You can configure all RADIUS servers in the system using the command
Usage Examples
The following example creates a login authentication list called myList and specifies using the local
database as the first method, myGroup as the second method, and line password as the third method for
login authentication:
(config)#aaa authentication login myList local group myGroup line
The following command sets the default authentication list for logins to use the local database as the first
authentication method:
(config)#aaa authentication login default local

aaa authentication password-prompt <prompt>

Use the aaa authentication password-prompt command to specify the message shown when prompting a
user for their password during authentication, authorization, and accounting (AAA) authentication. The no
form of this command returns the prompt to the default prompt.
Syntax Description
<prompt> Specifies the prompt that displays when prompting users for their password.
Enter a single line of text enclosed in quotation marks.
Default Values
By default, the authentication password prompt is set to Password:.
Command History
Usage Examples
The following example specifies the authentication password prompt reads Please Enter Your Password:
(config)#aaa authentication password-prompt “Please Enter Your Password:”

aaa authentication port-auth default

Use the aaa authentication port-auth default command to create and define the default method list for
use with authentication, authorization, and accounting (AAA) port authentication services. Use the no
form of this command to disable the authentication list. Variations of this command include:
aaa authentication port-auth default group radius

aaa authentication port-auth default group <name>
aaa authentication port-auth default local
aaa authentication port-auth default none
Each method parameter after default specifies the authentication method to be attempted
in the order in which they are to be tried. Multiple methods can be specified for
authentication, but the authentication procedure is dependent upon the entry order of the
methods.
Syntax Description
situation.
local Specifies using the local user name for port authentication. User names
must be in the local user name database to use this method. User names
are set using the command username <username> password <password>
on page 1872.
information.
group <name> Specifies using a subset of RADIUS servers for port authentication. Subsets
are named server groups previously created using the command aaa group
method.
Default Values
By default, no port authentication method lists are defined.
Command History

Functional Notes
authentication can verify port usage by using the aaa authentication port-auth default command to
create the default method list that monitors port usage.
The type of method lists created using the aaa authentication port-auth default command is a default
list. A default list is one that is created and automatically applied to all line interfaces at the global level.
To use RADIUS servers to perform port authentication, the RADIUS servers must be configured prior to
creating the method list. You can configure all RADIUS servers in the system using the command
Usage Examples
The following example specifies that the local user database be used for port authentication:
(config)#aaa authentication port-auth default local

aaa authentication username-prompt <prompt>

Use the aaa authentication username-prompt command to specify the message shown when prompting
a user for their user name during authentication, authorization, and accounting (AAA) authentication. Use
the no form of this command to return to the default prompt.
Syntax Description
<prompt> Specifies the prompt that displays when prompting users for their user
name. Enter a single line of text enclosed in quotation marks.
Default Values
By default, the authentication user name prompt is set to Username:.
Command History
Usage Examples
The following example specifies the authentication user name prompt reads Please Enter Your User
Name:
(config)#aaa authentication username-prompt “Please Enter Your User Name:”

aaa authorization commands <level>

Use the aaa authorization commands command to create and define a default or named authorization
method list for use with authentication, authorization, and accounting (AAA) authorization services. AAA
command authorization method lists are used to allow or restrict the use of certain commands on a per-user
basis. Use the no form of this command to disable the authorization commands method list. Variations of
aaa authorization commands <level> default group tacacs+

aaa authorization commands <level> default group <name>
aaa authorization commands <level> default if-authenticated
aaa authorization commands <level> default none
aaa authorization commands <level> <listname> group tacacs+
aaa authorization commands <level> <listname> group <name>
aaa authorization commands <level> <listname> if-authenticated
aaa authorization commands <level> <listname> none
Each method parameter after default or <listname> specifies the authorization method to
be attempted in the order in which they are to be tried. Multiple methods can be specified
for authorization, but the authorization procedure is dependent upon the entry order of the
methods.
Syntax Description
<level> Specifies whether the method list applies to Level 1 (unprivileged) or Level
15 (privileged) commands.
<listname> Creates and names the authorization commands method list to use rather
than the default list.
default Creates and defines the default authorization commands method list to use
none Specifies that no authorization methods are used for command
authorization. If this method is entered, it should come at the end of the list
of authorization methods in the command entry. This method should only be
used to prevent a lock-out situation.
if-authenticated Specifies that authorization is successful if the user has already been
authenticated. AAA authentication must be configured to use this method.
Refer to the Functional Notes for more information.
group tacacs+ Specifies using all terminal access controller access-control system plus
(TACACS+) servers for authorizing command usage. TACACS+ servers
more information.
group <name> Specifies using a subset of TACACS+ servers for authorizing command
usage. Subsets are named server groups previously created using the
command aaa group server on page 1176. A server group must be

Default Values
By default, no AAA authorization method lists are defined or applied.
Command History
Functional Notes
AAA authorization is an AAA service that helps limit the network services available to users. Authorization
works by retrieving information from the user’s profile (stored either on the local database or security
server) and uses that information to determine the areas of the network to which the user is allowed
access. In AOS, AAA authorization can limit the commands available to a specific user and specify
whether or not users can access privileged command line interface (CLI) sessions. Limiting available
commands on a per-user basis is achieved by using the aaa authorization commands command to
create a default or named method list that specifies which level of commands (Level 1 or Level 15) are
authorized.
The user command privilege level (1 or 15) must be defined in addition to specifying all of
the commands available on a per-user basis in the configuration of the TACACS+ server.
Commands of a particular level are not checked for authorization unless explicitly defined
in the configuration with a method list. For example, if a method list is defined for Level 1
commands but not Level 15, then a user is able to enter any Level 15 commands since no
authorization takes place due to the lack of a Level 15 commands method list. The same
user will only be allowed to enter the Level 1 commands configured for the user in the
Level 1 commands method list.
Before AAA authorization method lists can be configured or applied, AAA must be enabled. To enable
Each AAA authorization method list relies on a combination of authorization methods. Each method must
be entered into the list in the order that they are to be performed. Although these methods can be entered
in any order, each can only be used once. The exception is the group <name> method that can be entered
multiple times to accommodate multiple configured server groups. If the unit fails to make a connection
with the first group listed, it will try the next group specified.

The two types of method lists created using the aaa authorization commands command are a default list
interface. Named AAA command authorization method lists are applied to line interfaces using the
authorization commands <level> <listname> command from the appropriate line interface configuration
mode (Line (Console) Interface Command Set on page 2006, Line (Telnet) Interface Command Set on
page 2039, or Line (SSH) Interface Command Set on page 2023).
To use TACACS+ servers to perform command authorization, the TACACS+ servers must be configured
prior to creating the method list. You can configure all TACACS+ servers in the system using the command
TACACS+ servers for authorization by using the group tacacs+ method. If you only want to use some of
the available TACACS+ servers for authorization, you can create a named server group and add the
TACACS+ servers to the group. Server groups are created using the command aaa group server on page
1176 and servers are added to the group as outlined in the TACACS+ Group Command Set on page 4492.
For more information about AAA authorization, or AAA configuration in general, refer to the Configuring
Usage Examples
The following example creates a command authorization method list called myList, which authorizes
unprivileged commands (this succeeds only if the user has been authenticated successfully):
(config)#aaa authorization commands 1 myList if-authenticated
The following command defines the default command authorization method list to authorize privileged
(level 15) commands against all defined TACACS+ servers:
(config)#aaa authorization commands 15 default group tacacs+
If command authorization is used in conjunction with a TACACS+ server, the same user
name that is used to access AOS must be configured on the server.

aaa authorization config-command

Use the aaa authorization config-command command to enable or disable authorization for
configuration mode commands in AOS authentication, authorization, and accounting (AAA) services. This
command is used to verify that command-level authorization is enabled before applying AAA command
authorization method lists to a specific line interface. Use the no form of this command to disable
authorization for configuration commands.
Syntax Description
No subcommands.
Default Values
By default, authorization for configuration commands is enabled.
Command History
Functional Notes
The aaa authorization config-command command is used to ensure that authorization for configuration
commands is enabled at the global level before applying any AAA authorization method lists to a line
interface (console, Telnet, or secure shell (SSH)). This feature must be enabled before AAA authorization
method lists can be applied to the interface.
Usage Examples
The following example enables authorization of configuration mode commands:
(config)#aaa authorization config-command

aaa authorization console

Use the aaa authorization console command to enable AOS authentication, authorization, and accounting
(AAA) on the console interface. This command is used to verify that the console interface will allow AAA
operation before an AAA authorization method list is applied to the console interface. Use the no form of
this command to disable AAA on the console interface.
Syntax Description
No subcommands.
Default Values
By default, authorization is disabled on a console line interface. This measure prevents accidental lockout
issues on directly connected lines.
Command History
Functional Notes
AAA authorization method lists cannot be applied to a console interface until the aaa authorization
console command has been issued.
Usage Examples
The following example enables AAA authorization use on console interfaces:
(config)#aaa authorization console

aaa authorization exec

Use the aaa authorization exec command to create and define a default or named authorization method
list for use with authentication, authorization, and accounting (AAA) authorization services. The
authorization exec method list sets the parameters for authorizing access to the Enable mode in the
command line interface (CLI). Use the no form of this command to disable the authorization method list.
aaa authorization exec default group <name>

aaa authorization exec default group tacacs+
aaa authorization exec default if-authenticated
aaa authorization exec default none
aaa authorization exec <listname> group <name>
aaa authorization exec <listname> group tacacs+
aaa authorization exec <listname> if-authenticated
aaa authorization exec <listname> none
Each method parameter after default or <listname> specifies the authorization method to
be attempted in the order in which they are to be tried. Multiple methods can be specified
for authorization, but the authorization procedure is dependent upon the entry order of the
methods.
Syntax Description
default Creates and defines the default authorization method list to use rather than
a named method list.
<listname> Creates and names the authorization method list to use rather than the
default list.
none Specifies that no authorization methods are used for executive
authorization. If this method is entered, it should come at the end of the list
of authorization methods in the command entry. This method should only be
used to prevent a lock-out situation.
if-authenticated Specifies that authorization is successful if the user has already been
authenticated. AAA authentication must be configured to use this method.
group tacacs+ Specifies using all terminal access controller access-control system plus
(TACACS+) servers for authorizing executive CLI privileges. TACACS+
servers must be configured to use this method. Refer to the Functional
Notes for more information.
group <name> Specifies using a subset of TACACS+ servers for authorizing executive CLI
privileges. Subsets are named server groups previously created using the
command aaa group server on page 1176. A server group must be
Default Values
By default, AAA authorization for executive CLI privileges is disabled and no authorization method lists are
defined.

Command History
Functional Notes
AAA authorization is an AAA service that helps limit the network services available to users. Authorization
works by retrieving information from the user’s profile (stored either on the local database or security
server) and uses that information to determine the areas of the network to which the user is allowed
access. In AOS, AAA authorization can limit the commands available to a specific user and specify
whether or not users can access privileged CLI sessions. Limiting access to privileged CLI sessions is
achieved by using the aaa authorization exec command to create a default or named method list that
restricts access to Enable mode.
Before AAA authorization method lists can be configured or applied, AAA must be enabled. To enable
Each AAA authorization method list relies on a combination of authorization methods. Each method must
be entered into the list in the order that they are to be performed. Although these methods can be entered
in any order, each can only be used once. The exception is the group <name> method that can be entered
multiple times to accommodate multiple configured server groups. If the unit fails to make a connection
with the first group listed, it will try the next group specified.
The two types of method lists created using the aaa authorization exec command are a default list and a
named list. A default list is one that is created and automatically applied to all line interfaces at the global
interface. Named AAA exec authorization method lists are applied to line interfaces using the
authorization exec command from the appropriate line interface configuration mode (Line (Console)
To use TACACS+ servers to perform Enable mode authorization, the TACACS+ servers must be
use all TACACS+ servers for authorization by using the group tacacs+ method. If you only want to use
some of the available TACACS+ servers for authorization, you can create a named server group and add
the TACACS+ servers to the group. Server groups are created using the command aaa group server on
page 1176 and servers are added to the group as outlined in the TACACS+ Group Command Set on page
4492.

Usage Examples
The following example creates an executive mode authorization method list (called myList) to authorize
user access to Enable mode in the CLI (this succeeds only if the user has been authenticated
successfully):
(config)#aaa authorization exec myList if-authenticated
The following example specifies to use the default executive mode authorization method list to authorize
access to Enable mode using all TACACS+ servers:
(config)#aaa authorization exec default group tacacs+
If a TACACS+ server is used in conjunction with an executive mode access authorization

method list, the user name used to access the AOS device must be configured as a Level 15
user on the TACACS+ server.

aaa group server

Use the aaa group server command to create a group of remote authentication dial-in user service
(RADIUS) servers or a group of terminal access controller access-control system plus (TACACS+)
servers. These server groups can be used as methods for authentication, authorization, and accounting
(AAA) services in AOS. Use the no form of this command to remove a configured server group.
aaa group server radius <group name>

aaa group server tacacs+ <group name>
Syntax Description
radius <group name> Creates and names a group of RADIUS servers.
tacacs+ <group name> Creates and names a group of TACACS+ servers.
Default Values
By default, no named server groups exist.
Command History
Release 11.1 Command was expanded to include TACACS+ server support.
Functional Notes
Server groups can be beneficial when used with AAA method lists because they provide a way to verify
AAA services without using all of the configured RADIUS or TACACS+ servers. These server groups are a
subset of all RADIUS or TACACS+ servers and can save server resources for other network needs.
Servers must be configured before they can be added to the server group for use with AAA. To configure
RADIUS servers on an individual basis, use the command radius-server host on page 1674. To configure
all RADIUS servers alike, use the command radius-server on page 1672. To configure TACACS+ servers
on an individual basis, use the command tacacs-server host on page 1853. To configure all TACACS+
servers alike, use the command tacacs-server on page 1852. It is important to remember when configuring
servers for the server group that individual server configurations override any global server configurations.
Once the servers are configured, the aaa server group command allows you to begin creating a server
group. When you enter the command from the Global Configuration mode prompt, you enter the Server
Group Configuration mode. At this point, you can begin to add servers to the group using the server
command as detailed in the RADIUS Group Command Set on page 4483 and in the TACACS+ Group
For more information on group server configurations and their use with AAA, refer to the Configuring AAA

Usage Examples
The following example creates the named list RADauthentication and enters the RADIUS Group
Configuration mode for RADIUS servers:
(config)#aaa group server radius RADauthentication

(config-sg-radius)#
The following example creates the named list TACaccount and enters the TACACS+ Group Configuration
mode for TACACS+ servers:
(config)#aaa group server tacacs+ TACaccount

(config-sg-tacacs+)#

aaa local authentication attempts max-fail <number>

Use the aaa local authentication attempts max-fail command to set the maximum number of failed
authentication attempts allowed before closing the terminal session when using AAA authentication. Use
the no form of this command to return to the default setting.
Syntax Description
<number> Specifies the maximum number of failed authentication attempts allowed
before closing the terminal session. Valid range is 1 to 25 attempts.
Default Values
By default, the session closes after 3 failed attempts.
Command History
Usage Examples
The following example configures the device to allow a maximum of 10 failed authentication attempts
before closing the session:
(config)#aaa local authentication attempts max-fail 10

aaa on
Use the aaa on command to activate authentication, authorization, and accounting (AAA) services. Use
the no form of this command to deactivate AAA.
Syntax Description
No subcommands.
Default Values
By default, AAA is not activated.
Command History
Functional Notes
By default, AAA is disabled. AAA must be enabled for additional AAA configuration commands to be
available. If AAA is enabled, AAA methods will override other security methods specified in the line
interface.
For more information about the use and configuration of AAA, refer to the Configuring AAA in AOS
Usage Examples
The following example activates AAA services:
(config)#aaa on

aaa processes <value>

Use the aaa processes command to set the number of threads available to the authentication, authorization,
and accounting (AAA) background processes. Use the no form of this command to return to the default
setting.
Syntax Description
<value> Specifies the number of threads available to the AAA subsystem. Range is
1 to 64 threads.
Default Values
By default, the number of threads is set to 1.
Command History
Functional Notes
Increasing the number of threads may speed up simultaneous authentication processes, but can do so at
the cost of system resources (for example, memory).
For more information about AAA, refer to the Configuring AAA in AOS configuration guide available online
at https://supportcommunity.adtran.com.
Usage Examples
The following example specifies five available threads for AAA background processes:
(config)#aaa processes 5

activchassis deallocate <vcid>

Use the activchassis deallocate command to delete the entire configuration for a particular device from
the ActivChassis configuration.
Syntax Description
<vcid> Specifies the virtual chassis ID (VCID) of the device to delete from the
ActivChassis. Valid range is 1 to 8. Values 1 and 2 refer to the master and
backup device, respectively.
Default Values
Command History
Functional Notes
The following rules apply to this command:
• The device currently using the specified VCID value must be disconnected and not communicating
with the ActivChassis. If the device is connected to ActivChassis, the command is not performed.
• If the device later reconnects to the Activchassis with the same VCID value, it is treated as if it is a
new device being added to ActivChassis.
• The VCID cannot be that of the current master.
• Once the command is issued, the device whose VCID has been removed is returned to the
linecard default state.
When this command is issued, all configuration corresponding to the device with the specified VCID is
deleted from the ActivChassis configuration and the master device’s hardware manifest. If the device later
reconnects to the ActivChassis with the same VCID value, it is treated as if it is a new device.
The device that has the VCID to be deleted cannot be connected to the ActivChassis when the command
is issued. It must be disconnected from the chassis before issuing the command. In addition, deleting the
VCID does not change the VCID on the device using that VCID value. You should default the device to
clear all ActivChassis information (refer to the command activchassis restore-linecard-dflt on page 1184).
Usage Examples
The following example deletes an allocated VCID on a disconnected, non-master device:
(config)#activchassis deallocate 6

activchassis front-panel-config
Use the activchassis front-panel-config command to enable the ability to configure an ActivChassis ID
(VCID) from an ActivChassis device’s front panel. Use the no form of this command to disable this
feature.
Syntax Description
No subcommands.
Default Values
By default, this feature is enabled.
Command History
Functional Notes
The VCID can always be monitored from a device’s front panel.
Usage Examples
The following example specifies that front panel configuration of the VCID is disabled for all ActivChassis
members:
(config)#no activchassis front-panel-config

activchassis renumber <from vcid> <to vcid>

Use the activchassis renumber command to modify a master-assigned ActivChassis ID (VCID) of an
ActivChassis device. This command changes a device’s VCID from its current value to a different value.
The change is made on the device and in the ActivChassis hardware manifest, but not in the ActivChassis
configuration.
Syntax Description
<from vcid> The current VCID that will be changed on the ActivChassis device. Valid
range is 1 to 8 (VCID 1 and 2 refer to the master and backup ActivChassis
device, respectively).
<to vcid> The new VCID to be assigned to the ActivChassis device. Valid range is 1
to 8 (VCID 1 and 2 refer to the master and backup ActivChassis device,
respectively).
Default Values
Command History
Functional Notes
When using this command, remember that the device that currently has the <from vcid> value assigned
must be connected and actively communicating in the ActivChassis to be renumbered. Neither VCID value
can be that of the current master. Master VCID devices must be reassigned by rebooting the device as a
standalone unit and then entering the command activchassis vcid on page 1186. In addition, the <to vcid>
value must not be currently allocated. If the value is allocated, you must first deallocate it using the
command activchassis deallocate <vcid> on page 1181.
If the device with the <from vcid> value is present in the ActivChassis, and the VCID values are valid, a
warning is displayed indicating that the current VCID and configuration will be changed. You must confirm
the changes to be made. Once the changes are confirmed, the VCID of the device is updated to the
specified <to vcid> value, the master device’s manifest is updated with the change, and the targeted
device is rebooted for the changes to take effect. The new role and configuration of the new VCID are
applied to the device after reboot.
For more information about configuring ActivChassis, refer to the configuration guide Configuring
ActivChassis in AOS, available online at https://supportcommunity.adtran.com.
Usage Examples
The following example changes an allocated VCID (3) on a non-master device to VCID 4:
(config)#activchassis renumber 3 4

activchassis restore-linecard-dflt
Use the activchassis restore-linecard-dflt command to return an ActivChassis device to the default
linecard settings. This command clears the local copy of the ActivChassis manifest, the virtual chassis ID
(VCID), and the startup configuration for the device. This command is most useful when a device that was
connected to an ActivChassis needs to be restored to the factory settings or have all knowledge of its
existence in the virtual chassis removed.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
The following example defaults a non-linecard (master or backup) ActivChassis device:
(config)#activchassis restore-linecard-dflt

activchassis strict-firmware
Use the activchassis strict-firmware command to prevent linecard devices from joining an ActivChassis
when their firmware image differs from that of the master device. Use the no form of this command to
allow linecard devices with different firmware images to join the chassis.
Syntax Description
No subcommands.
Default Values
By default, linecard devices with different firmware images are allowed to join the ActivChassis.
Command History
Functional Notes
When linecard devices have mismatched firmware, Activchassis displays a warning message every
30 seconds that states which linecard has the improper firmware.
For more information about configuring ActivChassis, refer to the configuration guide Configuring
ActivChassis in AOS, available online at https://supportcommunity.adtran.com.
Usage Examples
The following example specifies that all linecard devices must have the same firmware image as the
master device before they can join the ActivChassis:
(config)#activchassis strict-firmware

activchassis vcid
Use the activchassis vcid command to create an ActivChassis master device or specify a local standalone
device as a member of the ActivChassis and to specify the virtual chassis ID (VCID). Use the no version of
this command to disable the ability to configure the VCID on the local device. Variations of this command
include:
activchassis vcid master-assigned

activchassis vcid <value>
Syntax Description
master-assigned Specifies that the VCID is assigned by the master device when a
standalone device is admitted to the ActivChassis.
<value> Specifies the VCID as a value between 1 and 8. Values 1 and 2 are used to
specify a master and backup device, respectively.
Default Values
By default, when a standalone device joins the ActivChassis the VCID is master-assigned.
Command History
Functional Notes
Once this command is entered, you are asked to confirm that the device configuration and operating mode
will be altered. After confirmation, if the device is currently ActivChassis disabled, it becomes ActivChassis
enabled, and the file system is updated with the VCID. If the device has already been ActivChassis
enabled, the VCID is changed to the specified value. In either case, the device reboots, and any
unconfigured ActivChassis capable ports on the device default to ActivChassis mode.
If the command is entered on a device that is already ActivChassis enabled, and the VCID specified is the
same as the VCID currently in use, it will have no effect and the command will not be performed.
Usage Examples
The following example enables ActivChassis and specifies the VCID of the device:
(config)#activchassis vcid 3

arp <ip address> <mac address> arpa

Use the arp arpa command to enter static entries into the Address Resolution Protocol (ARP) table for a
specific virtual routing and forwarding (VRF) instance. Use the no form of this command to remove a
static ARP entry. Variations of this command include:
arp <ip address> <mac address> arpa

arp <ip address> <mac address> vrf <name> arpa
Syntax Description
<ip address> Specifies a valid IP address. IP addresses should be expressed in dotted
<mac address> Specifies a valid 48-bit medium access control (MAC) address. MAC
addresses should be expressed in the following format xx:xx:xx:xx:xx:xx (for
example, 00:A0:C8:00:00:01).
vrf <name> Optional. Specifies the VRF where the ARP table exists.
Default Values
Command History
Functional Notes
Usage Examples
The following example enters the IP address and MAC address into the ARP table that is located in the
default VRF:
(config)#arp 10.10.10.1 00:A0:C8:00:00:01 arpa

as-path-list <name>
Use the as-path-list command to create IP autonomous system (AS) path lists for route map use. Use the
no form of this command to delete the AS path list.
Syntax Description
<name> Specifies the name of the AS path list. Refer to AS Path List Command Set
on page 3963 for more information on the available options.
Default Values
By default, no AS path lists are defined.
Command History
Release R10.1.0 The ip keyword was removed from this command.
Functional Notes
AS path lists are a type of route filter that permits or denies Border Gateway Protocol (BGP) routes based
on the AS_PATH attribute. AS path lists define a list of AS specifications that, once created, may then be
referenced in a route map. Refer to the Usage Examples section below.
Usage Examples
The following example creates the AS path list list5 and enters the IP as-path-list command mode:
(config)#as-path-list list5
(config-as-path-list)#

auto-config
Use the auto-config command to enable and start the AOS automatic self-configuration feature. For more
https://supportcommunity.adtran.com. Use the no form of this command to halt the automatic
configuration process.
Disabling using the no auto-config command and re-enabling using the auto-config
command, restarts the download process.
Syntax Description
No subcommands.
Default Values
By default, auto-config is enabled on the Total Access 900(e) Series, NetVanta 644, NetVanta 1335,
NetVanta 3000 Series, NetVanta 4000 Series, NetVanta 5000 Series, and NetVanta 6000 Series products.
By default, auto-config is disabled on all other products not specified above.
Command History
Usage Examples
The following example enables automatic configuration:
(config)#auto-config

auto-config apply-config
Use the auto-config apply-config command to specify the preferred method of applying the AOS
automatic self-configuration settings to the running configuration. For more detailed information, refer to
the Configuring Auto-Config guide available online at https://supportcommunity.adtran.com. Variations of
auto-config apply-config append

auto-config apply-config replace
Syntax Description
append Appends the automatic self-configuration parameters to the end of the
current running configuration and retains the existing running configuration.
It does not save this information to the startup configuration. Refer to the
replace Replaces the startup configuration. This parameter erases all current
configuration information and saves to the startup configuration.
Default Values
By default, the configuration is set to append.
Command History
Functional Notes
Using the append keyword only appends the parameters to the currently running configuration. The
appended parameters will not be retained if the unit is rebooted. To permanently store the appended
configuration settings, you must save the running configuration as the startup configuration by issuing the
do write command. This can be performed manually, after the append process is complete, or added as
the final line in the self-configuration parameters to automatically save after appending.
Usage Examples
The following example overwrites the startup configuration:
(config)#auto-config apply-config replace
The following example adds the configuration parameters to the running configuration:
(config)#auto-config apply-config append

auto-config authname <username> password <password>

Use the auto-config authname password command to specify the user name and password to use for
authentication with the AOS automatic self-configuration feature. If authentication is required for Trivial
File Transfer Protocol (TFTP), Hypertext Transfer Protocol (HTTP), and Hypertext Transfer Protocol
Secure (HTTPS), the user name and password must be resolved before the file transfer can commence. For
more detailed information, refer to the Configuring Auto-Config guide available online at
Syntax Description
authname <authname> Enter the authentication user name or define a system variable using
parameters representing one of the following system values:
$SYSTEM_NAME - the host name of the system
$SYSTEM_SERIAL_NUMBER - the serial number of the system
$SYSTEM_DESCRIPTION - the product name and software version
$SYSTEM_SOFTWARE_VERSION - the running software version
$AUTH_MAC_ADDRESS - MAC address for MAC authentication
password <password> Specifies the authentication password.
Default Values
By default, this setting is disabled.
Command History
Usage Examples
The following example specifies the Auto-Config authentication user name as the system serial number
and specifies the password to use:
(config)#auto-config authname $SYSTEM_SERIAL_NUMBER password fRiax&crOus9I#p

auto-config filename
Use the auto-config filename command to specify the file name to download for the AOS automatic
self-configuration feature. The file name can be defined as a static file name or defined using parameters
representing system values. A static file name can include a partial path. The file name can also be defined
using Dynamic Host Configuration Protocol (DHCP) Option 67. Use the no form of this command to erase
the stored file name. For more detailed information, refer to the Configuring Auto-Config guide available
online at https://supportcommunity.adtran.com. Variations of this command include:
auto-config filename <name>

auto-config filename dhcp
Syntax Description
filename dhcp Specifies the configuration file name is provided through DHCP Option 67.
filename <name> Specify the configuration file name or define a system parameter using
variables. Including the file path in addition to the file name or variable is
optional. The following variables are allowed to represent system values:
$SYSTEM_NAME - host name of the system
$SYSTEM_SERIAL_NUMBER - serial number of the system
$SYSTEM_DESCRIPTION - product name and software version
$SYSTEM_SOFTWARE_VERSION - running software's version
$AUTH_MAC_ADDRESS - MAC address used for MAC authentication
Default Values
By default, the file name uses DHCP Option 67 to retrieve the file name.
Command History
Release R10.5.0 Command was expanded to include parameter dhcp for DHCP Option 67.
Functional Notes
If no file name is specified, Auto-Config attempts to locate additional configuration files on the server
device as a fallback measure. The configuration file names searched for in such a situation include (in
order of priority): a file name based on MAC addresses (<MAC#1>.cfg), a file name based on the AOS
device part number (adtran_<Unit Part Number>.cfg), and the ADTRAN default file name
(adtran_000000000000.cfg).

Usage Examples
The following command specifies a static file name to download:
(config)#auto-config filename AUTO_CONFIG.cfg
The following command specifies a static file name and includes a path to the file:
(config)#auto-config filename config/adtran/AUTO_CONFIG.cfg
The following command configures the unit to retrieve the file name according to the DHCP Option 67:
(config)#auto-config filename dhcp
The following command specifies the file name using the system variable SYSTEM NAME:
(config)#auto-config filename $SYSTEM_NAME.cfg
The following command specifies the file name using the system variable SYSTEM NAME and includes
the file path:
(config)#auto-config filename config/adtran/$SYSTEM_NAME.cfg

auto-config firmware
Use the auto-config firmware command to enable and configure firmware download for the AOS
automatic self-configuration feature. For more detailed information, refer to the Configuring Auto-Config
guide available online at https://supportcommunity.adtran.com.Variations of this command include:
auto-config firmware definition-file <name>

auto-config firmware destination cflash
auto-config firmware destination flash
auto-config firmware download
auto-config firmware reload-after <seconds>
auto-config firmware replace primary maintain secondary
auto-config firmware replace primary update secondary
auto-config firmware replace secondary
Syntax Description
definition-file <name> Specifies the path and static file name of the definition file.
destination Specifies where to store the downloaded firmware image.
cflash Specifies to store the downloaded firmware image on the unit’s
CompactFlash memory.
flash Specifies to store the downloaded firmware image on the unit’s flash
memory.
download Enables the firmware download.
reload-after <seconds> Specifies the delay, in seconds,after downloading the new firmware
image before the unit reboots. The valid range is 60 through 604800.
Use the value 0 to disable the reboot.
replace primary Specifies to replace the current primary firmware image with the new
image.
maintain secondary Specifies to retain the existing secondary firmware image, if one exists,
and delete the current primary image.
update secondary Specifies that the existing primary firmware image becomes the new
secondary image, and deletes the existing secondary image.
replace secondary Specifies to replace the existing secondary firmware image with the new
image, deleting the existing secondary image, while retaining the
current primary image.
Default Values
By default, this feature is disabled. When enabled, the default file system is flash unless otherwise
specified.
Command History

Usage Examples
The following example specifies the name and location and name of the definition file:
(config)#auto-config firmware definition-file config/adtran/myconfig.biz
The following example specifies the download location as the CompactFlash memory:
(config)#auto-config firmware destination cflash

auto-config http-auth
Use the auto-config http-auth command to configure the Hypertext Transfer Protocol (HTTP)
authentication mode for the AOS automatic self-configuration feature. For more detailed information, refer
to the Configuring Auto-Config guide available online at https://supportcommunity.adtran.com. Use the no
form of this command to disable the specified mode. Each mode can be turned on or off individually.
auto-config http-auth basic

auto-config http-auth digest
At least one mode must be enabled at all times. An error message will occur if an attempt
is made to disable both authentication modes.
Syntax Description
basic Enables the HTTP(S) basic authentication mode, using clear text
authentication.
digest Enables the HTTP(S) digest authentication mode, using encrypted text
authentication.
Default Values
By default, both basic and digest modes are enabled.
Command History
Usage Examples
The following example enables the basic HTTP authentication mode:
(config)#auto-config http-auth basic
The following example disables the digest HTTP authentication mode:
(config)#no auto-config http-auth digest

auto-config mac-auth
Use the auto-config mac-auth command to configure medium access control (MAC) address
authentication for the AOS automatic self-configuration feature. For more detailed information, refer to the
Configuring Auto-Config guide available online at https://supportcommunity.adtran.com. Variations of
auto-config mac-auth address <mac address>

auto-config mac-auth interface <interface>
auto-config mac-auth mode http-user-agent
auto-config mac-auth mode none
Syntax Description
address <mac address> Specifies the 48-bit MAC address to use for authentication.
MAC addresses should be expressed in the following format
xx:xx:xx:xx:xx:xx (for example, 00:A0:C8:00:00:01). For this command,
colons are optional.
interface <interface> Specifies an interface from which to use the MAC address for
authentication. Specify an interface in the format <interface type [slot/port |
example, for an Ethernet interface, use eth 0/1, for an Ethernet
subinterface, use eth 0/1.1. Type auto-config mac-auth interface ? for a
mode Specifies the MAC authentication mode to use.
http-user-agent Specifies including the MAC address in the HTTP User Agent header.
none Specifies not to include the MAC address in the HTTP User Agent header.
Default Values
By default, MAC authentication is disabled.
Command History
Usage Examples
The following example enables http-user-agent mode and specifies the MAC address
00:A0:C8:00:00:01 for authentication:
(config)#auto-config mac-auth mode http-user-agent

(config)#auto-config mac-auth address 00:A0:C8:00:00:01
The following example enables http-user-agent mode and specifies using the MAC address assigned to
the Ethernet 0/1 interface for authentication:
(config)#auto-config mac-auth mode http-user-agent

(config)#auto-config mac-auth interface ethernet 0/1

The following example disables MAC address authentication:
(config)#auto-config mac-auth mode none

auto-config method
Use the auto-config method command to configure the file transfer method to use during AOS automatic
self-configuration. For more detailed information, refer to the Configuring Auto-Config guide available
online at https://supportcommunity.adtran.com. Variations of this command include:
auto-config method http

auto-config method http port <number>
auto-config method https
auto-config method https allow-tls1.0
auto-config method https allow-tls1.0 allow-tls1.1
auto-config method https allow-tls1.0 allow-tls1.1 allow-sslv3
auto-config method https allow-tls1.0 allow-sslv3
auto-config method https allow-tls1.1
auto-config method https allow-tls1.1 allow-sslv3
auto-config method https allow-sslv3
auto-config method https port <number>
auto-config method https port <number> allow-tls1.0
auto-config method https port <number> allow-tls1.0 allow-tls1.1
auto-config method https port <number> allow-tls1.0 allow-tls1.1 allow-sslv3
auto-config method https port <number> allow-tls1.0 allow-sslv3
auto-config method https port <number> allow-tls1.1
auto-config method https port <number> allow-tls1.1 allow-sslv3
auto-config method https port <number> allow-sslv3
auto-config method tftp
Syntax Description
http Specifies using Hypertext Transfer Protocol (HTTP) for the file transfer
method.
https Specifies using Hypertext Transfer Protocol Secure (HTTPS) for the file
transfer method.
allow-tls1.0 Optional. Allows the use of Transport Layer Security protocol version 1.0. If
allow-tls1.0 is enabled, Secure Socket Layer version 3 (SSLv3) can also
optionally be enabled.
allow-tls1.1 Optional. Allows the use of TLS protocol version 1.1 if allow-tls1.1 is
enabled. SSLv3 can also optionally be enabled.
allow-sslv3 Optional. Allows the use of SSLv3. If SSLv3 is enabled, TLS version 1.0 is
automatically enabled.
port <number> Optional. Specifies the port number to use for the HTTP(S) file transfer
method. The valid range is 1 through 65535. If a specific port number is not
entered, the default port number is used.
tftp Specifies using Trivial File Transfer Protocol (TFTP) for the file transfer
method.

Default Values
By default, the file transfer method is TFTP. If specifying HTTP, the default port is 80. If specifying HTTPS,
the default port is 443.
Command History
parameters.
Usage Examples
The following example enables TFTP as the file transfer method for automatic configuration:
(config)#auto-config method tftp
The following example enables HTTPS as the file transfer method and uses the default HTTPS port of
443:
(config)#auto-config method https
The following example enables HTTPS as the file transfer method, and specifies using the port number
6335:
(config)#auto-config method https port 6335

auto-config retry-count <number>

Use the auto-config retry-count command to specify the maximum number of retries allowed to
download a configuration file through AOS automatic self-configuration feature. For more detailed
information, refer to the Configuring Auto-Config guide available online at
https://supportcommunity.adtran.com. Use the no form of this command to return to the default number of
retries.
Syntax Description
<number> Specify the maximum number of attempts allowed. Valid range is 0 to 1000.
Default Values
By default, the number of retries is set to 0 allowing the feature to continuously retry until the feature is
disabled.
Command History
Usage Examples
The following command sets the number of retries when downloading a configuration file to 100:
(config)#auto-config retry-count 100

auto-config server
Use the auto-config server command to specify the Trivial File Transfer Protocol (TFTP) or Dynamic
Host Configuration Protocol (DHCP) server to use during automatic self-configuration. The TFTP or
DHCP server provides the configuration file necessary for automatic self-configuration. For more detailed
information, refer to the Configuring Auto-Config guide available online at
https://supportcommunity.adtran.com. Use the no form of this command to erase the stored server name.
auto-config server [<hostname> | <ipv4 address>]

auto-config server dhcp
auto-config server dhcp option [66 | 160]
Syntax Description
server dhcp Specifies using DHCP Option 66 to locate the server.
server dhcp option 66 Optional. Specifies using Option 66 to locate the server.
server dhcp option 160 Optional. Specifies using Option 160 to locate the server.
server [<hostname> | <ipv4 address>] Specifies the IPv4 address or host name of TFTP server. IPv4
addresses should be expressed in dotted decimal notation (for
example, 10.10.10.1).
Default Values
By default, Auto-Config attempts to locate the server using DHCP Option 66.
Command History
Release R10.5.0 Command was expanded to include dhcp, dhcp option 66, and
dhcp option 160 parameters.
Usage Examples
The following command specifies the TFTP server IPv4 address from which to download the configuration
file:
(config)#auto-config server 192.33.5.99
The following command specifies the TFTP server host name from which to download the configuration
file:
(config)#auto-config server MYHOST
The following command specifies using DHCP Option 66 to locate the DHCP server from which to
download the configuration file:
(config)#auto-config server dhcp 66

auto-config sip-notify reboot

Use the auto-config sip-notify reboot command to specify the units reboot behavior when receiving a SIP
NOTIFY. For more detailed information, refer to the Configuring Auto-Config guide available online at
https://supportcommunity.adtran.com.Variations of this command include:
auto-config sip-notify reboot always

auto-config sip-notify reboot on-change
Syntax Description
always Specifies that the unit reboot regardless of the configuration.
on-change Specifies that the unit reboot only if the configuration on the server has
changed.
Default Values
By default, the reboot behavior when receiving a SIP NOTIFY is on-change.
Command History
Usage Examples
The following example specifies that the unit reboot regardless of the configuration when receiving a SIP
NOTIFY:
(config)#auto-config sip-notify reboot always

auto-config sip-notify user <user>

Use the auto-config sip-notify user command to enable and configure a Session Initiation Protocol (SIP)
user to receive check-sync events to initiate the AOS automatic self-configuration feature. For more
https://supportcommunity.adtran.com. Use the no form of this command to halt the automatic
configuration process.
Only certain AOS devices support SIP NOTIFY check-sync events. In order for the SIP
NOTIFY message to be received, the AOS platform must support sip (this excludes
switches and routers without SIP proxy), and have it enabled in the configuration. The
firewall must be provisioned to allow the unit to receive SIP messages from the server.
Syntax Description
<user> Specifies the SIP user to which the NOTIFY (check-sync event) is sent.
Default Values
By default, this feature is disabled.
Command History
Usage Examples
The following example enables the SIP user 2001 to receive the SIP NOTIFY (check-sync event):
(config)#auto-config sip-notify user 2001

auto-config timer polling <seconds>

Use the auto-config timer polling command to periodically restart the AOS automatic self-configuration
feature. For more detailed information, refer to the Configuring Auto-Config guide available online at
Syntax Description
<seconds> Specifies the restart interval in seconds. The valid range is 30 to 2592000.
Default Values
Command History
Usage Examples
The following example sets the restart interval to 320 seconds:
(config)#auto-config timer polling 320

auto-link
Use the auto-link command to enable the auto-link feature, to specify the communication method between
an AOS device and the n-Command® managed service provider (MSP) server, and to optionally specify
the service name prefix of service (SRV) record requests. Communication can be either via Hypertext
Transfer Protocol (HTTP) or Hypertext Transfer Protocol over Secure Socket Layer (HTTPS). Auto-link
allows a client device to connect to an ADTRAN n-Command MSP network management appliance. Use
the no form of this command to disable auto-link or to return to the default communication method.
auto-link
auto-link http
auto-link http srv <prefix>
auto-link https
auto-link https allow-tls1.0
auto-link https allow-tls1.1
auto-link https srv <prefix>
auto-link https allow-tls1.0 srv <prefix>
auto-link https allow-tls1.1 srv <prefix>
Syntax Description
http Optional. Specifies that the client use the HTTP posting method.
https Optional. Specifies that the client use the HTTPS posting method.
allow-tls1.0 Optional. Enables support for Transport Layer Security (TLS) protocol
version 1.0.
allow-tls1.1 Optional. Enables support for TLS protocol version 1.1.
srv <prefix> Optional. Specifies the service name prefix of SRV requests.
Default Values
By default, auto-link is disabled. By default, auto-link uses HTTPS. By default, if no service name prefix is
configured, auto-link uses _http for HTTP communication, and _https for HTTPS communication. By
default, support for TLS version 1.0 is disabled.
Command History
Release R10.7.0 Command was expanded to include the srv <prefix> parameter.

Functional Notes
The n-Command client must first be configured and enabled before the n-Command MSP server can be
contacted. The n-Command MSP server is a network management appliance that enables auto-discovery
of the AOS unit and provides a central management solution for configuration changes, firmware updates,
and basic monitoring. Without enabling auto-link, the client will not be detected by the server. For more
information about configuring the auto-link feature, refer to the configuration guide Configuring Auto-Link
for AOS and n-Command MSP available online at https://supportcommunity.adtran.com.
The service name prefix, such as _http, can be any arbitrary string, but the protocol prefix is _tcp for
auto-link. Do not include the leading underscore for service name prefixes. The underscore is added
automatically.
TLS versions 1.0 and 1.1 can no longer be used as a security control due to their weakness as
cryptography methods. By default, TLS version 1.0 and 1.1 are disabled for auto-link configurations.
Usage Examples
The following example enables auto-link:
(config)#auto-link
The following example specifies that the client use HTTP to communicate with the server:
(config)#auto-link http

auto-link penalty <value>

Use the auto-link penalty command to enable and configure a temporary penalty list for auto-link
configuration. The temporary penalty list blacklists hosts that cause repeated communication failures. If a
server of configured IP address causes a failover event three consecutive times, it is added to the penalty
list. Once added to the list, auto-link will not contact the server for a configured number of recontact
intervals. Using the no form of this command removes the penalty list from the auto-link configuration.
Syntax Description
<value> Specifies the number of recontact intervals that the server will stay on the
penalty list. Valid range is 0 to 65535. Using a value of 0 disables the
penalty feature.
Default Values
By default, the penalty feature is disabled.
Command History
Functional Notes
Penalty lists can be based on IP addresses and port numbers. Host IP addresses and port numbers
returned from DNS requests, as well as configured IP addresses and port numbers, can be penalized.
Usage Examples
The following example enables recontact interval penalties and specifies that penalized servers remain on
the list for 30 recontact intervals:
(config)#auto-link penalty 30

auto-link recontact-interval <value>

Use the auto-link recontact-interval command to specify the intervals between contact attempts between
the AOS client and the n-Command® managed service provider (MSP) server. Use the no form of this
command to return to the default value.
Syntax Description
<value> Specifies the time in seconds between contact attempts. Range is 20 to
604800 seconds. Setting this value to 0 seconds disables the recontact
feature.
Default Values
By default, the recontact interval is set to 3600 seconds.
Command History
Usage Examples
The following example sets the recontact interval to 7200 seconds:
(config)#auto-link recontact-interval 7200

auto-link region <region name>

Use the auto-link region command to assign a region name to an AOS device associated with the
n-Command® managed service provider (MSP) server. Use the no form of this command to remove the
region name from the AOS device’s configuration.
Syntax Description
<region name> Specifies the name of the region associated with the AOS device. Specify
the region name in a text string.
Default Values
By default, a region name is not specified.
Command History
Functional Notes
Regions are used in n-Command® MSP to allow network administrators to limit a specific user’s access to
devices. For user regions to work properly, the AOS device must be assigned a region name, a region
must be created in n-Command® MSP with a filter value that matches all or part of the created AOS
device’s region name, and the region must be assigned to a user.
Usage Examples
The following example sets the region name for the AOS device:
(config)#auto-link region REGIONONELOCAL

auto-link server <hostname | ip address>

Use the auto-link server command to specify the contact information for the n-Command® managed
service provider (MSP) server used by the AOS client. Use the no form of this command to remove the
server from the client configuration. Variations of this command include:
auto-link server primary <hostname | ip address>

auto-link server primary <hostname | ip address> port <port>
auto-link server secondary <hostname | ip address>
auto-link server secondary <hostname | ip address> port <port>
Syntax Description
primary Specifies the primary auto-link server. The primary server must be
specified. Only one entry is allowed for the primary server.
secondary Specifies the secondary auto-link server. Secondary servers are used in
auto-link failover situations where the primary server is unavailable. Multiple
secondary servers can be configured. The priority of secondary servers is
determined by the order in which the servers are configured.
<hostname | ip address> Specifies the server host name or IP address. IP addresses should be
expressed in the decimal dotted notation (for example 10.10.10.1).
port <port> Optional. Specifies the port number used to communicate with the server.
Default Values
By default, no server is configured. When specified, the server uses port 80 for Hypertext Transfer Protocol
(HTTP) and port 443 for HTTP secure (HTTPS).
Command History
Release R10.7.0 Command was expanded to include options to specify primary and
secondary servers.
Functional Notes
The host name or the IP address of the server with which the AOS product communicates must be
specified for communication to take place. A primary server must be specified, and secondary servers can
optionally be configured. Only one entry is allowed for the primary MSP server. To delete the primary MSP
server, you must first remove all configured secondary servers.
Usage Examples
The following example specifies the AOS client will communicate with the primary n-Command MSP
server at IP address 10.10.10.10:
(config)#auto-link server primary 10.10.10.10

auto-link vrf <name>

Use the auto-link vrf command to specify the virtual routing and forwarding (VRF) instance on which
auto-link will communicate. Use the no form of this command to return to the default value.
Syntax Description
<name> Specifies the name of the VRF on which auto-link will operate.
Default Values
By default, auto-link is configured to operate on the default (unnamed) VRF.
Command History
Functional Notes
All auto-link messages, such as information status messages and backup file uploads, are transmitted on
the default VRF. When a domain name is specified as the auto-link server, the domain name system (DNS)
operation also occurs on the specified VRF.
This command is configured separate from the command auto-link on page 1206, which enables/disables
the auto-link feature.
If a specified VRF does not exist, an error is returned.
When a nondefault VRF is configured for auto-link, the VRF is displayed in the output of the command
show auto-link on page 554. If auto-link is configured to operate on the default VRF, then the VRF
information is not displayed in the show command output.
Usage Examples
The following example configured auto-link to use the nondefault VRF RED:
(config)#auto-link vrf RED

banner
Use the banner command to specify messages to be displayed in certain situations. Use the no form of this
command to delete a previously configured banner. Variations of this command include:
banner exec <delimiter> <message> <delimiter>

banner login <delimiter> <message> <delimiter>
banner motd <delimiter> <message> <delimiter>
Syntax Description
exec Creates a message to be displayed when any executive-level process takes
place.
login Creates a message to be displayed before the user name and password
login prompts.
motd Creates a message-of-the-day (MOTD) banner.
<delimiter> Specifies the banner text delimiter. Press Enter after the delimiter character
to begin input of banner text. After typing the banner message, enter the
same delimiter character to end the message.
<message> Specifies the text message you wish to display.
Default Values
By default, no banners are configured.
Command History
Functional Notes
Banners appear in the following order (if configured):
• MOTD banner appears at initial connection.

• Login banner follows the MOTD banner.
• Exec banner appears after successful login.
Usage Examples
The following example configures the system to display a message of the day:
(config)#banner motd *The system will be shut down today from 7PM to 11PM*

battery <slot/port>
Use the battery <slot/port> command to enter the Battery Configuration mode for the specified slot and
port, in order to configure the battery installation time and date.
Additional subcommands are available once you have entered the Battery Configuration mode. Use the no
form of the install date set commands to clear the settings. Variations of the commands include:
install date set <time> <date>

install date set clock
Syntax Description
<slot/port> Specifies the slot and port of the battery.
install date set <time> <date> Specifies a time and date for when the battery is installed. Enter the
<time> value in the HH:MM:SS format. Enter the <date> value in the DD
Month YYYY format.
install date set clock Specifies the battery install date and time is set using the system clock if
the system clock has been set either manually or from NTP.
Default Values
By default, no battery install time and date exists.
Command History
Release R11.11.0 Command was expanded to include the clock parameter.
Usage Examples
The following example enters the Battery Configuration mode for slot 0, port 1 and sets the install time to
12:30:22 and date to 4 June 2015:
(config)#battery 0/1
(config-battery 0/1)#install date set 12:30:22 4 June 2015
(config-battery 0/1)#exit
(config)#

boot config
Use the boot config command to modify system boot parameters by specifying the location and name of
primary and secondary configuration files. Use the no form of this command to use the default startup
configuration file. Variations of this command include:
boot config cflash <primary filename>

boot config cflash <primary filename> cflash <secondary filename>
boot config cflash <primary filename> flash <secondary filename>
boot config flash <primary filename>
boot config flash <primary filename> cflash <secondary filename>
boot config flash <primary filename> flash <secondary filename>
boot config flash <primary filename> usbdrive0 <secondary filename>
boot config usbdrive0 <primary filename>
boot config usbdrive0 <primary filename> flash <secondary filename>
boot config usbdrive0 <primary filename> usbdrive0 <secondary filename>
The usbdrive0 parameter is only valid for units with Universal Serial Bus (USB) flash
drive capabilities.
Syntax Description
cflash Specifies that the configuration file is located in CompactFlash memory.
flash Specifies that the configuration file is located in flash memory.
usbdrive0 Specifies that the configuration file is located in USB flash drive memory.
<primary filename> Specifies the name of the primary configuration file (file names are case
sensitive).
<secondary filename> Optional. Specifies the name of the backup configuration file.
Default Values
Command History

Usage Examples
boot file:
(config)#boot config flash myconfig.biz
boot file and the file mybackupconfig.biz (located in CompactFlash memory) as the backup configuration
file:
(config)#boot config flash myconfig.biz cflash mybackupconfig.biz

boot system
Use the boot system command to specify the system image loaded at startup. Variations of this command
include:
boot system cflash <primary filename>

boot system cflash <primary filename> verify
boot system cflash <primary filename> cflash <secondary filename>
boot system cflash <primary filename> cflash <secondary filename> verify
boot system cflash <primary filename> flash <secondary filename>
boot system cflash <primary filename> flash <secondary filename> verify
boot system cflash <primary filename> no-backup
boot system cflash <primary filename> no-backup verify
boot system flash <primary filename>
boot system flash <primary filename> verify
boot system flash <primary filename> <secondary filename>
boot system flash <primary filename> <secondary filename> verify
boot system flash <primary filename> cflash <secondary filename>
boot system flash <primary filename> cflash <secondary filename> verify
boot system flash <primary filename> flash <secondary filename>
boot system flash <primary filename> flash <secondary filename> verify
boot system flash <primary filename> no-backup
boot system flash <primary filename> no-backup verify
boot system flash <primary filename> usbdrive0 <secondary filename>
boot system flash <primary filename> usbdrive0 <secondary filename> verify
boot system usbdrive0 <primary filename>
boot system usbdrive0 <primary filename> verify
boot system usbdrive0 <primary filename> flash <secondary filename>
boot system usbdrive0 <primary filename> flash <secondary filename> verify
boot system usbdrive0 <primary filename> no-backup
boot system usbdrive0 <primary filename> no-backup verify
boot system usbdrive0 <primary filename> usbdrive0 <secondary filename>
boot system usbdrive0 <primary filename> usbdrive0 <secondary filename> verify
For units without CompactFlash capabilities, the secondary media type does not need to
be specified. Refer to the last example under Usage Examples.

The usbdrive0 parameter is only valid for units with Universal Serial Bus (USB) flash
drive capabilities.
Syntax Description
cflash Specifies the system image is located in CompactFlash memory.
flash Specifies the system image is located in flash memory.
no-backup Specifies that there is no backup image present.
<primary filename> Specifies the file name of the image (file names are case sensitive). Image
files should have a .biz extension.
<secondary filename> Specifies a name for the backup image.
verify Optional. Verifies the image checksum.
usbdrive0 Specifies the system image is located in USB flash drive memory.
Default Values
Command History
Release 12.1 Command was expanded to include CompactFlash.
Release R12.1.0 Command version boot system flash was made unavailable for virtual
AOS (vAOS) instances.
Functional Notes
http://supportforums.adtran.com.
The boot system flash command is not available in vAOS instances.
Usage Examples
The following example specifies myimage.biz (located in CompactFlash memory) as the primary image
file with no backup image:
(config)#boot system cflash myimage.biz no-backup
The following example specifies myimage.biz (located in flash memory) as the primary image file with no
backup image:
(config)#boot system flash myimage.biz no-backup

The following example specifies myimage.biz (located in flash memory) as the primary image file and
mybackupimage.biz (also located in flash memory) as the backup image:
(config)#boot system flash myimage.biz mybackupimage.biz

boot voip
Use the boot voip command to specify the VoIP image file loaded at startup. Variations of this command
include:
boot voip default

boot voip flash <filename>
Syntax Description
default Uses default VoIP image.
flash <filename> Specifies the file name (located in flash memory) of the image (file names
are case sensitive). Image files should have a .biz extension.
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies the file myimage.biz, stored in flash memory, as the VoIP startup image:
(config)#boot voip flash myimage.biz

bridge irb
Use the bridge irb command to enable integrated routing and bridging (IRB) and also allow the creation of
bridged virtual interfaces (BVIs). Use the no form of this command to disable the IRB.
Syntax Description
No subcommands.
Default Values
By default, IRB is disabled.
Command History
Functional Notes
The bridge irb must be enabled to create BVIs.
Once the command bridge irb is entered, the IP addresses for any interfaces connected to any bridge will
be removed. Also, the command ip address xx.xx.xx.xx.xx.xx.xx.xx will no longer be available on an
interface that is connected to the bridge.
The BVI must be removed before using the no bridge irb command.
For more information on BVI configuration, refer to the BVI Interface Command Set on page 2578.
Usage Examples
The following example enables IRB:
(config)#bridge irb
Technology Review
The IRB allows the routing of specified protocols between network interfaces and bridge groups. The
difference between IRB and concurrent routing and bridging (CRB) is that in IRB it is possible to route IP
between routed interfaces and BVIs, but with CRB the routed interfaces cannot communicate with bridged
interfaces. IRB’s primary goal is to bridge all protocols and route any IP traffic destined for the medium
access control (MAC) address of the BVI.
The IRB handles IP packets in the following manner: When an IP packet comes into the router and it is not
destined for the MAC address, it is bridged. If the IP packet is destined for the MAC address, it is sent to
the routing engine and routed as normal. The IRB allows for PCs in the bridge to get to routed networks
and routed networks to get to the bridge. The bridge group will isolate broadcasts from other routed
interfaces.
A BVI can only be created when IRB is enabled and a bridge group has been defined. The BVI number
corresponds directly to the bridge group.

When IRB is enabled and a BVI is configured, IP network configuration is removed for all bridged
interfaces. IP traffic destined for the BVI address is delivered to the local IP stack for routing (if routing is
enabled) or management. If no BVI is configured, the behavior is the same as if IRB is not enabled.
When IRB is not enabled, a BVI cannot be created. Bridged interfaces retain their IP configuration, and IP
traffic destined for those interfaces is delivered to the local IP stack.

bridge <number> protocol ieee

The bridge protocol ieee command configures a bridge group for the IEEE 802.1 Ethernet spanning-tree
protocol. Use the no form of this command (with the appropriate arguments) to delete this setting.
Syntax Description
<number> Specifies a bridge group number. Range is 1 to 255.
Default Values
By default, all configured bridge interfaces implement IEEE spanning-tree protocol.
Command History
Usage Examples
The following example deletes the bridge protocol setting for bridge group 17:
(config)#no bridge 17 protocol ieee

clock
The clock auto-correct-DST command allows the unit to automatically correct for daylight savings time
(DST). Use the clock no-auto-correct-DST command to disable this feature. Variations of this command
include:
clock auto-correct-DST
clock no-auto-correct-DST
Syntax Description
auto-correct-DST Configures the unit to automatically correct for DST.
no-auto-correct-DST Disables DST correction.
Default Values
By default, DST correction takes place automatically.
Command History
Release 11.1 Command was added to the Global command set.
Functional Notes
Depending on the clock timezone chosen (refer to clock timezone <value> on page 1226 for more
information), one-hour DST correction may be enabled automatically. You may override this default using
this command.
Usage Examples
The following example allows for automatic DST correction:
(config)#clock auto-correct-DST
The following example overrides the one-hour offset for DST:
(config)#clock no-auto-correct-DST


Use the clock set command to configure the system software clock. For the command to be valid, all fields
must be entered. Refer to the Usage Examples below for an example.
Syntax Description
<time> Sets the time (in 24-hour format) of the system software clock in the format
hours:minutes:seconds (HH:MM:SS).
<day> Sets the current day of the month. Valid range is 1 to 31.
<month> Sets the current month. Valid range is January to December. You need
only enter enough characters to make the entry unique. This entry is not
case sensitive.
<year> Sets the current year. Valid range is 2000 to 2100.
Default Values
Command History
Release 11.1 Command was added to the Global command set.
Usage Examples
The following example sets the system software clock for 3:42 pm, August 22 2004:
(config)#clock set 15:42:00 22 Au 2004

clock timezone <value>

The clock timezone command sets the unit’s internal clock to the time zone of your choice. This setting is
based on the difference in time (in hours) between Greenwich Mean Time (GMT) or Central Standard
Time (CST) and the time zone for which you are setting up the unit. Use the no form of this command to
Syntax Description
<value> Time zone values are specified in the Functional Notes section for this
command.
Default Values
Command History
Depending on the clock timezone chosen, one-hour daylight savings time (DST) correction
may be enabled automatically. Refer to the command clock on page 1224 for more
information.
Functional Notes
clock timezone +1-Amsterdam clock timezone +2-Jerusalem
clock timezone +1-Belgrade clock timezone +3-Baghdad
clock timezone +1-Brussels clock timezone +3-Kuwait
clock timezone +1-Sarajevo clock timezone +3-Moscow
clock timezone +1-West-Africa clock timezone +3-Nairobi
clock timezone +10-Brisbane clock timezone +3:30
clock timezone +10-Canberra clock timezone +4-Abu-Dhabi
clock timezone +10-Guam clock timezone +4-Baku
clock timezone +10-Hobart clock timezone +4:30
clock timezone +10-Vladivostok clock timezone +5-Ekaterinburg
clock timezone +11 clock timezone +5-Islamabad
clock timezone +12-Auckland clock timezone +5:30
clock timezone +12-Fiji clock timezone +5:45
clock timezone +13 clock timezone +6-Almaty
clock timezone +2-Athens clock timezone +6-Astana
clock timezone +2-Bucharest clock timezone +6-Sri-Jay
clock timezone +2-Cairo clock timezone +6:30
clock timezone +2-Harare clock timezone +7-Bangkok
clock timezone +2-Helsinki clock timezone +7-Kranoyarsk

clock timezone +8-Bejing clock timezone -3:30

clock timezone +8-Irkutsk clock timezone -4-Atlantic-Time
clock timezone +8-Kuala-Lumpur clock timezone -4-Caracus
clock timezone +8-Perth clock timezone -4-Santiago
clock timezone +8-Taipei clock timezone -5
clock timezone +9-Osaka clock timezone -5-Bogota
clock timezone +9-Seoul clock timezone -5-Eastern-Time
clock timezone +9-Yakutsk clock timezone -6-Central-America
clock timezone +9:30-Adelaide clock timezone -6-Central-Time
clock timezone +9:30-Darwin clock timezone -6-Mexico-City
clock timezone -1-Azores clock timezone -6-Saskatchewan
clock timezone -1-Cape-Verde clock timezone -7-Arizona
clock timezone -10 clock timezone -7-Mountain-Time
clock timezone -11 clock timezone -8
clock timezone -12 clock timezone -9
clock timezone -2 clock timezone -0-Universal Coordinated Time
clock timezone -3-Brasilia (UTC)
clock timezone -3-Buenos-Aires clock timezone GMT-Casablanca
clock timezone -3-Greenland clock timezone GMT-Dublin
Usage Examples
The following example sets the time zone for Santiago, Chile.
>enable
(config)#clock timezone -4-Santiago

community-list <name>
Use the community-list command to create a community list for Border Gateway Protocol (BGP) route
map use. Use the no form of this command to delete a community list.
Syntax Description
<name> Specifies the name of the community to use in the community list attribute
for BGP routes. Refer to Community List Command Set on page 4043 for
more information on the available options.
Default Values
By default, this command is disabled.
Command History
Usage Examples
The following example creates a community list MyList and enters the Community List Configuration
mode:
(config)#community-list MyList
(config-comm-list)#

counter-profile <slot/index>
Use the counter-profile command to create a counter-profile and enter the Counter Profile Configuration
mode. Use the no form of this command to remove the counter profile.
Syntax Description
<slot/index> Specifies the index of the counter-profile in the format <slot/index>. For
example, 0/1.
Default Values
By default, no counter-profiles exist.
Command History
Usage Examples
The following example creates counter profile 0/1 and enters the Counter Profile Configuration mode:
(config)#counter-profile 0/1
(config-count-prof 0/1)#
quit
Hash: 4e904504dc4e5b95e08129430e2a0b97ceef0ad1394f905b42df2dfb8f751be0244a711bb0
6eddaa2f07dd640c187f14c16fa0bed28e038b28b6741a880539d6ed06a68b7e324bfdde6f3d0b17
83d94e58fd4943f5988a7a0f27f6b6b932dc0410378247160752853858dbe7a1951245cfb14b109e
ffc430e177623720de56f4
* Do you accept this certificate? [y]y

crypto ca authenticate <profile name>

Use the crypto ca authenticate command to initiate certificate authority (CA) authentication procedures.
crypto ca authenticate <profile name>

crypto ca authenticate <profile name> <drive> <name>
Syntax Description
<profile name> Specifies a CA profile using an alphanumeric string up to 32 characters.
<drive> <name> Optional. Specifies the certificate to be authenticated is loaded from a file
identified by it’s location (<drive>), such as nonvol, cflash, etc., and the
name of the file (<name>). This bypasses the terminal loading process.
Default Values
Command History
Release R11.5.0 Command was expanded to include the <drive> and <name> parameters.
Functional Notes
The type of authentication procedure is based on the enrollment command and its settings. Refer to
enrollment terminal on page 5199 and enrollment url <url> on page 5200 for more information. When
enrollment is set to terminal, the CA authentication process is done manually, as shown in several of the
following Usage Examples.
Usage Examples
The following example initiates the CA authentication process for manual enrollment:
(config)#crypto ca authenticate testCAprofile
Enter the base 64 encoded CA certificate. End with two consecutive carriage returns or the word “quit” on
a line by itself:
-----BEGIN X509 CERTIFICATE-----

MIIDEDCCAs6gAwIBAgICAXIwCwYHKoZIzjgEAwUAMFoxCzAJBgNVBAYTAkZJMSQw
IgYDVQQKExtTU0ggQ29tbXVuaWNhdGlvbnMgU2VjdXJpdHkxETAPBgNVBAsTCFdl
YiB0ZXN0MRIwEAYDVQQDEwlUZXN0IENBIDQwHhcNMDMwMTA5MTYyNTE1WhcNMDMx
MjMxMjM1OTU5WjBaMQswCQYDVQQGEwJGSTEkMCIGA1UEChMbU1NIIENvbW11bmlj
YXRpb25zIFNlY3VyaXR5MREwDwYDVQQLEwhXZWIgdGVzdDESMBAGA1UEAxMJVGVz
dCBDQSA0MIIBtzCCASsGByqGSM44BAEwggEeAoGBAPTo+NdCWh87hOSnuZ7dUL07
twjZZwY3beLHnDsERhfN8XoOZZcffulKc/lqTrYiu7M5yPJsXQ3u8dbCb6RWFU0A
T5Nd7/4cNn/hCmhbeb6xqsNZUsOcTZJxvClq8thkNo+gXg5bw0fiElgxZ/lEbFWL
UzeO8KgM4izkq0CrGtaFAhUA2+ja4RgbbgTgJk+qTXAxicG/8JMCgYBZvcPMO2/Y
Zc2sXYyrBPtv6k2ZGGYqXAUZ98/txm37JwQGafygePJ/64oeisVeDcLf2FTjveex

W5saydjSK00jXjreRZcJFEDmfRhUtWR8K8tm8mEnB3eg9n09lkWibIjihHn7n5MF
tBBAdbRHyctsr3DyofnieTt3DY78MDsNbgOBhQACgYEA6EKDS2IxrdMsogHfVvob
PkDSv2FjOsP5Tomc/tf9jvvuf6+vj9XTw+uAg1BU9/TyjGzAtnRrCvOUkTYoVxRY
vdDOi3GR2RcyNVdGrhYXWY1I5XuB5+NWij8VUQOgfXsJgbEMvPemECeYwQ4ASdhD
vw0E8NI2AEkJXsCAvYfXWzujIzAhMAsGA1UdDwQEAwIBhjASBgNVHRMBAf8ECDAG
AQH/AgEyMAsGByqGSM44BAMFAAMvADAsAhRa0ao0FbRQeWCc2oC24OZ1YZi8egIU
IZhxKAclhXksZHvOj+yIld5x0ec=
-----END X509 CERTIFICATE-----
quit
Hash: 4e904504dc4e5b95e08129430e2a0b97ceef0ad1394f905b42df2dfb8f751be0244a711bb0
6eddaa2f07dd640c187f14c16fa0bed28e038b28b6741a880539d6ed06a68b7e324bfdde6f3d0b17
83d94e58fd4943f5988a7a0f27f6b6b932dc0410378247160752853858dbe7a1951245cfb14b109e
ffc430e177623720de56f4
* Do you accept this certificate? [y]y
The following example initiates CA authentication for a specific file, locally stored on the AOS device, and
bypasses the terminal loading process for the file:
(config)#crypto ca authenticate MYPROFILE nonvol CA.pem

crypto ca certificate chain <name>

Use the crypto ca certificate chain command to enter the Certificate Configuration for the specified
certificate authority (CA). Refer to Certificate Command Set on page 5207 for more information.
Syntax Description
<name> Specifies a CA profile using an alphanumeric string (up to 32 characters).
Default Values
Command History
Functional Notes
Typically used only in the running-config and startup-config to restore certificates.
Usage Examples
The following example enters the Certificate Configuration mode for the CA profile MyProfile:
(config)#crypto ca certificate chain MyProfile

crypto ca enroll <profile name>

Use the crypto ca enroll command to begin certificate authority (CA) enrollment procedures. Use the no
form of this command to disable this feature. Variations of this command include:
crypto ca enroll <profile name>

crypto ca enroll <profile name> force-overwrite
crypto ca enroll <profile name> <drive> <name>
crypto ca enroll <profile name> <drive> <name> force-overwrite
Syntax Description
<profile name> Specifies a CA profile using an alphanumeric string (up to 32 characters).
<drive> <name> Optional. Specifies the certificate to be enrolled is loaded from a file
force-overwrite Optional. Instructs the AOS device to overwrite any existing file with the
same name. If the <drive> and <name> parameters are not specified, the
enrollment dialog prompts you to indicate if the certificate request should be
written to a file, and if yes, the drive and filename to use. If the certificate
request is not saved to file, the keys remain and the request is discarded.
Default Values
Command History
Release R11.5.0 Command was expanded to include the <drive>, <name>, and
force-overwrite parameters.
Functional Notes
The type of enrollment procedure is based on the enrollment command and its settings. Refer to
enrollment terminal on page 5199 and enrollment url <url> on page 5200 for more information. This
command initiates a dialog that is used to fill in the parameters that make up an enrollment request to be
forwarded to a certificate authority. Note that some of the parameters (such as IP address) may be filled in
using the values supplied in the crypto ca profile (in which case, the enrollment dialog will not prompt for
those parameters). Once all required parameters are defined using the dialog, this command assembles
them into an enrollment request to be sent to a certificate authority (including the generation of public and
private keys). Refer to crypto ca profile <name> on page 1238 for more information.
If enrollment is set to terminal, you may view the request on the terminal screen.
If enrollment is set to url, the request is sent automatically to the certificate authority using the uniform
resource locator (URL) specified by the enrollment url command.

Usage Examples
The following example shows a typical enrollment dialog:
(config)#crypto ca enroll MyProfile

**** Press CTRL+C to exit enrollment request dialog. ****
* Enter signature algorithm (RSA or DSS) [rsa]:rsa
* Enter the modulus length to use [512]:1024
* Enter the subject name as an X.500 (LDAP) DN:CN=Router,C=US,L=Huntsville,S=AL
--The subject name in the certificate will be CN=CN=Router,C=US,L=Huntsville,S=AL.
* Include an IP address in the subject name [n]:y
* Enter IP address or name of interface to use:10.200.1.45
* Include fully qualified domain name [n]:y
* Enter the fully qualified domain name to use:FullyQualifiedDomainName
* Include an email address [n]:y
* Enter the email address to use:myEmail@adtran.commyemail@email.com
Generating request (including keys)....
The following example creates a CA certificate and begins the enrollment process using a locally stored
file:
(config)#crypto ca enroll MYPROFILE novol SELF.csr force-overwrite

crypto ca import <profile name> certificate

Use the crypto ca import certificate command to import a certificate manually via the console terminal.
crypto ca import <profile name> certificate

crypto ca import <profile name> certificate <drive> <name>
Syntax Description
<profile name> Specifies a certificate authority (CA) profile using an alphanumeric string
(up to 32 characters).
<drive> <name> Optional. Specifies the certificate to be imported is loaded from a file
Default Values
Command History
Functional Notes
Puts command line interface (CLI) in mode where the certificate can be entered manually. Enter quit and a
carriage return (or simply enter two consecutive carriage returns) to exit this mode. Abort this mode by
pressing Ctrl-C. This command only applies if the enrollment command is set to terminal. Refer to
enrollment terminal on page 5199.
Usage Examples
The following example imports a certificate via the console terminal:
(config)#crypto ca import MyProfile certificate

Enter the PM-encoded certificate. End with two consecutive
carriage returns or the word “quit” on a line by itself:
MIIDWTCCAwOgAwIBAgIKFLCsOgAAAAAAtjANBgkqhkiG9w0BAQUFADBjMQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQUxBQkFNQTETMBEGA1UEBxMKSHVudHN2aWxsZTEa
MBgGA1UEChMRQWR0cmFuVGVjaFN1cHBvcnQxETAPBgNVBAMTCHRzcm91dGVyMB4X
DTAzMDYyNTE0MTM1NVoXDTAzMTIwNjE0NDkxM1owJDEPMA0GA1UEChMGYWR0cmFu
MREwDwYDVQQDEwhNeVJvdXRlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQClUKqs
fbTalej5m9gk2DMsbC9df3TilBz+7nRx3ZzGw75AQsqEMYeBY5aWi62W59jmxGSE
WX+E8EwBVbZ6JKk5AgMBAAGjggHWMIIB0jAXBgNVHREEEDAOhwQKCgoKggZNeUZx
ZG4wHQYDVR0OBBYEFJAvBRIjx1PROnkZ4v0D89yB1eErMIGcBgNVHSMEgZQwgZGA
FHGwIRAr11495MgrLNPiLzjvrb4JoWekZTBjMQswCQYDVQQGEwJVUzEQMA4GA1UE
CBMHQUxBQkFNQTETMBEGA1UEBxMKSHVudHN2aWxsZTEaMBgGA1UEChMRQWR0cmFu

VGVjaFN1cHBvcnQxETAPBgNVBAMTCHRzcm91dGVyghAZql7OwISgsUhfaSeGh0Ot
MGkGA1UdHwRiMGAwLaAroCmGJ2h0dHA6Ly90c3JvdXRlci9DZXJ0RW5yb2xsL3Rz
cm91dGVyLmNybDAvoC2gK4YpZmlsZTovL1xcdHNyb3V0ZXJcQ2VydEVucm9sbFx0
c3JvdXRlci5jcmwwgY0GCCsGAQUFBwEBBIGAMH4wPAYIKwYBBQUHMAKGMGh0dHA6
Ly90c3JvdXRlci9DZXJ0RW5yb2xsL3Rzcm91dGVyX3Rzcm91dGVyLmNydDA+Bggr
BgEFBQcwAoYyZmlsZTovL1xcdHNyb3V0ZXJcQ2VydEVucm9sbFx0c3JvdXRlcl90
Success!
The following example specifies that locally stored SELF.pem is imported for CA profile MYPROFILE:
(config)#crypto ca import MYPROFILE certificate nonvol SELF.pem

crypto ca import <profile name> crl

Use the crypto ca import crl command to import a certificate revocation list (CRL) manually via the
console terminal. Variations of this command include:
crypto ca import <profile name> crl

crypto ca import <profile name> crl <drive> <name>
Syntax Description
<profile name> Specifies a certificate authority (CA) profile using an alphanumeric string
(up to 32 characters).
<drive> <name> Optional. Specifies the certificate to be imported is loaded from a file
Default Values
Command History
Functional Notes
Puts command line interface (CLI) in a mode where the CRL can be entered manually. Enter quit and a
carriage return (or simply enter two consecutive carriage returns) to exit this mode. This command only
applies if the enrollment command is set to terminal. Refer to enrollment terminal on page 5199.
Usage Examples
The following example allows you to manually paste in the CA’s CRL:
(config)#crypto ca import MYPROFILE crl

The following example allows you to paste a locally stored file into the CA’s CRL:
(config)#crypto ca import MYPROFILE crl nonvol SELF.pem

crypto ca profile <name>

Use the crypto ca profile command to define a certificate authority (CA) and to enter the CA Profile
Configuration. Use the no form of this command to disable this feature. Refer to CA Profile Command Set
on page 5195 for more information.
Syntax Description
<name> Creates a CA profile using an alphanumeric string (up to 32 characters).
Default Values
Command History
Functional Notes
Use this to specify the type of enrollment, as well as enrollment request parameters. Refer to the
Functional Notes of the command crypto ca enroll <profile name> on page 1233 for more information.
Usage Examples
The following example creates the CA profile called MyProfile and enters the CA Profile Configuration for
that certificate authority:
(config)#crypto ca profile MyProfile

Configuring New CA Profile MyProfile.
(ca-profile)#

crypto ike
Use the crypto ike command to define the system-level local ID for Internet key exchange (IKE)
negotiations and to enter the IKE Client or IKE Policy command sets. Use the no form of this command to
disable these features. Variations of this command include the following:
crypto ike client configuration pool <name>

crypto ike local-id address
crypto ike policy <value>
Syntax Description
client configuration pool <name> Creates a local pool, assigns it the name of your choice and
enters the IKE Client command set. Clients that connect via an
IKE policy that specifies this pool name will be assigned values
from this pool. Refer to the section IKE Policy Command Set on
page 5266 for more information.
local-id address Sets the local ID during IKE negotiation to be the IP address of
the interface from which the traffic exits. This setting can be
overridden on a per-policy basis using the local-id command.
Refer to local-id on page 5273 for more information.
policy <value> Creates an IKE policy, assigns the sequence number value of
your choice, and enters the IKE Policy command set. Refer to
section IKE Policy Command Set on page 5266 for more
information.
Default Values
Command History
Usage Examples
The following example creates an IKE policy with a policy priority setting of 1 and enters the IKE Policy for
that policy:
(config)#crypto ike policy 1

Technology Review
The following example configures an AOS product for virtual private network (VPN) using IKE aggressive
mode with preshared keys (PSKs). The AOS product can be set to initiate IKE negotiation in main mode or
aggressive mode. The product can be set to respond to IKE negotiation in main mode, aggressive mode,
or any mode. In this example, the device is configured to initiate in aggressive mode and to respond to any
mode.
This example assumes that the AOS product has been configured with a wide area network (WAN) IP
address of 63.97.45.57 on interface ppp 1 and a local area network (LAN) IP address of 10.10.10.254 on
interface ethernet 0/1. The peer private IP Subnet is 10.10.20.0.
Step 1:
Enter the Global Configuration mode (i.e., config terminal mode).
>enable
#configure terminal
Step 2:
Enable VPN support using the ip crypto command. This command allows crypto maps to be applied to
interfaces, and enables the IKE server to listen for IKE negotiation sessions on User Datagram Protocol
(UDP) port 500.
(config)#ip crypto
Step 3:
Set the local ID. During IKE negotiation, local IDs are exchanged between the local device and the peer
device. In AOS, the default setting for all local IDs are configured by the crypto ike local-id command.
The default setting is for all local IDs to be the IPv4 address of the interface over which the IKE negotiation
is occurring. In the future, a unique system-wide host name or fully qualified domain name (FQDN) could
be used for all IKE negotiation.
(config)#crypto ike local-id address
Step 4:
Create IKE policy. In order to use IKE negotiation, an IKE policy must be created. Within the system, a list
of IKE policies is maintained. Each IKE policy is given a priority number in the system. That priority number
defines the position of that IKE policy within the system list. When IKE negotiation is needed, the system
searches through the list, starting with the policy with priority of 1, looking for a match to the peer IP
address.
An individual IKE policy can override the system local ID setting by having the local-id command specified
in the IKE policy definition. This command in the IKE policy is used to specify the type of local ID and the
local ID data. The type can be of IPv4 address, FQDN, or user-specified FQDN.

An IKE policy may specify one or more peer IP addresses that will be allowed to connect to this system. To
specify multiple unique peer IP addresses, the peer A.B.C.D command is used multiple times within a
single IKE policy. To specify that all possible peers can use a default IKE policy, the peer any command is
given instead of the peer A.B.C.D command inside of the IKE policy. The policy with the peer any
command specified will match to any peer IP address (and, therefore, should be given the highest
numerical priority number). This will make the policy the last one to be compared against during IKE
negotiation.
(config)#crypto ike policy 10

(config-ike)#no local-id
(config-ike)#peer 63.105.15.129
(config-ike)#initiate aggressive
(config-ike)#respond anymode
(config-ike)#attribute 10
(config-ike-attribute)#encryption 3des
(config-ike-attribute)#hash sha
(config-ike-attribute)#authentication pre-share
(config-ike-attribute)#group 1
(config-ike-attribute)#lifetime 86400
Step 5:
Define the remote ID settings. The crypto ike remote-id command is used to define the remote ID for a
peer connecting to the system, specify the preshared key associated with the specific remote ID, and
(optionally) determine that the peer matching this remote ID should not use mode config (by using the
no-mode-config keyword). Refer to crypto ike remote-id on page 1243 for more information.
(config)#crypto ike remote-id address 63.105.15.129 preshared-key mysecret123
Step 6:
Define the transform-set. A transform set defines the encryption and/or authentication algorithms to be
used to secure the data transmitted over the VPN tunnel. Multiple transform sets may be defined in a
system. Once a transform set is defined, many different crypto maps within the system can reference it. In
this example, a transform set named highly_secure has been created. This transform set defines
encapsulating security payload (ESP) with authentication implemented using 3DES encryption and SHA1
authentication.
(config)#crypto ipsec transform-set highly_secure esp-3des esp-sha-hmac

(cfg-crypto-trans)#mode tunnel
Step 7:
Define an IP access list. An extended access control list (ACL) is used to specify which traffic needs to be
sent securely over the VPN tunnel. The entries in the list are defined with respect to the local system. The
source IP address will be the source of the traffic to be encrypted. The destination IP address will be the
receiver of the data on the other side of the VPN tunnel.
(config)#ip access-list extended corporate_traffic

(config-ext-nacl)#permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255 log deny ip any any

Step 8:
Create crypto map. A crypto map is used to define a set of encryption schemes to be used for a given
interface. A crypto map entry has a unique index within the crypto map set. The crypto map entry will
specify whether IKE is used to generate encryption keys or if manually specified keys will be used. The
crypto map entry will also specify who will be terminating the VPN tunnel, as well as which transform set or
sets will be used to encrypt and/or authenticate the traffic on that VPN tunnel. It also specifies the lifetime
of all created IPSec security associations (SAs).
(config)#crypto map corporate_vpn 1 ipsec-ike

(config-crypto-map)#match address corporate_traffic
(config-crypto-map)#set peer 63.105.15.129
(config-crypto-map)#set transform-set highly_secure
(config-crypto-map)#set security-association lifetime kilobytes 8000
(config-crypto-map)#set security-association lifetime seconds 28800
(config-crypto-map)#no set pfs
Step 9:
Configure a public interface. This process includes configuring the IP address for the interface and
applying the appropriate crypto map to the interface. Crypto maps are applied to the interface on which
encrypted traffic will be transmitted.
(config-ppp 1)#ip address 63.97.45.57 255.255.255.248
(config-ppp 1)#crypto map corporate_vpn
(config-ppp 1)#no shutdown
Step 10:
Configure a private interface. This process allows all traffic destined for the VPN tunnel to be routed to the
appropriate gateway.

(config-eth 0/1)#ip address 10.10.10.254 255.255.255.0
(config-eth 0/1)#no shutdown
(config-eth 0/1)#exit

crypto ike remote-id

Use the crypto ike remote-id command to specify the remote ID and to associate a preshared key with the
remote ID. Use the no form of this command to disable these features. Variations of this command include
the following:
crypto ike remote-id address <ip address>

crypto ike remote-id address <ip address> <option>
crypto ike remote-id any
crypto ike remote-id any <option>
crytpo ike remote-id asn1-dn <name>
crypto ike remote-id asn1-dn <name> <option>
crypto ike remote-id fqdn <name>
crypto ike remote-id fqdn <name> <option>
crypto ike remote-id user-fqdn <name>
crypto ike remote-id user-fqdn <name> <option>
The AOS virtual private network (VPN) feature must be enabled (using the ip crypto
command) for the VPN tunnel to be activated.
Syntax Description
address <ip address> Specifies a valid remote IP address. IP addresses should be
expressed in dotted decimal notation (for example,
10.10.10.1).
any Allows any remote ID (type and value).
asn1-dn <name> Specifies an abstract syntax notation distinguished name as
the remote ID (enter this value in (Lightweight Directory
Access Protocol (LDAP) format).
fqdn <name> Specifies a fully qualified domain name (FQDN) (e.g.,
adtran.com) as the remote ID.
user-fqdn <name> Specifies a user FQDN or email address (e.g.,
user1@adtran.com) as the remote ID.
<option> Specifies an optional parameter corresponding to this remote
ID. Optional parameters include the following list:
<wildcard mask> Optional. Specifies the wildcard mask that corresponds to a
range of IP addresses (network) or a specific host. Wildcard
masks are expressed in dotted decimal notation (for
example, 0.0.0.255).
crypto map <name> <number> Optional. Specifies the crypto map name and sequence
number this remote ID corresponds to.
ike policy <value> Optional. Specifies the Internet key exchange (IKE) policy
sequence number value this remote ID corresponds to.
preshared-key <key> Optional. Associates a preshared key with this remote ID.

no-mode-config Optional. Specifies that the peer matching this remote ID

should not use mode config.
no-xauth Optional. Specifies that the peer matching this remote ID
should not use Xauth.
nat-t [v1 l v2] [allow l force I disable] Optional. Denotes whether peers matching this remote ID
should allow, disable, or force network address translation
(NAT) traversal versions 1 or 2.
Default Values
Command History
Release 5.1 Command was expanded to include the any, asn1-dn, and no-xauth
subcommands.
Release 7.1 Command was expanded to include the NAT traversal commands.
Functional Notes
The fqdn and user-fqdn <fqdn> line can include wildcard characters. The wildcard characters are “*” for a
0 or more character match and “?” for a single character match. Currently, the “?” cannot be set up using
the command line interface (CLI), but it can be transferred to the unit via the startup-config.
Example for user-fqdn:
john*@domain.com
will match:
johndoe@domain.com
johnjohn@adtran.comjohnjohn@myemail.com
john@adtran.comjohn@myemail.com
Example for fqdn:
*.domain.com
will match:
www.domain.com
ftp.domain.com
one.www.domain.com

The address remote ID can be in the form of a single host address or in the form of an IP address
wildcard.
Example for address type:
crypto ike remote id address 10.10.10.0 0.0.0.255
will match:
10.10.10.1
10.10.10.2
and all IP addresses in the form of 10.10.10.X (where X is 0 to 255)
The asn1-dn <name> line can include wildcard characters. The wildcard characters are “*” for a 0 or more
character match and “?” for a single character match. Currently, the “?” cannot be set up using the CLI, but
it can be transferred to the unit via the startup-config.
Example for typical asn1-dn format with no wildcards:
crypto ike remote-id asn1-dn “CN=MyRouter, C=US, S=ALCA, L=Huntsville, O=Adtran,

OU=TechSupport”
(matches only remote ID strings with all fields exactly the same)
Example for typical asn1-dn format with wildcards used to match a string within a field:
crypto ike remote-id asn1-dn “CN=*, C=*, S=*, L=*, O=*, OU=*”
(matches any asn1-dn remote ID string from a peer)
Example for typical asn1-dn format with wildcards used to match a portion of the remote ID:
crypto ike remote-id asn1-dn “CN=*, C=US, S=ALCA, L=Huntsville, O=Adtran, OU=*”
(matches any remote ID string with the same values for the C, S, L, and O fields, and any values in the CN
and OU fields)
Example for typical asn1-dn format with wildcards used to match a portion of a field:
crypto ike remote-id asn1-dn “CN=My*, C=US, S=ALCA, L=Huntsville, O=Adtran, OU=TechSupport”
(matches remote ID strings with all fields exactly the same, but with any CN field beginning with “My”)
Usage Examples
The following example assigns a remote ID of 63.97.45.57 and associates the preshared key mysecret
with the remote ID:
(config)#crypto ike remote-id address 63.97.45.57 preshared-key mysecret

data-call
Use the data-call command to set the preauthentication defaults for inbound demand routing calls. Use the
no form of this command to return to the default setting. Variations of this command include:
data-call authentication protocol chap

data-call authentication protocol pap
data-call mtu <number>
data-call multilink
data-call sent authentication protocol chap
data-call sent authentication protocol pap
Syntax Description
authentication protocol Sets the authentication protocol expected for inbound calls. For more
detailed information on Challenge-Handshake Authentication Protocol
(CHAP) and Password Authentication Protocol (PAP), refer to the
Technology Review section of the command ppp authentication on
page 3177.
chap Configures CHAP authentication.
pap Configures PAP authentication.
mtu <number> Sets the maximum size for the transmit unit. Valid range is 64 to 1520.
Refer to the command peer default ip address <ipv4 address> on page
3175 for more detailed syntax descriptions.
multilink Enables the negotiation of multilink maximum receive unit (MRU) size
for inbound calls.
sent authentication protocol Sets the authentication protocol sent for inbound calls. For more
detailed information on CHAP and PAP, refer to the Technology Review
section of the command ppp authentication on page 3177.
Default Values
By default, the authentication protocol is not configured, multilink is disabled, and the maximum
transmission unit (MTU) size is 1500.
Command History
Functional Notes
There are certain Point-to-Point Protocol (PPP) parameters that must be known before PPP can negotiate
an inbound call when using demand routing. To ensure PPP convergence, it is recommended (in most
cases) that demand routing interfaces use the same settings as those specified in the data-call
commands. The data-call mtu <number> command sets the MTU and controls the negotiated MRU size
during incoming calls for Link Control Protocol (LCP) negotiation. If the PPP parameters do not match the
authenticated user, the link is renegotiated.

Usage Examples
The following example sets the authentication protocol expected for incoming calls to CHAP. The router
will then authenticate the peer using CHAP:
(config)#data-call authentication protocol chap
The following example specifies an MTU of 1200 on the demand routing interface:
(config)#data-call mtu 1200

data-plane cpu mode

Use the data-plane cpu mode command to specify the mode in which virtual AOS (vAOS) operates on
the central processing unit (CPU) of the host server. Use the no form of this command to return to the
default setting. Variations of this command include:
data-plane cpu mode shared

data-plane cpu mode dedicated
Syntax Description
shared Specifies that vAOS shares the data forwarding plane CPU with other
processes.
dedicated Specifies that vAOS does not share the data forwarding plane CPU with
other processes.
Default Values
By default, the vAOS CPU mode is set to shared.
Command History
Functional Notes
The shared mode is useful when other processes on the CPU must take priority over a vAOS
instance, or when multiple vAOS instances are stacked on a set of CPUs. Setting the vAOS
mode to shared may result in lower throughput. The dedicated mode is useful when the data
forwarding plane CPU does not need to be shared or when maximizing throughput.
Usage Examples
The following example specifies that vAOS does not share the data forwarding plane CPU with any other
processes:
(config)#data-plane cpu mode dedicated

desktop-auditing dhcp
Use the desktop-auditing dhcp command to enable desktop auditing. Using the no form of this command
disables desktop auditing.
Syntax Description
No subcommands.
Default Values
By default, desktop auditing is disabled.
Command History
Functional Notes
Desktop auditing is an AOS feature that collects network access protection (NAP) information through
NAP messages sent in Dynamic Host Configuration Protocol (DHCP) messages between clients
connected to the network and the network server.
Desktop auditing is configured by enabling the feature (using the desktop-auditing dhcp command) and
by configuring filters to limit the output of the collected NAP information. Information is limited by specifying
local desktop auditing policies. The configuration of these policies is outlined in Desktop Auditing Local
Policy Command Set on page 4380. For more information about desktop auditing, refer to the Configuring
Desktop Auditing in AOS configuration guide available online at https://supportcommunity.adtran.com.
Usage Examples
The following example enables the desktop auditing feature:
(config)#desktop-auditing dhcp

desktop-auditing local-policy
Use the desktop-auditing local-policy command to create a local policy for determining when connected
network clients are violators of that policy. This command both creates the policy and enters the local
policy configuration mode. Use the no form of this command to remove the local policy.
Command Syntax
No subcommands.
Default Values
By default, no local policies are configured and all network access protection (NAP) information for all
clients is monitored.
Command History
Functional Notes
Desktop auditing is an AOS feature that collects NAP information through NAP messages sent in Dynamic
Host Configuration Protocol (DHCP) messages between clients connected to the network and the network
server.
Desktop auditing is configured by enabling the feature (using the command desktop-auditing dhcp on page
1249) and by configuring filters to limit the output of the collected NAP information. Information is limited by
specifying local desktop auditing policies. The local policy determines when a network access protection
(NAP) client may be a violator by collecting NAP information for the connected clients and comparing them
to the configured policies. You can choose to monitor the client’s firewall state, antivirus state, antispyware
status, auto-update status, and security update status. Selecting these policies filters the collected client
information.
The configuration of these policies is outlined in Desktop Auditing Local Policy Command Set on page
4380. For more information about desktop auditing, refer to the Configuring Desktop Auditing in AOS
Usage Examples
The following example creates a desktop auditing local policy and enters the policy’s configuration mode:
(config)#desktop-auditing local-policy
(desktop-audit-policy)#

desktop-auditing timeout <days>

Use the desktop-auditing timeout command to specify the amount of time that the AOS unit keeps
network access protection (NAP) information collected through desktop auditing. Use the no form of this
command to return to the default timeout period.
Syntax Description
<days> Specifies the amount of time (in days) that desktop auditing stores collected
NAP information. Range is 0 to 49710.
Default Values
By default, desktop auditing is set to timeout in 0 days, meaning the collected NAP information is stored
indefinitely.
Command History
Functional Notes
Desktop auditing is an AOS feature that collects NAP information through NAP messages sent in Dynamic
Host Configuration Protocol (DHCP) messages between clients connected to the network and the network
server.
Desktop auditing is configured by enabling the feature (using the desktop-auditing dhcp command) and
by configuring filters to limit the output of the collected NAP information. Information is limited by specifying
local desktop auditing policies. The configuration of these policies is outlined in Desktop Auditing Local
Policy Command Set on page 4380. For more information about desktop auditing, refer to the Configuring
Desktop Auditing in AOS configuration guide available online at https://supportcommunity.adtran.com.
There is a storage limit of 2000 NAP entries on the AOS unit. When this limit is reached, new entries
overwrite the old entries.
Usage Examples
The following example specifies that NAP information collected by desktop auditing will expire in 7 days:
(config)#desktop-auditing timeout 7

domain-list <domain>
Use the domain-list command to add an entry to the Domain Name Server (DNS) domain list. DNS
appends the listed domains to a host name when attempting to resolve it. Use the no form of this command
to remove the domain list entry. Variations of this command include:
domain-list <domain>
domain-list vrf <name> <domain>
Syntax Description
<domain> Specifies the domain on which to create the domain list entry.
instance on which to create the domain list entry. If no VRF is specified, the
entry is created on the default VRF.
Default Values
By default, no domain list entries exist.
Command History
Usage Examples
The following example creates a domain list entry for DOMAIN1 on the default VRF instance:
(config)#domain-list DOMAIN1

domain-lookup
Use the domain-lookup command to enable and configure the IPv4 or IPv6 domain naming system
(DNS), allowing DNS-based host translation (name-to-address). Use the no form of this command to
disable DNS. Variations of this command include:
domain-lookup database local

domain-lookup database local ttl <value>
domain-lookup flush on-server-change
domain-lookup snmp trap first-failure
domain-lookup source-interface <interface>
domain-lookup vrf <vrf name> source-interface <interface>
Syntax Description
database local Specifies that a local file of the DNS table is stored on the AOS device.
This file is used to save the DNS table across a unit reboot.
ttl <value> Optional. Specifies the time to live (TTL) value of the DNS file stored
locally on the system. Valid range is 60 to 86400 seconds.
flush on-server-change Specifies that the DNS cache is cleared when the set of configured and
learned DNS servers has changed.
snmp trap first-failure Specifies that Simple Network Management Protocol (SNMP) traps are
used to send notifications when the first attempt at DNS resolution fails. In
order to use SNMP traps for DNS resolution failure, you must also enable
SNMP application traps using the command snmp-server enable traps on
page 1784.
source-interface <interface> Specifies an interface whose IP address will be used as the source IP
address in a DNS request. Specify an interface in the format <interface
interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; for a
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and for
a wireless virtual access point, use dot11ap 1/1.1. Type domain-lookup
source-interface ? for a complete list of valid interfaces.
vrf <vrf name> Optional. Specifies a nondefault VRF instance on which to change the
source interface address for DNS requests. If no VRF instance is
specified, the name server is added on the default unnamed VRF
instance.
Default Values
By default, DNS is enabled; however, the local, snmp trap, and source-interface features of the domain
lookup configuration are disabled by default. When the local DNS feature is enabled, the TTL value is
3600 seconds (one hour) by default.
Command History

internetworking products.
Release R10.1.0 Command syntax was changed to remove the ip keyword for ADTRAN
voice products.
Release R10.3.0 Command was expanded to include the local, snmp trap,
source-interface, and vrf parameters.
Release R13.2.0 Command was expanded to include the flush on-server-change
parameter.
Functional Notes
Use the domain-lookup command to enable the DNS client in the router. This will allow the user to input
Web addresses instead of IPv4 or IPv6 addresses for applications such as ping, Telnet, and traceroute.
Usage Examples
The following example enables DNS:
(config)#domain-lookup
The following example enables DNS and specifies that a local copy of the DNS table is saved on the AOS
unit:
(config)#domain-lookup local
The following example enables DNS and DNS SNMP reporting:
(config)#snmp-server enable traps application

(config)#domain-lookup snmp trap first-failure
The following example enables DNS and specifies that the IP address of the VLAN 1 interface on the VRF
instance RED is used for DNS requests:
(config)#domain-lookup vrf RED source-interface vlan 1

domain-name <domain name>

Use the domain-name command to define a default IPv4 or IPv6 domain name to be used by AOS to
resolve host names. Use the no form of this command to disable this function. Variations of this command
include:
domain-name <domain name>

domain-name vrf <name> <domain name>
Syntax Description
<domain name> Specifies the default IPv4 or IPv6 domain name used to resolve unqualified
host names. Do not include the initial period that separates the unresolved
name from the default domain name.
instance for the domain name.
Default Values
Command History
voice products.
Functional Notes
Use the domain-name command to set a default name that will be used to complete any IPv4 or IPv6 host
name that is invalid (i.e., any name that is not recognized by the name server). When this command is
enabled, any IPv4 or IPv6 host name that is not initially recognized will have the domain-name appended
to it and the request will be re-sent.
Each VRF instance has its own domain name. Specifying a VRF name in the command applies the domain
name to the named VRF. Issuing the command without specifying a VRF applies the command to the
default unnamed VRF.

Usage Examples
The following example defines adtran as the default domain name:
(config)#domain-name adtran
The following example defines adtran as the default domain name for the VRF RED:
(config)#domain-name vrf RED adtran

domain-proxy
Use the domain-proxy command to enable domain naming system (DNS) proxy for the default virtual
routing and forwarding (VRF) or for a specified VRF instance. This enables the router to act as a proxy for
other units on the network. Use the no form of this command to disable this feature. Variations of this
command include:
domain-proxy
domain-proxy failover
domain-proxy source-interface <interface>
domain-proxy vrf <name>
domain-proxy vrf <name> failover
domain-proxy vrf <name> source-interface <interface>
Syntax Description
failover Enables DNS failover mode on the default domain proxy.
source-interface <interface> Optional. Specifies the source interface for DNS packets. Specify an
interface in the format <interface type [slot/port | slot/port.subinterface id
| interface id | interface id.subinterface id]>. For example, for an
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1;
and for an ATM subinterface, use atm 1.1. Valid interfaces are those
that can have an IP address. Type source ? for a complete list of valid
interfaces.
vrf <name> Optional. Specifies a nondefault VRF on which to enable DNS proxy.
Default Values
Command History
Release 17.9 Command was expanded to include the source-interface parameter.
Release 18.2 Command was expanded to include the failover parameter.
voice products.
Release R10.3.0 Command was expanded to include the vrf parameter for
source-interface configurations.

Functional Notes
When this command is enabled, incoming DNS requests will be handled by the router. It will first search its
host table for the query, and if it is not found there, the request will be forwarded to the servers configured
with the command name-server on page 1614.
DNS failover allows the AOS unit to respond to a DNS request if the unit cannot reach the configured DNS
server and the entry exists in the unit’s DNS table as a preserved value. DNS failover is typically used with
the Voice of Internet Protocol (VoIP) name-server caching feature.
Usage Examples
The following example enables DNS proxy on the default VRF (router):
(config)#domain-proxy

dos-protection
Use the dos-protection command to enable and configure the denial of service (DoS) protection feature.
Use the no form of this command to disable the DoS protection feature. Variations of this command
include:
dos-protection all
dos-protection except <id>
dos-protection max-icmpv4-payload <bytes>
dos-protection max-icmpv6-payload <bytes>
dos-protection min-tcp-header <bytes>
Syntax Description
all Enables protection from all DoS attacks available in the feature.
except <ids> Enables protection from all available DoS attacks except those with the
listed threat ids.
max-icmpv4-payload <bytes> Sets the maximum ICMP payload size in bytes for IPv4 packets. Range
is 0 to 16 KB. Default is 512 bytes.
max-icmpv6-payload <bytes> Sets the maximum ICMP payload size in bytes for IPv6 packets. Range
is 0 to 16 KB. Default is 512 bytes.
min-tcp-header <bytes> Sets the minimum TCP header size in bytes. Range is 0 to 255 bytes.
Default is 20 bytes.
Default Values
Command History
Functional Notes
The show dos-id command is used to obtain the DoS threat IDs necessary to create exceptions using the
dos-protection except <id> version of this command.
Usage Examples
The following example configures the DoS protection feature to protect against all available threats except
threat ID 40:
(config)#dos-protection except 40

dot11ap access-point-control
Use the dot11ap access-point-control command to globally enable the access point controller logic on the
platform. Use the no form of this command to disable the access controller (AC) logic on the platform.
Syntax Description
No subcommands.
Default Values
By default, the AC logic is disabled.
Command History
Usage Examples
The following example enables the AC logic:
(config)#dot11ap access-point-control

dynamic-counter <slot/index>
Use the dynamic-counter command to create a dynamic counter and enter the Dynamic Counter
Configuration mode. Use the no form of this command to remove the dynamic counter.
Syntax Description
<slot/index> Specifies the slot and port of the dynamic counter in the format <slot/index>.
For example, 0/1.
Default Values
By default, no dynamic counters exist.
Command History
Usage Examples
The following example creates dynamic counter 0/1 and enters the Dynamic Counter Configuration mode:
(config)#dynamic-counter 0/1
(config-dyn-count 0/1)#

enable password <password>

Use the enable password command to define a password (with optional encryption and privilege level) for
accessing the Enable mode. Use the no enable password command to remove a configured password.
enable password level <level> <password>

enable password md5 <password>
enable password md5 level <level> <password>
enable password <password>
To prevent unauthorized users from accessing the configuration functions of your device,
immediately define an Enable-level password.
Syntax Description
level <level> Optional. Specifies the privilege level for this enable password. Valid range
is 1 through 7.
md5 Optional. Specifies message digest 5 (MD5) as the encryption protocol to
use when displaying the Enable password during show commands. If the
md5 keyword is not used, encryption is not used when displaying the
Enable password during show commands.
<password> Specifies the Enable password using a string (up to 30 characters in
length).
Default Values
By default, there is no password configured for the Enable mode. By default, when an enable password is
configured without specifying a privilege level, the privilege level assigned is 7.
Command History
Release R10.11.0 Command was expanded to include the level parameter.
Usage Examples
The following example configures the enable password as ADTRAN with md5 encryption, and specifies
privilege level 4:
(config)#enable password md5 level 4 ADTRAN

!

To provide extra security, AOS can encrypt the Enable password when displaying the current configuration.
For example, the following is a show configuration printout (password portion) with an unencrypted
Enable password (ADTRAN):
!
enable password ADTRAN
!
Alternately, the following is a show configuration printout (password portion) with an Enable password of
ADTRAN using MD5 encryption:
!
enable password md5 encrypted 5aa5fbae7d01a90e79fb57705ce74676
!

ethernet ce-vlan-tpid <value>

Use the ethernet ce-vlan-tpid command to specify that tag protocol identifiers (TPIDs) other than 0x8100
are accepted on the user network interface (UNI) that is matching on customer edge (CE) virtual local area
network (VLAN) ID or priority. Use the no form of this command to return to the default setting.
Syntax Description
<value> Specifies the hexadecimal value of the EtherType to accept, for example,
0x88a8.
Default Values
By default, no special global handling of TPIDs is configured, and Ethernet virtual connection (EVC) maps
accept and process packets with a CE VLAN TIPID of 0x8100.
Command History
Functional Note
All EVC maps default to the globally-specified EtherType for CE VLAN ID matching. In addition, all EVC
maps default to using the specified EtherType for adding CE VLAN IDs to traffic flowing in the Metro
Ethernet Network (MEN) to UNI direction when the CE VLAN ID is not preserved as well as using the
specified EtherType for adding c-tags to traffic flowing in the UNI to MEN direction. For more information,
refer to the Carrier Ethernet Services in AOS configuration guide available online at
You can override the global setting to return to the default value of 0x8100 on a per-map basis using the no
ce-vlan-tpid command from the EVC map’s configuration mode.
Usage Examples
The following example globally configures the accepted CE VLAN EtherType as 0x88a8:
(config)#ethernet ce-vlan-tpid 0x88a8

ethernet cfm
Use the ethernet cfm command to enable Ethernet operations, administration, and maintenance (OAM)
connectivity fault management (CFM) on the AOS device. Use the no form of this command to disable
Ethernet OAM CFM.
Syntax Description
No subcommands.
Default Values
By default, Ethernet OAM CFM is disabled.
Command History
Functional Notes
For more information regarding specific Ethernet OAM CFM configuration commands, refer to the Ethernet
OAM CFM Command Set on page 4390.
Usage Examples
The following example enables Ethernet OAM CFM on an AOS device:
(config)#ethernet cfm

ethernet cfm domain

Use the ethernet cfm domain command to enable and create an Ethernet operations, administration, and
maintenance (OAM) connectivity fault management (CFM) maintenance domain (MD). Use the no form
of this command to remove the MD. Variations of this command include:
ethernet cfm domain <name> level <level>

ethernet cfm domain none level <level>
Syntax Description
domain <name> Specifies the MD’s name. The name can be up to 42 characters in length.
level <level> Specifies the MD’s maintenance level. Range is 0 to 7.
none Specifies that the MD’s name is not used to create the maintenance
association ID (MAID).
Default Values
By default, no MDs exist.
Command History
Functional Notes
This command not only creates and enables the MD, it also enters the MD Configuration mode. From the
MD Configuration mode, maintenance associations (MAs) and maintenance endpoints (MEPs) can be
configured. For more information on configuring MAs and MEPs, refer to the Ethernet OAM CFM
Command Set on page 4390. When the no form of this command is used, the MD is deleted, as well as
any MAs and MEPs defined with the domain.
The domain name serves two purposes. One is to provide a text label used in the device configuration to
identify a particular domain, the other is to construct an MAID. The MAID is included in CFM continuity
check messages (CCMs), and identifies the MA to which the transmitting MEP belongs. The MAID also
allows MEPs receiving CCMs to detect CFM error conditions.
Because each MEP supported on an AOS device port or interface must be at a different MD level, each
MEP on a particular port or interface will have to be configured on a separate MD.
For more information about Ethernet OAM CFM and its operation on AOS products, refer to the Ethernet
OAM CFM in AOS configuration guide available online at https://supportcommunity.adtran.com.

Usage Examples
The following example creates, enables, and enters the configuration mode of a MD named Domain1,
created on level 6:
(config)#ethernet cfm domain Domain1 level 6

(config-ecfm-domain)#

ethernet cfm log-changes

Use the ethernet cfm log-changes command to enable Ethernet operations, administration, and
maintenance (OAM) connectivity fault management (CFM) warning messages on the AOS device.
Warning messages are generated when remote maintenance endpoint (MEP) defects are detected. The no
form of this command causes the warning messages to appear as debug messages.
Syntax Description
No subcommands.
Default Values
By default, warning messages are disabled.
Command History
Functional Notes
Usage Examples
The following example enables Ethernet OAM CFM warning messages:
(config)#ethernet cfm log-changes

ethernet flow-control-accept
Use the ethernet flow-control-accept command to include 802.3 media access control (MAC) control
frames in the L2 discard counters when an Ethernet Virtual Circuit (EVC) map is configured to match
L2CP traffic and discard all matched traffic. Depending on the EVC map configuration, the 802.3 MAC
control frames are either counted by the L2 Discard Action counter or the L2 Discard counter when this
feature is enabled (refer to the Functional Notes below). Use the no form of this command to disable this
feature.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
In typical carrier Ethernet configurations, all Layer 2 incoming frames on the user network interface (UNI)
port of a carrier Ethernet device are matched against the criteria specified in the evc-map configured on
the UNI port. Frames that match the specified criteria are typically forwarded through on the associated
EVC.
However, EVC maps can be configured to discard any frames matching the evc-map criteria. When the
EVC map is configured to match L2CP traffic (using the command match on page 3696), as well as
discard any matching traffic (using the command connect discard on page 3695), then all L2CP traffic is
discarded. (Refer to the Carrier Ethernet EVC Map Command Set on page 3690 for more information
about the connect discard and match commands used in EVC map configuration).
Using the ethernet flow-control-accept command, in addition to an EVC map configured to discard L2CP
traffic, allows 802.3 MAC control frames to be counted as part of the discarded traffic in the L2 Discard
Action counter.
Using the ethernet flow-control-accept command in addition to EVC maps that are not configured to
match L2CP traffic, specifies that the 802.3 MAC control frames are counted as part of the discarded traffic
in the L2 Discard counter.

Usage Examples
The following example configure an EVC map, named L2CP_Discard, to discard all L2CP traffic, and then
uses the ethernet flow-control-accept command to specify that 802.3 MAC control frames will also be
counted in the L2 Discard Action counter:
(config)#evc-map L2CP_Discard
(config-evc-map L2CP_Discard)#match l2cp
(config-evc-map L2CP_Discard)#connect uni gigabit-ethernet 0/3
(config-evc-map L2CP_Discard)#connect discard
(config-evc-map L2CP_Discard)#no ce-vlan-tpid
(config-evc-map L2CP_Discard)#no shutdown
(config-evc-map L2CP_Discard)#exit
(config)#ethernet flow-control-accept
The following example configures an EVC map, named L2CP_NoMatch, that does not have L2CP traffic
specified as matching criteria, and then uses the ethernet flow-control-accept command to specify that
802.3 MAC control frames are counted in the L2 Discard counter:
(config)#evc-map L2CP_NoMatch
(config-evc-map L2CP_NoMatch)#connect uni gigabit-ethernet 0/3
(config-evc-map L2CP_NoMatch)#connect discard
(config-evc-map L2CP_NoMatch)#no ce-vlan-tpid
(config-evc-map L2CP_NoMatch)#no shutdown
(config-evc-map L2CP_NoMatch)#exit
(config)#ethernet flow-control-accept

ethernet lmi
Use the ethernet lmi command to configure the Ethernet local management interface (E-LMI) polling
parameters. Use the no form of this command to return the E-LMI polling parameters to the default value.
ethernet lmi n393 <value>

ethernet lmi t392 <value>
ethernet lmi t392 0
Syntax Description
n393 <value> Configures the E-LMI operational polling status counter. Valid range is 2 to
10.
t392 <value> Configures the E-LMI polling timer in seconds. Valid range is 5 to 30
seconds.
t392 0 Disables the E-LMI polling timer.
Default Values
By default, the E-LMI polling status counter is set to 4, and the polling timer is set to 15 seconds.
Command History
Usage Examples
The following example configures the E-LMI polling status counter:
(config)#ethernet lmi n393 8

The following example disables the E-LMI polling timer:
(config)#ethernet lmi t392 0

ethernet loopback facility <name> <slot>

Use the ethernet loopback facility command to create a facility loopback object and enter the Facility
MAC Swap Loopback Configuration mode. Use the no form of this command to delete the facility
loopback object.
Syntax Description
<name> Specifies the name of the facility loopback object.
<slot> Specifies the slot identifier of the facility loopback object.
Default Values
Command History
Functional Notes
In a facility media access control (MAC) swap loopback test, traffic is looped back upon ingressing the
AOS unit. A flow ingressing the Metro Ethernet network (MEN) port interface is turned back toward that
interface immediately upon entering the switch fabric. This loopback incorporates only the conditioning
associated with the device’s MEN port (shaping). Facility loopbacks are commonly used to validate
round-trip data flow between a test head and a remote device’s interface to the Ethernet backhaul. For
more information regarding facility loopback objects and facility MAC swap loopback, refer to Facility MAC
Swap Loopback Command Set on page 3727.
Usage Examples
The following example creates a facility loopback object named FACILITY and enters the Facility MAC
Swap Loopback Configuration mode:
(config)#ethernet loopback facility FACILITY 0

Facility loopback “FACILITY” created
(config-eth-lbk-fac FACILITY 0)#

ethernet loopback system mac address

Use the ethernet loopback system mac address command to create a system loopback media access
control (MAC) address that can be used for all MAC swap loopback tests. Use the no form of this
command to delete the system loopback MAC address. Variations of this command include:
ethernet loopback system mac address<mac address>

ethernet loopback system mac address none
Syntax Description
in the following format: xx:xx:xx:xx:xx:xx (for example, 00:A0:C8:00:00:01).
none Specifies that the system loopback MAC address is not assigned.
Default Values
By default, no system loopback MAC address is defined.
Command History
Functional Notes
In a loopback test, a signal is transmitted to a remote device, where it is returned (looped back) to the
transmitting device. The transmitted and received signals can then be compared to prove circuit
connectivity, isolate faults, and analyze characteristics of the data flow. Ethernet MAC swap loopback tests
are analogous to traditional loopback tests employed in time division multiplexing (TDM) networks.
However, in MAC swap loopbacks, the source MAC address and destination MAC addresses in the frame
are swapped when the data is returned so that the incoming source and destination addresses become the
outgoing destination and source addresses, respectively. This address swap is necessary because
Ethernet address rules do not allow frames containing the same source MAC address to arrive from
different ports on a device. For more information regarding facility loopback objects and facility MAC swap
loopback, refer to Facility MAC Swap Loopback Command Set on page 3727.
Usage Examples
The following example configures the system loopback MAC address 00:A0:C8:00:00:01::
(config)#ethernet loopback system mac address 00:A0:C8:00:00:01

ethernet loopback terminal <name> <slot>

Use the ethernet loopback terminal command to create a terminal loopback object and enter the Carrier
Ethernet Terminal Loopback Configuration mode. Use the no form of this command to delete the terminal
loopback object.
Syntax Description
<name> Specifies the name of the terminal loopback object.
<slot> Specifies the slot identifier of the terminal loopback object.
Default Values
Command History
Functional Notes
In a Carrier Ethernet terminal loopback test, traffic is sent up-stream to a remote AOS device and then
looped back just prior to egressing the remote AOS unit. A flow approaching the remote device’s user
network interface (UNI) port interface is turned back toward the switch fabric as close as possible to the
UNI interface and returns traffic to the originating AOS device that is subject the same conditioning
associated with the remote device’s configured egress queue management and classification rules for
down-stream traffic (such as Quality of Service (QoS) policers, shapers, matching criteria, and queues).
Terminal loopbacks are commonly used to validate how a remote devices perform QoS on down-stream
traffic by providing insight into rate limiting functionality on configured policers, traffic prioritization in egress
queues, and traffic shaping as it is looped back towards the originating device.
For more information regarding terminal loopback objects and carrier Ethernet terminal loopback tests,
refer to Carrier Ethernet Terminal Loopback Command Set on page 3724.
Usage Examples
The following example creates a terminal loopback object named TERMINAL and enters the Carrier
Ethernet Terminal Loopback Configuration mode:
(config)#ethernet loopback terminal TERMINAL 0

Terminal loopback “TERMINAL” created
(config-eth-lbk-term TERMINAL 0)#

ethernet nni
Use the ethernet nni command to enable strict priority traffic management on the specified
network-to-network interface (NNI). When enabled, all traffic, no matter the class, that is destined to the
NNI is given a higher priority than traffic on all other user network interfaces (UNIs). Use the no form of
this command disable strict priority traffic management on the specified NNI. Variations of this command
include:
ethernet nni efm-group <slot/group>

ethernet nni gigabit-ethernet <slot/port>
Syntax Description
efm-group <slot/group> Specifies an Ethernet in the first mile (EFM) group interface as the NNI
on which strict priority traffic management is enabled. Valid group range
is 1 to 1024.
gigabit-ethernet <slot/port> Specifies a Gigabit Ethernet interface as the NNI on which strict priority
traffic management is enabled.
Default Values
By default, the NNI is not specified and strict priority traffic management is disabled.
Command History
Usage Examples
The following example configures the EFM group 1/1 as the NNI with the highest priority traffic:
(config)#ethernet nni efm-group 1/1

ethernet s-tag-tpid <data>

Use the ethernet s-tag-tpid command to specify the Tag Protocol Identifier (TPID) used on all applied
s-tags. Use the no form of this command to return to the default setting.
Syntax Description
<data> Specifies a hex pattern to define the TPID. Valid range is 0x0800 to
0xFFFF.
Default Values
By default, the TPID value is 8100.
Command History
Usage Examples
The following example specifies the TPID for s-tags as 88a8:
(config)#ethernet s-tag-tpid 88a8

ethernet y1731 enable

Use the ethernet y1731 enable command to enable the Y.1731 subsystem. Use the no form of this
command to disable the Y.1731 subsystem. Variations of this command include:
ethernet y1731 enable

ethernet y1731 enable down-mep md-level-check-filter
Syntax Description
down-mep md-level-check-filter Optional. Enables Y.1731 frames received on a
UNI port to be discarded if the MD level of the
Y.1731 frame is less than or equal to the MEG
level of the down MEP configured on the device.
Default Values
By default, the Y.1731 sub-system is disabled.
Command History
Release R13.6.0 Command was expanded to include the down-mep md-level-check-filter
parameter.
Usage Examples
The following example enables the Y.1731 subsystem:
(config)#ethernet y1731 enable

ethernet y1731 file-save consumption-limit

Use the ethernet y1731 file-save consumption-limit command to specify the maximum amount of
memory that can be used to store Y.1731 performance monitoring log files. The limit specified must be
larger than the space consumed by one performance monitoring file in order to allow the file to be written
to memory. Use the no form of this command to return to the default value. Variations of this command
include:
ethernet y1731 file-save consumption-limit frame-delay two-way <memory>

ethernet y1731 file-save consumption-limit frame-loss single-ended <memory>
ethernet y1731 file-save consumption-limit frame-loss synthetic single-ended <memory>
Syntax Description
frame-delay two-way <memory> Specifies the maximum amount of memory in
bytes used by two-way frame delay (ETH-DM)
performance monitoring logs. Valid range is 1000
to 4294967295.
frame-loss single-ended <memory> Specifies the maximum amount of memory in
bytes used by single-ended frame loss (ETH-LM)
performance monitoring logs. Valid range is 1000
to 4294967295.
frame-loss synthetic single-ended <memory> Specifies the maximum amount of memory in
bytes used by single-ended synthetic frame loss
(ETH-SLM) performance monitoring logs. Valid
range is 1000 to 4294967295.
Default Values
By default, the maximum memory used by each performance monitoring log file type is 1000000 bytes.
Command History
Functional Notes
By default, each time a new measurement interval occurs during a Y.1731 performance monitoring
session, ETH-DM, ETH-LM, and ETH-SLM, the data from the previous interval is overwritten. The
performance monitoring file save feature allows performance monitoring logs to be stored in memory in a
series of hour-long log files. The unit records session data to the current log file at user-specified intervals.
At the end of the user-specified log lifetime, the logs are rotated out in a first-in first-out fashion; the oldest
files are deleted to make room for the new files. Each performance monitoring session type is stored in a
separate file in the user-specified directory. The file is automatically named by the unit using the following
format:
<device serial>_<DM | LM | SLM>.Data_<date and time>.pm.xz[.current]

Parameter Description
<device serial> Specifies the serial number of the unit.
DM Specifies that the file is a single-ended (two-way) frame delay log.
LM Specifies that the file is a single-ended frame loss log.
SLM Specifies that the file is a single-ended synthetic frame loss log.
<date and time> Specifes the date and time at which the log ends in the format
YYYY-MM-DD_hh.mm.ss, for example: 2014-12-30_14:00:00. This specifies the
last time interval that the file will be written.
.pm.xz Specifies the file extension of the log file.
.current Appended to files that are still in use and could have data written to them.
The following example is a sample ETH-SLM file name that is no longer writable:
LBADTN340767_SLM.Data_2014-12-04_15.00.00.pm.xz
The following example is a sample ETH-LM file name of a file to which the unit is currently writing:
LBADTN340767_LM.Data_2014-12-04_15.00.00.pm.xz.current
If the file directory for the log files is changed, the files in the previous save directory will
not be deleted for log rotation. Log rotation only occurs for files in the currently-specified
save directory.
If any of the following conditions occur during a measurement interval, the measurement will be considered
suspect, and it will be marked with a suspect flag:
• There is loss of continuity (LOC) during a measurement interval. If the LOC alarm is raised in the
maintenance entity group end point (MEP) by continuity check messages (CCMs) during a
measurement interval, the suspect flag will be raised for that measurement interval.
• The clock is adjusted by more than 10 seconds. If the system clock is adjusted by more than 10 seconds
during a measurement interval, the suspect flag will be raised.
• The performance monitoring session is started during a measurement interval. If the session starts
during a measurement interval (for example, a performance monitoring session is initiated at 3:00 with
a measurement interval of 5 minutes, and the start time is set to 3 minutes after 3:00) then the suspect
flag will be raised for that measurement interval.
• The performance session is stopped during a measurement interval. If the session stops during a
measurement interval (for example, a performance monitoring session was initiated at 3:00 with a
measurement interval of 5 minutes, and the stop time is set to 3 minutes after 3:00) then the suspect
• The Ethernet virtual circuit (EVC) status transitions to Not Running during a measurement interval. If
the EVC over which the performance monitoring session is conducted transitions to a Not Running
state during a measurement interval, the suspect flag will be raised for that measurement interval.
• The MEP transitions to an Unavailable or Out of Service state during a measurement interval. If the
MEP goes to an Unavailable or Out of Service state during a measurement interval, the suspect flag
will be raised for that measurement interval.

Usage Examples
The following example specifies that ETH-LM performance monitoring logs should use a maximum of
2000000 bytes:
(config)#ethernet y1731 file-save consumption-limit frame-loss single-ended 2000000

ethernet y1731 file-save directory flash <directory>

Use the ethernet y1731 file-save directory flash <directory> command to specify the directory used to
store Y.1731 performance monitoring log files. Use the no form of this command to save performance
monitoring log files in the default directory.
Syntax Description
<directory> Specifies the name of the directory in which to store Y.1731 performance
monitoring logs.
Default Values
By default, the Y.1731 performance monitoring log files are saved in the y1731_pm_files directory in
flash.
Command History
Functional Notes
format:

save directory.
Usage Examples
The following example specifies that Y.1731 performance monitoring logs should be saved in the
y1731_logs directory in flash:
(config)#ethernet y1731 file-save directory flash y1731_logs

ethernet y1731 file-save interval <interval>

Use the ethernet y1731 file-save directory interval <interval> command to specify the frequency with
which Y.1731 performance monitoring data will be written to the log files. Use the no form of this
Syntax Description
<interval> Specifies the frequency (in seconds) with which Y.1731 performance
monitoring data is written to to the log files. Valid range is 300 to 3600
seconds.
Default Values
By default, data is written to the Y.1731 performance monitoring log files every 900 seconds (15 minutes).
Command History
Functional Notes
format:

save directory.
Usage Examples
The following example specifies that data is written to the Y.1731 performance monitoring logs every 300
seconds (5 minutes):
(config)#ethernet y1731 file-save interval 300

ethernet y1731 file-save lifetime

Use the ethernet y1731 file-save lifetime command to specify the amount of time a performance
monitoring log file will remain in memory before the is rotated out. The oldest file is deleted from memory
when a new log file must be written. Use the no form to return to the default value. Variations of this
command include:
ethernet y1731 file-save lifetime <lifetime>

ethernet y1731 file-save lifetime unlimited
Syntax Description
<lifetime> Specifies the number of seconds that log files will be kept (as long as the
consumption limit is not exceeded). Valid range is 3600 to 4294967295.
unlimited Specifies that logs will be kept indefinitely.
Default Values
By default, the Y.1731 performance monitoring log files have a lifetime of 86400 seconds.
Command History
Functional Notes
format:

save directory.
Usage Examples
The following example specifies that Y.1731 performance monitoring logs should have a lifetime of 604800
(one week):
(config)#ethernet y1731 file-save lifetime 604800

ethernet y1731 linktrace-cache

Use the ethernet y1731 linktrace-cache command to configure the Y.1731 subsystem’s linktrace cache
settings. Use the no form of this command to return to the default setting. Variations of this command
include:
ethernet y1731 linktrace-cache hold-time <minutes>

ethernet y1731 linktrace-cache size <value>
Syntax Description
hold-time <minutes> Configures how long linktrace replies are maintained in the linktrace cache.
Valid range is 1 to 100 minutes.
size <value> Configures the maximum number of entires maintained in the linktrace
cache. Valid range is 10 to 500 entries.
Default Values
By default, linktrace replies are maintained in the linktrace cache for 33 minutes, and a maximum of 100
entries is maintained in the linktrace cache.
Command History
Usage Examples
The following example configures the unit to maintain linktrace replies in the cache for 100 minutes :
(config)#ethernet y1731 linktrace-cache hold-time 100

ethernet y1731 meg

Use the ethernet y1731 meg command to create a Y.1731 maintenance entity group (MEG) and access the
Y.1731 MEG Configuration mode. Use the no form of this command to remove the specified MEG.
ethernet y1731 meg char-string <name> level <value>

ethernet y1731 meg icc-umc <name> level <value>
Syntax Description
char-string <name> Specifies a MEG name using a character string format. Maximum length is
45 ASCII characters.
icc-umc <name> Specifies a MEG name using the ITU-CarrierCode Unique MEG ID Code
MEG (ICC-UMC) format. Maximum length is 13 ASCII characters.
level <value> Specifies the MEG level. Valid range is 0 to 7.
Default Values
By default, no MEGs are configured.
Command History
Usage Examples
The following example creates a MEG using the character string format with a MEG level of 1:
(config)#ethernet y1731 meg char-string meg1 level 1

evc <name>
Use the evc command to create an Ethernet virtual connection (EVC) and enter the EVC configuration
mode. Using the no form of this command removes the EVC from the AOS unit’s configuration.
Syntax Description
<name> Specifies the name for the EVC.
Default Values
By default, no EVCs are configured.
Command History
Functional Notes
The EVC connects two endpoints (for example, an Ethernet in the first mile (EFM) group and the Gigabit
Ethernet interface) and passes Ethernet service frames though the endpoints. The EVCs prevent data
transfer between subscriber sites that are not part of the same EVC, thus providing data privacy and
security similar to a Frame Relay or an asynchronous transfer mode (ATM) permanent virtual circuit (PVC).
EVCs are configured to be part of a bonding group (EFM group).
More information about the configuration of EVCs can be found in the MEF EVC Command Set on page
3659.
Usage Examples
The following example creates an EVC named DATA and enters the EVC configuration mode:
(config)#evc DATA
(config-evc-DATA)#

evc-map <name>
Use the mef evc-map command to create a Layer2/Layer 3 Ethernet virtual connection (EVC) map and
enter the EVC Map Configuration mode. The EVC map is used to match traffic to a specific EVC using
matching criteria similar to that of quality of service (QoS) matching. Using the no form of this command
removes the EVC map from the AOS unit’s configuration.
Syntax Description
<name> Specifies the name of the EVC map.
Default Values
By default, no EVC maps are configured.
Command History
Functional Notes
Once an EVC map is created, it must be configured and applied to both an EVC and a user network
interface (UNI). For more information about the configuration of EVC maps, refer to MEF EVC Map
Usage Examples
The following example creates the EVC map Map1 and enters the EVC Map Configuration mode:
(config)#evc-map Map1

event-history on
Use the event-history on command to enable event logging for the AOS system. Event log messages will
not be recorded unless this command has been issued (regardless of the event-history priority
configured). The event log may be displayed using the show event-history command. Use the no form of
this command to disable the event log.
Syntax Description
No subcommands.
Default Values
By default, the AOS event logging capabilities are disabled.
Command History
Functional Notes
Use the event history as a troubleshooting tool when identifying system issues. The following is a sample
event history log.
#show event-history
Using 526 bytes
2002.07.12 15:34:01 T1.t1 1/1 Yellow
2002.07.12 15:34:02 T1.t1 1/1 No Alarms
Usage Examples
The following example enables the AOS event logging feature:
(config)#event-history on

event-history priority
Use the event-history priority command to set the threshold for events stored in the event history. All
events with the specified priority or higher will be kept for viewing in the local event log. The event log
may be displayed using the show event-history command. Use the no form of this command to keep
specified priorities from being logged. Variations of this command include:
event-history priority debug

event-history priority error
event-history priority fatal
event-history priority info
event-history priority notice
event-history priority warning
Syntax Description
debug Logs subsystem debugging events.
error Logs events with error and fatal priorities.
fatal Logs only events with a fatal priority.
info Logs all events.
notice Logs events with notice, warning, error, and fatal priorities.
warning Logs events with warning, error, and fatal priorities.
Default Values
By default, no event messages are logged to the event history.
Command History
Release R10.1.0 Command was expanded to include the debug keyword.
Functional Notes
Use the event history as a troubleshooting tool when identifying system issues. The following is a sample
event history log.
#show event-history
Using 526 bytes
2002.07.12 15:34:01 T1.t1 1/1 Yellow
2002.07.12 15:34:02 T1.t1 1/1 No Alarms

Usage Examples
The following example logs all events to the event history:
(config)#event-history priority info

event-history size <size>

Use the event-history size command to change the event log size for the AOS system. Use the no form of
this command to return to the default setting.
Syntax Description
<size> Specifies the log size in kilobytes. The valid range is 6 to 256.
Default Values
By default, the event log size is 6 kilobytes.
Command History
Functional Notes
Event log messages will not be recorded unless the event-history on command has been issued
(regardless of the event-history priority configured). The event log can be displayed using the show
event-history command.
Usage Examples
The following example sets the event history log to 256 kilobytes:
(config)#event-history size 256

exception memory minimum <value>

Use the exception memory minimum command to initiate a reboot when the specified minimum amount
of memory is no longer available. This ensures that adequate memory is available to store an exception
report. Use the no form of this command to disable rebooting when the minimum memory limitation is
violated.
Executing the exception memory minimum command may cause the unit to reboot.
ADTRAN recommends only using this command if advised by ADTRAN Technical Support.
Syntax Description
<value> Specifies the minimum amount of memory (in bytes) that must be free
before a reboot occurs.
Default Values
By default, exception memory minimum is disabled.
Command History
Usage Examples
The following example sets the exception memory minimum to 3 MB:
(config)#exception memory minimum 30000000

exception report
Use the exception report command to specify the name of the output file for the exception report. Use the
exception report
exception report file-name <filename>
Syntax Description
file-name <filename> Optional. Specifies a file name for the exception report other than the
default file name.
Default Values
By default, the exception report file name is exception report-yyyyMMddHHmmss. (The
yyyyMMddHHmmss will be automatically replaced with the actual year, month, day, hour, minutes, and
seconds.)
Command History
Usage Examples
The following example specifies example as the name of the output file for an exception report:
(config)#exception report file-name example

(config)#exit
Exception report generated.
#show flash
1744 startup-config
45676 example-20050708080537
#config t
(config)#no exception report file-name
(config)#exit
Appropriate commands must be issued to preserve configuration.
Exception report generated.
#show flash
1744 startup-config
45676 example-20050708080537
45900 exception-report-20050708080552

ffe wildcard
Use the ffe wildcard command to enable RapidRoute flow bundling for all interfaces within an Internet
Protocol (IP) address family. Use the no form of this command to disable RapidRoute flow bundling on all
interfaces within an IP address family. Variations of this command include:
ip ffe wildcard
ipv6 ffe wildcard
Syntax Description
ip Specifies that flow bundling is disabled on all interfaces within the IP
version 4 (IPv4) address family.
ipv6 Specifies that flow bundling is disabled on all interfaces within the IP
version 6 (IPv6) address family.
Default Values
RapidRoute flow bundling is enabled by default.
Command History
Functional Notes
RapidRoute flow bundling is enabled and automatically activated on most AOS products. This command is
typically used in the no form to disable flow bundling and all wildcards for all interfaces in a particular
address family. This may be needed when flow bundling is interacting with another AOS feature and it
needs to be disabled. Entering the command in regular form re-enables flow bundling for all interfaces in
the specified address family.
Usage Examples
The following example disables RapidRoute flow bundling and wildcards for all interfaces in the IPv4
address family:
(config)#no ip ffe wildcard

filesystem throttle
Use the filesystem throttle command to enable File Transfer Protocol (FTP) throttling. Enabling this
command limits the number of FTP sessions, the maximum number of large files open at one time, the size
of the large files, and the number of open files that are smaller than the large file size. Use the no form of
this command to disable FTP throttling.
Syntax Description
No subcommands.
Default Values
By default, FTP throttling is disabled.
Command History
Functional Notes
When FTP throttling is enabled, the following limits are imposed on FTP sessions:
Maximum FTP Sessions: 24

Large File Size: 30 MB
Maximum Number of Large Files Open: 2
Number of files less than Large File Size open for FTP: FTP Session limit (24)
When FTP throttling is disabled, the following limits are imposed on FTP sessions:
Maximum FTP Sessions: 100

Large File Size: unlimited
Maximum Number of Large Files Open: unlimited
Number of files less than Large File Size open for FTP: FTP Session limit (100)
Usage Examples
The following example enables FTP throttling:
(config)#filesystem throttle

ftp authentication <listname>

Use the ftp authentication command to specify that an authentication, authorization, and accounting
(AAA) authentication method list is used by the AOS device’s internal File Transfer Protocol (FTP) server
for FTP authentication. AAA must be enabled to apply the method list to FTP authentication. Use the no
form of this command to remove the authentication method list from FTP authentication.
Syntax Description
<listname> Specifies the AAA authentication method list to apply to FTP authentication.
Default Values
By default, no AAA authentication method list is applied to FTP. If AAA is enabled (using the command aaa
on on page 1179), but no list is assigned to FTP, FTP automatically uses the local user list for
authentication.
Command History
Functional Notes
AAA must be enabled for an authentication list to be applied to FTP authentication. For more information
on enabling AAA, refer to the command aaa on on page 1179.
AAA authentication lists for use with FTP can be lists that control user login permissions or lists that control
user Enable mode access permissions. These lists are created using the following commands: aaa
authentication login on page 1161 and aaa authentication enable default on page 1157.
For more information on AAA configuration, refer to the configuration guide Configuring AAA in AOS
Usage Examples
The following example attaches the authentication method list MyList to the FTP server:
(config)#ftp authentication MyList

garp timer <value>

Use the garp timer command to adjust the timers used in all Generic Attribute Registration Protocol
(GARP) applications (currently only GARP VLAN Registration Protocol (GVRP)) on the switch. Use the
garp timer join <value>

garp timer leave <value>
garp timer leaveall <value>
Syntax Description
join <value> Specifies the timer value (in milliseconds) between GARP application join
messages.
leave <value> Specifies the timer value (in milliseconds) between GARP application leave
messages (must be at least three times longer than the join timer).
leaveall <value> Specifies the timer value (in milliseconds) between GARP application leave
all messages (must be greater than the leave timer).
Default Values
By default, the join timer is 200 milliseconds, the leave timer is 600 milliseconds, and the leaveall timer is
10000 milliseconds.
Command History
Functional Notes
All devices communicating using GARP in the network need to have the same values for these timers.
Changing these values is not recommended.
Usage Examples
The following example specifies the time (in milliseconds) between GARP application leave all messages:
(config)#garp timer leaveall 20000

global-policer warning
Use the global-policer warning command to enable virtual AOS (vAOS) global policer warning event
generation for both rate usage and dropped packet messages. Use the no form of this command to disable
the warning messages.
Syntax Description
No subcommands.
Default Values
By default, vAOS global policer event messages are enabled.
Command History
Usage Examples
The following example disables vAOS global policer event messages:
(config)#no global-policer warning

global-policer warning threshold dropped-packets <number>

Use the global-policer warning threshold dropped-packets command to configure a threshold for
generating a virtual AOS (vAOS) global policer dropped packets warning event. Use the no form of this
command to return the dropped packet threshold to the default value.
Syntax Description
<number> Specifies the dropped packet threshold for generating vAOS global policer
warning messages. Valid range is 1 to 4294967295 packets.
Default Values
By default, a vAOS global policer warning message is generated when over 10000 packets are dropped
during the five minute warning period.
Command History
Functional Notes
When the number of packets dropped due to exceeding the vAOS licensed bandwidth exceeds the
specified threshold during the five minute warning period, a warning message will be generated. This
message can be useful in determining the cause of dropped packets in the network.
Usage Examples
The following example specifies that vAOS global policer warning messages are sent when more than
675000 packets are dropped during the five minute warning period:
(config)#global-policer warning threshold dropped-packets 675000

global-policer warning threshold rate-percent <percent>

Use the global-policer warning threshold rate-percent command to specify that when the virtual AOS
(vAOS) actual traffic rate exceeds the specified percentage of the total licensed data rate during the
warning period (five minutes), a warning message is generated. Use the no form of this command to return
the rate percent threshold to the default value.
Syntax Description
<percent> Specifies the percent threshold for generating vAOS global policer warning
messages. Valid range is 1 to 99 percent.
Default Values
By default, vAOS global policer messages are generated when 90 percent of the total licensed data rate is
exceeded within a five minute period.
Command History
Functional Notes
Traffic is not actually dropped by the vAOS global policer when this threshold is exceeded unless the
licensed bandwidth is exceeded. This warning message can be useful in determining if additional vAOS
bandwidth should be purchased.
Usage Examples
The following example configures the vAOS data usage rate that generates a warning message as 75
percent:
(config)#global-policer warning threshold rate-percent 75

gvrp
Use the gvrp command to enable GARP VLAN Registration Protocol (GVRP) on the switch globally. Use
the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
By default, GVRP is disabled.
Command History
Functional Notes
Disabling GVRP globally will disable GVRP on all interfaces.
Usage Examples
The following example enables GVRP on the switch globally:
(config)#gvrp

hmr intercept
Use the hmr intercept command to configure the Session Initiation Protocol (SIP) header manipulation
rules (HMR) intercept feature, and enter the HMR Intercept Configuration mode. Use the no form of this
command to remove the HMR intercept feature configuration.
Syntax Description
No subcommands.
Default Values
By default, no HMR intercept policies exist, and the feature is disabled.
Command History
Functional Notes
HMR intercept is a mechanism that allows standard HMR policies to be used to alter the flow of selected
SIP requests. HMR intercept policies, when created and enabled, are given first access to inbound SIP
requests. These policies can be used to generate a request response, block the processing of a request,
or modify a request before other SIP agents within the device gain control of the request.
The HMR intercept policy’s rules are evaluated to determine whether one or more rules match a given SIP
request. If a match occurs, all rules that match within the policy are applied to the traffic in the same way
that inbound or outbound HMR policies are applied. In addition, HMR intercept actions assigned to the
intercept policy are applied to the SIP request.
For more information about the HMR intercept policy rules and actions, refer to the HMR Intercept
Command Set on page 4797. For more information about SIP HMR, refer to the configuration guide
Manipulating SIP Headers and Messages in AOS, available online at
Usage Examples
The following example enters the HMR Intercept Policy configuration mode:
(config)#hmr intercept
(config-hmr-intercept)#

hmr policy <name>

Use the hmr policy command to create a Session Initiation Protocol (SIP) header manipulation rule
(HMR) policy and enter the policy’s configuration mode. The HMR policy is a named collection of one or
more HMR rule sets, and the policy is used to apply the rule sets to specific SIP traffic, SIP proxy user
traffic, SIP proxy server traffic, or trunks. Use the no version of this command to remove the HMR policy.
Syntax Descriptions
<name> Specifies the name of the HMR policy.
Default Values
By default, no HMR policies exist.
Command History
Functional Notes
SIP header manipulation is achieved by creating an HMR policy, a set of HMR rules, and applying those
rules to the HMR policy. The policy is then applied to a SIP trunk, to all SIP traffic on the AOS device, to
SIP traffic sent or received by a SIP proxy user, or to a SIP traffic sent or received by a SIP proxy server.
The HMR policies can be applied to either inbound or outbound SIP traffic. For more information about
configuring SIP HMR policies, refer to HMR Command Set on page 4747 or the configuration guide
Usage Examples
The following example creates the SIP HMR policy MYPOLICY1, and enters the policy’s configuration
mode:
(config)#hmr policy MYPOLICY1

(config-policy-MYPOLICY1)#

hmr rule-set <name>

Use the hmr rule-set command to create a Session Initiation Protocol (SIP) header manipulation rule
(HMR) rule set. An HMR rule set is a named collection of one or more sequenced message rules used for
SIP header and message manipulation. When a rule set is applied to a message, all matching message rules
are processed in sequence. Use the no form of this command to remove the HMR rule set.
Syntax Description
<name> Specifies the name of the HMR rule set. Names must be unique for each
configured rule set.
Default Values
By default, no HMR rule sets are configured.
Command History
Functional Notes
HMR rule sets are used to apply message rules to SIP traffic. These message rules are a collection of one
or more SIP header commands, that determine the types of SIP headers to act upon, and the action to be
taken. For more information about the configuration of SIP HMR rules and rule sets, refer to HMR
Command Set on page 4747 or the configuration guide Manipulating SIP Headers and Messages in AOS,
Usage Examples
The following example creates the HMR rule set SET1, and enters the rule set’s configuration mode:
(config)#hmr rule-set SET1

(config-rule-set-SET1)#

hmr set public-variable <variable> new-value <pattern>

Use the hmr set public-variable command to specify a public variable to be used with Session Initiation
Protocol (SIP) header manipulation rule (HMR) configurations. Use the no form of this command to
remove the public variable.
Public variables for SIP HMR can be set globally using this command, or from the HMR
Message Rule Configuration Mode (refer to HMR Command Set on page 4747 for more
information).
Syntax Description
<variable> Specifies the variable to be set.
<pattern> Specifies the new value to be used by the variable. The pattern can be a
regular expression or a text string.
Default Values
By default, no public variables are configured.
Command History
Functional Notes
For more information about the creation and use of public variables in SIP HMR, refer to the configuration
guide Manipulating SIP Headers and Messages in AOS, available online at
Usage Examples
The following example sets the value of the public variable paiTest:
(config)#hmr set public-variable paiTest new-value match

host
Use the host command to define an Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6)
host name either for the default virtual routing and forwarding (VRF) or for a specified VRF instance. This
allows you to statically enter host names and addresses in the host table. Use the no form of this command
to remove the static entries. Variations of this command include:
host <hostname> <ipv4 address>

host <hostname> <ipv6 address>
host vrf <name> <hostname> <ipv4 address>
host vrf <name> <hostname> <ipv6 address>
Syntax Description
<hostname> Defines the name of the host being added to the host table.
<ipv4 address> Specifies the IPv4 address associated with the host name. IPv4 addresses
<ipv6 address> Specifies the IPv6 address associated with the host name. IPv6 addresses
should be expressed in colon hexadecimal format (X:X:X:X::X). For
example, 2001:DB8:1::1.
vrf <name> Optional. Specifies a nondefault VRF instance on which to define the IPv4
or IPv6 host name. If no VRF instance is specified, the host name is defined
on the default unnamed VRF instance.
Default Values
By default, there are no static hosts configured.
Command History
Release 18.3 Command was expanded to include the <ipv6 address> parameter. In
addition, the command syntax was changed to remove the ip keyword for
ADTRAN internetworking products.
Release R10.1.0 The command syntax was changed to remove the ip keyword for ADTRAN
voice products.
Functional Notes
The host name can be any combination of numbers and letters as long as it is not a valid IPv4 or IPv6
address or does not exceed 256 characters.
VRF instances on AOS products allow a single physical router to be partitioned into multiple virtual routers.
Each router instance has its own route table and interface assignments. Beginning with Release 16.1, all
AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed default VRF instance

Usage Examples
The following example defines three static entries to the host table:
(config)#host mac 10.2.0.2

(config)#host dal 172.38.7.12
(config)#host name1 2001:DB8:1::1

hostname <name>
Use the hostname command to create a name used to identify the unit. This alphanumeric string should be
used as a unique description for the unit. This string will be displayed in all prompts. Use the no form of
this command to remove a host name.
Syntax Description
<name> Identifies the unit using an alphanumeric string up to 32 characters.
Default Values
By default, the host name is router.
Command History
Usage Examples
The following example creates a host name for the AOS device of ATL_RTR to identify the system as the
Atlanta router:
(config)#hostname ATL_RTR

http authentication <listname>

Use the http authentication command to assign a specified authentication, authorization, and accounting
(AAA) list to use in authentication to the AOS device’s Hypertext Transfer Protocol (HTTP) or HTTP
secure (HTTPS) server. AAA must be enabled (using the command aaa on on page 1179) before you can
apply an AAA list to HTTP authentication. Use the no form of this command to remove the AAA list name
from HTTP authentication.
Syntax Description
<listname> Specifies the AAA list to use in authentication to the AOS device’s
HTTP/HTTPS server.
Default Values
By default, no HTTP/HTTPS authentication is configured.
Command History
voice products.
Usage Examples
The following example assigns the AAA list Mylist1 to HTTP authentication:
(config)#http authentication Mylist1

http ip access-class <ipv4 acl name> in

se the http ip access-class in command to restrict access to the Internet Protocol version 4 (IPv4)
Hypertext Transfer Protocol (HTTP) server using the specified IPv4 access control list (ACL). Use the no
form of this command to remove the IPv4 ACL from the HTTP connection. Variations of this command
include:
http ip access-class <ipv4 acl name> in

http ip access-class <ipv4 acl name> in any-vrf
http ip access-class <ipv4 acl name> in vrf <name>
Syntax Description
<ipv4 acl name> Specifies the previously configured IPv4 ACL to use for IPv4 HTTP access
restriction.
in Specifies that the ACL is applied to incoming IPv4 HTTP connections.
any-vrf Optional. Allows incoming IPv4 HTTP connections from any virtual routing
and forwarding (VRF) instance.
vrf <name> Optional. Allows incoming IPv4 HTTP connections from a specified VRF
instance.
Default Values
By default, no IPv4 ACLs are applied to IPv4 HTTP connections.
Command History
Release 18.3 Command syntax was changed to relocate the ip keyword for IPv6 support
Release R10.1.0 Command syntax was changed to relocate the ip keyword for IPv6 support
Release R10.7.0 Command was expanded to include the any-vrf and vrf <name>
parameters.
Usage Examples
The following example specifies that IPv4 HTTP access is restricted by applying the previously configured
IPv4 ACL (MyIPv4ACL):
(config)#http ip access-class MyIPv4ACL in

http ip secure-access-class <ipv4 acl name> in

Use the http ip secure-access-class in command to restrict access to the Internet Protocol version 4 (IPv4)
Hypertext Transfer Protocol secure (HTTPS) server using the specified IPv4 access control list (ACL).
Use the no form of this command to remove the IPv4 ACL from the HTTPS connection. Variations of this
command include:
http ip secure-access-class <ipv4 acl name> in

http ip secure-access-class <ipv4 acl name> in any-vrf
http ip secure-access-class <ipv4 acl name> in vrf <name>
Syntax Description
<ipv4 acl name> Specifies the previously configured IPv4 ACL to use for HTTPS access
restriction.
in Specifies that the ACL is applied to incoming IPv4 HTTPS connections.
any-vrf Optional. Allows incoming IPv4 HTTPS connections from any virtual routing
vrf <name> Optional. Allows incoming IPv4 HTTPS connections from a specified VRF
instance.
Default Values
By default, no IPv4 ACLs are applied to HTTPS connections.
Command History
Release 18.3 Command syntax was changed to relocate the ip keyword for IPv6 support
Release R10.1.0 Command syntax was changed to relocate the ip keyword for IPv6 support
parameters.
Usage Examples
The following example specifies that HTTPS access is restricted by applying the previously configured
(config)#http ip secure-access-class MyIPv4ACL in

http ipv6 access-class <ipv6 acl name> in

Use the http ipv6 access-class in command to restrict access to the Internet Protocol version 6 (IPv6)
Hypertext Transfer Protocol (HTTP) server using the specified IPv6 access control list (ACL). Use the no
form of this command to remove the IPv6 ACL from the HTTP connection. Variations of this command
include:
http ipv6 access-class <ipv6 acl name> in

http ipv6 access-class <ipv6 acl name> in any-vrf
http ipv6 access-class <ipv6 acl name> in vrf <name>
Syntax Description
<ipv6 acl name> Specifies the previously configured IPv6 ACL to use for HTTP access
restriction.
in Specifies that the ACL is applied to incoming IPv6 HTTP connections.
any-vrf Optional. Allows incoming IPv6 HTTP connections from any virtual routing
vrf <name> Optional. Allows incoming IPv6 HTTP connections from a specified VRF
instance.
Default Values
By default, no IPv6 ACLs are applied to HTTP connections.
Command History
parameters.
Usage Examples
The following example specifies that HTTP access is restricted by applying the previously configured IPv6
ACL (MyIPv6ACL):
(config)#http ipv6 access-class MyIPv6ACL in

http ipv6 secure-access-class <ipv6 acl name> in

Use the http ipv6 secure-access-class in command to restrict access to the Internet Protocol version 6
(IPv6) Hypertext Transfer Protocol secure (HTTPS) server using the specified IPv6 access control list
(ACL). Use the no form of this command to remove the IPv6 ACL from the HTTPS connection.
http ipv6 secure-access-class <ipv6 acl name> in

http ipv6 secure-access-class <ipv6 acl name> in any-vrf
http ipv6 secure-access-class <ipv6 acl name> in vrf <name>
Syntax Description
<ipv6 acl name> Specifies the previously configured IPv6 ACL to use for HTTPS access
restriction.
in Specifies that the ACL is applied to incoming IPv6 HTTPS connections.
any-vrf Optional. Allows incoming IPv6 HTTPS connections from any virtual routing
vrf <name> Optional. Allows incoming IPv6 HTTPS connections from a specified VRF
instance.
Default Values
By default, no IPv6 ACLs are applied to HTTPS connections.
Command History
parameters.
Usage Examples
The following example specifies that HTTPS access is restricted by applying the previously configured
(config)#http ip secure-access-class MyIPv6ACL in

http language
Use the http language command to specify the language of the Web-based Graphical User Interface (GUI)
on the AOS device. Use the no form of this command to return the GUI language to the default value.
http language english

http language frenchcanadian
http language italian
http language latinamspanish
http language simplifiedchinese
Syntax Description
english Specifies the GUI language is English.
frenchcanadian Specifies the GUI language is French Canadian.
italian Specifies the GUI language is Italian.
latinamspanish Specifies the GUI language is Latin American Spanish.
simplifiedchinese Specifies the GUI language is Simplified Chinese.
Default Values
By default, the GUI is displayed in English.
Command History
Release 13.1 Command was expanded to include Italian.
Release 14.1 Command was expanded to include French Canadian, Latin American
Spanish, and Simplified Chinese languages.
Release 18.3 Command syntax was changed to remove the ip keyword to support IPv6 in
voice products.
Usage Examples
The following example specifies that the AOS GUI is displayed in French Canadian:
(config)#http language frenchcanadian

http report errors

Use the http report errors command to store a Hypertext Transfer Protocol (HTTP) error report on the
unit’s primary Flash memory when an HTTP server error occurs. The report is subsequently sent to the
email address(es) specified by the command logging email error-report address-list <email address> ;
<email address> on page 1575. Use the no form of this command to disable HTTP error reporting.
Syntax Description
No subcommands.
Default Values
By default, HTTP error reporting is enabled.
Command History
Usage Examples
The following example enables HTTP error reporting:
(config)#http report errors

http secure-ciphersuite
Use the http secure-ciphersuite command to enable a secure sockets layer (SSL) cipher suite on
Hypertext Transfer Protocol (HTTP) and HTTP secure (HTTPS) connections. Use the no form of this
command to remove the SSL cipher suite configuration. Variations of this command include:
http secure-ciphersuite aes128-sha

http secure-ciphersuite aes256-sha
http secure-ciphersuite des-cbc-md5
http secure-ciphersuite des-cbc-sha
http secure-ciphersuite des-cbc3-md5
http secure-ciphersuite des-cbc3-sha
http secure-ciphersuite dhe-rsa-aes128-sha
http secure-ciphersuite dhe-rsa-aes256-sha
http secure-ciphersuite edh-rsa-des-cbc-sha
http secure-ciphersuite edh-rsa-des-cbc3-sha
http secure-ciphersuite rc4-md5
http secure-ciphersuite rc4-sha
Syntax Description
aes128-sha Enables a secure sockets layer version 3.0 (SSLv3) cipher suite with the
following properties:
Key exchange algorithm (Kx) = Rivest, Sharmir, and Adleman (RSA)
Authentication (Auth) = RSA
Bulk encryption algorithm (E) = 128-bit Advanced Encryption Standard
(AES)
Hash function (Hash) = secure hash algorithm 1 (SHA-1)
aes256-sha Enables an SSLv3 cipher suite with the following properties:
Kx = RSA
Auth = RSA
E = 256-bit AES
Hash = SHA-1
des-cbc-md5 Enables a secure sockets layer version 2.0 (SSLv2) cipher suite with the
following properties:
Kx = RSA
Auth = RSA
E = 56-bit Data Encryption Standard (DES)
Hash = message-digest algorithm (MD5)
des-cbc-sha Enables an SSLv3 cipher suite with the following properties:
Kx = RSA
Auth = RSA
E = 56-bit DES
Hash = SHA-1

des-cbc3-md5 Enables an SSLv2 cipher suite with the following properties:

Kx = RSA
Auth = RSA
E = 168-bit Triple-DES (3DES)
Hash = MD5
des-cbc3-sha Enables an SSLv3 cipher suite with the following properties:
Kx = RSA
Auth = RSA
E = 168-bit 3DES
Hash = SHA-1
dhe-rsa-aes128-sha Enables an SSLv3 cipher suite with the following properties:
Kx = DH)
Auth = RSA
E = 128-bit AES
Hash = SHA-1
dhe-rsa-aes256-sha Enables an SSLv3 cipher suite with the following properties:
Kx = DH
Auth = RSA
E = 256-bit AES
Hash = SHA-1
edh-rsa-des-cbc-sha Enables an SSLv3 cipher suite with the following properties:
Kx = DH
Auth = RSA
E = 56-bit DES
Hash = SHA-1
edh-rsa-des-cbc3-sha Enables an SSLv3 cipher suite with the following properties:
Kx = DH
Auth = RSA
E = 168-bit 3DES
Hash = SHA-1
rc4-md5 Enables an SSLv2 or SSLv3 cipher suite with the following properties:
Kx = RSA
Auth = RSA
E = 128-bit Rivest Cipher 4 (RC4)
Hash = MD5
rc4-sha Enables an SSLv3 cipher suite with the following properties:
Kx = RSA
Auth = RSA
E = 128-bit RC4
Hash = SHA-1
Default Values
By default, no cipher suites are enabled.

Command History
voice products.
Usage Examples
The following example enables the SSL cipher suite rc4-sha for HTTP connections:
(config)#http secure-ciphersuite rc4-sha

http secure-server
Use the http secure-server command to enable the Hypertext Transfer Protocol (HTTP) secure (HTTPS)
server and specify the server use secure sockets layer (SSL) version 3. Use the no form of this command to
disable the HTTP server. Variations of this command include:
http secure-server
http secure-server allow-tls1.0
http secure-server allow-tls1.0 allow-tls1.1
http secure-server allow-tls1.0 allow-tls1.1 allow-sslv3
http secure-server allow-tls1.0 allow-sslv3
http secure-server allow-tls1.1
http secure-server allow-tls1.1 allow-sslv3
http secure-server allow-sslv3
http secure-server <TCP port>
http secure-server <TCP port> allow-tls1.0
http secure-server <TCP port> allow-tls1.0 allow-tls1.1
http secure-server <TCP port> allow-tls1.0 allow-tls1.1 allow-sslv3
http secure-server <TCP port> allow-tls1.0 allow-sslv3
http secure-server <TCP port> allow-tls1.1
http secure-server <TCP port> allow-tls1.1 allow-sslv3
http secure-server <TCP port> allow-sslv3
Syntax Description
allow-tls1.0 Optional. Allows the server to use Transport Layer Security protocol
version 1.0. If allow-tls1.0 is enabled, SSLv3 can also optionally be
enabled.
allow-tls1.1 Optional. Allows the server to use TLS protocol version 1.1. If allow-tls1.1 is
enabled, SSLv3 can also optionally be enabled.
allow-sslv3 Optional. Allows the server to use SSLv3. If SSLv3 is enabled, TLS
version 1.0 is automatically enabled.
<TCP port> Optional. Specifies an alternate Transmission Control Protocol (TCP) port to
use for HTTPS connections.
Default Values
By default, the HTTP secure server is disabled. When the HTTP secure server is enabled, it uses SSLv3
by default.
Command History
Release 17.6 Command was expanded to include the allow-sslv2 parameter.

voice products.
Release R12.3.0 Command was changed to remove the allow-sslv2 keyword. In addition,
the allow-tls1.0 and allow-sslv3 parameters were added.
Usage Examples
The following example enables the HTTP secure server:
(config)#http secure-server

http server
Use the http server command to enable the Hypertext Transfer Protocol (HTTP) server on the AOS
device. Enabling the server enables Web access to the AOS unit. Use the no form of this command to
disable the HTTP server. Variations of this command include:
http server
http server <TCP port>
Syntax Description
<TCP port> Optional. Specifies an alternate Transmission Control Protocol (TCP) port
for the HTTP server.
Default Values
By default, the HTTP server is disabled.
Command History
voice products.
Usage Examples
The following example enables the HTTP server:
(config)#http server

http session-limit <number>

Use the http session-limit command to set the maximum number of Hypertext Transfer Protocol (HTTP)
or HTTP secure (HTTPS) sessions allowed on the AOS device. Use the no form of this command to return
the maximum number of allowed sessions to the default value.
Syntax Description
<number> Specifies the maximum number of allowed HTTP/HTTPS sessions. Valid
range is 0 to 100 sessions.
Default Values
By default, up to 100 HTTP/HTTPS sessions are allowed.
Command History
Release 18.3 Command syntax was changed to remove the ip keyword for IPv6 in
voice products.
Usage Examples
The following example limits the maximum number of allowed HTTP sessions to 75:
(config)#http session-limit 75

http session-timeout <value>

Use the http session-timeout command to set the Hypertext Transfer Protocol (HTTP) or HTTP secure
(HTTPS) session timeout value. Use the no form of this command to return the session timeout period to
the default value.
Syntax Description
<value> Specifies the HTTP/HTTPS session timeout period. Valid range is 10 to
86400 seconds.
Default Values
By default, the HTTP/HTTPS session times out after 600 seconds.
Command History
voice products.
Usage Examples
The following example changes the HTTP session timeout period to 1500 seconds:
(config)#http session-timeout 1500

http source-interface <interface>

Use the http source-interface command to specify a source interface for Hypertext Transfer Protocol
(HTTP) traffic originated by the AOS unit. Specifying the virtual routing and forwarding (VRF) instance
using the vrf <name> keyword applies the configuration to the named VRF instance. Omitting the vrf
<name> keyword applies the configuration to the default unnamed VRF. The IP address of the specified
interface will be used to source all HTTP traffic. Use the no form of this command if you do not wish to
override the default source IP address. Variations of this command include:
http source-interface <interface>

http vrf <name> source-interface <interface>
This command pertains to the HTTP client and not the HTTP server.
Syntax Description
<interface> Specifies the source interface for HTTP traffic. Specify an interface in the
wireless virtual access point, use dot11ap 1/1.1. Type ip http
vrf <name> Specifies the name of the VRF to which to configure the source interface.
Default Values
By default, no HTTP source interface is defined.
Command History
interface.
Ethernet interface.
voice products.
parameters.

Functional Notes
This command allows you to override the Sender field in the IP packet. If you have multiple interfaces in
your unit, changing the Sender tells the receiver where to send replies. This functionality can also be used
to allow packets to get through firewalls that would normally block the flow.
of whether multi-VRF is configured.
Usage Examples
The following example configures the unit to use the loopback 1 interface as the source IP for HTTP
traffic:
(config)#http source-interface loopback 1
The following example configures the unit to use the loopback 1 interface as the source IP for HTTP traffic
on VRF RED:
(config)#http vrf RED source-interface loopback 1

hw-access-map <name>
Use the hw-access-map command to create and name a hardware access map. This command also enters
the map’s configuration mode. Using the no form of this command deletes the hardware access map.
For a complete list of all hardware access map configuration commands, refer to the
Hardware ACL and Access Map Command Set on page 4220.
Syntax Description
<name> Specifies the name of the hardware access map.
Default Values
By default, all AOS security features are disabled, and there are no configured hardware access maps.
Command History
Functional Notes
This command only creates an empty hardware access map, it does not configure it. For additional
hardware access map configuration commands and configuration parameters, refer to the Hardware ACL
and Access Map Command Set on page 4220 or the Hardware ACLs in AOS configuration guide available
Usage Examples
The following example creates a hardware access map Map1 and enters the hardware access map
configuration mode:
(config)#hw-access-map Map1
(config-hw-access-map)#
Technology Review
Hardware access maps can only forward traffic. This action can be performed based on the criteria
outlined in a single IP hardware access control list (ACL), a single medium access control (MAC) hardware
ACL, or both. Like the hardware ACLs, the hardware access map will match traffic in top-down order.
If you configure the access map to reference a nonexistent IP or MAC hardware ACL, the ACL will be
created. Note that this newly created ACL will have permit any as the default entry because no other
entries are present.

Hardware access maps are not active until they are applied to a VLAN. For instructions on how to apply an
access map to a VLAN, refer to vlan <vlan id> on page 1874.
Changing hardware ACL or hardware access map configuration or application causes

new information to be reinstalled on the hardware. It is possible to run out of hardware
resources depending on how many resources are needed to apply the desired change. If
there are not enough hardware resources to install the new criteria in the hardware, an
error message is displayed. You can view the amount of hardware resources available
using the command show hw-filter-resource on page 669.

interface efm-group
Use the interface efm-group command to create an Ethernet in the first mile (EFM) group and enter the
group’s configuration. Use the no form of this command to remove the EFM group. Variations of this
command include:
interface efm-group <group number>

interface efm-group <slot/group>
interface efm-group <slot/group.subinterface id>
Syntax Description
<group number> Specifies the EFM group for use with Metro Ethernet Forum (MEF)
configurations. Range is 1 to 1024.
<slot/group> Specifies the EFM group for use with carrier Ethernet Ethernet virtual
connections (EVCs). The slot is the slot in which the interfaces bonded to
the group reside. Group range is 1 to 1024.
<slot/group.subinterface id> Creates a Layer 3 subinterface on the Metro Ethernet network (MEN) port
for Layer 3 services and enters the subinterface’s configuration mode.
Default Values
By default, no EFM groups exist.
Command History
Release R10.10.0 Command was expanded to include EFM group configuration for EVCs and
Layer 3 subinterfaces on the MEN port.
Functional Notes
The EFM group is a logical interface that represents the EFM bonding group. The interfaces that are
connected to the EFM group provide physical links to carry the bonded traffic. For more information about
configuring the EFM group for MEF, refer to MEF EFM Group Command Set on page 3584. For more
information about configuring the EFM group for EVCs or Layer 3 subinterfaces, refer to Carrier Ethernet
EFM Group Command Set on page 3676.
Usage Examples
The following example creates EFM group 1 for MEF configurations and enters the group’s configuration
mode:
(config)#interface efm-group 1
(config-efm-group 1)#

interface mef-ethernet <slot/port>

Use the interface mef-ethernet command to enter the Metro Ethernet Forum (MEF) Ethernet Interface
Configuration mode.
Syntax Description
<slot/port> Specifies the slot and port of the MEF Ethernet interface.
Default Values
Command History
Functional Notes
The MEF Ethernet interface is a virtual interface that provides connection between the Ethernet in the first
mile (EFM) network interface module (NIM2) and the AOS unit.
If you are using 802.1q encapsulation, you must have a native VLAN MEF Ethernet subinterface
configured for the EFM NIM2 to communicate with the AOS unit.
For more information about the MEF Ethernet interface, refer to MEF Ethernet Interface on page 3589. For
more information about the configuration of EFM NIM2s and the MEF Ethernet interface, refer to the
Configuring EFM NIM2s and the MEF Ethernet Interface in AOS configuration guide available online at
Usage Examples
The following example enters the configuration mode for MEF Ethernet interface in slot 1 port 1:
(config)#interface mef-ethernet 1/1

interface range <interface type> <slot/port> - <slot/port>

Use the interface range command to enter configuration mode for a range of interfaces.
Syntax Description
<interface type> Specifies the interface type (e.g., Ethernet, Gigabit Ethernet, etc.). Type
interface range ? for a complete list of valid interfaces.
<slot/port> Specifies the slot/port number of the first interface in the desired range of
interfaces to be configured, followed by a hyphen (-) for consecutive ports
or a comma (,) for nonconsecutive ports.
<slot/port> Specifies the slot/port number of the last interface in the desired range of
interfaces to be configured.
Default Values
Command History
Release 11.1 Command was expanded to include the foreign exchange office (FXO)
range.
Release 14.1 Command was expanded to include the Gigabit Ethernet interfaces.
Release 18.2 Command was expanded to include the Single-Pair High-Speed Digital
Subscriber Line (SHDSL) interface.
line (VDSL), symmetric digial subscriber line (SDSL), and 10 gigabit
Functional Notes
All configuration changes made in this mode will apply to all interfaces in the range specified.
Usage Examples
The following example selects seven consecutive Ethernet ports for configuration:
(config)#interface range eth 0/3-0/12

(config-eth 0/3-12)#
The following example selects nonconsecutive Ethernet ports for configuration:
(config)#interface range eth 0/14, 0/16, 0/18

(config-eth 0/14, 0/16, 0/18)#

interface tunnel <number>

Use the interface tunnel command to create a tunnel interface and enter the tunnel’s configuration mode.
Use the no version of this command to remove the tunnel interface. Variations of this command include:
interface tunnel <interface id>

interface tunnel <interface id> gre ip
interface tunnel <interface id> multipoint-gre ip
interface tunnel <interface id> vxlan
Syntax Description
<interface id> Specifies the tunnel’s numerical label identifier. Valid range is 1 to 1024.
gre ip Specifies the tunnel is a point-to-point Generic Routing Encapsulation
(GRE) tunnel, and that it is an Internet Protocol version 4 (IPv4) tunnel. This
tunnel type encapsulates all IP traffic (both IPv4 and IPv6) in an IPv4/GRE
delivery header.
multipoint-gre ip Specifies the tunnel is a multipoint GRE tunnel. This tunnel type is used in
Dynamic Multipoint Virtual Private Network (DMVPN) applications.
vxlan Specifies the tunnel is a virtual extensible local area network (VxLAN)
tunnel. This tunnel type is used to expand Layer 2 network segments
across Layer 3 networks.
Default Values
By default, no tunnels are created.
Command History
Release R11.9.0 Command was expanded to include the multipoint-gre parameter.
Release R13.1.0 Command was expanded to include vxlan parameter.
Functional Notes
The interface tunnel gre ip command replaces the tunnel mode gre command used from the tunnel
interface in AOS firmware versions prior to R10.1.0. When the command is entered with the gre ip
parameter, and a new tunnel interface is being created, the parameter creates the tunnel interface,
specifies that all traffic (both IPv4 and IPv6) is encapsulated in an IPv4/GRE delivery header, and enters
the tunnel’s configuration mode. If the gre ip parameter is NOT used and the tunnel interface has NOT
been previously created, an error is generated because the tunnel mode must be specified when creating
a new tunnel interface. If the gre ip parameter is NOT used and the tunnel interface has been previously
created, the command enters the tunnel’s configuration mode. This logic also applies when using the
multipoint-gre ip and vxlan parameters.

VxLAN tunnel implementation is point-to-point only since AOS does not currently support
multicast VxLAN tunnels. VxLAN tunnel support is limited to IPv4 for underlay networks.
However, IPv6 overlay networks can be created over IPv4 underlay networks.
Usage Examples
The following example creates a new tunnel interface, specifies the tunnel’s mode as GRE, and enters the
tunnel’s configuration mode:
(config)#interface tunnel 1 gre ip

(config-tunnel 1)#

ip access-list extended <ipv4 acl name>

Use the ip access-list extended command to create an empty Internet Protocol version 4 (IPv4) access
control list (ACL) and enter the Extended ACL Configuration mode. Use the no form of this command to
delete an extended ACL and all the entries contained in it.
For a complete list of all extended IPv4 ACL configuration commands, refer to the IPv4
Access Control List Command Set on page 4237.
Syntax Description
<ipv4 acl name> Specifies the name of the IPv4 ACL.
Default Values
By default, all AOS security features are disabled, and there are no configured IPv4 ACLs.
Command History
Functional Notes
This command only creates an empty extended IPv4 ACL, it does not configure it. For additional extended
ACL configuration commands and configuration parameters, refer to the IPv4 Access Control List
Usage Examples
The following example creates an extended IPv4 ACL AllowIKfacility loopback objectE and enters the
Extended ACL Configuration mode:
(config)#ip access-list extended AllowIKE

(config-ext-nacl)#
Technology Review
IPv4 ACLs are used as packet selectors by different AOS IPv4 features (firewall, virtual private network
(VPN), quality of service (QoS)); by themselves they do nothing. ACLs are composed of an ordered list of
entries with an implicit deny all at the end of each list. An ACL entry contains two parts: an action (permit
or deny) and a packet pattern. A permit ACL is used to match packets (meeting the specified pattern) to
enter the router system. A deny ACL advances AOS to the next access policy entry. AOS provides two
types of ACLs: standard and extended. Standard ACLs match based on the source of the packet.
Extended ACLs match based on the source and destination of the packet.
ACLs are performed in order from the top of the list down. Generally, the most specific entries should be at
the top and the more general at the bottom.

IPv4 ACLs cannot have the same name as IPv6 ACLs. If you are using both IPv4 and IPv6, you must have
different ACLs for each IP version.
virtual routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the above
mentioned commands without specifying a VRF will only affect the default unnamed VRF.
More information on IPv4 ACL, ACP, and AOS firewall configuration is available in the IPv4 Firewall
configuration guide, located online at https://supportcommunity.adtran.com.

ip access-list standard <ipv4 acl name>

Use the ip access-list standard command to create an empty IPv4 access control list (ACL) and enter the
Standard ACL Configuration mode. Use the no form of this command to delete an extended ACL and all
the entries contained in it.
For a complete list of all standard IPv4 ACL configuration commands, refer to the IPv4
Syntax Description
Default Values
Command History
Functional Notes
This command only creates an empty standard IPv4 ACL, it does not configure it. For additional standard
IPv4 ACL configuration commands and configuration parameters, refer to the IPv4 Access Control List
Usage Examples
The following example creates a standard IPv4 ACL AllowIKE and enters the Standard ACL Configuration
mode:
(config)#ip access-list standard AllowIKE

(config-std-nacl)#
Technology Review
IPv4 ACLs are used as packet selectors by different IPv4 AOS features (firewall, virtual private network

Virtual routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into
More information on ACL, ACP, and AOS firewall configuration is available in the IPv4 Firewall
configuration guide, located online at https://supportcommunity.adtran.com.

ip classless
Use the ip classless command to forward classless packets to the best supernet route available. A classless
packet is a packet addressed for delivery to a subnet of a network with no default network route.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
AOS products only function in classless mode. You cannot disable this feature.
Usage Examples
The following example enables the system to forward classless packets:
(config)#ip classless

ip crypto
Use the ip crypto command to enable AOS virtual private network (VPN) functionality and allow crypto
maps to be added to the interfaces. Use the no form of this command to disable the VPN functionality.
ip crypto
ip crypto fast-failover
Disabling the AOS security features (using the no ip crypto command) does not affect VPN
configuration settings (with the exception of the removal of all crypto maps from the
interfaces). All other configuration parameters will remain intact, and VPN functionality
will be disabled.
Syntax Description
fast-failover Optional. This setting is used when the same crypto map is applied to two
different egress interfaces. It allows the quick deletion of Internet key
exchange (IKE) and IPSec SAs when the default route policy class
changes.
Default Values
By default, all AOS VPN functionality is disabled.
Command History
Release 11.2 Command was expanded to include the fast-failover feature.
Functional Notes
VPN-related settings will not go into effect until you enable VPN functionality using the ip crypto
command. AOS allows you to perform all VPN-related configuration prior to enabling ip crypto, with the
exception of assigning a crypto map to an interface. The no ip crypto command removes all crypto maps
from the interfaces. Enabling ip crypto enables the IKE server on User Datagram Protocol (UDP) Port
500. The no form of this command disables the IKE server on UDP Port 500.
Usage Examples
The following example enables VPN functionality:
(config)#ip crypto

ip crypto ffe
Use the ip crypto ffe command to enable the RapidRoute Engine for IP Security Protocol (IPSec) security
associations (SAs). Use the no form of this command to disable the RapidRoute functionality for IPSec
SAs. Variations of this command include:
ip crypto ffe
ip crypto ffe max-entries <entries>
Syntax Description
max-entries <entries> Optional. Specifies the maximum number of entries per inbound
(decrypting) IPSec SA. Valid range is from 1 to 8192.
Default Values
By default, RapidRoute is not enabled for IPSec SAs. The default number of max-entries is 4096.
Command History
Functional Notes
The RapidRoute Engine can be used to help reduce routing overhead, and thus reduce overall routing
times. Routing times are reduced by the creation of a flow table on the ingress interface. The maximum
number of entries that can be stored in the flow table at any one time can be specified by using the
max-entries parameter.
Usage Examples
The following example enables RapidRoute for IPSec SAs and sets the maximum number of entries in the
flow table to 50:
(config)#ip crypto ffe max entries 50

ip crypto ipsec profile <name>

Use the ip crypto ipsec profile command to create a new crypto Internet Protocol security (IPsec) profile
and enter the profile’s configuration mode.Use the no form of this command to delete the IPsec profile.
Syntax Description
<name> Specifies a unique, case-sensitive name for the IPsec profile to be created.
Profile names cannot exceed 80 characters in length.
Default Values
By default, no IPsec profiles are configured.
Command History
Functional Notes
IPsec profiles can be applied to one or more tunnel interfaces.
An IPsec profile must have a transform set defined in order to function. Refer to the command set
transform-set on page 5254 for more information.
Usage Examples
The following example creates the IPsec profile PROFILE1 and enters its configuration mode:
(config)#ip crypto ipsec profile PROFILE1

(config-crypto-profile)#

ip crypto ipsec transform-set <name> <parameters>

Use the ip crypto ipsec transform-set command to define the transform configuration for securing data
(e.g., esp-3des, esp-sha-hmac, etc.) using Internet Protocol version 4 (IPv4) IP security (IPsec). The
transform set is then assigned to a crypto map using the map’s set transform-set command. Refer to set
transform-set on page 5229. Use the no form of this command to disable this feature.
The following additional subcommands are available once you have entered the Transform Set
Configuration mode:
mode tunnel
Syntax Description
<name> Specifies the name of the transform set. Names must be unique, and are
specified in an alphanumeric string of up to 80 characters.
<parameters> Assigns a combination of up to three security algorithms to the set.
Available security algorithms are as follows:
ah-md5-hmac Authentication Header. Uses 16 byte \ and
HMAC-MD5-96 authentication.
ah-sha-hmac Authentication Header. Uses 20 byte key and
HMAC-SHA1-96 authentication.
esp-des Encapsulating Security Payload. Data
encryption standard using cipher block
chaining and an 8-byte key (DES-56-CBC).
esp-3des Encapsulating Security Payload. Data
chaining and a 24-byte key (3DES-168-CBC).
esp-aes-128-cbc Encapsulating Security Payload. Advanced
chaining and a 16-byte key.
esp-null Encapsulating Security Payload with no
encryption.
esp-md5-hmac Encapsulating Security Payload. Uses 16-byte
key and HMAC-MD5-96 authentication.
esp-sha-hmac Encapsulating Security Payload. Uses 20-byte
key and HMAC-SHA1-96 authentication.
mode tunnel Specifies the encapsulation mode for the transform set is datagram
encapsulation (tunnel) mode.

Default Values
By default, no IPv4 IPsec transform sets are configured.
Command History
Release R10.7.0 Command syntax was changed to include the ip keyword.
Functional Notes
Crypto map entries do not directly contain the transform configuration for securing data. Instead, the crypto
map is associated with transform sets that contain specific security algorithms.
If no transform set is configured for a crypto map, the entry is incomplete and will have no effect on the
system.
Usage Examples
The following example first creates a transform set (Set1) consisting of two security algorithms (up to three
may be defined), and then assigns the transform set to a crypto map (Map1):
(config)#ip crypto ipsec transform-set Set1 esp-3des esp-sha-hmac

(cfg-crypto-trans)#exit
(config)#ip crypto map Map1 1 ipsec-ike
(config-crypto-map)#set transform-set Set1

ip crypto map
Use the ip crypto map command to define Internet Protocol version 4 (IPv4) crypto map entry names and
numbers and to enter the associated mode (either Crypto Map Internet key exchange (IKE) or Crypto Map
Manual). Use the no form of this command to disable this feature. Variations of this command include the
following:
ip crypto map <name> <index>

ip crypto map <name> <index> ipsec-ike
ip crypto map <name> <index> ipsec-manual
Syntax Description
<name> Specifies the name of the IPv4 crypto map entry. You can assign the same
name to multiple crypto maps, as long as the map index numbers are
unique.
<index> Assigns a crypto map entry sequence number. Valid range is 0 to 65535.
ipsec-ike Specifies the crypto map IKE (refer to Crypto Map IKE Command Set on
page 5212). This supports IPSec entries that will use IKE to negotiate keys.
ipsec-manual Specifies the crypto map manual (refer to IPv4 Crypto Map Manual
Command Set on page 5230). This supports manually configured IPSec
entries.
Default Values
Command History
Release R10.7.0 Command syntax was changed to include the ip keyword.
Functional Notes
Crypto map entries do not directly contain the transform configuration for securing data. Instead, the crypto
map is associated with transform sets that contain specific security algorithms (refer to data-call on page
1246).
Crypto map entries do not directly contain the selectors used to determine which data to secure. Instead,
the crypto map entry refers to an access control list (ACL). An ACL is assigned to the crypto map using the
match address command (refer to ike-policy <number> on page 5216).
If no transform set or access list is configured for a crypto map, the entry is incomplete and will have no
effect on the system.
When you apply a crypto map to an interface (using the crypto map command within the interface’s
mode), you are applying all crypto maps with the given map name. This allows you to apply multiple crypto
maps if you have created maps that share the same name, but have different map index numbers.

Usage Examples
The following example creates a new IPv4 IPSec IKE crypto map called testMap with a map index of 10:
(config)#ip crypto map testMap 10 ipsec-ike

Technology Review
A crypto map entry is a single policy that describes how certain traffic is to be secured. There are two types
of crypto map entries: ipsec-manual and ipsec-ike. Each entry is given an index that is used to sort the
ordered list. When a nonsecured packet arrives on an interface, the crypto map set associated with that
interface is processed in order. If a crypto map entry matches the nonsecured traffic, the traffic is
discarded.
When a packet is to be transmitted on an interface, the crypto map set associated with that interface is
processed in order. The first crypto map entry that matches the packet will be used to secure the packet. If
a suitable security association (SA) exists, it is used for transmission. Otherwise, IKE is used to establish
an SA with the peer. If no SA exists, and the crypto map entry is respond only, the packet is discarded.
When a secured packet arrives on an interface, its security parameter index (SPI) is used to look up an SA.
If an SA does not exist, or if the packet fails any of the security checks (bad authentication, traffic does not
match SA selectors, etc.), it is discarded. If all checks pass, the packet is forwarded normally.

ip default-gateway <ip address>

Use the ip default-gateway command to specify a default gateway on a switch or on a router if (and only
if) IP routing is NOT enabled on the router. Use the ip route command to add a default route to the route
table when using IP routing functionality. Refer to ip route on page 1439 for more information. Use the no
form of this command to disable this feature.
Syntax Description
<ip address> Specifies the default gateway IP address. IP addresses should be
Default Values
By default, there is no configured default gateway.
Command History
Usage Examples
The following example disables IP routing on a router and configures a default gateway for 10.10.10.1:
(config)#no ip routing
(config)#ip default-gateway 10.10.10.1
The following example specifies a default gateway for the management interface on a switch:
(config)#ip default-gateway 10.10.10.1

ip dhcp database local

Use the ip dhcp database local command to configure a Dynamic Host Configuration Protocol version 4
(DHCPv4) database agent with local bindings. Use the no form of this command to disable this option.
Syntax Description
No subcommands.
Default Values
Command History
parameter for ADTRAN internetworking products.
parameter for ADTRAN voice products.
Usage Examples
The following example configures the DHCPv4 database agent with local bindings:
(config)#ip dhcp database local

ip dhcp excluded-address
Use the ip dhcp excluded-address command to specify IPv4 addresses that cannot be assigned to
Dynamic Host Configuration Protocol version 4 (DHCPv4) clients. Use the no form of this command to
remove a configured IPv4 address restriction. Variations of this command include:
ip dhcp excluded-address <start ipv4 address>

ip dhcp excluded-address <start ipv4 address> <end ipv4 address>
ip dhcp excluded-address vrf <name> <start ipv4 address>
ip dhcp excluded-address vrf <name> <start ipv4 address> <end ipv4 address>
Syntax Description
<start ipv4 address> Specifies the lowest IPv4 address in the range OR a single IPv4 address to
be excluded.
<end ipv4 address> Optional. Specifies the highest IPv4 address in the range. This field is not
required when specifying a single IPv4 address.
example, 10.10.10.1).
vrf <name> Optional. Specifies the nondefault virtual routing and forwarding (VRF)
instance to which the IPv4 addresses are associated. If a VRF is not
specified, the default unnamed VRF is assumed.
Default Values
By default, there are no excluded IPv4 addresses.
Command History
keyword in ADTRAN internetworking products.
keyword in ADTRAN voice products.
Functional Notes
The AOS DHCPv4 server (by default) allows all IPv4 addresses for the DHCPv4 pool to be assigned to
requesting clients. This command is used to ensure that the specified address or addresses are never assigned
by the DHCPv4 server. When static-addressed hosts are present in the network, it is helpful to exclude the IPv4
addresses of the host from the DHCPv4 server IPv4 address pool. This will avoid IPv4 address conflict.
VRF on AOS products allows a single physical router to be partitioned into multiple virtual routers. Each router
instance has its own route table and interface assignments. Beginning with Release 16.1, all AOS routers
supporting multiple VRF instances (multi-VRF) have an unnamed default VRF instance regardless of whether
multi-VRF is configured. Therefore, executing the above mentioned commands without specifying a VRF will
only affect the default unnamed VRF.

Usage Examples
The following example excludes an IPv4 address of 172.22.5.100 and the range of IPv4 addresses
172.22.5.200 through 172.22.5.250:
(config)#ip dhcp excluded-address 172.22.5.100

(config)#ip dhcp excluded-address 172.22.5.200 172.22.5.250
The following example excludes an IPv4 address of 172.22.5.100 and the range of IPv4 addresses
172.22.5.200 through 172.22.5.250 for the VRF instance named RED:
(config)#ip dhcp excluded-address vrf RED 172.22.5.100

(config)#ip dhcp excluded-address vrf RED 172.22.5.200 172.22.5.250

ip dhcp ping packets <number>

Use the ip dhcp ping packets command to specify the number of ping packets the Dynamic Host
Configuration Protocol version 4 (DHCPv4) server will transmit before assigning an IPv4 address to a
requesting DHCPv4 client. Transmitting ping packets verifies that no other hosts on the network are
currently configured with the specified IPv4 address. Use the no form of this command to prevent the
DHCPv4 server from using ping packets as part of the IPv4 address assignment process.
Syntax Description
<number> Specifies the number of DHCPv4 ping packets sent on the network before
assigning the IPv4 address to a requesting DHCPv4 client.
Default Values
By default, the number of DHCPv4 server ping packets is set at 2 packets.
Command History
Functional Notes
Before assigning an IPv4 address to a requesting client, the AOS DHCPv4 server transmits a ping packet
on the network to verify there are no other network hosts already configured with the specified address. If
the DHCPv4 server receives no reply, the IPv4 address is assigned to the requesting client and added to
the DHCPv4 database as an assigned address. Configuring the ip dhcp ping packets command with a
value of 0 prevents the DHCPv4 server from using ping packets as part of the IPv4 address assignment
process.
Usage Examples
The following example configures the DHCPv4 server to transmit 4 ping packets before assigning an
address:
(config)#ip dhcp ping packets 4

ip dhcp ping timeout <value>

Use the ip dhcp ping timeout command to specify the interval (in milliseconds) the Dynamic Host
Configuration Protocol version 4 (DHCPv4) server will wait for a response to a transmitted DHCPv4 ping
packet. The DHCPv4 server transmits ping packets before assigning an IPv4 address to a requesting
DHCPv4 client. Transmitting ping packets verifies that no other hosts on the network are currently
configured with the specified IPv4 address. Use the no form of this command to return to the default
timeout interval.
Syntax Description
<value> Specifies the number of milliseconds the DHCPv4 server will wait for a
response to a transmitted DHCPv4 ping packet. Valid range is 1 to
1000 milliseconds.
Default Values
By default, the ip dhcp ping timeout is set to 500 milliseconds.
Command History
Functional Notes
Before assigning an IPv4 address to a requesting client, the AOS DHCPv4 server transmits a ping packet
on the network to verify there are no other network hosts already configured with the specified address. If
the DHCPv4 server receives no reply, the IPv4 address is assigned to the requesting client and added to
the DHCPv4 database as an assigned address.
Usage Examples
The following example configures the DHCPv4 server to wait 900 milliseconds for a response to a
transmitted DHCPv4 ping packet before considering the ping a failure:
(config)#ip dhcp ping timeout 900

ip dhcp pool <name>

Use the ip dhcp pool command to create a Dynamic Host Control Protocol version 4 (DHCPv4) server
address pool and enter the pool’s configuration mode. The server pool is used to define the information to
be assigned to DHCPv4 clients by the DHCPv4 server. The pool chosen to serve a specific client’s request
is determined by the current pool selection algorithm. Refer to the DHCPv4 Pool Command Set on page
4321 for more information.
Syntax Description
<name> Specifies the name of the DHCPv4 server address pool using an
alphanumeric string (up to 32 characters in length).
Default Values
By default, there are no configured DHCPv4 address pools.
Command History
Functional Notes
Use the ip dhcp pool command to create multiple DHCPv4 server address pools for various segments of
the network. Multiple address pools can be created to service different segments of the network with
tailored configurations.
Usage Examples
The following example creates a DHCPv4 server address pool (labeled SALES) and enters the DHCPv4
server pool’s configuration mode:
(config)#ip dhcp pool SALES

(config-dhcp)#

ip ffe limit exceptions <value>

Use the ip ffe limit exceptions command to specify a limit to the number of unhandled Internet Protocol
version 4 (IPv4) fast forwarding engine (FFE) exception packets allowed at any given time by the
RapidRoute feature. Use the no form of this command to return the limit to the default value.
Syntax Description
<value> Specifies the maximum number of unhandled FFE exception packets
allowed at a given time. Valid range is 1 to 1024.
Default Values
By default, no more than 128 exception packets are allowed.
Command History
Functional Notes
Exception packets are any packets that RapidRoute cannot handle, for example, traffic that matches
ineligible entries, fragmented packets, packets with header errors, or the first packet in a given traffic flow
that is used to build an FFE entry. Once the limit of unhandled FFE exception packets is reached,
subsequent exception packets are dropped until the previously unhandled exceptions are resolved.
Usage Examples
The following example specifies the maximum number of IPv4 exception packets allowed by RapidRoute
are 200:
(config)#ip ffe limit exceptions 200

ip ffe max-entries <value>

Use the ip ffe max-entries command to specify a global limit to the number of Internet Protocol version 4
(IPv4) fast forwarding engine (FFE) entries allowed at any given time by the RapidRoute feature. Use the
no form of this command to return to the default value.
Issuing this command will cause all RapidRoute entries to be cleared from the unit.
Syntax Description
<value> Specifies the total number of RapidRoute entries for all interfaces. Valid
Default Values
By default, the ip ffe max-entries is set to 16384.
Command History
Release R10.4.0 Command was changed to include up to 500000 entries.
Usage Examples
The following example sets the total maximum number of IPv4 RapidRoute entries to 500:
(config)#ip ffe max-entries 500

ip ffe timeout
Use the ip ffe timeout command to set the time to live (TTL) for Internet Protocol version 4 (IPv4)
RapidRoute fast forwarding engine (FFE) entries based on their IPv4 protocol. Use the no form of this
command to return to the default value. Variations of this command include:
ip ffe timeout ah <max timeout>

ip ffe timeout ah <max timeout> <inactive timeout>
ip ffe timeout esp <max timeout>
ip ffe timeout esp <max timeout> <inactive timeout>
ip ffe timeout gre <max timeout>
ip ffe timeout gre <max timeout> <inactive timeout>
ip ffe timeout icmp <max timeout>
ip ffe timeout icmp <max timeout> <inactive timeout>
ip ffe timeout other <max timeout>
ip ffe timeout other <max timeout> <inactive timeout>
ip ffe timeout tcp <max timeout>
ip ffe timeout tcp <max timeout> <inactive timeout>
ip ffe timeout udp <max timeout>
ip ffe timeout udp <max timeout> <inactive timeout>
Syntax Description
ah Specifies timeout values in seconds for Authentication Header (AH)
Protocol.
esp Specifies timeout values in seconds for Encapsulating Security Payload
(ESP) Protocol.
gre Specified timeout values in seconds for Generic Route Encapsulation
(GRE) Protocol.
icmp Specifies timeout values in seconds for Internet Control Message Protocol
(ICMP).
other Specifies timeout values in seconds for all protocols not listed.
tcp Specifies timeout values in seconds for Transmission Control Protocol
(TCP).
udp Specifies timeout values in seconds for User Datagram Protocol (UDP).
<max timeout> Specifies maximum age timeout in seconds. This is the maximum amount
of time an entry will be kept in the RapidRoute table regardless of activity.
Valid range is 60 to 86400 seconds.
<inactive timeout> Optional. Specifies idle timeout in seconds. This is the amount of time an
entry will remain in the RapidRoute table with no additional activity. Valid
range is 10 to 86400 seconds.
Default Values
By default, the maximum age timeouts are set to 1800 seconds and the inactive timeouts are set to
15 seconds.

Command History
Release 17.6 Command was expanded to include the gre parameter.
Usage Examples
The following example sets the time to live for IPv4 RapidRoute entries of TCP packets to 1000 seconds.
(config)#ip ffe timeout tcp 1000

ip firewall
Use the ip firewall command to enable Internet Protocol version 4 (IPv4) AOS security features, including
IPv4 access control policies (ACPs) and lists (ACLs), network address translation (NAT), and the stateful
inspection firewall. Use the no form of this command to disable the security functionality.
Disabling the AOS IPv4 security features (using the no ip firewall command) does not
affect security configuration. All configuration parameters will remain intact, but no
security data processing will be attempted.
For information regarding the use of open shortest path first (OSPF) with ip firewall
enabled, refer to the Functional Notes for router ospf <process id> on page 1682.
Regarding the use of Internet key exchange (IKE) negotiation for virtual private network
(VPN) with ip firewall enabled, there can be up to six channel groups with 2 to 8 interfaces
per group. Dynamic protocols are not yet supported (only static). A physical interface can
be a member of only one channel group.
Syntax Description
No subcommands.
Default Values
By default, all AOS IPv4 security features are disabled.
Command History
Functional Notes
This command enables firewall processing for all interfaces with a configured policy class. Firewall
processing consists of the following functions:
Attack Protection: Detects and discards traffic that matches profiles of known networking exploits or
attacks.
Session Initiation Control: Allows only sessions that match traffic patterns permitted by ACPs to be
initiated through the router.
Ongoing Session Monitoring and Processing: Each session that has been allowed through the router is
monitored for any irregularities that match patterns of known attacks or exploits. This traffic will be
dropped. Also, if NAT is configured, the firewall modifies all traffic associated with the session according to
the translation rules defined in NAT access policies. Finally, if sessions are inactive for a user-specified
amount of time, the session will be closed by the firewall.
Application-Specific Processing: Certain applications need special handling to work correctly in the
presence of a firewall. AOS uses application-level gateways (ALGs) for these applications.

AOS includes several security features to provide controlled access to your network. The following
features are available when security is enabled (using the ip firewall command):
1. Stateful Inspection Firewall
AOS (and your unit) act as an ALG and employ a stateful inspection firewall that protects an organization's
network from common cyber attacks, including Transmission Control Protocol (TCP) syn-flooding, IP
spoofing, Internet Control Message Protocol (ICMP) redirect, land attacks, ping-of-death, and IP
reassembly problems. In addition, further security is added with use of NAT and port address translation
(PAT) capability.
2. IPv4 Access Policies
AOS IPv4 ACPs are used to allow, discard, or manipulate (using NAT) data for each physical interface.
Each ACP consists of an action (allow, discard, nat) and a selector (access control list (ACL)). In a sense,
the ACPs answer the question, “What should I do?” while the ACLs answer the question, “On which
packets?”
When packets are received on an interface with an ACP applied, the ACP is used to determine whether
the data is processed or discarded. Both ACLs and ACPs are order dependent. When a packet is
evaluated, the matching engine begins with the first entry in the list and progresses through the entries
until it finds a match. The first entry that matches is executed. The ACP has an implicit discard at the end
of the list. Typically, the most specific entries should be at the top and the most general at the bottom.
3. IPv4 Access Lists
IPv4 ACLs are used as packet selectors by ACPs. They must be assigned to an ACP in order to be active.
ACLs are composed of an ordered list of entries. Each entry contains two parts: an action (permit or deny)
and a packet pattern. A permit action is used to allow packets (meeting the specified pattern) to enter the
router system. A deny action is used to disregard packets (that do not match the pattern) and proceed to
the next entry on the ACP. The ACL has an implicit deny at the end of the list.
The AOS provides two types of ACLs: standard and extended. A standard ACL allows source IP address
packet patterns only. An extended ACL may specify patterns using most fields in the IP header and the
TCP or User Datagram Protocol (UDP) header.
Usage Examples
The following example enables the AOS IPv4 security features:
(config)#ip firewall
Technology Review
Concepts: IPv4 access control using the AOS firewall has two fundamental parts: ACLs and ACPs. ACLs
are used as packet selectors by other AOS systems; by themselves they do nothing. ACPs consist of a
selector (ACL) and an action (allow, discard, nat). ACPs integrate both allow and discard policies with
NAT. ACPs have no effect until they are assigned to a network interface.
Both ACLs and ACPs are order dependent. When a packet is evaluated, the matching engine begins with
the first entry in the list and progresses through the entries until it finds a match. The first entry that
matches is executed.

Packet Flow:
Access Control Policies

Packet In Interface Association List Route Lookup Packet Out
(permit, deny, NAT)
If session hit,
or no ACP configured
Case 1: Packets from interfaces with a configured policy class to any other interface
IPv4 ACPs are applied when packets are received on an interface. If an interface has not been assigned a
policy class, by default it will allow all received traffic to pass through. If an interface has been assigned a
policy class, but the firewall has not been enabled with the ip firewall command, traffic will flow normally
from this interface with no firewall processing.
Case 2: Packets that travel in and out a single interface with a configured policy class
These packets are processed through the IPv4 ACPs as if they are destined for another interface (identical
to Case 1).
Case 3: Packets from interfaces without a configured policy class to interfaces with one policy
class
These packets are routed normally and are not processed by the IPv4 firewall. The ip firewall command
has no effect on this traffic.
Case 4: Packets from interfaces without a configured policy class to other interfaces without a
configured policy class
This IPv4 traffic is routed normally. The ip firewall command has no effect on this traffic.
Attack Protection:
When the ip firewall command is enabled, IPv4 firewall attack protection is enabled. AOS blocks traffic
(matching patterns of known networking exploits) from traveling through the device. For some of these
attacks, the user may manually disable checking/blocking while other attack checks are always on anytime
the firewall is enabled.

The table (on the following pages) outlines the types of IPv4 traffic discarded by the firewall attack
protection engine. Many attacks use similar invalid traffic patterns; therefore, attacks other than the
examples listed below may also be blocked by the firewall. To determine if a specific attack is blocked by
the AOS firewall, please contact ADTRAN technical support.
Invalid IPv4 Traffic Pattern Manually AOS Firewall Response Common

Enabled? Attacks
Larger than allowed packets No Any packets that are longer than those Ping of Death
defined by standards will be dropped.
Fragmented IP packets that No The firewall intercepts all fragments for an SynDrop,
produce errors when IP packet and attempts to reassemble TearDrop,
attempting to reassemble them before forwarding to destination. If OpenTear,
any problems or errors are found during Nestea,
reassembly, the fragments are dropped. Targa,
Newtear,
Bonk, Boink
Smurf Attack No The firewall will drop any ping responses Smurf Attack
that are not part of an active session.
IP Spoofing No The firewall will drop any packets with a IP Spoofing

source IP address that appears to be
spoofed. The IP route table is used to
determine if a path to the source address
is known (out of the interface from which
the packet was received). For example, if
a packet with a source IP address of
10.10.10.1 is received on interface fr 1.16
and no route to 10.10.10.1 (through
interface fr 1.16) exists in the route table,
the packet is dropped.
ICMP Control Message No The following types of ICMP packets are Twinge
Floods and Attacks allowed through the firewall: echo,
echo-reply, TTL expired, dest.
Unreachable, and quench. These ICMP
messages are only allowed if they appear
to be in response to a valid session. All
others are discarded.
Attacks that send TCP URG Yes Any TCP packets that have the URG flag Winnuke, TCP
packets set are discarded by the firewall. XMAS Scan
Falsified IP Header Attacks No The firewall verifies that the packet’s Jolt/Jolt2
actual length matches the length indicated
in the IP header. If it does not, the packet
is dropped.

Invalid IPv4 Traffic Pattern Manually AOS Firewall Response Common

Enabled? Attacks
Echo No All UDP echo packets are discarded by the Char Gen
firewall.
Land Attack No Any packets with the same source and Land Attack
destination IP addresses are discarded.
Broadcast Source IP No Packets with a broadcast source IP

address are discarded.
Invalid TCP Initiation No TCP SYN packets that have ack, urg rst,
Requests or fin flags set are discarded.
Invalid TCP Segment Number No The sequence numbers for every active
TCP session are maintained in the firewall
session database. If the firewall received a
segment with an unexpected (or invalid)
sequence number, the packet is dropped.
IP Source Route Option No All IP packets containing the IP source

route option are dropped.
Application-Specific Processing
The following applications and protocols require special processing to operate concurrently with IPv4
NAT/firewall functionality. The AOS IPv4 firewall includes ALGs for handling these applications and
protocols:
AOL Instant Messenger (AIM®)

VPN ALGS: ESP and IKE
FTP
H.323: H.245 Q.931 ASN1 PER decoding and Encoding
ICQ®
IRC
Microsoft® Games
Net2Phone
PPTP
Quake®
Real-Time Streaming Protocol
SMTP
HTTP
CUseeme
SIP
L2TP
PcAnywhere™
SQL
Microsoft Gaming Zone

To determine if a specific application requires special processing, contact ADTRAN technical support at
www.adtran.com.

ip firewall alg
Use the ip firewall alg command to enable the Internet Protocol version 4 (IPv4) application-level
gateway (ALG) for a particular application. Use the no form of this command to disable ALG for the
application.
Variations of this command applicable for nonvoice capable ADTRAN products include the following:
ip firewall alg ftp

ip firewall alg h323
ip firewall alg h323 timeout <number>
ip firewall alg msn
ip firewall alg mszone
ip firewall alg pptp
ip firewall alg rtsp
ip firewall alg sip
Variations of this command applicable for voice capable ADTRAN products include the following:
ip firewall alg ftp

ip firewall alg h323
ip firewall alg h323 timeout <number>
ip firewall alg msn
ip firewall alg mszone
ip firewall alg pptp
p firewall alg rtsp
The AOS IPv4 firewall must be enabled (using the command ip firewall on page 1359) for
the stateful inspection firewall to be activated.
Syntax Description
ftp Enables the File Transfer Protocol (FTP) ALG.
h323 Enables the H.323 ALG. H.323 is a protocol that sets standards for
multimedia communications over packet-switched networks, allowing
dissimilar communication devices to communicate with each other via a
standard communication protocol.
h323 timeout <number> Optional. Allows the configuration of the timeout for the policy-session that
controls the H.323 call, and specifies the length of time before the H.323
call is terminated after a timeout. Range is 1 to 4294967295 seconds.
msn Enables the Microsoft Service Network (MSN) ALG.
mszone Enables the MSZONE ALG.
pptp Enables the PPTP ALG.
rtsp Enables the Real Time Streaming Protocol (RTSP) ALG.

sip Enables the Session Initiation Protocol (SIP) ALG. This ALG is only used in
ADTRAN router and switch products, not voice products.
Default Values
By default, all AOS IPv4 security features are disabled until the IPv4 firewall is enabled. By default, the
ALG for FTP, PPTP, RTSP, and SIP are enabled. Conversely, the ALG for MSN, MSZONE, and H.323 are
disabled by default. There are no SIP ALGs present on voice capable ADTRAN products. By default, the
timeout value for H.323 is set for 8 hours.
Command History
Release 10.1 Command was expanded to include H.323.
Release 14.1 Command was expanded to include MSN.
Release 15.1 Command was expanded to include H.323 timeout feature.
Release 17.4 Command was expanded to include MSZONE.
Release R10.1.0 Command was expanded to include RTSP.
Functional Notes
Enabling the ALG for a specific protocol gives the firewall additional information about that complex
protocol and causes the firewall to perform additional processing for packets of that protocol. When the
ALG is disabled, the firewall treats the complex protocol as any other simple protocol. The firewall needs
no special knowledge to work well with simple protocols.
Disabling the IP firewall ALG may cause the firewall to block some of the traffic for the
specified protocol.
Microsoft Service Network (MSN) ALG Information
In some instances where the firewall is enabled and traffic is source NATed through the unit, some features
of MSN's instant messenger program will not work (i.e., file sharing, direct connection, etc.). Enabling the
MSN ALG allows the firewall to inspect the MSN messaging protocol to allow some of these features to
work through network address translation (NAT). If the traffic is not NATed, then this ALG is not required
and should be disabled.
Session Initiation Protocol (SIP) ALG Information
By default, the AOS SIP ALG is enabled. This ALG allows the firewall to examine the ALL SIP packets it
identifies and maintain knowledge of SIP transmissions on the network based on the SIP header.
Usage Examples
The following example disables ALG for FTP:
(config)#no ip firewall alg ftp

The following example enables ALG for MSN:
(config)#ip firewall alg msn
Technology Review
SIP is one protocol in a suite of protocols that was designed to replace H.323 for IP telephony. SIP
operates in Layer 7 of the OSI model (application level) to create, modify, and terminate sessions between
nodes. SIP not only provides recommendations for IP telephony, but multimedia distribution and
conferences as well. SIP version 1.0 was defined in RFC 2453, and was refined to SIP version 2.0 in
RFC 3261.
SIP operations occur between SIP UAs and SIP servers. Types of SIP servers include proxy, redirect,
registrar, and presence. The part of a SIP UA that sends messages is known as the user agent client
(UAC). The part of a SIP UA that receives messages is known as a user agent server (UAS).
SIP was originally designed for use over User Datagram Protocol (UDP). SIP servers, by default, listen on
port 5060. Due to security concerns, SIP is now transitioning to Transmission Control Protocol (TCP) and
transport layer security (TLS). SIP servers using TLS-over-TCP listen on port 5061. SIP UAs listen on a
range of ports.
SIP uses the Session Description Protocol (SDP) to format the SIP message body in order to negotiate a
Realtime Transport Protocol (RTP)/Realtime Transport Control Protocol (RTCP) connection between two
or more UAs. The ports used for this will always be selected in a pair, with the even port used for RTP and
the odd port for RTCP. SIP, because it uses SDP and RTP, causes many problems for standard firewalls.
Neither SIP nor RTP are guaranteed to be symmetric, thus causing problems for stateful inspection
firewalls that rely on symmetric flows. SIP and SDP carry IP addresses and ports embedded in the packet,
and standard NAT implementations only modify the IP and TCP/UDP headers. A true SIP ALG is required
to modify the packets as needed for NAT, but also to open holes in the firewall as needed for traffic flow
based on the information carried in the SIP header.
Enabling the AOS SIP ALG (using the ip firewall alg sip command) configures the firewall to examine the
ALL SIP packets it identifies and maintain knowledge of SIP transmissions on the network. Since SIP
packet headers include port information for the call setup, the ALG must intelligently read the packets and
remember the information.

ip firewall attack-log threshold <number>

Use the ip firewall attack-log threshold command to specify the number of possible attack conditions
AOS will identify and block before generating a log message when using Internet Protocol version 4
(IPv4). Use the no form of this command to return to the default threshold.
Syntax Description
<number> Specifies the number of possible attack conditions AOS IPv4 will identify
before generating a log message. Valid range is 0 to 4294967295.
Default Values
By default, the ip firewall attack-log threshold is set at 100.
Command History
Usage Examples
The following example specifies a threshold of 25 attacks before generating a log message for the IPv4
firewall:
(config)#ip firewall attack-log threshold 25

ip firewall check reflexive-traffic

Use the ip firewall check reflexive-traffic command to enable the AOS stateful inspection firewall to
process Internet Protocol version 4 (IPv4) traffic from a primary subnet to a secondary subnet on the same
interface through the firewall. Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
All AOS IPv4 security features are disabled by default until the ip firewall command is issued at the Global
Configuration mode prompt. In addition, the reflexive traffic check is disabled until the ip firewall check
reflexive-traffic command is issued.
Command History
Functional Notes
This command allows the firewall to process IPv4 traffic from a primary subnet to a secondary subnet on
the same interface through the firewall. If enabled, this IPv4 traffic will be processed through the access
policy on that interface and any actions specified will be executed on the traffic.
Usage Examples
The following example enables the AOS IPv4 reflexive traffic check:
(config)#ip firewall check reflexive-traffic

ip firewall check rst-seq

Use the ip firewall check rst-seq command to enable Transmission Control Protocol (TCP) reset sequence
number checking. Use the no form of this command to disable this feature.
The AOS firewall must be enabled (using the command ip firewall on page 1359) for the
stateful inspection firewall to be activated.
Syntax Description
No subcommands.
Default Values
All AOS security features are disabled by default until the ip firewall command is issued at the Global
Configuration mode prompt. In addition, TCP reset sequence number checking is disabled until the ip
firewall check rst-seq command is issued.
Command History
Usage Examples
The following example enables TCP reset sequence number checking:
(config)#ip firewall check rst-seq

ip firewall check syn-flood

Use the ip firewall check syn-flood command to enable the AOS stateful inspection firewall to filter out
phony Transmission Control Protocol (TCP) service requests and allow only legitimate requests to pass
through. Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
All AOS security features are inactive until the ip firewall command is issued at the Global Configuration
mode prompt. In addition, the SYN-flood check is enabled by default but remains inactive until the ip
firewall command is issued.
Command History
Functional Notes
SYN flooding is a well-known denial-of-service attack on TCP-based services. TCP requires a three-way
handshake before actual communications begin between two hosts. A server must allocate resources to
process new connection requests that are received. A potential intruder is capable of transmitting large
amounts of service requests (in a very short period of time), causing servers to allocate all resources to
process the phony incoming requests. Using the ip firewall check syn-flood command configures the
AOS stateful inspection firewall to filter out phony service requests and allow only legitimate requests to
pass through.
Usage Examples
The following example disables the AOS SYN-flood check:
(config)#no ip firewall check syn-flood

ip firewall check winnuke

Use the ip firewall check winnuke command to enable the AOS stateful inspection firewall to discard all
out-of-band (OOB) data (to protect against WinNuke attacks). Use the no form of this command to disable
this feature.
Syntax Description
No subcommands.
Default Values
All AOS security features are inactive until the ip firewall command is issued at the Global Configuration
mode prompt. In addition, WinNuke attack checking is disabled until the ip firewall check winnuke
command is issued.
Command History
Functional Notes
WinNuke attack is a well-known denial-of-service attack on hosts running Microsoft Windows® operating
systems. An intruder sends OOB data over an established connection to a Windows user. Windows cannot
properly handle the OOB data, and the host reacts unpredictably. Normal shut-down of the hosts will
generally return all functionality. Using the ip firewall check winnuke command configures the AOS
stateful inspection firewall to filter all OOB data to prevent network problems.
Usage Examples
The following example enables the firewall to filter all OOB data:
(config)#ip firewall check winnuke

ip firewall fast-allow-failover
Use the ip firewall fast-allow-failover command to automatically clear all open Internet Protocol version
4 (IPv4) firewall policy allow sessions when a route table change occurs. This allows the router to
immediately send traffic to the failover interface. Otherwise, the router tries to send traffic from existing
allowed policy sessions out from the failed IP address until the session times out, resulting in a loss of
connectivity. This command should be configured when destination-specific rules are configured.
Destination-specific rules are most often used in failover and IP load sharing configurations. Refer to the
command ip policy-class <ipv4 acp name> on page 1426 for more information. Use the no form of this
command to disable this feature.
Syntax Description
No subcommands.
Default Values
By default, all AOS IPv4 security features are disabled until the IPv4 firewall is enabled. By default, fast
allow failover is disabled.
Command History
Functional Notes
In cases where failover takes place between an interface which uses network address translation (NAT)
and an interface which does not use NAT, both ip firewall fast-nat-failover and ip firewall
fast-allow-failover commands must be enabled. Using fast-nat-failover causes the policy session using
NAT to be deleted when the session fails over and the route table changes to indicate a route that does not
use NAT. Using fast-allow-failover causes the policy session to be deleted when the session is an
allowed policy session and the route table changes to indicate a route that uses NAT.
Usage Examples
The following example enables fast-allow-failover:
(config)#ip firewall fast-allow-failover

ip firewall fast-nat-failover
Use the ip firewall fast-nat-failover command to automatically clear all open Internet Protocol version 4
(IPv4) firewall policy sessions when a route table change occurs. This allows the router to immediately
send traffic to the failover interface. Otherwise, the router tries to send traffic from existing sessions out
from the failed IP address until the session times out, resulting in a loss of connectivity. This command
should be configured when destination-specific rules are configured. Destination-specific rules are most
often used in failover and IP load sharing configurations. Refer to the command ip policy-class <ipv4 acp
name> on page 1426 for more information. Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
By default, all AOS IPv4 security features are disabled until the IPv4 firewall is enabled. By default, fast
NAT failover is disabled.
Command History
Functional Notes
In cases where failover takes place between an interface which uses network address translation (NAT)
and an interface which does not use NAT, both ip firewall fast-nat-failover and ip firewall
fast-allow-failover commands must be enabled. Using fast-nat-failover causes the policy session using
NAT to be deleted when the session fails over and the route table changes to indicate a route that does not
use NAT. Using fast-allow-failover causes the policy session to be deleted when the session is an
allowed policy session and the route table changes to indicate a route that uses NAT.
Usage Examples
The following example enables fast-nat-failover:
(config)#ip firewall fast-nat-failover

ip firewall fin-timeout <value>

Use the ip firewall fin-timeout command to specify the time period allowed for Transmission Control
Protocol (TCP) FIN. Use the no form of this command to return to the default setting.
Syntax Description
<value> Specifies the time period in seconds allowed for TCP FIN. Range is 0 to
4294967295 seconds.
Default Values
By default, ip firewall fin-timeout is set to 4 seconds.
Command History
Usage Examples
The following example sets the TCP FIN time period to 120 seconds:
(config)#ip firewall fin-timeout 120

ip firewall local-traffic-only
Use the ip firewall local-traffic-only command to enable the Internet Protocol version 4 (IPv4) firewall
for the processing of local traffic only. Forwarded traffic is not sent to the firewall when this feature is
enabled. Use the no form of this command to disable the IPv4 firewall. Variations of this command
include:
ip firewall local-traffic-only
ip firewall vrf <name> local-traffic-only
Syntax Description
vrf <name> Optional. Specifies that the local traffic firewall is enabled on the specified
virtual routing and forwarding (VRF) instance. If no VRF is specified, the
firewall is enabled on the default (unnamed) VRF. Refer to ip firewall vrf
<name> on page 1382 for more information.
Default Values
By default, the IPv4 firewall is disabled.
Command History
Functional Notes
When the firewall is configured to process local traffic only (traffic arriving at the unit’s local IP stack),
routed traffic is allowed to flow through the AOS unit uninspected, but locally destined traffic is inspected
by the firewall. This feature allows the firewall to protect local services running on the AOS unit even when
routed traffic bypasses the firewall. When local traffic processing is enabled, several other security features
are impacted, such as IPsec, policy classes, IP route cache, Generic Routing Encapsulation (GRE), and
network address translation (NAT).
• Local traffic only firewall processing cannot be used with cryptography (ip crypto) because for IPsec
to function, traffic must proceed through the firewall. If the firewall is configured to process local traffic
only, routed traffic that requires IPsec protection will not flow through the firewall and therefore will not
receive IPsec protection.
• Policy classes are applied only to traffic destined to the local stack when local traffic processing is
enabled. The self policy class is applied to local traffic originating from the local stack, allowing all
traffic, and cannot be changed.
• IP route cache entries are not created for local destinations or for the loopback interface when local
traffic processing enabled.
• Local GRE traffic encapsulated by a GRE tunnel interface will bypass the firewall when local traffic
processing is enabled.
• The full firewall is required any time NAT is needed to translate packets that would typically be
forwarded by the AOS unit. The local firewall is not sufficient.
For additional IPv4 firewall configuration information, refer to ip firewall on page 1359.

Usage Examples
The following example enables the firewall for local traffic processing on the default VRF:
(config)#ip firewall local-traffic-only

ip firewall nat-preserve-source-port
Use the ip firewall nat-preserve-source-port command to enable the firewall to preserve the source port
of a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) session for traffic going
through source network address translation (NAT). By enabling this feature, the router will try to allocate
NAT ports that match the original source ports of the traffic. If the source port is already allocated for a
different traffic flow, it will choose the next available source port. Use the no form of this command to
disable this feature. Variations of this command include the following:
ip firewall nat-preserve-source-port
ip firewall nat-preserve-source-port record-source-address
Syntax Description
record-source-address Optional. Specifies that the original source port be preserved for multiple
TCP/UDP traffic flows with the same source address.
Default Values
By default, the nat-preserve-source-port feature is enabled.
Command History
Functional Notes
Specifying record-source-address consumes 250 k of memory per public NAT IP address. Be sure there
is adequate memory available before enabling this feature.
Usage Examples
The following example enables nat-preserve-source-port:
(config)#ip firewall nat-preserve-source-port

ip firewall policy-log threshold <value>

Use the ip firewall policy-log threshold command to specify the number of Internet Protocol version 4
(IPv4) access control policy (ACP) events identified by AOS before generating a log message. Use the no
form of this command to return to the default value.
Syntax Description
<value> Specifies the number of IPv4 policy events AOS identifies before creating
the log. Valid range is 0 to 4294967295.
Default Values
By default, the ip firewall policy-log threshold is set to 100.
Command History
Usage Examples
The following example specifies that a log is generated when 150 IPv4 ACP events are detected on the
default VRF:
(config)#ip firewall policy-log threshold 150

ip firewall rst-timeout <value>

Use the ip firewall rst-timeout command to specify the time period allowed for Transmission Control
Protocol (TCP) reset. Use the no form of this command to return to the default setting.
Syntax Description
<value> Specifies the time period in seconds allowed for TCP reset. Range is 0 to
4294967295 seconds.
Default Values
By default, ip firewall rst-timeout is set to 20 seconds.
Command History
Usage Examples
The following example sets the TCP reset time period to 120 seconds:
(config)#ip firewall rst-timeout 120

ip firewall stealth
Use the ip firewall stealth command to disable Internet Protocol version 4 (IPv4) Transmission Control
Protocol (TCP) reset for denied IPv4 firewall associations. The stealth setting allows the route to be
invisible as a route hop to associated devices. Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
By default, the stealth option is disabled.
Command History
Usage Examples
The following example enables the stealth option for the IPv4 firewall:
(config)#ip firewall stealth

ip firewall vrf <name>

Use the ip firewall vrf command to enable the firewall for a particular Internet Protocol version 4 (IPv4)
virtual routing and forwarding (VRF) instance. The IPv4 firewall can be enabled or disabled independently
for each VRF. Firewall settings are applied globally across all VRF instances and cannot be changed on an
individual VRF basis. Refer to the command ip firewall on page 1359 for more information on configuring
IPv4 firewall settings. Use the no form of this command to disable the firewall for the specified VRF.
Syntax Description
<name> Specifies the VRF instance.
Default Values
Command History
Functional Notes
Usage Examples
The following example enables the IPv4 firewall on the VRF named RED:
(config)#ip firewall vrf RED

ip flow cache sample one-out-of <number>

Use the ip flow cache sample one-out-of command to configure the integrated traffic monitoring (ITM)
cache sampling rate. The no form of this command disables sampling. Variations of this command include:
ip flow cache sample one-out-of <number> deterministic

ip flow cache sample one-out-of <number> random
Syntax Description
deterministic Specifies that traffic flow sampling be done at a fixed rate.
random Specifies that traffic flow sampling be done at a random rate.
<number> Specifies the number of traffic flow packets to be observed before another
packet is sampled. Range is 1 to 255 packets.
Default Values
By default, sampling is disabled and every packet is recorded.
Command History
Release 17.1 Command was expanded to include the deterministic keyword.
Functional Notes
Sampling provides a snapshot of traffic flow activity. It allows the cache to collect only one out of a
specified number of IP packets that the interface is receiving or sending. Often, network traffic arrives in
fixed patterns. This pattern can make statistics inaccurate if deterministic sampling is used. Therefore,
random sampling is recommended over deterministic sampling to ensure an accurate sampling of traffic
flow patterns. By reducing the amount of traffic flow data collected, sampling minimizes memory and CPU
usage.
For users of large routers (for example, the NetVanta 5305), a sampling rate of greater
than or equal to one out of every 100 packets is recommended.
Usage Examples
The following example configures ITM to sample one packet out of every 100 at a random sample rate:
(config)#ip flow cache sample one-out-of 100 random

ip flow cache timeout

Use the ip flow cache timeout command to configure the integrated traffic monitoring (ITM) cache for
entry expiration. The no form of this command resets the expiration time to the default setting. Variations
ip flow cache timeout active <minutes>

ip flow cache timeout inactive <seconds>
Syntax Description
active <minutes> Specifies the amount of time a single traffic flow that continues to have
packets detected at the observation point is stored before exportation.
Range is 1 to 60 minutes.
inactive <seconds> Specifies the amount of time that idle traffic flows (which no longer have
packets detected at the observation point) are stored before exportation.
Range is 10 to 600 seconds.
Default Values
By default, active flows are set to expire in 30 minutes, and inactive flows are set to expire in 15 seconds.
Command History
Functional Notes
Traffic flow entry expiration can occur in one of three ways: (1) the configured expiration time has passed;
(2) the Transmission Control Protocol (TCP) connection between the cache and the flow collector has
expired due to FINISH/RESET signaling; or (3) critical configuration changes have been made (for
example, changing the sampling rate). The default mode of expiration is based on a configured number of
minutes for the traffic flow entry to be stored in the cache.
Usage Examples
The following example configures an expiration time of 15 minutes for active traffic flow entries:
(config)#ip flow cache timeout active 15

ip flow export
Use the ip flow export command to configure traffic flow data exportation parameters for integrated
traffic monitoring (ITM). Use the no form of this command to disable the export functionality or to remove
an associated destination if multiple entries are specified. Variations of this command include:
ip flow export destination <ip address> <port>

ip flow export destination <ip address> <port> source <interface>
ip flow export vrf <name> destination <ip address> <port>
ip flow export vrf <name> destination <ip address> <port> source <interface>
Syntax Description
destination <ip address> <port> Specifies the IP address and User Datagram Protocol (UDP) port
through which the destination will receive data export packets.
source <interface> Specifies a source interface to send the data export packets. Specify an
interface in the format <interface type [slot/port | slot/port.subinterface id
| interface id | interface id.subinterface id]>. For example, for an
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1;
and for an ATM subinterface, use atm 1.1. Valid interfaces are those
that can have an IP address. Type source ? for a complete list of valid
interfaces.
vrf <name> Specifies the virtual routing and forwarding (VRF) location to be used in
data export.
Default Values
By default, ip flow export is disabled.
By default, if no source is specified, the router interface at the hop closest to the data collector will be
sourced.
Command History
Ethernet interface.
Functional Notes
Up to two different destinations can be specified for traffic flow data export.
Using the source command specifies an interface from which to send the data export packets. If using a
VRF destination, the source must be on the same VRF as the destination or it will be ignored and the
routing table will determine the source interface. Most often, a source will only need to be specified for
security purposes. For example, if an access control list (ACL) is active on the external data collector, a
source interface may need to be specified.

Usage Examples
The following example configures the export destination to be the external data collector at the IP address
208.61.209.5 through the User Datagram Protocol (UDP) port 1010.
(config)#ip flow export destination 208.61.209.5 1010

ip flow export template

Use the ip flow export template command to configure template exportation rates for integrated traffic
monitoring (ITM). Use the no form of this command to return rate values to the default setting. Variations
ip flow export template refresh-rate <packets>

ip flow export template timeout-rate <minutes>
Syntax Description
refresh-rate <packets> Specifies the number of packets to be sent before the template information
is sent to an external collector. Range is 1 to 600 packets.
timeout-rate <minutes> Specifies the time in minutes that passes between instances of resending
the template information. Range is 1 to 3600 minutes.
Default Values
By default, template information is sent every 20 packets, and template information is re-sent every
30 minutes.
Command History
Usage Examples
The following example configures the template information to be sent every 50 packets:
(config)#ip flow export template refresh-rate 50
In the following example, traffic flow template information is configured to resend every 15 minutes:
(config)#ip flow export template timeout-rate 15
Technology Review
When exporting traffic flow data, there are multiple types of information sent to the external data flow
collector. There is data information about each traffic flow, system information about each traffic flow, and
the traffic flow record itself. The information about the traffic flow record is called a template. Templates are
used to describe the types and lengths of individual header fields within a traffic flow data record.
Templates also communicate to the external data collector what type of information to expect in the ITM
flow record.

The following tables describe the information contained in each template.
Table 1. Data Template Information
Source IP Address
Destination IP Address
Transport Protocol Type
Source Port
Destination Port
Type of Service (ToS) Bits
Packets in a Flow
Bytes in a Flow
Interface (Input or Output)
System Up Time of First Packet
System Up Time of Last Packet
Flow Direction
Table 2. Options (System) Template Information
Active-Flow Timeout
Inactive-Flow Timeout
Sampling Rate
Sampling Algorithm (Random)
Total Packets Exported to Collectors
Total Flows Exported to Collectors
Total Bytes Exported to Collectors
Templates are sent to the external data collector after a user-specified number of expired traffic flow
entries. They are also re-sent periodically at user-defined intervals. The templates must be re-sent
periodically because User Datagram Protocol (UDP) is often unreliable, and the collector may discard all
traffic flow data lacking valid template information.

ip flow top-talkers
Use the ip flow top-talkers command to enable Top Talker functionality for integrated traffic monitoring
(ITM) and enter Top Talker configuration mode. Use the no form of this command to disable the Top
Talkers functionality and remove all associated settings.
For Top Talkers functionality to be enabled, ITM must be enabled on an interface. Refer to
the ip flow egress | ingress command. Refer to ip flow on page 2187 for more information
on enabling ITM.
Syntax Description
No subcommands.
Default Values
By default, the Top Talkers feature is disabled.
Command History
Usage Examples
The following example enables top talkers:
(config)#ip flow top-talkers

(config-top-talkers)#
Technology Review
Using the internal Top Talkers data collection feature of ITM, several of the most important flow cache
statistics can be viewed at a glance from within the router itself. The Top Talkers feature incorporates the
statistics of Top Talkers (top bandwidth users by source IP address), Top Listeners (top bandwidth users by
destination IP address), and Port Lists (amounts of traffic observed on specific ports) into easily viewed
output, accessed through either the command line interface (CLI) or Web-based graphical user interface
(GUI). These statistics are captured by the metering process at the traffic flow observation point, and
collected as traffic flow entries expire from the flow cache. These statistics allow the user to see the nature
of traffic being processed by the router without having to configure an external server to collect data.
The internal Top Talkers data collector can be enabled instead of or in conjunction with an external data
collector, or it can operate with no external data collector configured. Because Top Talkers collects and
processes expired flow cache entries in a separate function from their exportation, it can function
independently of an external collector. With both an external data collector and Top Talkers enabled,
expired flow cache entries are sent to both the external data collector and through the Top Talkers
collector. The separation of Top Talkers collection from external data collectors provides methods of
separate data collector configuration, therefore, allowing the enablement of only Top Talkers collection, Top
Talkers collection in addition to external data collection, or external data collection only. For more
information on the ITM Top Talkers feature, refer to the Integrated Traffic Monitoring configuration guide

ip forward-protocol udp <value>

Use the ip forward-protocol udp command to specify the protocols and ports AOS allows when
forwarding broadcast packets. Use the no form of this command to disable a specified protocol or port
from being forwarded. Specifying the virtual routing and forwarding (VRF) instance using the vrf
<name> keyword applies the command to the named VRF instance. Omitting the vrf <name> keyword
applies the command to the default unnamed VRF. Specify a VRF instance other than the default by
adding the vrf <name> parameter to the command as follows:
ip forward-protocol vrf <name> udp <value>
The ip forward-protocol udp command can be used in conjunction with the ip

helper-address command, issued in a valid interface, to configure AOS to forward User
Datagram Protocol (UDP) broadcast packets.
Syntax Description
<value> Specifies the UDP traffic type (using source port).
The following is the list of UDP port numbers that may be identified using
the text name:
biff (Port 512) pim-auto-rp (Port 496)
bootps (Port 67) rip (Port 520)
discard (Port 9) snmp (Port 161)
dnsix (Port 195) snmptrap (Port 162)
domain (Port 53) sunrpc (Port 111)
echo (Port 7) syslog (Port 514)
isakmp (Port 500) tacacs (Port 49)
mobileip (Port 434) talk (Port 517)
nameserver (Port 42) tftp (Port 69)
netbios-dgm (Port 138) time (Port 37)
netbios-ns (Port 137) who (Port 513)
netbios-ss (Port 139) xdmcp (Port 177)
ntp (Port 123)
Alternately, the <value> may be specified using the following syntax:

<0-65535>. Specifies the port number used by UDP to pass information to
upper layers. All ports below 1024 are considered well-known ports and are
controlled by the Internet Assigned Numbers Authority (IANA). All ports
above 1024 are dynamically assigned ports that include registered ports for
vendor-specific applications.
vrf <name> Specifies the name of the VRF on which to configure broadcast packet
forwarding other than the default VRF instance.
Default Values
By default, AOS forwards broadcast packets for all protocols and ports.

Command History
Functional Notes
Use this command to configure AOS to forward UDP packets across the wide area network (WAN) link to
allow remote devices to connect to a UDP service on the other side of the WAN link.
Usage Examples
The following example forwards all domain naming system (DNS) broadcast traffic to the DNS server with
IP address 192.33.5.99:
(config)#ip forward-protocol udp domain

(config)#interface eth 0/1
(config-eth 0/1)#ip helper-address 192.33.5.99

ip ftp access-class <acl> in

Use the ip ftp access-class in command to assign an access control list (ACL) to all self-bound File
Transfer Protocol (FTP) incoming sessions. Use the no form of this command to disable this feature.
ip ftp access-class <acl> in

ip ftp access-class <acl> in any-vrf
ip ftp access-class <acl> in vrf <name>
Syntax Description
<acl> Specifies the ACL to apply to the FTP traffic.
in Specifies that the ACL is applied to incoming FTP connections.
any-vrf Optional. Allows incoming FTP connections from any virtual routing and
vrf <name> Optional. Allows incoming FTP connections from a specified VRF instance.
Default Values
By default, all FTP access is allowed.
Command History
parameters.
Usage Examples
The following example applies the configured ACL, named Inbound_FTP, to inbound FTP traffic:
(config)#ip ftp access-class Inbound_FTP in

ip ftp server
Use the ip ftp server command to enable the File Transfer Protocol (FTP) server and optionally specify
the default location for the FTP server to store and retrieve files. Use the no form of this command to
disable the FTP server. Variations of this command include:
ip ftp server
ip ftp server default-filesystem cflash
ip ftp server default-filesystem flash
ip ftp server default-filesystem ramdisk
ip ftp server default-filesystem usbdrive0
Syntax Description
default-filesystem Specifies the default file system for the FTP server to use.
cflash Optional. Specifies the FTP server use the CompactFlash® card as the
default file system.
flash Optional. Specifies that the FTP server use the system flash as the default
file system.
ramdisk Optional. Specifies that the FTP server use the volatile RAM disk as the
usbdrive0 Optional. Specifies that the FTP server use the Universal Serial Bus (USB)
flash drive as the default file system.
Default Values
By default, the ip ftp server default-filesystem is set to flash.
Command History
Usage Examples
The following example enables the FTP server:
(config)#ip ftp server
The following example specifies cflash file system as the default:
(config)#ip ftp server default-filesystem cflash

ip ftp source-interface <interface>

Use the ip ftp source-interface command to use the specified interface’s IP address as the source IP
address for File Transfer Protocol (FTP) traffic transmitted by the unit. Specifying the virtual routing and
forwarding (VRF) instance using the vrf <name> keyword applies the configuration to the named VRF
instance. Omitting the vrf <name> keyword applies the configuration to the default unnamed VRF. Use
the no form of this command if you do not wish to override the default source IP address. Variations of this
command include:
ip ftp source-interface <interface>

ip ftp vrf <name> source-interface <interface>
Syntax Description
<interface> Specifies the interface to be used as the source IP address for FTP traffic.
dot11ap 1/1.1. Type ip ftp source-interface ? for a complete list of valid
interfaces.
vrf <name> Specifies the name of the VRF to which to configure the source interface.
Default Values
Command History
interface.
Release 15.1 Command was expanded to include the bridged virtual interface (BVI).
interface.
Ethernet interface.
Functional Notes
This command allows you to override the sender field in the IP packet. If you have multiple interfaces in
your unit, changing the sender tells the receiver where to send replies. This functionality can also be used

Usage Examples
The following example configures the unit to use the loopback 1 interface as the source IP for FTP traffic:
(config)#ip ftp source-interface loopback 1
The following example configures the unit to use the loopback 1 interface as the source IP for FTP traffic
on the VRF RED:
(config)#ip ftp vrf RED source-interface loopback 1

ip hw-access-list extended <name>

Use the ip hw-access-list extended command to create and name an IP hardware access control list
(ACL). This command also enters the ACL’s configuration mode. Using the no form of this command
deletes the IP hardware ACL.
For a complete list of all IP hardware ACL configuration commands, refer to the
Syntax Description
<name> Specifies the name of the IP hardware ACL.
Default Values
By default, all AOS security features are disabled, and there are no configured hardware ACLs.
Command History
Functional Notes
This command only creates an empty hardware ACL, it does not configure it. For additional IP hardware
ACL configuration commands and configuration parameters, refer to the Hardware ACL and Access Map
Command Set on page 4220 or the Hardware ACLs in AOS configuration guide available online at
Usage Examples
The following example creates an IP hardware ACL Trusted and enters the IP hardware ACL
configuration mode:
(config)#ip hw-access-list extended Trusted

Configuring New IP Hardware Extended ACL “Trusted”
(config-ext-ip-hw-nacl)#
Technology Review
Hardware ACLs are used as traffic selectors by the hardware access maps; by themselves they do
nothing. Hardware ACLs are composed of an ordered list of entries with an implicit deny any at the end of
each list. A hardware ACL with no entries includes an implicit permit any. An ACL entry contains two parts:
an action (permit or deny) and a frame pattern. A permit ACL matches frames (meeting the specified
pattern) and allows them to enter the router system. A deny ACL advances AOS to the next access list
entry.

ACL criteria are compared to the incoming frame in the order in which they were entered or from the top of
the list down. Generally, the most specific entries should be at the top and the more general at the bottom.


ip igmp join <ip address>

Use the ip igmp join command to instruct the router stack to join a specific group. The stack may join
multiple groups. Use the no form of this command to disable this feature.
Syntax Description
<ip address> Specifies the IP address of a multicast group. IP addresses should be
Default Values
Command History
Functional Notes
This command aids in debugging, allowing the router’s IP stack to connect to and respond on a multicast
group. The local stack operates as an Internet Control Messaging Protocol (ICMP) host on the attached
segment. In multicast stub applications, the global helper address takes care of forwarding IGMP
joins/responses on the upstream interface. The router may respond to ICMP echo requests for the joined
groups.
Usage Examples
The following example configures the unit to join with the specified multicast group:
(config)#ip igmp join 172.0.1.50

ip igmp snooping
Use the ip igmp snooping command to globally enable Internet Group Management Protocol (IGMP)
snooping. Use the no form of this command to disable global IGMP snooping.
Syntax Description
No subcommands.
Default Values
By default, IGMP snooping is disabled.
Command History
Release R10.10.0 Command was removed from the 1234 (2nd Generation), 1234P (2nd
Generation), 1238 (2nd Generation), 1238P (2nd Generation), 1534 (2nd
Generation), 1534P (2nd Generation), 1535, 1535P, 1544 (2nd
Generation), 1544P (2nd Generation), 1638, and 1638P.
Functional Notes
IGMP snooping is a method of preventing switches from flooding all ports with received multicast streams.
By monitoring the conversations between a host and a router, the switch can determine which multicast
streams will interest a host and load its own forwarding tables to take advantage of that knowledge. When
the host sends a leave message to the router, the switch removes the entries after a timeout period.
On the 1534 (1st Generation), 1234 (1st Generation), 1238 (1st Generation), and 1335 platforms, global
IGMP snooping must be enabled in order to enable virtual local area network (VLAN) IGMP snooping.
Usage Examples
The following example globally enables IGMP snooping:
(config)#ip igmp snooping

ip igmp snooping flood-unknown

Use the ip igmp flood-unkown to enable flooding of VLAN ports for unknown multicast frames. Use the
no form of this command to disable global IGMP snooping.
Syntax Description
No subcommands.
Default Values
By default, flooding of unkown multicast frames is disabled.
Command History
Usage Examples
The following example globally enables IGMP snooping:
(config)#ip igmp snooping

ip igmp snooping immediate-leave vlan <vlan id>

Use the ip igmp snooping immediate-leave vlan command to enable the immediate leave setting of
Internet Group Management Protocol (IGMP) snooping on the specified virtual local area network
(VLAN). With immediate leave enabled, the AOS device immediately removes a port from the IP
multicasting group after detecting an IGMP leave message on that port. To enable the immediate leave
setting, you must first enable IGMP snooping on the VLAN using the command ip igmp snooping on page
1399. Use the no form of this command to disable VLAN IGMP snooping.
Syntax Description
Default Values
By default, VLAN IGMP immediate leave is disabled.
Command History
Release R 11.5.0 Command was introduced.
Functional Notes
When a host sends a leave group message, a multicast router sends a group-specific query to determine if
any other hosts respond on that port. If no response is received and the query times out, the AOS device
removes the port from the IP multicasting group. The immediate leave setting, allows the AOS device to
remove the port without waiting for the query to time out.
Usage Examples
The following example enables IGMP immediate leave on VLAN 1:
(config)#ip igmp snooping immediate-leave vlan 1

ip igmp snooping querier vlan <vlan id> <source address>

Use the ip igmp snooping querier vlan command to enable the Internet Group Management Protocol
(IGMP) snooping querier on the specified VLAN . Use the no form of this command to disable this
feature.
Syntax Description
<vlan id> Specifies a valid VLAN interface ID on which the querier will be enabled.
Range is 1 to 4094.
<source address> Specifies the source address used for IGMP query packets.
Default Values
Command History
Functional Notes
IGMP snooping requires the presence of an IGMP querier in order to function properly. This roll is
normally played by a multicast router on the local network. However, in cases where a Layer 3 switch is
deployed, the switch itself may be the unicast router and a multicast router may not be present. When no
multicast router exists in the VLAN to originate the queries, an IGMP snooping querier must be configured
to send membership queries. When enabled, the IGMP querier will send general IGMPv2 queries every
125 seconds.
Usage Examples
The following example enables the IGMP snooping querier on VLAN ID 1 with a source address of
10.10.10.1:
(config)#ip igmp snooping querier vlan 1 10.10.10.1

ip igmp snooping querier period <seconds>

Use the ip igmp snooping querier period command to set the interval at which the Internet Group
Management Protocol (IGMP) snooping querier will send out IGMPv2 snooping queries. Use the no form
of this command to disable this feature.
Syntax Description
<seconds> Specifies the number of seconds between sent queries. Range is 10 to
1000 seconds.
Default Values
By default, the querier period is 125 seconds.
Command History
Functional Notes
IGMP snooping requires the presence of an IGMP querier in order to function. This roll is normally played
by a multicast router on the local network. However, in cases where a Layer 3 switch is deployed, the
switch itself may be the unicast router and a multicast router may not be present. When no multicast router
exists in the VLAN to originate the queries, an IGMP snooping querier must be configured to send
membership queries. When enabled, the IGMP querier will send general IGMPv2 queries every 125
seconds.
Usage Examples
The following example specifies a 10 seconds IGMP snooping querier period:
(config)#ip igmp snooping querier period 10

ip igmp snooping vlan <vlan id>

Use the ip igmp snooping vlan command to enable Internet Group Management Protocol (IGMP)
snooping on the specified virtual local area network (VLAN). Use the no form of this command to disable
VLAN IGMP snooping.
Syntax Description
Default Values
By default, VLAN IGMP snooping is disabled on all platforms. However, enabling global IGMP snooping on
the 1534 (1st Generation), 1234 (1st Generation), 1238 (1st Generation), and 1335 platformsalso enables
VLAN IGMP snooping.
Command History
Functional Notes
IGMP snooping is a method of preventing switches from flooding all ports with received multicast streams.
By monitoring the conversations between a host and a router, the switch can determine which multicast
streams will interest a host and load its own forwarding tables to take advantage of that knowledge. When
the host sends a leave message to the router, the switch removes the entries after a timeout period.
On the 1534 (1st Generation), 1234 (1st Generation), 1238 (1st Generation), and 1335 platforms, global
IGMP snooping must be enabled in order to enable virtual local area network (VLAN) IGMP snooping.
Usage Examples
The following example enables IGMP snooping on VLAN 1:
(config)#ip igmp snooping vlan 1

ip igmp snooping vlan <vlan id> mrouter interface <interface>

Use the ip igmp snooping vlan mrouter interface command to add a static connection to a multicast
router. Use the no form of this command to remove a static connection to a multicast router.
Syntax Description
<interface> Specifies an interface to be added to the multicast router. Specify an
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type ip
igmp snooping vlan <vlan id> mrouter interface ? for a complete list of
Default Values
Command History
Usage Examples
The following example adds Ethernet interface 0/1 to the list of multicast router interfaces:
(config)#ip igmp snooping vlan 1 mrouter interface ethernet 0/1

ip igmp snooping vlan <vlan id> static <mac address>

interface <interface>
Use the ip igmp snooping vlan static interface command to statically configure a Layer 2 interface as a
member of a multicast group. Use the no form of this command to remove a Layer 2 interface from a
multicast group.
Syntax Description
<vlan id> Specifies the VLAN ID of the multicast group. Range is 1 to 4094.
<mac address> Specifies the group’s 48-bit medium access control (MAC) address. MAC
addresses should be expressed in the following format xx:xx:xx:xx:xx:xx (for
example, 00:A0:C8:00:00:01).
<interface> Specifies an interface identification for the member interface. Specify an
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type ip
igmp snooping vlan <vlan id> static <mac address> interface ? for a
Default Values
Command History
Functional Notes
There are two types of multicast addresses: MAC addresses and IP addresses. A multicast IP address is a
Class D address (224.0.0.0 to 239.255.255.255). These addresses are also referred to as group
destination addresses (GDAs). Each GDA has an associated multicast MAC address. A multicast MAC
address is formed by using the prefix 01-00-5e followed by the last 23 bits of the GDA. The <mac address>
specified in this command must be a multicast MAC address. The following table shows examples of
multicast MAC addresses.
Multicast Addresses
Multicast IP Address Multicast MAC Address

226.10.10.10 01-00-5e-0a-0a-0a
228.20.20.20 01-00-5e-14-14-14
230.30.30.30 01-00-5e-1e-1e-1e

This mapping of IP addresses is a many-to-one relationship. For example, 226.10.10.10 maps to the same
MAC address as 227.10.10.10. The entire Class D network is not available for multicast. The following
table shows the reserved addresses.
Reserved Multicast IP Addresses
224.0.0.1 All Multicast-capable hosts

224.0.0.2 All Multicast-capable routers
224.0.0.5 and 224.0.0.6 Reserved for OSPF
224.0.0.1 to 224.0.0.255 Generally reserved for various protocols
Usage Examples
The following example configures the Ethernet interface 0/1 as a member of the multicast group with
multicast MAC address 01:00:5E:01:01:01:
(config)#ip igmp snooping vlan 1 static 01:00:5E:01:01:01 interface ethernet 0/1

ip load-sharing
Use the ip load-sharing command to configure whether parallel routes in the route table are used to
load-share forwarded packets. If this command is disabled, the route table uses a single “best” route for a
given subnet. If this command is enabled, the route table can use multiple “best” routes and alternate
between them. Use the no form of this command to disable this feature. Variations of this command
include:
ip load-sharing per-destination
ip load-sharing per-packet
Syntax Description
per-destination Specifies that the route used for forwarding a packet be based on a hash of
the source and destination IP address in the packet.
per-packet Specifies that each forwarding route lookup rotates through all the parallel
“best” routes. (Parallel routes are defined as routes to the same subnet with
the same metrics that only differ by their next-hop address.)
Default Values
By default, ip load-sharing is disabled.
Command History
Usage Examples
The following example turns on load-sharing per destination:
(config)#ip load-sharing per-destination
The following example disables load-sharing:
(config)#no ip load-sharing

ip local policy route-map <name>

Use the ip local policy route-map command to specify a route map for local policy routing on the device.
This setting is applied to the local network interface. It can be further specified to a specific virtual routing
and forwarding (VRF) by adding the VRF name. Use the no form of this command to return to the default
route map. Variations of this command include:
ip local policy route-map <name>

ip local policy route-map <name> vrf <name>
Syntax Description
<name> Specify the name of the route map.
vrf <name> Optional. Specifies a nondefault VRF on which to define the local policy
route map.
Default Values
Command History
Functional Notes
Before a route map can be specified, it must first be defined using the route-map command. Refer to
route-map on page 1679 for more information.
There is only one local policy for each VRF instance.
Usage Examples
The following example specifies a route map entitled myMap for local policy routing:
(config)#ip local policy route-map myMap

ip mcast-stub helper-address <ip address>

Use the ip mcast-stub helper-address command to specify an IP address toward which Internet Group
Management Protocol (IGMP) host reports and leave messages are forwarded. This command is used in IP
multicast stub applications in conjunction with the ip mcast-stub downstream and ip mcast-stub
upstream commands. Use the no form of this command to return to the default setting.
Syntax Description
<ip address> Specifies the address to which the IGMP host reports and leave messages
are forwarded. IP addresses should be expressed in dotted decimal
Default Values
By default, no helper-address is configured.
Command History
Functional Notes
The helper address is configured globally and applies to all multicast-stub downstream interfaces. The
address specified may be the next upstream hop or any upstream address on the distribution tree for the
multicast source, up to and including the multicast source. The router selects, from the list of multicast-stub
upstream interfaces, the interface on the shortest path to the specified address. The router then proxies,
on the selected upstream interface (using an IGMP host function), any host joins/leaves received on the
downstream interface(s). The router retransmits these reports with addresses set as if the report originated
from the selected upstream interface.
For example, if the router receives multiple joins for a group, it will not send any extra joins out the
upstream interface. Also, if it receives a leave, it will not send a leave until it is certain that there are no
more subscribers on any downstream interface.
Usage Examples
The following example specifies 172.45.6.99 as the helper address:
(config)#ip mcast-stub helper-address 172.45.6.99

ip mgcp
Use the ip mgcp command to enable the Media Gateway Control Protocol (MGCP) stack. Use the no form
of this command to disable the MGCP stack.
Syntax Description
No subcommands.
Default Values
By default, the MGCP stack is disabled.
Command History
Usage Examples
The following example enables the MGCP stack:
(config)#ip mgcp

ip mgcp bracketed-ip
Use the ip mgcp bracketed-ip command to prevent bracketed IP address format from being used in
specifying Media Gateway Control Protocol (MGCP) endpoint names. Use the no form of this command
to disable the bracket requirement when entering MGCP endpoint IP addresses.
Syntax Description
No subcommands.
Default Values
By default, brackets are used when specifying MGCP endpoints.
Command History
Functional Notes
Some call agents require that brackets be used when an MGCP gateway uses an IP address as its local
domain name, and some call agents do not support the bracketed format. Bracketed IP addresses are
displayed as endpointname@[xx.xx.xx.xx], whereas nonbracketed endpoint IP addresses are displayed
as endpointname@xx.xx.xx.xx. Using this command allows the user to control whether IP addresses will
be bracketed or not, rather than entering all IP addresses as bracketed IP addresses.
Usage Examples
The following example disables bracketed IP address control:
(config)#no ip mgcp bracketed-ip

ip mgcp call-agent primary <hostname | ipv4 address>

Use the ip mgcp call-agent primary command to specify the primary Media Gateway Control Protocol
(MGCP) call agent host name. Use the no form of this command to remove the specified primary call
agent.
Syntax Description
<hostname | ipv4 address> Specifies the call agent host name. Host names can be entered as either a
fully qualified domain name (FQDN) or as an IP version 4 (IPv4) address in
dotted decimal notation (XX.XX.XX.XX).
Default Values
By default, no primary call agents are configured.
Command History
Functional Notes
The ip mgcp call-agent primary command identifies the call agent to the media gateway. Both primary
and secondary call agents can be established, but at minimum a primary call agent is required. If a
connection with the primary call agent fails, call agents will be tried in the order they are entered in the
configuration. For more information regarding call agents and MGCP configuration, refer to the MGCP in
AOS configuration guide available online at https://supportcommunity.adtran.com.
The no form of this command will only take effect if there are no secondary call agents
configured. If secondary call agents are configured, the primary call agent can be modified
by issuing this command with the new host name information.
The primary call agent host name cannot be removed while any secondary call agents are
configured. For more information about secondary call agents, refer to the command ip
mgcp call-agent secondary <hostname | ipv4 address> on page 1414.
Usage Examples
The following example configures the primary MGCP call agent, ca1.company.com:
(config)#ip mgcp call-agent primary ca1.company.com

ip mgcp call-agent secondary <hostname | ipv4 address>

Use the ip mgcp call-agent secondary command to specify the secondary Media Gateway Control
Protocol (MGCP) call agent host name. Use the no form of this command to remove the specified
secondary call agent.
Syntax Description
<hostname | ipv4 address> Specifies the call agent host name. Host names can be entered as either a
fully qualified domain name (FQDN) or as an IP version 4 (IPv4) address in
Default Values
By default, no secondary call agents are configured.
Command History
Functional Notes
Multiple secondary call agent host names can be configured. If a connection with the primary call agent
fails, call agents are tried in the order they are entered in the configuration. New secondary call agents are
added at the end of the list.
If secondary call agents are configured, primary call agents cannot be removed. For more
information about primary call agents, refer to the command ip mgcp call-agent primary
<hostname | ipv4 address> on page 1413.
Usage Examples
The following example specifies the secondary MGCP call agent as ca2.company.com:
(config)#ip mgcp call-agent secondary ca2.company.com

ip mgcp local-domain-name
Use the ip mgcp local-domain-name command to specify the local Media Gateway Control Protocol
(MGCP) domain name. Use the no form of this command to remove the associated host name from the
AOS product. Variations of this command include:
ip mgcp local-domain-name <hostname | ipv4 address>

ip mgcp local-domain-name media-gateway
Syntax Description
<hostname | ipv4 address> Specifies the gateway host name in either a fully qualified domain name
(FQDN) format or as an IP version 4 (IPv4) address in dotted decimal
notation (XX.XX.XX.XX).
media-gateway Specifies that the local domain name is based on the media gateway setting
on the physical interface used for outbound traffic (for example, the
Point-to-Point Protocol (PPP) or the Ethernet interfaces).
Default Values
By default, a local domain name is not configured.
Command History
Usage Examples
The following example specifies that the local domain name for the media gateway is
mygateway@company.com:
(config)#ip mgcp local-domain-name mygateway@company.com

(config)#

ip mgcp max1 <value>

Use the ip mgcp max1 command to specify the number of Media Gateway Control Protocol (MGCP)
message retransmissions between the gateway and the call agent. Use the no form of this command to
return to the default value.
Syntax Description
<value> Specifies the number of message retransmissions that will occur between
the gateway and the call agent while the gateway waits for a response from
the call agent. Range is 1 to 255.
Default Values
By default, the max1 value is set to 5.
Command History
Functional Notes
If the gateway does not receive a response from the call agent, the gateway retransmits MGCP messages
max1 times before the gateway either queries the domain naming system (DNS) to detect a possible
change in call agent interfaces or directs transmissions to alternate call agent IP addresses.
For more information about MGCP configuration, refer to the MGCP in AOS configuration guide available
Usage Examples
The following example sets the number of message transmissions between the gateway and the call agent
to 20:
(config)#ip mgcp max1 20

ip mgcp max2 <value>

Use the ip mgcp max2 command to specify the number of Media Gateway Control Protocol (MGCP)
message retransmissions between the MGCP gateway and the call agent before the gateway disconnects.
Use the no form of this command to return to the default value.
Syntax Description
<value> Specifies the number of message retransmissions that will occur before the
gateway disconnects from the call agent. Range is 1 to 255.
Default Values
By default, MGCP retransmissions before gateway disconnection is set to 7.
Command History
Functional Notes
When the gateway has retransmitted MGCP messages max2 times, it indicates that the gateway has
already exceeded the max1 value (refer to the command ip mgcp max1 <value> on page 1416) and it will
contact the domain naming system (DNS) to search for alternate call agent interfaces which to connect. If
the gateway does not find any available call agent interfaces for connection, the gateway will disconnect.
The max2 value must always be greater than the max1 value. If the max1 value is
specified to be greater than the max2 value, the max2 value is automatically defined as
max1 + 1.
For more information about MGCP configuration, refer to the MGCP in AOS configuration guide available
Usage Examples
The following example specifies that the MGCP gateway will retransmit MGCP messages 30 times before
disconnecting from the call agent:
(config)#ip mgcp max2 30

ip mgcp persistent-notify
Use the ip mgcp persistent-notify command to enable persistent event notification to the Media Gateway
Control Protocol (MGCP) call agent. Use the no form of this command to disable persistent notification.
ip mgcp persistent-notify hd
ip mgcp persistent-notify hu
ip mgcp persistent-notify hf
Multiple combinations of the hd, hu, and hf parameters can be entered.
Enabling persistent notification when it is not required can cause unexpected and
undesired operation.
Syntax Description
hd Specifies that notification of endpoint hang down is sent to the call agent.
hu Specifies that notification of endpoint hang up is sent to the call agent.
hf Specifies that notification of endpoint hook flash is sent to the call agent.
Default Values
By default, persistent notification is disabled.
Command History
Functional Notes
When persistent notification is disabled, the media gateway will not send event notifications of endpoint
hang down (hd), hang up (hu), or hook flash (hf). When the feature is enabled, the media gateway will
send notification of endpoint events even if it has not received a notification request from the call agent.
Some call agents require the use of persistent notification. For example, sometimes hd notification is
required for initial dial tone once the link has become active. Refer to the configuration materials provided
with your call agent for more information.
Usage Examples
The following example enables persistent notification of endpoint hang down:
(config)#ip mgcp persistent-notify hd

ip mgcp qos dscp <value>

Use the ip mgcp qos dscp command to specify the differentiated services code point (DSCP) value in the
Media Gateway Control Protocol (MGCP) packets transmitted by the MGCP gateway. This value can be
used by quality of service (QoS) mechanisms to give priority for this type of traffic. Use the no form of this
Syntax Description
<value> Specifies the DSCP value. Range is 0 to 63.
Default Values
By default, the DSCP value for MGCP packets is 46.
Command History
Usage Examples
The following example specifies the DSCP value for MGCP gateways as 10:
(config)#ip mgcp qos dscp 10

ip mgcp retransmit-delay
Use the ip mgcp retransmit-delay command to specify the constant time between retransmissions of
Media Gateway Control Protocol (MGCP) messages. Use the no form of this command to return to the
ip mgcp retransmit-delay 100ms

ip mgcp retransmit-delay 1sec
Syntax Description
100ms Specifies 100 milliseconds between retransmissions.
1sec Specifies 1 second between retransmissions.
2sec Specifies 2 seconds between retransmissions.
4sec Specifies 4 seconds between retransmissions.
Default Values
By default, retransmissions occur with longer and longer delays between retransmissions. These delays
are based on RFC 3435, which uses a User Datagram Protocol (UDP) back-off algorithm for MGCP
retransmission delay.
Command History
Usage Examples
The following example specifies that retransmissions will occur at a constant rate of 1sec:
(config)#ip mgcp retransmit-delay 1sec

ip mgcp rfc2833-signaling
Use the ip mgcp rfc2833-signaling command to enable the transmission and reception of ABCD signal
bits via RFC 2833 packets. Use the no form of this command to disable ABCD signaling.
This command should only be used with gateways configured to send ABCD signaling bits
out-of-band for TDM passthrough. Configuring this command when it is not needed will
likely cause undesired operation.
Syntax Description
No subcommands.
Default Values
By default, ABCD signaling is disabled.
Command History
Usage Examples
The following example enables ABCD signaling:
(config)#ip mgcp rfc2833-signaling

ip mgcp standard
Use the ip mgcp standard command to specify the Media Gateway Control Protocol (MGCP) standard
the gateway will use. Use the no form of this command to return to the default standard. Variations of this
command include:
ip mgcp standard rfc3435

ip mgcp standard ncs
Syntax Description
rfc3435 Specifies that the RFC 3435 MGCP standard is used.
ncs Specifies that the MGCP 0.1/NCS 1.0 standard is used.
Default Values
By default, MGCP gateways use the rfc3435 standard.
Command History
Usage Examples
The following example sets the MGCP standard to ncs:
(config)#ip mgcp standard ncs

ip mgcp udp <port>

Use the ip mgcp udp command to specify the local listening port for the Media Gateway Control Protocol
(MGCP) stack for User Datagram Protocol (UDP) information. Use the no form of this command to return
to the default port.
Syntax Description
<port> Specifies the port to listen for UDP information. Range is 1 to 65535.
Default Values
By default, the MGCP gateway listens for UDP on port 2427 as defined by RFC 3435.
Command History
Usage Examples
The following example specifies that the MGCP gateway will listen for UDP information on port 2727:
(config)#ip mgcp udp 2727

ip multicast-routing
Use the ip multicast-routing command to enable the multicast router process. The command does not
affect other multicast-related configurations. Use the no form of this command to disable this feature.
Disabling this command prevents multicast forwarding, but does not remove other multicast commands
and processes.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables multicast functionality:
(config)#ip multicast-routing

ip nat pool <name>

Use the ip nat pool command to create a new static 1:1 network address translation (NAT) pool and enter
its configuration command set. This command can also be used to enter the command set for an existing
pool. Use the no form of this command to remove a configured NAT pool. Refer to the command
load-protect on page 1567 for more information about mapping addresses for static 1:1 NAT pools.
ip nat pool <name>

ip nat pool <name> static
Syntax Description
<name> Enters the configuration commands set for an existing NAT pool identified
by the <name> variable.
<name> static Creates NAT pool for 1:1 static NAT and enters its configuration command
set. For a given configuration, a local address statically maps to a global
address and vice versa.
Default Values
By default, there are no NAT pools configured.
Command History
Release 17.4 Command was introduced to allow static NAT pools only.
Functional Notes
Static 1:1 NAT allows connections initiated from a particular private IP address to always map to a
particular public IP address. For every private host that requires a 1:1 NAT mapping, there must be a
corresponding NAT address on the public side. In previous versions of AOS, this was accomplished by
using an exhaustive list of all address mappings. AOS version 17.4 and later provided support for using
NAT pools that lists ranges of local and global IP addresses to create the 1:1 mappings.
Usage Examples
The following example creates a static 1:1 NAT pool named POOL1 and enters the NAT pool configuration
command set:
(config)#ip nat pool POOL1 static
The following example enters the configuration command set for an existing NAT pool named POOL2:
(config)#ip nat pool POOL2

ip policy-class <ipv4 acp name>

Use the ip policy-class command to create an Internet Protocol version 4 (IPv4) access control policy
(ACP) and enter the IPv4 ACP command set. Use the no form of this command to delete an IPv4 ACP and
all the entries it contains. Refer to the IPv4 Access Control Policy Command Set on page 4263.
Configured IPv4 ACPs will only be active if the command ip firewall on page 1359 has
been entered at the Global Configuration mode prompt to enable the AOS IPv4 security
features. All configuration parameters are valid, but no security data processing will be
attempted unless the security features are enabled.
Before applying an ACP to an interface, verify your Telnet or secure shell (SSH)
connection will not be affected by the policy. If an ACP is applied to the interface you are
connecting through and it does not allow Telnet or SSH traffic, your connection will be
lost.
Syntax Description
<ipv4 acp name> Identifies the configured IPv4 ACP using an alphanumeric descriptor
(maximum of 50 characters). All ACP descriptors are case sensitive.
Default Values
By default, all AOS IPv4 security features are disabled and there are no configured ACP entries.
Command History
Functional Notes
AOS IPv4 ACPs are used to allow, discard, or manipulate (using network address translation (NAT)) data
for each physical interface. Each ACP consists of an action (allow, discard, nat) and a selector access
control list (ACL). When IPv4 packets are received on an interface, the configured IPv4 ACPs are applied
to determine whether the data will be processed or discarded.
An implicit discard exists at the end of every IPv4 ACP. Specifying a discard list is
unnecessary in most applications and should be used with caution. A discard list can
adversely affect certain functions of a unit (virtual private network (VPN), routing
protocols, etc.). Specifying an empty ACL or a nonexistent ACL in an ACP will result in an
implicit permit.
IPv4 ACPs and ACLs cannot have the same name as a configured IPv6 ACP or ACL.

Usage Examples
The following example creates an IPv4 ACP named PRIVATEv4:
(config)#ip policy-class PRIVATEv4

(config-policy-class)#
Technology Review
IPv4 ACPs and ACLs regulate traffic through the routed network. Creating IPv4 ACPs and ACLs to
regulate traffic through the routed network is a four-step process:
Step 1:
Enable the IPv4 security features of AOS using the ip firewall command. Refer to the command ip firewall
Step 2:
Create an IPv4 ACP that uses a configured ACL by issuing the ip policy-class command. AOS IPv4
ACPs are used to allow, discard, or manipulate (using NAT) data for each physical interface. Each ACP
consists of an action (allow, discard, nat) and a selector (ACL). When packets are received on an
interface, the configured ACPs are applied to determine whether the data will be processed or discarded.
Step 3:
Create an IPv4 ACL to permit or deny specified traffic by using either the ip access-list extended or ip
access-list standard command. Standard IPv4 ACLs match based on the source IP address of the
packet. Extended IPv4 ACLs match based on the source and destination of the packet. Refer to the
command ip access-list extended <ipv4 acl name> on page 1336 or the command ip access-list
standard <ipv4 acl name> on page 1338 for more information. Sources can be expressed in one of four
ways:
1. Using the keyword any to match any IP address.
2. Using host <ip address> to specify a single host address.
3. Using the <ip address> <wildcard> format to match all IPv4 addresses in a range. Wildcard masks
work in reverse logic from subnet masks. When broken out into binary form, a 0 indicates which bits of
the IPv4 address to consider, a 1 indicates which bits are disregarded. For example, specifying 255 in
any octet of the wildcard mask equates to a “don’t care” for that octet in the IP address. Additionally, a
30-bit mask would be represented with the wildcard string 0.0.0.3, a 28-bit mask with 0.0.0.15, a 24-bit
mask with 0.0.0.255, and so forth.
4. Using the keyword hostname to match based on a domain naming system (DNS) name. DNS servers
must be configured or host names must be locally defined for this function to work.
Step 4:
Apply the created IPv4 ACP to an interface. To assign an IPv4 ACP to an interface, enter the interface
configuration mode for the desired interface and enter ip access-policy <acpv4 name>. The following
example assigns ACP UNTRUSTED to the Ethernet 0/1 interface:

(config-eth 0/1)#ip access-policy UNTRUSTED

ip policy-class <ipv4 acp name> max-host-sessions <number>

Use the ip policy-class max-host-sessions command to create or alter settings for an Internet Protocol
version 4 (IPv4) access control policy (ACP). For more details on ACP functionality in AOS, refer to the
IPv4 Access Control Policy Command Set on page 4263. Use the no form of this command to return to the
default value.
Syntax Description
<ipv4 acl name> Identifies the configured IPv4 ACP using an alphanumeric descriptor
(maximum of 50 characters). All IPv4 ACP descriptors are case sensitive.
<number> Specifies the maximum number of allowed IPv4 ACP sessions that can be
created from each unique source address. This command is used in
conjunction with a named IPv4 ACP and only applies the limit to that
particular IPv4 ACP.
The number must be within the appropriate range limits. The limits depend
on the type of AOS device being used. Setting this value to 0 restores the
default setting. By default, this feature is turned off (meaning no limits per
source address will be enforced).
Default Values
By default, all AOS security features are disabled and there are no configured ACP entries.
Command History
Usage Examples
The following example allows no more than 100 policy sessions to be sourced from a single host IP
address on the ACP named PRIVATE:
(config)#ip policy-class PRIVATE max-host-sessions 100

ip policy-class <ipv4 acp name> max-sessions <number>

Use the ip policy-class max-sessions command to specify the number of allowed sessions for an Internet
Protocol version 4 (IPv4) access control policy (ACP). For more details on IPv4 ACP functionality in
AOS, refer to the IPv4 Access Control Policy Command Set on page 4263. Use the no form of this
Syntax Description
<number> Specifies the maximum number of allowed policy sessions for the named
IPv4 ACP.
This number must be within the appropriate range limits. The limits depend
on the type of AOS device being used. Setting this value to 0 restores the
default setting. When setting the max-sessions for all IPv4 ACPs, this
default is determined at boot time based on the amount of memory
available. For a named IPv4 ACP, this default is one-third of the total
number of allowed ACP sessions.
Default Values
By default, all AOS security features are disabled and there are no configured ACP entries.
Command History
Functional Notes
To set the system-wide maximum limit for ACP sessions (both IPv4 and IPv6), use the command
policy-class max-sessions <number> on page 1646. To set the maximum limit for IPv6 ACP sessions, use
the command ipv6 policy-class <ipv6 acp name> max-sessions <number> on page 1542.
Usage Examples
The following example allows no more than 100 IPv4 policy sessions on the ACP named PRIVATE:
(config)#ip policy-class PRIVATE max-sessions 100
The following example restores the default policy sessions limit on the ACP named PRIVATE:
(config)#no ip policy-class PRIVATE max-sessions

ip policy-class <ipv4 acp name> rpf-check

Use the ip policy-class rpf-check command to verify that Internet Protocol version 4 (IPv4) traffic has
entered on the appropriate interface using a route lookup. Reverse path forwarding (RPF) is essentially a
spoofing check. For more details on IPv4 policy class functionality in AOS, refer to the IPv4 Access
Control Policy Command Set on page 4263. Use the no form of this command to disable this feature.
Syntax Description
<ipv4 acp name> Identifies the configured IPv4 access control policy (ACP) using an
alphanumeric descriptor (maximum of 50 characters). All ACP descriptors
are case sensitive.
rpf-check Enables RPF check (spoofing).
Default Values
This command is enabled by default.
Command History
Functional Notes
The rpf-check feature should be disabled if your application allows IPv4 traffic to arrive on an interface
sourced from networks contradicting the route table. This feature can be disabled on a per ACP basis by
issuing this command in conjunction with the ACP name you do not want to be checked.
Usage Examples
The following example turns off the rpf-check feature for the IPv4 ACP named PRIVATE:
(config)#no ip policy-class PRIVATE rpf-check

ip policy-timeout
Use multiple ip policy-timeout command to customize timeout intervals for the established Internet
Protocol version 4 (IPv4) firewall sessions. The policy session timeout determines when the time to live
(TTL) for the session expires and ends the session. This command configures the policy timeout for the
following protocols: (Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet
Control Message Protocol version 4 (ICMPv4), Authentication Header (AH) Protocol, generic routing
encapsulation (GRE), encapsulating security payload (ESP)) or specific services (by listing the particular
port number). Use the no form of this command to return to the default timeout values. Variations of this
command include:
ip policy-timeout [ahp | esp | gre | icmp] <timeout>

ip policy-timeout [tcp | udp] all-ports <timeout>
ip policy-timeout [tcp | udp] <port> <timeout>
ip policy-timeout [tcp | udp] range <beginning port> <ending port> <timeout>
Syntax Description
ahp Specifies the data protocol as AHP.
esp Specifies the data protocol as ESP.
gre Specifies the data protocol as GRE.
icmp Specifies the data protocol as ICMPv4.
<timeout> Specifies the wait interval (in seconds) before an active session is
closed. Valid range is 0 to 4294967295 seconds.
tcp Specifies the data protocol as TCP. If you are using TCP, you can also
specify the timeout for a specific port, a range of ports, or all TCP ports.
udp Specifies the data protocol as UDP. If you are using UDP, you can also
specify the timeout for a specific port, a range of ports, or all UDP ports.
all-ports Specifies all ports of either TCP or UDP are used if a specific match is
not found.
<port> Specifies a single TCP or UDP port. Keywords are available for
well-known protocols, as those listed below. Valid port range is 0 to
65535.
range Customizes timeout intervals for a range of TCP or UDP ports.
<beginning port>/<ending port> Specifies the range of ports, to which to apply the timeout value; valid
only for specifying TCP and UDP services. Valid ports range between 0
and 65535.
The following is the list of TCP port numbers that may be identified
using the text name (in bold):
bgp (Port 179) kshell (Port 544)
chargen (Port 19) login (Port 513)
cmd (Port 514) lpd (Port 515)
daytime (Port 13) nntp (Port 119)
discard (Port 9) pim-auto-rp (Port 496)

domain (Port 53) pop2 (Port 109)

echo (Port 7) pop3 (Port 110)
exec (Port 512) smtp (Port 25)
finger (Port 79) ssh (Port 22)
ftp (Port 21) sunrpc (Port 111)
ftp-data (Port 20) tacacs (Port 49)
gopher (Port 70) talk (Port 517)
hostname (Port 101) telnet (Port 23)
https (Port 443) time (Port 37)
ident (Port 113) uucp (Port 540)
irc (Port 194) whois (Port 43)
klogin (Port 543) www (Port 80)
The following is the list of UDP port numbers that may be identified
bootpc (Port 68 rip (Port 520)
bootps (Port 67) ripng (Port 521)
dnsix (Port 195) snmptrap (Port 162))
mobile-ip (Port 434) talk (Port 517)
ntp (Port 123)
Default Values
By default, policy session timeouts are set to 600 seconds for established TCP policy sessions, and 60
seconds for all other protocols.
Command History
Release 11.1 Added AHP, GRE, and ESP policies.
Release 18.2 The syslog option for TCP ports was removed.
Release R10.1.0 Command was expanded to include the ripng option for UDP ports.

Usage Examples
The following example creates customized policy timeouts for the following:
Internet traffic (TCP Port 80) timeout 24 hours (86400 seconds)

Telnet (TCP Port 23) timeout 20 minutes (1200 seconds)
FTP (TCP Port 21) timeout 5 minutes (300 seconds)
All other TCP services timeout 8 minutes (480 seconds)
(config)#ip policy-timeout tcp www 86400

(config)#ip policy-timeout tcp telnet 1200
(config)#ip policy-timeout tcp ftp 300
(config)#ip policy-timeout tcp all-ports 480
The following example creates customized policy timeouts for UDP network basic input/output system
(NetBIOS) ports 137 to 139 of 200 seconds and UDP ports 6000 to 7000 of 300 seconds:
(config)#ip policy-timeout udp range netbios-ns netbios-ss 200

(config)#ip policy-timeout udp range 6000 7000 300
The following example creates a customized policy timeout of 1200 seconds for ESP:
(config)#ip policy-timeout esp 1200
The following example creates a customized policy timeout of 1200 seconds for GRE:
(config)#ip policy-timeout gre 1200
The following example creates a customized policy timeout of 1200 seconds for AHP:
(config)#ip policy-timeout ahp 1200

ip prefix-list <name> description “<text>”

Use the ip prefix-list description command to create and name prefix lists. Use the no form of this
command to remove a prefix list.
Syntax Description
<name> Specifies a particular prefix list.
“<text>” Assigns text (enclosed in quotation marks) used as a description for the
prefix list. Maximum length is 80 characters.
Default Values
Command History
Functional Notes
This command adds a string of up to 80 characters as a description for a prefix list. It also creates the
prefix list if a prefix list of that name does not already exist.
Usage Examples
The following example adds a description to the prefix-list test:
(config)#ip prefix-list test description “An example prefix list”

ip prefix-list <name> seq <number>

Use the ip prefix-list seq command to specify a prefix to be matched or a range of mask lengths. Use the
no form of this command to remove a prefix list. Variations of this command include:
ip prefix-list <name> seq <number> deny <network ip /length>

ip prefix-list <name> seq <number> deny <network ip /length> ge <value>
ip prefix-list <name> seq <number> deny <network ip /length> le <value>
ip prefix-list <name> seq <number> permit <network ip /length>
ip prefix-list <name> seq <number> permit <network ip /length> ge <value>
ip prefix-list <name> seq <number> permit <network ip /length> le <value>
Syntax Description
<name> Specifies a particular prefix list.
<number> Specifies the entry's unique sequence number that determines the
processing order. Lower numbered entries are processed first. Range is
1 to 4294967294.
permit <network ip /length> Permits access to entries matching the specified network IP address and
the corresponding network prefix length (for example, 10.10.10.1 /24).
deny <network ip /length> Denies access to entries matching the specified network IP address and the
corresponding network prefix length (for example, 10.10.10.1 /24).
le <value> Specifies the upper end of the range. Range is 0 to 32.
ge <value> Specifies the lower end of the range. Range is 0 to 32.
Default Values
If no ge or le parameters are specified, an exact match is assumed. If only ge is specified, the range is
assumed to be from ge-value to 32. If only le is specified, the range is assumed to be from len to le-value.
Command History
Functional Notes
This command specifies a prefix to be matched. If the network address is entered without specifying a
range for prefix lengths, the router assumes that the route must be an exact match. For example, if the
command ip prefix-list TEST seq 5 permit 10.1.0.0/16 is entered, the BGP interface will only accept
routes to the entire 10.1.0.0 /16 subnet. It will not accept routes to a network, such as 10.1.1.0/ 24, which
was subdivided from the /16 network.
Optionally, this command may specify a range of mask lengths. The following rule must be followed: len <
ge-value < le-value. A filter that exactly matches a prefix length can be created by entering the length for
both the ge and le values. A prefix list with no entries allows all routes. A route that does not match any
entries in a prefix list is dropped. As soon as a route is permitted or denied, there is no further processing
of the rule in the prefix list. A route that is denied at the beginning entry of a prefix list will not be allowed,
even if it matches a permitting entry further down the list.

Usage Examples
The following example creates a prefix list entry in the prefix list TEST that allows all routes to subnets in
the 10.1.0.0 /16 network with a prefix length up to and including 24:
(config)#ip prefix-list TEST seq 5 permit 10.1.0.0/16 le 24
The following example creates a prefix list entry in the prefix list TEST that allows any route to a /24 subnet
in the 10.1.0.0 /16 range, but rejects routes destined for the entire 10.1.0.0 /16 network:
(config)#ip prefix-list TEST seq 5 permit 10.1.0.0/16 ge 24 le 24

ip radius source-interface <interface>

Use the ip radius source-interface command to specify the network attached storage (NAS) IP address
attribute passed with the remote authentication dial-in user service (RADIUS) authentication request
packet. Specifying the virtual routing and forwarding (VRF) instance using the vrf <name> keyword
applies the configuration to the named VRF instance. Omitting the vrf <name> keyword applies the
configuration to the default unnamed VRF. Use the no form of this command to remove a defined source
ip radius source-interface <interface>

ip radius vrf <name> source-interface <interface>
Syntax Description
<interface> Specifies the source interface. Specify an interface in the format <interface
wireless virtual access point, use dot11ap 1/1.1. Type ip radius
source-interface ? for a complete list of interfaces.
vrf <name> Specifies the name of the VRF to which to assign the attribute.
Default Values
By default, no source interface is defined.
Command History
Release 15.1 Command was expanded to include the bridged virtual interface (BVI).
interface.
Ethernet interface.
Functional Notes
If this value is not defined, the address of the source network interface is used.

Usage Examples
The following example configures the Ethernet 0/1 port to be the source interface:
(config)#ip radius source-interface ethernet 0/1
The following example configures the BVI 1 interface to be the source interface:
(config)#ip radius source-interface bvi 1
The following example configures the Ethernet 0/1 port to be the source interface:
(config)#ip radius vrf RED source-interface ethernet 0/1
The following example configures the BVI 1 interface to be the source interface:
(config)#ip radius vrf RED source-interface bvi 1

ip route
Use the ip route command to add an Internet Protocol version 4 (IPv4) static route to the IPv4 route table.
Use the no form of this command to remove a configured IPv4 static route. Variations of this command
include:
ip route <ip address> <subnet mask> <interface>

ip route <ip address> <subnet mask> <interface> <administrative distance>
ip route <ip address> <subnet mask> <interface> <administrative distance> tag <number>
ip route <ip address> <subnet mask> <interface> <administrative distance> track <name>
ip route <ip address> <subnet mask> <interface> <administrative distance> track <name> tag <number>
ip route <ip address> <subnet mask> <interface> tag <number>
ip route <ip address> <subnet mask> <ip address>
ip route <ip address> <subnet mask> <ip address> tag <number>
ip route <ip address> <subnet mask> <ip address> track <name>
ip route <ip address> <subnet mask> <ip address> tag <number> track <name>
ip route <ip address> <subnet mask> <ip address> <administrative distance>
ip route <ip address> <subnet mask> <ip address> <administrative distance> tag <number>
ip route <ip address> <subnet mask> <ip address> <administrative distance> track <name>
ip route <ip address> <subnet mask> <ip address> <administrative distance> track <name> tag
<number>
ip route <ip address> <subnet mask> null 0
ip route <ip address> <subnet mask> null 0 <administrative distance>
ip route <ip address> <subnet mask> null 0 <administrative distance> tag <number>
ip route <ip address> <subnet mask> null 0 <administrative distance> track <name>
ip route <ip address> <subnet mask> null 0 tag <number>
ip route <ip address> <subnet mask> null 0 track <name>
Syntax Description
<ip address> Specifies the IPv4 network address to add to the route table. IPv4
10.10.10.1).
<subnet mask> Specifies the subnet mask that corresponds to a range of IPv4 addresses
example, /24).
[<interface> | <ip address>] Specifies the far-end IPv4 address or an egress interface in the unit. Use
the ip route <ip address> <subnet mask> ? command to display a
complete list of egress interfaces.
null 0 Optional. Specifies that traffic is routed to the null interface. The router
drops all packets destined for the null interface. Use the null interface to
allow the router to advertise a route, but not forward traffic to the route.
<administrative distance> Optional. Specifies an administrative distance associated with a particular
router used to determine the best route when multiple routes to the same
destination exist. The lower the administrative distance, the more preferable
the route. Range is 1 to 255.

tag <number> Optional. Specifies a number to use as a tag for this route. Route tags are
used to label and filter routes when dynamically redistributing routes into a
routing protocol (such as Routing Information Protocol (RIP)/open shortest
path first (OSPF)/Border Gateway Protocol (BGP)). Range is 1 to 65535.
track <name> Optional. Enables tracking on the indicated route. Once the named track
enters a fail state, the route specified by the command is disabled and traffic
will no longer be routed using that route. For more information on
configuring tracks, refer to track <name> on page 1871.
Default Values
By default, there are no configured routes in the route table, and the tag of 0 is applied to the route.
Command History
Release 9.1 Tunnel was added as a supported interface.
Release 11.1 Demand was added as a supported interface.
Release 13.1 Command was expanded to include the track feature.
Release 15.1 Command was expanded to include route tagging capability.
Usage Examples
The following example adds an IPv4 static route to the 10.220.0.0 /16 network through the next-hop router
192.22.45.254 and an IPv4 default route to 175.44.2.10:
(config)#ip route 10.220.0.0 255.255.0.0 192.22.45.254

(config)#ip route 0.0.0.0 0.0.0.0 175.44.2.10

ip route vrf
Use the ip route vrf command to create an Internet Protocol version 4 (IPv4) static route in one of the
nondefault virtual routing and forwarding (VRF) instances. Use the no form of this command to remove
the static route. Variations of this command include:
ip route vrf <name> <ipv4 address> <subnet mask> [<interface> | <ipv4 address>]
ip route vrf <name> <ipv4 address> <subnet mask> [<interface> | <ipv4 address>] <distance>
ip route vrf <name> <ipv4 address> <subnet mask> [<interface> | <ipv4 address>] <distance> tag
<number>
<number> track <name>
ip route vrf <name> <ipv4 address> <subnet mask> [<interface> | <ipv4 address>] <distance> track
<name>
<name> tag <number>
ip route vrf <name> <ipv4 address> <subnet mask> [<interface> | <ipv4 address>] tag <number>
track <name>
ip route vrf <name> <ipv4 address> <subnet mask> [<interface> | <ipv4 address>] track <name>
tag <number>
ip route vrf <name> <ipv4 address> <subnet mask> null 0
ip route vrf <name> <ipv4 address> <subnet mask> null 0 <distance>
ip route vrf <name> <ipv4 address> <subnet mask> null 0 <distance> tag <number>
ip route vrf <name> <ipv4 address> <subnet mask> null 0 <distance> track <name>
ip route vrf <name> <ip4v address> <subnet mask> null 0 tag <number>
ip route vrf <name> <ipv4 address> <subnet mask> null 0 tag <number> track <name>
ip route vrf <name> <ipv4 address> <subnet mask> null 0 track <name>
ip route vrf <name> <ipv4 address> <subnet mask> null 0 track <name> tag <number>
Syntax Description
<name> Specifies the name of the VRF instance.
<ipv4 address> Specifies the network address to add to the route table. IPv4 addresses
example, /24). Valid prefix lengths are 0 to 32.
[<interface> | <ipv4 address>] Specifies the far-end IPv4 address or an egress interface in the unit. Use
the ip route <ipv4 address> <subnet mask> ? command to display a
complete list of egress interfaces. IPv4 addresses should be expressed in

null 0 Optional. Routes traffic destined for the specified network to the null
interface. The router drops all packets destined for the null interface. Use
the null interface to allow the router to advertise a route, but not forward
traffic to the route.
<distance> Optional. Specifies an administrative distance associated with a particular
Default Values
Command History
Functional Notes
The VRF must have already been created (using the command vrf <name> route-distinguisher on page
1974) before static routes can be configured.
Usage Examples
The following example adds a static route to the routing and forwarding tables used for the VRF RED:
(config)#ip route vrf RED 10.220.0.0 255.255.0.0 192.22.45.254


ip route-cache express
Use the ip route-cache express command to globally enable Layer 3 switching. Use the no form of this
command to disable Layer 3 switching.
Syntax Description
No subcommands.
Default Values
Layer 3 switching is disabled by default, except on the NetVanta 1544. Layer 3 switching is enabled by
default on the NetVanta 1544.
Functional Notes
Layer 3 switching cannot be disabled on the NetVanta 1544. For more information about Layer 3 switching,
refer to the Layer 3 Switching in AOS configuration guide available online at
Command History
Usage Examples
The following example globally enables Layer 3 switching:
(config)#ip route-cache express

ip route vrf
Use the ip route vrf command to create an Internet Protocol version 4 (IPv4) static route in one of the
nondefault virtual routing and forwarding (VRF) instances. Use the no form of this command to remove
the static route. Variations of this command include:
ip route vrf <name> <ipv4 address> <subnet mask> [<interface> | <ipv4 address>]
ip route vrf <name> <ipv4 address> <subnet mask> [<interface> | <ipv4 address>] <distance>
<number>
<number> track <name>
<name>
<name> tag <number>
track <name>
tag <number>
ip route vrf <name> <ipv4 address> <subnet mask> null 0
ip route vrf <name> <ipv4 address> <subnet mask> null 0 <distance>
ip route vrf <name> <ipv4 address> <subnet mask> null 0 <distance> tag <number>
ip route vrf <name> <ipv4 address> <subnet mask> null 0 <distance> track <name>
ip route vrf <name> <ipv4 address> <subnet mask> null 0 tag <number>
ip route vrf <name> <ipv4 address> <subnet mask> null 0 tag <number> track <name>
ip route vrf <name> <ipv4 address> <subnet mask> null 0 track <name>
ip route vrf <name> <ipv4 address> <subnet mask> null 0 track <name> tag <number>
Syntax Description
<name> Specifies the name of the VRF instance.
<ipv4 address> Specifies the network address to add to the route table. IPv4 addresses
example, /24). Valid prefix lengths are 0 to 32.
[<interface> | <ipv4 address>] Specifies the far-end IPv4 address or an egress interface in the unit. Use
the ip route <ipv4 address> <subnet mask> ? command to display a
complete list of egress interfaces. IPv4 addresses should be expressed in

null 0 Optional. Routes traffic destined for the specified network to the null
interface. The router drops all packets destined for the null interface. Use
the null interface to allow the router to advertise a route, but not forward
traffic to the route.
<distance> Optional. Specifies an administrative distance associated with a particular
Default Values
Command History
Release 17.5 Command was expanded to include the loopback interface.
Functional Notes
The VRF must have already been created (using the command vrf <name> route-distinguisher on page
1974) before static routes can be configured.
Usage Examples
The following example adds a static route to the routing and forwarding tables used for the VRF RED:


ip routing
Use the ip routing command to enable the AOS IP routing functionality. Use the no form of this command
to disable IP routing.
Syntax Description
No subcommands.
Default Values
By default, IP routing is enabled.
Command History
Usage Examples
The following example enables the AOS IP routing functionality:
(config)#ip routing

ip rtp dtmf-relay min-duration <value>

Use the ip rtp dtmf-relay min-duration command to configure dual tone multi-frequency (DTMF) relay
duration that the DTMF digits must receive in order to be relayed. Use the no form of this command to
return to the default setting.
Syntax Description
<value> Specifies timeout period (in multiples of 10 milliseconds) allowed for DTMF
relay duration. Range is 20 to 250 seconds.
Default Values
By default, the DTMF relay value is 30.
Command History
Usage Examples
The following example sets the DTMF relay duration to 50:
(config)#ip rtp dtmf-relay min-duration 50

ip rtp firewall-traversal
Use the ip rtp firewall-traversal command to enable dynamic firewall traversal capability for RTP-based
traffic, allowing deep packet inspection of Session Description Protocol (SDP) packets to occur so RTP
will correctly traverse network address translation (NAT) in the firewall. This will open the proper ports
dynamically for the RTP traffic. Use the no form of this command to return to the default setting.
ip rtp firewall-traversal
ip rtp firewall-traversal <start udp port>
ip rtp firewall-traversal <start udp port> <end udp port>
ip rtp firewall-traversal enforce-symmetric-ip
ip rtp firewall-traversal policy-timeout <value>
ip rtp firewall-traversal reuse-nat-ports
Syntax Description
<end udp port> Specifies the ending User Datagram Protocol (UDP) port to reserve for
NAT. Range is 2001 to 65535.
<start udp port> Specifies the starting UDP port to reserve for NAT. Range is 2000 to 65534.
enforce-symmetric-ip Optional. Specifies that the same IP address must be used for both transmit
and receive for the RTP stream.
policy-timeout <value> Optional. Specifies timeout period in seconds allowed for inactive RTP
sessions to remain in the firewall. Range is 1 to 4294967295 seconds.
reuse-nat-ports Optional. Specifies that NAT ports be reused during calls.
Default Values
By default, the RTP dynamic firewall traversal is disabled and the policy timeout period is 45 seconds.
By default, when the RTP dynamic firewall traversal is enabled for AOS voice products, the UDP starting
port is 50000, and the ending UDP port is 52999. If no range is specified, the default range is 3000, unless
the starting port is equal to or greater than 62538, in which case the range will be reduced such that the
ending port is 65535.
Command History
Release 14.1 Command was updated to include the reuse-nat-ports option.
Release A2 Command was updated to include the enforce-symmetric-ip option.
Release 18.2 Command was updated to include the <start udp port> and <end udp port>
variables.
Release A5.01 Command was updated to include the <start udp port> and <end udp port>
variables for SIP RTP packets on AOS voice products, and the associated
voice product defaults.

Functional Notes
Session Initiation Protocol (SIP) uses the SDP to format the SIP message body in order to negotiate a
Realtime Transport Protocol (RTP)/Realtime Transport Control Protocol (RTCP) connection between two
or more user agents (UAs). The ports used for this will always be selected in a pair, with the even port used
for RTP and the odd port for RTCP.
You can also specify which range of NAT UDP ports are reserved for use only for SIP RTP packets using
the <start udp port> <end udp port> parameters of this command.
The SIP application-level gateway (ALG) (enabled using the ip firewall alg sip command) configures the
firewall to examine the ALL SIP packets it identifies and maintain knowledge of SIP transmissions on the
network. Since SIP packet headers include port information for the call setup, the ALG must intelligently
read the packets and remember the information.
For a full SIP implementation, dynamic firewall traversal for RTP traffic must also be enabled using the ip
rtp firewall-traversal command. This allows the firewall to open the proper ports for the RTP traffic
between UAs. For more details on SIP functionality in AOS, refer to the Functional Notes and Technology
Review sections of the command ip firewall alg on page 1365.
Usage Examples
The following example enables dynamic firewall traversal, and sets the policy timeout period at 60
seconds:
(config)#ip rtp firewall-traversal policy-timeout 60

ip rtp media-anchoring
Use the ip rtp media-anchoring command to enable media anchoring for all Realtime Transport Protocol
(RTP) calls. Use the no form of this command to return to the default setting.
ip rtp media-anchoring
ip rtp media-anchoring qos dscp <value>
ip rtp media-anchoring session timeout <value>
Syntax Description
qos dscp <value> Specifies the differentiated services code point (DSCP) value for
media-anchoring quality of service (QoS) settings. Range is 0 to 63.
session timeout <value> Specifies the timeout period, in seconds, of an anchoring association after
the associated RTP packet flow ends. Range is 32 to 900 seconds.
Default Values
By default, media anchoring is disabled. If media anchoring is enabled, the default session timeout value
is 45 seconds.
Command History
Release R10.5.0 Command was expanded to include the qos dscp parameter.
Usage Examples
The following example sets the media anchoring session timeout period at 60 seconds:
(config)#ip rtp media-anchoring session timeout 60
Technology Review
Media anchoring, through the use of Session Description Protocol (SDP) manipulation, directs all RTP
packets generated in the local network to the media anchoring device (an AOS unit with media anchoring
enabled). Outgoing RTP packets (which contain the source IP address and port number of an Internet
Protocol (IP) private branch exchange (PBX) or phone and the destination IP address and port of the
media anchoring device) are modified to be sourced from the gateway and destined to the public network.
The process is reversed for incoming RTP packets.
When a local Voice over Internet Protocol (VoIP) phone makes a call to the public network, the local
network will be configured to have all SIP messages routed to the media anchoring device. The media
anchoring device will receive a Session Initiation Protocol (SIP) packet with an SDP offer from the IP
phone when the phone tries to make the call.

If media anchoring is enabled, the media anchoring device will, based on the SDP offer, determine the
egress interface for relaying the SDP to the public network and substitute the IP address of that interface
for the connection information IP address contained in the original SDP offer. Additionally, it will substitute
a port number in the media anchoring range (User Datagram Protocol (UDP) 10000 and above) in any
media descriptions. The offer will then be relayed on the appropriate outbound SIP trunk. This will cause
RTP from the public endpoint to be routed to the media anchoring device instead of the VoIP phone.
When the media anchoring device receives the SDP answer from the destination endpoint, the connection
information IP address and media description UDP port numbers will be replaced with the IP address of
the interface for which the SDP answer was originally destined (i.e., the interface on which the VoIP phone
is reachable) and a second port number within the media anchoring UDP port range. This will cause RTP
from the VoIP phone to be routed to the media anchoring device instead of the public network.
When the RTP session begins, packets inbound from the public network will have the far-end IP address
as the source and the media anchoring device as the destination. The anchoring implementation will
replace the source address with the IP address of the egress (to the IP phone) interface on the media
anchoring device, and it will replace the destination address with that of the VoIP phone. This information
is derived from the UDP port on which the packet was originally received from the network because the
anchoring implementation stored this information when the port was allocated.
The same operation will occur on packets inbound from the IP phone. These packets will have the IP
phone's IP address and UDP port as the source and the media anchoring device as the destination. The
source IP address will be changed to that of the egress (to the public network) interface on the media
anchoring device, and the port will be changed to the anchoring port established when the SDP offer was
originally manipulated. The destination IP address and UDP port will be changed to that of the public
network endpoint.

ip rtp media-anchoring transcoding codec

Use the ip rtp media-anchoring transcoding codec command to enable coder/decoder (CODEC)
transcoding globally for all Session Initiation Protocol (SIP) endpoints on an AOS session border
controller (SBC) device. Use the no form of this command to disable the CODEC transcoding feature.
Syntax Description
No subcommands.
Default Values
By default, CODEC transcoding is disabled.
Command History
Functional Notes
Before CODEC transcoding can be enabled, media anchoring must be enabled. Refer to the command ip
rtp media-anchoring on page 1450 for more information.
In addition, to configure transcoding you must specify the CODEC settings for each SIP endpoint. Refer to
the following sections in this guide for more information: Voice CODEC List Command Set on page 4879,
Voice T1 Trunk Command Set on page 5137, Voice SIP Trunk Command Set on page 5038, or Voice
ISDN Trunk Command Set on page 4994
Usage Examples
The following example enables CODEC transcoding globally on the AOS device:
(config)#ip rtp media-anchoring transcoding codec

ip rtp media-anchoring transcoding dtmf

Use the ip rtp media-anchoring transcoding dtmf command to enable dualtone multifrequency (DTMF)
signal transcoding on a global basis for all Session Initiation Protocol (SIP) endpoints connected to the
AOS session border controller (SBC) device. Use the no form of this command to disable the DTMF
transcoding feature.
Syntax Description
No subcommands.
Default Values
By default, DTMF transcoding is disabled.
Command History
Functional Notes
Before DTMF transcoding can be enabled, media anchoring must be enabled. Refer to the command ip rtp
media-anchoring on page 1450 for more information.
In addition, to configure transcoding you must specify the DTMF settings for each SIP endpoint. Refer to
the following sections in this guide for more information: Voice T1 Trunk Command Set on page 5137,
Voice SIP Trunk Command Set on page 5038, or Voice ISDN Trunk Command Set on page 4994.
Usage Examples
The following example enables DTMF transcoding globally on the AOS device:
(config)#ip rtp media-anchoring transcoding dtmf

ip rtp nat-session timeout <value>

Use the ip rtp nat-session timeout command to configure the network address translation (NAT) session
timeout for the Realtime Transport Protocol (RTP) packets. Use the no form of this command to return to
the default setting.
Syntax Description
<value> Specifies the timeout period in seconds allowed for an inactive NAT
session. Range is 32 to 900 seconds.
Default Values
By default, the timeout period is 32 seconds.
Command History
Usage Examples
The following example sets the NAT session timeout period at 60 seconds:
(config)#ip rtp nat-session timeout 60

ip rtp nat-table-timeout <value>

Use the ip rtp nat-table timeout command to configure the network address translation (NAT) table
timeout for the Realtime Transport Protocol (RTP) packets. Use the no form of this command to return to
Syntax Description
<value> Specifies the timeout period in seconds allowed for an inactive NAT
session. Range is 32 to 900 seconds.
Default Values
By default, the timeout period is 32 seconds.
Command History
Usage Examples
The following example sets the NAT session timeout period at 60 seconds:
(config)#ip rtp nat-session timeout 60

ip rtp qos dscp <value>

Use the ip rtp qos dscp command to configure the differentiated services code point (DSCP) value with
which to mark IP Realtime Transport Protocol (RTP) packets. This marking can then be used by the
quality of service (QoS) mechanisms to give priority for this type of traffic in the unit. Use the no form of
this command to disable this feature.
Syntax Description
<value> Specifies the DSCP value. Valid range is 0 to 63.
Default Values
Command History
Usage Examples
The following example sets the DSCP value to 63:
(config)#ip rtp qos dscp 63

ip rtp quality-monitoring
Use the ip rtp quality-monitoring command to globally enable voice quality monitoring (VQM) of the
Realtime Transport Protocol (RTP) voice stream packets. Use the no form of this command to disable
VQM. Variations of this command include:
ip rtp quality-monitoring
ip rtp quality-monitoring scoring-adjustment japan
ip rtp quality-monitoring sip
ip rtp quality-monitoring udp
Syntax Description
scoring-adjustment japan Optional. Sets the region for scoring adjustment for Japan. In Japan, the
mean opinion score (MOS) statistics are calculated differently than in
other regions. VQM must be disabled and then enabled again for this
setting to take effect.
sip Optional. Specifies that Session Initiation Protocol (SIP) is the signaling
type of the RTP stream to monitor.
udp Optional. Specifies that User Datagram Protocol (UDP) is the signaling
type of the RTP stream to monitor.
Default Values
By default, the VQM is disabled globally.
Functional Notes
Disabling VQM on the global level (for example, to change the scoring adjustment) erases all active calls,
new calls, and interface statistics. Call history and endpoint statistics are not affected.
If the sip or udp parameters are specified, and VQM has not previously been enabled at the global level,
VQM will be enabled globally. Enabling UDP packet inspection forces the AOS unit to inspect every UDP
packet to determine if it is an RTP packet, placing a significant load on the AOS unit. UDP packet
inspection should only be enabled if IP phones are being used and they do not pass through the SIP ALG,
SIP proxy, or SIP B2BUA.
For more information about VQM configuration, refer to the configuration guide Configuring VQM in AOS
Command History
Usage Examples
The following example enables RTP quality monitoring at the global level and does not specify a scoring
region or RTP signaling type:
(config)#ip rtp quality-monitoring

ip rtp quality-monitoring filter

Use the ip rtp quality-monitoring filter command to filter the number of Realtime Transport Protocol
(RTP) voice streams monitored by voice quality monitoring (VQM). Use the no form of this command to
remove the filter. Variations of this command include:
ip rtp quality-monitoring filter user <user>

ip rtp quality-monitoring filter access-class <name>
Syntax Description
user <user> Specifies that only calls from certain users are measured. Users are
specified by Session Initiation Protocol (SIP) To or From headers, in the
format user@host. Multiple users can be monitored simultaneously.
access-class <name> Specifies that only RTP streams that match the previously configured
access control list (ACL) are measured. The <name> parameter is the ACL
to be used. Only one ACL can be applied to VQM at a time.
Default Values
By default, VQM is not filtered by user or ACL.
Command History
Usage Examples
The following example specifies that VQM only monitor RTP streams that match the previously configured
ACL, 4thFloorUsers:
(config)#ip rtp quality-monitoring filters access-class 4thFloorUsers

ip rtp quality-monitoring history

Use the ip rtp quality-monitoring history commands to configure the call history storage for voice
quality monitoring (VQM). You can use this command variations to configure the size of the call history
and to specify the thresholds used to decide when calls are stored in the call history. Using the no forms of
these commands return the call history parameters to the default settings. Variations of this command
include:
ip rtp quality-monitoring history cq-mos <value>

ip rtp quality-monitoring history jitter <value>
ip rtp quality-monitoring history loss <value>
ip rtp quality-monitoring history lq-mos <value>
ip rtp quality-monitoring history max-streams <number>
ip rtp quality-monitoring history out-of-order <value>
ip rtp quality-monitoring history pq-mos <value>
Syntax Description
cq-mos <value> Specifies a threshold for the conversational quality (CQ) mean opinion
score (MOS), and stores statistics below this threshold. The range is 0 to
4.4.
jitter <value> Specifies a threshold for the jitter. Statistics above this threshold are stored
as jitter. The packet-to-packet delay variation is measured in milliseconds
(from nAvgPDV). The range is 0 to 30000.
loss <value> Specifies a threshold for loss (in packets). Statistics above this threshold is
stored as lost packets. The range is 0 to 30000.
lq-mos <value> Specifies a threshold for the listening quality (LQ) MOS, and stores statistics
below this threshold. The range is 0 to 4.4.
max-streams <number> Specifies a number of previously completed call statistics to store. This is a
count of Realtime Transport Protocol (RTP) streams; each call can contain
two RTP streams. The range is 0 to 2000.
out-of-order <value> Specifies a threshold for out-of-order packets to be logged. Statistics above
this threshold are stored. The range is 0 to 30000.
pq-mos <value> Specifies a threshold for LQ MOS normalized to the PESQ (PQ) scale, and
stores statistics below this threshold. The range is 0 to 4.4.
Default Values
By default, the maximum number of RTP streams allowed in the history is 100.
Setting the size of the call history to a large number can result in the AOS unit running out
of memory.
By default, MOS thresholds are set to 4.4, and jitter, loss, and out-of-order packet thresholds are set to 0.

Command History
Functional Notes
As calls complete, settings configured using this command are examined to determine whether the call
should be stored in the call history. The maximum number of streams to store may be configured; newer
calls will replace the oldest calls when the call history is full. The MOS, loss, out-of-order packets, and jitter
can also be examined when a call completes. By default, all calls are stored in the call history. However, if
threshold values are changed from their defaults, only calls with poorer quality than these nondefault
thresholds will be stored.
Usage Examples
The following example enables RTP quality monitoring history to store a maximum of 250 RTP streams:
(config)#ip rtp quality-monitoring history max-streams 250

ip rtp quality-monitoring jitter-buffer

Use the ip rtp quality-monitoring jitter-buffer command to specify the jitter buffer type and
configuration for the jitter buffer emulator (JBE) that generates the observable jitter statistics in Realtime
Transport Protocol (RTP) quality monitoring. Use the no form of this command to return to the default
setting. Variations of this command include:
ip rtp quality-monitoring jitter-buffer

ip rtp quality-monitoring jitter-buffer adaptive min <delay> nominal <value>
ip rtp quality-monitoring jitter-buffer adaptive min <delay> nominal <value> max <value>
ip rtp quality-monitoring jitter-buffer fixed nominal <value> jitter-buffer-size <value>
Syntax Description
adaptive min <delay> Optional. Specifies the minimum acceptable jitter buffer delay to be used by
the JBE. The range is 10 to 240 milliseconds.
nominal <value> Optional. Specifies the starting delay applied to packets of the emulated
jitter buffer. The range is 10 to 240 milliseconds.
max <value> Optional. Specifies the maximum delay that the adaptive jitter buffer will be
allowed to use. The range is 40 to 320 milliseconds.
fixed nominal <value> Optional. Specifies the actual fixed delay that would be applied to the
packet in a nonemulated jitter buffer. The range is 4 to 250 milliseconds.
There is no default setting.
jitter-buffer-size <value> Optional. Specifies the number of packets that the emulated jitter buffer can
hold. The range is 10 to 500 packets. There is no default setting.
Default Values
By default, the jitter buffer is set to adaptive min 10 nominal 50 max 200.
Command History
Release A1 Command was introduced in the AOS voice products.
Release A4.01 Command was modified to allow specifying the nominal value without
specifying the max value.
Usage Examples
The following example enables the JBE to hold up to 175 packets in fixed mode:
(config)#ip rtp quality-monitoring jitter-buffer fixed nominal 50 jitter-buffer-size 175

ip rtp quality-monitoring jitter-threshold

Use the ip rtp quality-monitoring jitter-threshold command to specify the jitter thresholds for the voice
quality monitoring (VQM) simulated jitter buffer. These thresholds determine when packets are
considered either too early or too late for the jitter buffer window, and are then marked as discarded
packets. Changing the jitter threshold will not impact currently active calls, only the calls placed after the
configuration change has taken place. Use the no form of this command to return to the default setting.
ip rtp quality-monitoring jitter-threshold early <value>

ip rtp quality-monitoring jitter-threshold late <value>
Syntax Description
early <value> Specifies the time by which packets are deemed to have arrived early. The
range is 0 to 1000 ms.
late <value> Specifies the time by which packets are deemed to have arrived late. The
range is 0 to 1000 ms.
Default Values
By default, jitter thresholds are set to early 10, and late 60.
Command History
Usage Examples
The following example specifies the late jitter threshold at 45 ms:
(config)#ip rtp quality-monitoring jitter-threshold late 45

p rtp quality-monitoring reporter <name>

Use the ip rtp quality-monitoring reporter command to create and name a voice quality monitoring
(VQM) reporter. Use the no form of this command to delete the reporter. Variations of this command
include:
ip rtp quality-monitoring reporter <name>

ip rtp quality-monitoring reporter <name> vrf <name>
Syntax Description
<name> Specifies the name of the VQM reporter.
instance on which to enable the VQM reporter. If no VRF is specified, the
VQM reporter is enabled on the default unnamed VRF instance.
Default Values
By default, no VQM reporter exists.
Command History
Functional Notes
The ip rtp quality-monitoring reporter command creates a VQM reporter and also enters the reporter’s
configuration mode. For more information on configuring VQM reporters, refer to the VQM Reporter
Usage Examples
The following example creates the VQM reporter Reporter1 and enters the reporter’s configuration mode:
(config)#ip rtp quality-monitoring reporter Reporter1

Configuring New Reporter “Reporter1”
(config-rtp-reporter-Reporter1)#

ip rtp quality-monitoring round-trip-delay

Use the ip rtp quality-monitoring round-trip-delay command to enable packet round-trip calculations
for voice quality monitoring (VQM) and to specify the type of round-trip delay testing. Use the no form of
this command to disable VQM round-trip delay calculations. Variations of this command include:
ip rtp quality-monitoring round-trip-delay icmp-ping

ip rtp quality-monitoring round-trip-delay icmp-timestamp
Syntax Description
icmp-ping Specifies the use of Internet Control Message Protocol (ICMP) requests for
calculating round-trip delay.
icmp-timestamp Specifies the use of ICMP timestamp requests for calculating round-trip
delay.
Default Values
By default, the calculation type is icmp-ping.
Functional Notes
Round-trip delay settings appear in the VQM statistics; however, if Realtime Transport Protocol (RTP)
extended reports (RTCP XR) are also available, the received RTCP XR reports supersede the round-trip
delay settings.
The endpoints and local units must be synchronized (time and date) for the timestamp method to be
accurate. In addition, any firewalls between the voice endpoints must be configured to allow ICMP traffic to
pass.
For more information about VQM round-trip delay calculations, and VQM configuration, refer to the
configuration guide Configuring VQM in AOS available online at https://supportcommunity.adtran.com.
Command History
Usage Examples
The following example specifies timestamp requests are used to determine round-trip delay:
(config)#ip rtp quality-monitoring round-trip-delay icmp-timestamp

ip rtp quality-monitoring sample one-out-of <number>

Use the ip rtp quality-monitoring sample one-out-of command to limit the number of Realtime
Transport Protocol (RTP) streams monitored by voice quality monitoring (VQM). Use the no form of this
command to disable VQM sampling.
Syntax Description
<number> Specifies the VQM jitter buffer sampling rate, which causes VQM to only
monitor 1 out of the specified number of RTP streams. Range is 1 to 100.
Default Values
By default, the VQM sampling rate is set to 1, which means that all RTP streams are monitored.
Command History
Usage Examples
The following example specifies that VQM monitors 10 percent of all streams (one out of every 10):
(config)#ip rtp quality-monitoring sample one-out-of 10

ip rtp quality-monitoring snmp trap

Use the ip rtp quality-monitoring snmp trap command to configure the Simple Network Management
Protocol (SNMP) trap parameters of voice quality monitoring (VQM). Using the no form of this command
disables VQM SNMP trap reports and collections. Variations of this command include:
ip rtp quality-monitoring snmp trap

ip rtp quality-monitoring snmp trap priority-level error
ip rtp quality-monitoring snmp trap priority-level info
ip rtp quality-monitoring snmp trap priority-level notice
ip rtp quality-monitoring snmp trap priority-level warning
Syntax Description
priority-level Optional. Specifies the priority level of the SNMP trap created by VQM.
error Specifies that an SNMP trap is created when VQM detects an error event.
info Specifies that an SNMP trap is created when VQM detects an info event.
notice Specifies that an SNMP trap is created when VQM detects a notice event.
warning Specifies that an SNMP trap is created when VQM detects a warning.
Default Values
By default, SNMP traps are not enabled for VQM.
Command History
Usage Examples
The following example enables SNMP traps for VQM:
(config)#ip rtp quality-monitoring snmp trap

ip rtp quality-monitoring threshold jitter

Use the ip rtp quality-monitoring threshold jitter command to specify the threshold values for logging
jitter events during voice quality monitoring (VQM). When more jitter is detected in the Realtime
Transport Protocol (RTP) than the specified event threshold, an event message is generated. Use the no
form of this command to disable the event reporting for that message type and threshold. Variations of this
command include:
ip rtp quality-monitoring threshold jitter error

ip rtp quality-monitoring threshold jitter error <value>
ip rtp quality-monitoring threshold jitter info
ip rtp quality-monitoring threshold jitter info <value>
ip rtp quality-monitoring threshold jitter notice
ip rtp quality-monitoring threshold jitter notice <value>
ip rtp quality-monitoring threshold jitter warning
ip rtp quality-monitoring threshold jitter warning <value>
Syntax Description
error Specifies the threshold for jitter error messages to be logged.
info Specifies the threshold for jitter information messages to be logged.
notice Specifies the threshold for jitter notice messages to be logged.
warning Specifies the threshold for jitter warning messages to be logged.
<value> Optional. The range is 0 to 30000.
Default Values
By default, the jitter logging thresholds are info 0, notice 250, warning 350, and error 450.
Command History
Usage Examples
The following example enables VQM jitter warning messages to be logged if jitter occurs above 200 ms:
(config)#ip rtp quality-monitoring threshold jitter warning 200

ip rtp quality-monitoring threshold loss

Use the ip rtp quality-monitoring threshold loss command to specify the threshold values for logging
packet loss events during voice quality monitoring (VQM). When more loss is detected in the Realtime
Transport Protocol (RTP) than the specified event threshold, an event message is generated. Use the no
form of this command disables the event reporting for that message type and threshold. Variations of this
command include:
ip rtp quality-monitoring threshold loss error

ip rtp quality-monitoring threshold loss error <value>
ip rtp quality-monitoring threshold loss info
ip rtp quality-monitoring threshold loss info <value>
ip rtp quality-monitoring threshold loss notice
ip rtp quality-monitoring threshold loss notice <value>
ip rtp quality-monitoring threshold loss warning
ip rtp quality-monitoring threshold loss warning <value>
Syntax Description
error Specifies the threshold for lost packets error messages to be logged.
info Specifies the threshold for lost packets information messages to be logged.
notice Specifies the threshold for lost packets notice messages to be logged.
warning Specifies the threshold for lost packets warning messages to be logged.
Default Values
By default, the lost packets thresholds are info 0, notice 25, warning 50, and error 100.
Command History
Usage Examples
The following example enables VQM lost packet info messages to be logged if loss occurs above 10
packets:
(config)#ip rtp quality-monitoring threshold loss info 10

ip rtp quality-monitoring threshold lq-mos

Use the ip rtp quality-monitoring threshold lq-mos command to specify threshold values for logging
listening quality (LQ) mean opinion score (MOS) events during voice quality monitoring (VQM). When
the call quality detected in the Realtime Transport Protocol (RTP) stream is less than the specified event
threshold, an event message is generated. Use the no form of this command disables the event reporting for
that message type and threshold. Variations of this command include:
ip rtp quality-monitoring threshold lq-mos error

ip rtp quality-monitoring threshold lq-mos error <value>
ip rtp quality-monitoring threshold lq-mos info
ip rtp quality-monitoring threshold lq-mos info <value>
ip rtp quality-monitoring threshold lq-mos notice
ip rtp quality-monitoring threshold lq-mos notice <value>
ip rtp quality-monitoring threshold lq-mos warning
ip rtp quality-monitoring threshold lq-mos warning <value>
Syntax Description
error Specifies the threshold for LQ MOS error messages to be logged.
info Specifies the threshold for LQ MOS information messages to be logged.
notice Specifies the threshold for LQ MOS notice messages to be logged.
warning Specifies the threshold for LQ MOS warning messages to be logged.
<value> Optional. The range is 0 to 4.4.
Default Values
By default, the LQ MOS thresholds are info 4.40, notice 4.00, warning 3.60, and error 2.60.
Command History
Usage Examples
The following example enables VQM LQ MOS info messages to be logged if LQ MOS scores fall below
4.25:
(config)#ip rtp quality-monitoring threshold lq-mos info 4.25

ip rtp quality-monitoring threshold out-of-order

Use the ip rtp quality-monitoring threshold out-of-order command to specify threshold values for
logging out-of-order packet events during voice quality monitoring (VQM). When more out-of-order
packets are detected in the Realtime Transport Protocol (RTP) stream than the specified event threshold,
an event message is generated. Use the no form of this command disables the event reporting for that
message type and threshold. Variations of this command include:
ip rtp quality-monitoring threshold out-of-order error

ip rtp quality-monitoring threshold out-of-order error <value>
ip rtp quality-monitoring threshold out-of-order info
ip rtp quality-monitoring threshold out-of-order info <value>
ip rtp quality-monitoring threshold out-of-order notice
ip rtp quality-monitoring threshold out-of-order notice <value>
ip rtp quality-monitoring threshold out-of-order warning
ip rtp quality-monitoring threshold out-of-order warning <value>
Syntax Description
error Specifies the threshold for out-of-order packet error messages to be logged.
info Specifies the threshold for out-of-order packet information messages to be
logged.
notice Specifies the threshold for out-of-order packet notice messages to be
logged.
warning Specifies the threshold for out-of-order packet warning messages to be
logged.
Default Values
By default, the out-of-order packet thresholds are info 0, notice 25, warning 50, and error 100.
Command History
Usage Examples
The following example enables VQM out-of-order packet info messages to be logged if the number of
out-of-order packets is greater than 5:
(config)#ip rtp quality-monitoring threshold out-of-order info 5

ip rtp quality-monitoring threshold pq-mos

Use the ip rtp quality-monitoring threshold pq-mos command to specify threshold values for logging
perceived quality (PQ) mean opinion score (MOS) events during voice quality monitoring (VQM). When
the call quality detected in the Realtime Transport Protocol (RTP) stream is less than the specified event
threshold, an event message is generated. Use the no form of this command disables the event reporting for
that message type and threshold. Variations of this command include:
ip rtp quality-monitoring threshold pq-mos error

ip rtp quality-monitoring threshold pq-mos error <value>
ip rtp quality-monitoring threshold pq-mos info
ip rtp quality-monitoring threshold pq-mos info <value>
ip rtp quality-monitoring threshold pq-mos notice
ip rtp quality-monitoring threshold pq-mos notice <value>
ip rtp quality-monitoring threshold pq-mos warning
ip rtp quality-monitoring threshold pq-mos warning <value>
Syntax Description
error Specifies the threshold for listening quality PQ MOS error messages to be
logged.
info Specifies the threshold for listening quality PQ MOS information messages
to be logged.
notice Specifies the threshold for listening quality PQ MOS notice messages to be
logged.
warning Specifies the threshold for listening quality PQ MOS warning messages to
be logged.
<value> Optional. The range is 0 to 4.4.
Default Values
By default, the PQ MOS thresholds are info 4.40, notice 4.00, warning 3.60, and error 2.60.
Command History
Usage Examples
The following example enables VQM PQ MOS info messages to be logged if the PQ MOS scores fall
below 4.25:
(config)#ip rtp quality-monitoring threshold pq-mos info 4.25

ip rtp session timeout <value> disconnect

Use the ip rtp session timeout <value> disconnect command to specify the time, in seconds, before calls
that have not received Realtime Transport Protocol (RTP) are disconnected. Use the no form of this
command to return to the default setting.
Syntax Description
<value> Specifies the timeout period, in seconds, before disconnecting RTP calls
once the RTP packet flow ends. Range is 32 to 900 seconds.
Default Values
By default, RTP sessions disconnect after 45 seconds of inactivity.
Command History
Usage Examples
The following example specifies that after 60 seconds of no received RTP, RTP calls will be disconnected:
(config)#ip rtp session timeout 60 disconnect

ip rtp symmetric-filter
Use the ip rtp symmetric-filter command to enable filtering of received nonsymmetric Realtime
Transport Protocol (RTP) packets. Use the no form of this command to return to the default setting.
Syntax Description
No subcommands.
Default Values
By default, the RTP symmetric filter is enabled on some AOS platforms, and disabled on others. Enter the
show running-config verbose | include rtp symmetric-filter command from the Enable mode prompt to
determine if the RTP symmetric filter is enabled or disabled on the AOS device.
Command History
Usage Examples
The following example enables ip rtp symmetric-filter:
(config)#ip rtp symmetric-filter

ip rtp udp <number>

Use the ip rtp udp command to configure a global starting User Datagram Protocol (UDP) port for
Realtime Transport Protocol (RTP). Use the no form of this command to remove a configured UDP port.
Syntax Description
<number> Specifies the value of the starting UDP port. Valid range is 1026 to 60000.
Default Values
The default value for this command is 10000.
Command History
Usage Examples
The following example configures 2000 as the starting value of the UDP port:
(config)#ip rtp udp 2000

ip scp server
Use the ip scp server command to enable the secure copy server functionality in AOS. Enabling the secure
copy server allows AOS to support the transfer of files using a secure connection. A secure connection
helps provide protection against outside forces gaining access to configuration files. An external secure
copy server is required to facilitate the transfers from the terminal. Use the no form of this command to
Syntax Description
No subcommands.
Default Values
By default, the secure copy server is disabled.
Command History
Usage Examples
The following example enables the secure copy server function:
(config)#ip scp server

ip security monitor
Use the ip security monitor command to activate the AOS Security Monitor feature and enter the Security
Monitor Configuration mode. For more information on configuring the Security Monitor feature, refer to
the Security Monitor Command Set on page 4488.
Syntax Description
No Subcommands.
Default Values
Command History
Usage Examples
The following example activates the Security Monitor Configuration feature:
(config-)#ip security monitor

ip security monitor stats-filter <name>

Use the ip security monitor stats-filter command to create a new security monitor filter and enter the
filter configuration mode. For more information on configuring the security monitor statistics filter refer to
threat on page 4491. Use the no version of this command to delete the specified filter.
Syntax Description
<name> Specifies the filter to be applied.
Default Values
By default, no security monitor filters exist.
Command History
Usage Examples
The following example applies a filter named F1:
(config)#ip security monitor stats-filter F1

Creating new filter “F1”.
(config-secmon-filter)#

ip sntp server
Use the ip sntp server command to enable the Simple Network Time Protocol (SNTP) server. This allows
the unit to accept SNTP requests. Use the no form of this command to disable the server.
Syntax Description
No subcommands.
Default Values
By default, the SNTP server is disabled.
Command History
Usage Examples
The following example enables the SNTP server:
(config)#ip sntp server

ip sntp server send-unsynced

Use the ip sntp server send-unsynced command to enable sending the system clock time when requested,
even if the device is not synchronized with the Simple Network Time Protocol (SNTP) server. Use the no
form of this command to disable this setting.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables the device to send the system clock time regardless of synchronized status
with the sntp server:
(config)#ip sntp server send-unsynced

ip sntp server source-interface <interface>

Use the ip sntp server source-interface command to specify a source interface for Simple Network Time
Protocol (SNTP) server traffic. The IP address of the specified interface will be used to source all SNTP
traffic. Use the no form of this command if you do not wish to override the default source IP address.
Syntax Description
<interface> Specifies the source interface for SNTP server traffic. Specify an interface in
wireless virtual access point, use dot11ap 1/1.1. Type ip sntp server
Default Values
By default, no SNTP server source interface is defined.
Command History
Release 16.1 Command was expanded to include the bridged virtual interface (BVI),
Frame Relay, high level data link control (HDLC), and Point-to-Point
Protocol (PPP) interfaces.
interface.
Ethernet interface.
Functional Notes
Usage Examples
The following example configures the unit to use the loopback 1 interface as the source IP for SNTP
traffic:
(config)#ip sntp server source-interface loopback 1

ip sntp source-interface <interface>

Use the ip sntp source-interface command to specify a source interface for Simple Network Time
Protocol (SNTP) traffic originated by the unit. The IP address of the specified interface will be used to
source all SNTP traffic. Use the no form of this command if you do not wish to override the default source
IP address.
Syntax Description
<interface> Specifies the source interface for SNTP traffic. Specify an interface in the
wireless virtual access point, use dot11ap 1/1.1. Type ip sntp
Default Values
By default, no SNTP source interface is defined.
Command History
Release 16.1 Command was expanded to include the bridged virtual interface (BVI),
Frame Relay, high level data link control (HDLC), and Point-to-Point
Protocol (PPP) interfaces.
interface.
Ethernet interface.
Functional Notes
Usage Examples
The following example configures the unit to use the loopback 1 interface as the source IP for SNTP
traffic:
(config)#ip sntp source-interface loopback 1

ip subnet-zero
The ip subnet-zero command is the default operation and cannot be disabled. This command signifies the
router’s ability to route to subnet-zero subnets.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example subnet-zero is enabled:
(config)#ip subnet-zero

ip tacacs source-interface <interface>

Use the ip tacacs source-interface command to specify an Internet Protocol version 4 (IPv4) source
interface for terminal access controller access-control system plus (TACACS+) traffic originated by the
unit. Specifying the virtual routing and forwarding (VRF) instance using the vrf <name> keyword applies
the association to the named VRF instance. Omitting the vrf <name> keyword applies the association to
the default unnamed VRF. The IPv4 address of the specified interface will be used to source all TACACS+
traffic. Use the no form of this command if you do not wish to override the default source IP address.
ip tacacs source-interface <interface>

ip tacacs vrf <name> source-interface <interface>
Syntax Description
<interface> Specifies the source interface for TACACS+ traffic. Specify an interface in
wireless virtual access point, use dot11ap 1/1.1. Type ip tacacs
vrf <name> Specifies the name of the VRF to which to assign the source-interface.
Default Values
Command History
interface.
Ethernet interface.
Functional Notes

Usage Examples
The following example configures the unit to use the loopback 1 interface as the source IP for TACACS+
traffic:
(config)#ip tacacs source-interface loopback 1
The following example configures the unit to use the loopback 1 interface on VRF RED as the source IP
for TACACS+ traffic:
(config)#ip tacacs vrf RED source-interface loopback 1

ip urlfilter allowmode
Use the ip urlfilter allowmode command to allow all uniform resource locator (URL) requests in cases
when all URL filter servers are down. Use the no form of this command to block all URL requests when all
URL filter servers are down.
Syntax Description
No subcommands.
Default Values
By default, all URL requests will be blocked when all URL filter servers are down.
Command History
Usage Examples
The following example permits all URL requests even when URL filter servers are down:
(config)#ip urlfilter allowmode

ip urlfilter exclusive-domain
Use the ip urlfilter exclusive-domain command to instruct AOS to always allow or always block a
domain without first having to verify with the uniform resource locator (URL) filter server. Use the no
form of this command to remove an exclusive domain. Variations of this command include:
ip urlfilter exclusive-domain deny <name>

ip urlfilter exclusive-domain permit <name>
Syntax Description
deny <name> Specifies that the domain name be blocked without verifying with the URL
filter server.
permit <name> Specifies that the domain name be allowed without verifying with the URL
filter server.
Default Values
By default, no exclusive domains are configured.
Command History
Functional Notes
Domain matching is based on an exact match between the Hypertext Transfer Protocol (HTTP) header
and entries in the ip urlfilter exclusive-domain command. In order to exactly match requests destined for
a domain, entries should list all possible variations of the domain that would appear in the Host field of an
HTTP header. Refer to the Usage Examples section of this command for more detailed information.
Usage Examples
The following example will always allow access to www.adtran.com and adtran.com without first having
to verify the domain with the URL filter server:
(config)#ip urlfilter exclusive-domain permit www.adtran.com

(config)#ip urlfilter exclusive-domain permit adtran.com
The following example will always block access to www.localnews.com without first having to verify the
domain with the URL filter server:
(config)#ip urlfilter exclusive-domain deny www.localnews.com

ip urlfilter <name> http

Use the ip urlfilter http command to create a uniform resource locator (URL) filter for Hypertext Transfer
Protocol (HTTP) (Transmission Control Protocol (TCP) port 80) traffic. Use the no form of this command
to delete the specified HTTP URL filter.
The URL filtering software runs on a server independent of the AOS product. For
additional information about the URL filtering technology, refer to the vendor’s website.
Syntax Description
<name> Specifies the URL filter name.
Default Values
By default, no URL filters are configured.
Command History
Functional Notes
The firewall must be enabled using the ip firewall command in order to use URL filters. The URL filter
must be applied to the appropriate interface by using the ip urlfilter <name> [in | out] command. Refer to
this command in the appropriate interface for more information.
Usage Examples
The following example creates the HTTP URL filter called MyFilter that can be applied to an interface for
content filtering:
(config)#ip urlfilter MyFilter http

ip urlfilter max-request <value>

Use the ip urlfilter max-request command to set the maximum number of outstanding uniform resource
locator (URL) lookup requests that can be sent to a URL filter server without a response. Use the no form
of this command to set the value back to its default setting.
Syntax Description
<value> The maximum number of outstanding URL lookup requests. Valid range
is 1 to 500 requests.
Default Values
By default, the number of outstanding requests is 500.
Command History
Functional Notes
After the maximum number of URL lookup requests is reached, the no ip urlfilter allowmode setting will
be used to allow or block all following requests until enough URL lookup responses have been received
from the URL filter server.
Usage Examples
The following example sets the maximum number of URL lookup requests to 250:
(config)#ip urlfilter max-request 250

ip urlfilter max-response <value>

Use the ip urlfilter max-response command to set the maximum number of responses allowed to buffer
before receiving an allow or block status from the uniform resource locator (URL) filter server. Use the no
form of this command to set the value back to its default setting.
Syntax Description
<value> Specifies the maximum number of responses allowed to buffer. Valid range
is 1 to 100 responses.
Default Values
By default, the value of buffered responses is 100.
Command History
Functional Notes
When a URL request comes through the unit and URL filtering is enabled, a lookup request is sent to the
URL filter server and the Hypertext Transfer Protocol (HTTP) request is forwarded to the HTTP server at
the same time. If the HTTP server responds before the URL filter server, the response must be buffered
until the URL filter server responds with allow or block. Once the maximum number of buffered HTTP
responses is reached, all following HTTP responses are dropped until some of the existing buffered
responses are released. Buffered responses are released when the URL filter server sends a response, or
when the firewall association times out.
Usage Examples
The following example sets the maximum number of buffered responses to 50:
(config)#ip urlfilter max-response 50

ip urlfilter server <ip address>

Use the ip urlfilter server command to identify a uniform resource locator (URL) filter server by IP
address and port number. Use the no form of this command to remove the server from use. Variations of
ip urlfilter server <ip address>

ip urlfilter server <ip address> port <number>
ip urlfilter server <ip address> timeout <value>
Syntax Description
<ip address> Specifies the server IP address. IP addresses should be expressed in
port <number> Specifies the server Transmission Control Protocol (TCP) port number that
will receive requests.
timeout <value> Specifies the number of seconds to wait for a response from the URL
filtering server before determining that it is out of service. Range is 1 to
300 seconds.
Default Values
By default, there are no URL filtering servers configured. When configuring a URL filtering server, the port
default is 15,868, and the timeout default is 5 seconds.
Command History
Usage Examples
The following example identifies a URL filtering server at IP address 10.1.1.1 that listens for URL filtering
requests on port 15,868 (default) and waits for a response for 10 seconds before determining that the
filtering server is down:
(config)#ip urlfilter server 10.1.1.1 timeout 10

ip urlfilter top-website
Use the ip urlfilter top-website command to enable reporting of the websites most frequently requested
on the system. Use the no form of this command to disable top websites reporting.
Enabling this feature may cause a performance degradation in Web browsing.
Syntax Description
No subcommands.
Default Values
By default, top websites reporting is disabled.
Command History
Usage Examples
The following example enables top websites reporting:
(config)#ip urlfilter top-website

ipv6 access-list extended <ipv6 acl name>

Use the ipv6 access-list extended command to create an empty Internet Protocol version 6 (IPv6) access
control list (ACL) and enter the Extended ACL Configuration mode. Use the no form of this command to
delete an extended ACL and all the entries contained in it.
For a complete list of all extended IPv6 ACL configuration commands, refer to the IPv4
Syntax Description
Default Values
Command History
Functional Notes
This command only creates an empty extended IPv6 ACL, it does not configure it. For additional extended
ACL configuration commands and configuration parameters, refer to the IPv4 Access Control List
Usage Examples
The following example creates an extended IPv6 ACL Allowv6 and enters the Extended ACL
Configuration mode:
(config)#ip access-list extended Allowv6

(config-ext6-nacl)#
Technology Review
IPv6 ACLs are used as packet selectors by different AOS IPv6 features (firewall, virtual private network


ipv6 access-list standard <ipv6 acl name>

Use the ipv6 access-list standard command to create an empty IPv6 access control list (ACL) and enter
the Standard ACL Configuration mode. Use the no form of this command to delete an extended ACL and
all the entries contained in it.
For a complete list of all standard IPv6 ACL configuration commands, refer to the IPv6
Access Control Policy Command Set on page 4311.
Syntax Description
Default Values
Command History
Functional Notes
This command only creates an empty standard IPv6 ACL, it does not configure it. For additional standard
IPv6 ACL configuration commands and configuration parameters, refer to the IPv4 Access Control Policy
Usage Examples
The following example creates a standard IPv6 ACL Allowv6 and enters the Standard ACL Configuration
mode:
(config)#ipv6 access-list standard Allowv6

(config-std6-nacl)#
Technology Review
IPv6 ACLs are used as packet selectors by different IPv6 AOS features (firewall, virtual private network


ipv6 crypto
Use the ipv6 crypto command to enable Internet Protocol version 6 (IPv6) IP security (IPsec). Use the no
form of this command to disable IPv6 IPsec. Variations of this command include:
ipv6 crypto
ipv6 crypto vrf <name>
Syntax Description
instance on which to enable IPv6 IPsec. If no VRF is specified, IPv6 IPsec
is enabled on the default unnamed VRF instance.
Default Values
By default, IPv6 IPsec is disabled.
Command History
Usage Examples
The following example enables IPv6 IPsec on the default VRF instance:
(config)#ipv6 crypto

ipv6 crypto ipsec transform-set <name> <parameters>

Use the ipv6 crypto ipsec transform-set command to define an Internet Protocol version 6 (IPv6)
transform set. Transform sets are used to define the configuration for securing data with IP security
(IPsec), and then the sets are applied to crypto maps which use them for specific security algorithms. Use
the no form of this command to remove the transform set.
The following additional subcommands are available once you have entered the Transform Set
Configuration mode:
mode tunnel
Syntax Description
<name> Specifies the name of the transform set. Names must be unique, and are
specified in an alphanumeric string of up to 80 characters.
<parameters> Assigns a combination of up to three security algorithms to the set.
Available security algorithms are as follows:
ah-md5-hmac Authentication Header. Uses 16 byte key and
HMAC-MD5-96 authentication.
ah-sha-hmac Authentication Header. Uses 20 byte key and
HMAC-SHA1-96 authentication.
esp-des Encapsulating Security Payload. Data
chaining and an 8-byte key (DES-56-CBC).
esp-3des Encapsulating Security Payload. Data
chaining and a 24-byte key (3DES-168-CBC).
esp-null Encapsulating Security Payload with no
encryption.
esp-md5-hmac Encapsulating Security Payload. Uses 16-byte
key and HMAC-MD5-96 authentication.
esp-sha-hmac Encapsulating Security Payload. Uses 20-byte
key and HMAC-SHA1-96 authentication.
mode tunnel Specifies the encapsulation mode for the transform set is datagram
encapsulation (tunnel) mode.

Default Values
By default, no IPv6 IPsec transform sets are configured.
Command History
Functional Notes
Transform sets are used to define the configuration for securing data with IPsec, and are then applied to
crypto maps which reference them for specific security algorithms. Sets are applied using the command
set transform-set <name> on page 5245. For manual key crypto maps, only one transform set can be
specified. If no transform set is used in the crypto map, then the entry is incomplete and will have no effect
on the system.
If the transform set is deleted, any references to the transform set by other functions are removed, leaving
them incomplete.
Transform set names must be unique among IPv6 transform sets. Entering the name of an existing
transform set re-enters the transform set configuration mode for that set.
Usage Examples
The following example creates the transform set SET1 and its security algorithms:
(config)#ipv6 crypto ipsec transform-set SET1 esp-3des esp-des

ipv6 crypto map <name> <index>

Use the ipv6 crypto map command to create an Internet Protocol version 6 (IPv6) IP security (IPsec)
crypto map entry and enter the crypto map entry’s configuration mode. Use the no form of this command
to remove the map and all it’s settings. Variations of this command include:
ipv6 crypto map <name> <index>

ipv6 crypto map <name> <index> ipsec-manual
Syntax Description
<name> Specifies the name of the IPv6 crypto map entry.
<index> Specifies the crypto map entry sequence number. Valid range is 0 to 65535.
ipsec-manual Optional. Specifies that the map supports manually configured IPsec
entries.
Default Values
By default, no IPv6 IPsec crypto maps exist.
Command History
Functional Notes
If the map is used on an interface, removing the map also removes the map on any interfaces to which it is
assigned.
Usage Examples
The following example creates a manually-keyed IPv6 crypto map:
(config)#ipv6 crypto map MAP1 10 ipsec-manual

ipv6 crypto map <name> rpf-check

Use the ipv6 crypto map rpf-check command to enable the reverse path forwarding (RPF) check on the
Internet Protocol version 6 (IPv6) IP security (IPsec) crypto map entry. This command enables checking of
tunnel traffic to disallow tunnel traffic that is spoofed from another tunnel. The check is applied to any
security association (SA) created from any entry in the named crypto map. Use the no form of this
command to disable the RPF check.
Syntax Description
<name> Specifies the crypto map on which to enable the RPF check.
Default Values
By default, RPF checks are enabled.
Command History
Usage Examples
The following example enables RPF checking for crypto map MAP1:
(config)#ipv6 crypto map MAP1 rpf-check

ipv6 dhcp address client limit <number>

Use the ipv6 dhcp address client limit command to specify the maximum number of Internet Protocol
version 6 (IPv6) addresses assigned per client by the Dynamic Host Control Protocol version 6 (DHCPv6)
server. Use the no form of this command to return the maximum number of assigned addresses to the
default value.
Syntax Description
<number> Specifies the maximum number of IPv6 addresses that can be assigned to
a single DHCPv6 client. Valid range is 0 to 500. Setting the number to 0
returns the maximum number of allowed IPv6 addresses to the default
value.
Default Values
By default, a maximum number of 50 IPv6 addresses can be assigned to a single DHCPv6 client.
Command History
Usage Examples
The following example specifies the maximum number of IPv6 addresses that can be assigned to a single
DHCPv6 client is 75:
(config)#ipv6 dhcp address client limit 75

ipv6 dhcp address conflict limit <number>

Use the ipv6 dhcp address conflict limit command to specify the maximum number of conflicting
Internet Protocol version 6 (IPv6) addresses that can be stored by the Dynamic Host Control Protocol
version 6 (DHCPv6) server. This command limits the number of conflicting addresses stored by the
DHCPv6 server to ensure that the AOS unit does not run out of memory. Use the no form of this command
to reset the count to the default value.
Syntax Description
<number> Specifies the maximum number of conflicting IPv6 addresses that can be
stored by the server. Valid range is 1 to 10000 addresses. This maximum
number is product-specific and is equivalent to the default value on the
product.
Default Values
By default, only a certain number of conflicting IPv6 addresses can be stored. This number varies by AOS
product.
Command History
Usage Examples
The following example changes the number of conflicting IPv6 addresses stored by the DHCPv6 server to
3500:
(config)#ipv6 dhcp address conflict limit 3500

ipv6 dhcp address limit <number>

Use the ipv6 dhcp address limit command to specify the maximum number of Internet Protocol version 6
(IPv6) addresses that can be assigned by the Dynamic Host Control Protocol version 6 (DHCPv6) server.
This command limits the number of addresses assigned by the DHCPv6 server to ensure that the AOS unit
does not run out of memory. Use the no form of this command to reset the count to the default value.
Syntax Description
<number> Specifies the number of IPv6 addresses that can be assigned. Valid range
is 1 to 10000. This maximum number is product-specific, and is equivalent
to the default value on the AOS unit.
Default Values
By default, only a certain number of addresses can be assigned by the DHCPv6 server. This number
varies by AOS product.
Command History
Usage Examples
The following example changes the maximum number of IPv6 addresses that can be assigned by the
DHCPv6 server to 2000:
(config)#ipv6 dhcp address limit 2000

ipv6 dhcp database local

Use the ipv6 dhcp database local command to enable the Dynamic Host Control Protocol version 6
(DHCPv6) database. The DHCPv6 database stores local DHCPv6 bindings, allowing Internet Protocol
version 6 (IPv6) addresses assigned by the DHCPv6 server to be stored in non-volatile random access
memory (NVRAM) and preserved across a reboot of the AOS unit. Using this command enables the local
database to begin storing DHCPv6 information. Use the no form of this command to disable the DHCPv6
database.
Syntax Description
No subcommands.
Default Values
By default, the DHCPv6 database is disabled.
Command History
Usage Examples
The following example enables the DHCPv6 database:
(config)#ipv6 dhcp database local

ipv6 dhcp excluded-address

Use the ipv6 dhcp excluded-address command to specify Internet Protocol version 6 (IPv6) addresses to
exclude from any Dynamic Host Control Protocol version 6 (DHCPv6) server pool. These addresses are
excluded from the DHCPv6 server pool, and cannot be assigned to DHCP clients by the server of these
devices. Use the no form of this command to remove the address exclusion and make the address(es)
available for use by the DHCPv6 server. Variations of this command include:
ipv6 dhcp excluded-address <ipv6 address>

ipv6 dhcp excluded-address <beginning ipv6 address> <ending ipv6 address>
ipv6 dhcp excluded-address vrf <name> <ipv6 address>
ipv6 dhcp excluded-address vrf <name> <beginning ipv6 address> <ending ipv6 address>
Syntax Description
<ipv6 address> Specifies a single IPv6 address to exclude from any DHCPv6 server pool.
IPv6 addresses should be expressed in colon hexadecimal format
<beginning ipv6 address> Specifies the lowest IPv6 address in the range of addresses to exclude.
<ending ipv6 address> Specifies the highest IPv6 address in the range of addresses to exclude.
vrf <name> Optional. Specifies a nondefault named virtual routing and forwarding (VRF)
instance on which to exclude the IPv6 addresses. If a VRF instance is not
specified, the addresses are excluded on the default unnamed VRF
instance.
Default Values
By default, no IPv6 addresses are excluded.
Command History
Usage Examples
The following example excludes the IPv6 addresses on the default VRF instance ranging from
2001:DB8:1::1 to 2001:DB8:1::5 from any DHCPv6 server pool:
(config)#ipv6 dhcp excluded-address 2001:DB8:1::1 2001:DB8:1::5

ipv6 dhcp ping packets <number>

Use the ipv6 dhcp ping packets command to configure the number of ping packets transmitted by the
Dynamic Host Control Protocol version 6 (DHCPv6) server when testing an Internet Protocol version 6
(IPv6) address before it is assigned to a client. Use the no form of this command to prevent the DHCPv6
server from using ping packets as part of the IPv6 address assignment process.
Syntax Description
<number> Specifies the number of DHCPv6 ping packets sent on the network before
assigning the IPv6 address to a requesting DHCPv6 client. Valid range is 0
to 100 packets.
Default Values
By default, 2 ping packets are sent to test IPv6 addresses before assigning them to a DHCPv6 client.
Command History
Usage Examples
The following example specifies that 8 ping packets are used by DHCPv6 to test IPv6 addresses before
assigning them to a client:
(config)#ipv6 dhcp ping packets 8

ipv6 dhcp ping timeout <value>

Use the ipv6 dhcp ping timeout command to specify the interval the Dynamic Host Control Protocol
version 6 (DHCPv6) server waits for a response to a transmitted DHCPv6 ping packet when testing an
Internet Protocol version 6 (IPv6) packet. Use the no form of this command to return the timeout period to
the default value.
Syntax Description
<value> Specifies the DHCPv6 ping timeout value in milliseconds. Valid range is 10
to 1000 ms.
Default Values
By default, the DHCPv6 server waits 500 ms for a ping response when testing an IPv6 address.
Command History
Usage Examples
The following example specifies the ping timeout value for the DHCPv6 server is 300 ms:
(config)#ipv6 dhcp ping timeout 300

ipv6 dhcp pool <name>

Use the ipv6 dhcp pool command to create a Dynamic Host Control Protocol version 6 (DHCPv6) server
address pool and enter the pool’s configuration mode. The server pool is used to define the information to
be assigned to DHCPv6 clients by the DHCPv6 server. The pool chosen to serve a specific client’s request
is determined by the current pool selection algorithm, just as in DHCP version 4 (DHCPv4). Use the no
form of this command to remove the DHCPv6 server pool from the AOS unit’s configuration. Refer to the
DHCPv6 Pool Command Set on page 4345 for more information.
Syntax Description
<name> Specifies the name of the DHCPv6 pool using an alphanumeric string (up to
32 characters in length).
Default Values
By default, no DHCPv6 server pools are configured.
Command History
Functional Notes
Use the ipv6 dhcp pool command to create multiple DHCPv6 server address pools for various segments
of the network. Multiple address pools can be created to service different segments of the network with
tailored configurations.
Usage Examples
The following example creates the DHCPv6 server address pool (labeled Pool1) and enters the DHCPv6
pool’s configuration mode:
(config)#ipv6 dhcp pool Pool1

(config-dhcpv6)#

ipv6 dhcp prefix limit <value>

Use the ipv6 dhcp prefix limit command to limit the number of Internet Protocol version 6 (IPv6) prefixes
that can be delegated by Dynamic Host Control Protocol (DHCPv6). Prefixes can be limited on a router or
client basis. Use the no version of this command to remove the limit. Variations of this command include:
ipv6 dhcp prefix client limit <value>

ipv6 dhcp prefix limit <value>
Syntax Description
client Optional. Limits the number of IPv6 prefixes that can be delegated to
DHCPv6 clients.
<value> Specifies the number of IPv6 prefixes that can be delegated. Valid range is
0 to 164352. If the value is set to 0, the limit is removed.
Default Values
By default, the IPv6 prefix limit for DHCPv6 is set to 0 (no limit).
Command History
Usage Examples
The following example specifies a limit of 10 IPv6 prefixes for DHCPv6 clients:
(config)#ipv6 dhcp prefix client limit 10

ipv6 duplicate-address remove-route

Use the ipv6 duplicate-address remove-route command to specify that any duplicate IPv6 addresses
detected by Duplicate Address Detection (DAD) are automatically removed from the IPv6 route table. Use
Syntax Description
No subcommands.
Default Values
By default, any duplicate IPv6 addresses discovered by DAD remain in the IPv6 route table.
Command History
Functional Notes
If this feature has been enabled, and then is disabled, a shutdown must be executed on the interfaces for
which the duplicate IPv6 addresses should be retained. Without the shutdown, the duplicate address
retention will not take effect.
Usage Examples
The following example specifies that duplicate IPv6 addresses detected by DAD are removed from the
IPv6 route table:
(config)#ipv6 duplicate-address remove-route

ipv6 ffe limit exceptions <value>

Use the ipv6 ffe limit exceptions command to specify a limit to the number of unhandled Internet Protocol
version 6 (IPv6) fast forwarding engine (FFE) exception packets allowed at any given time by the
RapidRoute feature. Use the no form of this command to return the limit to the default value.
Syntax Description
<value> Specifies the maximum number of unhandled FFE exception packets
allowed at a given time. Valid range is 1 to 1024.
Default Values
By default, no more than 128 exception packets are allowed.
Command History
Functional Notes
Exception packets are any packets that RapidRoute cannot handle, for example, traffic that matches
ineligible entries, fragmented packets, packets with header errors, or the first packet in a given traffic flow
that is used to build an FFE entry. Once the limit of unhandled FFE exception packets is reached,
subsequent exception packets are dropped until the previously unhandled exceptions are resolved.
Usage Examples
The following example specifies the maximum number of IPv6 exception packets allowed by RapidRoute
are 200:
(config)#ipv6 ffe limit exceptions 200

ipv6 ffe max-entries <value>

Use the ipv6 ffe max-entries command to specify a global limit to the number of Internet Protocol version
6 (IPv6) fast forwarding engine (FFE) entries allowed at any given time by the RapidRoute feature. Use
the no form of this command to return to the default value.
Issuing this command will cause all RapidRoute entries to be cleared from the unit.
Syntax Description
<value> Specifies the total number of RapidRoute entries for all interfaces. Valid
Default Values
By default, the ipv6 ffe max-entries is set to 16384.
Command History
Usage Examples
The following example sets the total maximum number of IPv6 RapidRoute entries to 500:
(config)#ipv6 ffe max-entries 500

ipv6 ffe timeout

Use the ipv6 ffe timeout command to set the time to live (TTL) for Internet Protocol version 6 (IPv6)
RapidRoute fast forwarding engine (FFE) entries based on their IPv6 protocol. Use the no form of this
ipv6 ffe timeout ah <max timeout>

ipv6 ffe timeout ah <max timeout> <inactive timeout>
ipv6 ffe timeout esp <max timeout>
ipv6 ffe timeout esp <max timeout> <inactive timeout>
ipv6 ffe timeout gre <max timeout>
ipv6 ffe timeout gre <max timeout> <inactive timeout>
ipv6 ffe timeout icmp <max timeout>
ipv6 ffe timeout icmp <max timeout> <inactive timeout>
ipv6 ffe timeout other <max timeout>
ipv6 ffe timeout other <max timeout> <inactive timeout>
ipv6 ffe timeout tcp <max timeout>
ipv6 ffe timeout tcp <max timeout> <inactive timeout>
ipv6 ffe timeout udp <max timeout>
ipv6 ffe timeout udp <max timeout> <inactive timeout>
Syntax Description
ah Specifies timeout values in seconds for Authentication Header (AH)
Protocol.
esp Specifies timeout values in seconds for Encapsulating Security Payload
(ESP) Protocol.
gre Specified timeout values in seconds for Generic Route Encapsulation
(GRE) Protocol.
icmp Specifies timeout values in seconds for Internet Control Message Protocol
(ICMP).
other Specifies timeout values in seconds for all protocols not listed.
tcp Specifies timeout values in seconds for Transmission Control Protocol
(TCP).
udp Specifies timeout values in seconds for User Datagram Protocol (UDP).
<max timeout> Specifies maximum age timeout in seconds. This is the maximum amount
of time an entry will be kept in the RapidRoute table regardless of activity.
<inactive timeout> Optional. Specifies idle timeout in seconds. This is the amount of time an
entry will remain in the RapidRoute table with no additional activity. Valid
Default Values
By default, the maximum age timeouts are set to 1800 seconds and the inactive timeouts are set to
15 seconds.

Command History
Usage Examples
The following example sets the time to live for IPv6 RapidRoute entries of TCP packets to 1000 seconds.
(config)#ipv6 ffe timeout tcp 1000

ipv6 firewall
Use the ipv6 firewall command to enable AOS Internet Protocol version 6 (IPv6) security features,
including IPv6 access control policies (ACPs) and lists (ACLs) and the stateful inspection firewall. Use the
no form of this command to disable the IPv6 security functionality. Variations of this command include:
ipv6 firewall
ipv6 firewall vrf <name>
Disabling the AOS IPv6 security features (using the no ipv6 firewall command) does not
affect security configuration. All configuration parameters will remain intact, but no
security data processing will be attempted.
Syntax Description
vrf <name> Optional. Enables or disables the IPv6 firewall for a specific virtual routing
Default Values
By default, all AOS IPv6 security features are disabled.
Command History
Usage Examples
The following example enables the AOS IPv6 security features:
(config)#ipv6 firewall

ipv6 firewall alg ftp

Use the ipv6 firewall alg ftp command to enable the Internet Protocol version 6 (IPv6) File Transfer
Protocol (FTP) application-level gateway (ALG). Use the no form of this command to disable the FTP
ALG. Variations of this command include:
ipv6 firewall alg ftp

ipv6 firewall alg ftp tcp
ipv6 firewall alg ftp tcp port <port>
ipv6 firewall vrf <name> alg ftp
ipv6 firewall vrf <name> alg ftp tcp
ipv6 firewall vrf <name> alg ftp tcp port <port>
Syntax Description
tcp Optional. Specifies that the port on which the IPv6 FTP ALG is enabled is a
Transmission Control Protocol (TCP) port.
port <port> Optional. Specifies a single port on which to enable the IPv6 FTP ALG. Valid
vrf <name> Optional. Specifies a nondefault (named) Virtual Routing and Forwarding
(VRF) instance on which to enable the IPv6 FTP ALG.
Default Values
By default, the IPv6 FTP ALG is enabled on all VRF instances on TCP port 21.
Command History
Functional Notes
The IPv6 FTP ALG operates by parsing the Layer 5 contents of packets used for FTP, and when
necessary, opens pending policy sessions so that FTP data transfers are able to traverse the IPv6 firewall
without being dropped by configured access control policies (ACPs). In addition, the IPv6 FTP ALG has
the ability to perform FTP-specific attack checking.
During the process of an FTP flow, the IPv6 FTP ALG creates a pending policy session based on a
currently active policy session. This pending policy session listens for expected FTP data transfer traffic.
Any IPv6 firewall policy sessions created using a stateless ACP entry bypass all ALG processing, even if
the ALG is enabled for the ACP’s destination port, allowing global ALG processing for specific ports, but
bypassing the global configuration under certain circumstances (such as, on a particular ACP or for
particular hosts or networks based on IPv6 ACLs).
The IPv6 FTP ALG cannot be enabled on a protocol and port that is the default protocol and port for any
other ALG, even if the other ALG is disabled. The IPv6 FTP ALG also cannot be enabled on a TCP port
whose default filtering behavior has been overridden.

Usage Examples
The following example disables the IPv6 FTP ALG on the default port (21), and then enables it on TCP
ports 10000 and 20000 on the default VRF instance:
(config)#no ipv6 firewall alg ftp tcp port 21

(config)#ipv6 firewall alg ftp tcp port 10000
(config)#ipv6 firewall alg ftp tcp port 20000

ipv6 firewall attack-log threshold <number>

Use the ipv6 firewall attack-log threshold command to specify the number of possible attack conditions
AOS will identify and block before generating a log message when using Internet Protocol version 6
(IPv6). Use the no form of this command to return to the default threshold. Variations of this command
include:
ipv6 firewall attack-log threshold <number>

ipv6 firewall vrf <name> attack-log threshold <number>
The AOS IPv6 firewall must be enabled (using the command ipv6 firewall on page 1515)
for the stateful inspection firewall to be activated.
Syntax Description
<number> Specifies the number of possible attack conditions AOS IPv6 will identify
before generating a log message. Valid range is 0 to 4294967295.
vrf <name> Optional. Specifies a virtual routing and forwarding (VRF) instance to
monitor. If no VRF is specified, the default unnamed VRF is monitored.
Default Values
By default, the ipv6 firewall attack-log threshold is set at 100.
Command History
Usage Examples
The following example specifies a threshold of 25 attacks before generating a log message for the IPv6
firewall:
(config)#ipv6 firewall attack-log threshold 25

ipv6 firewall check duplicate-options

Use the ipv6 firewall check duplicate-options command to specify that Internet Protocol version 6 (IPv6)
packets with duplicate options within a Destination Options or Hop-by-Hop Options extension headers are
dropped. Using the no form of this command allows IPv6 packets with duplicate options. Variations of this
command include:
ipv6 firewall check duplicate-options

ipv6 firewall vrf <name> check duplicate-options
Syntax Description
vrf <name> Optional. Specifies a virtual routing and forwarding (VRF) instance on which
to drop IPv6 packets with duplicate options headers. If no VRF is specified,
the packets on the default unnamed VRF are dropped.
Default Values
Command History
Usage Examples
The following example specifies that IPv6 packets with duplicate options headers are dropped on the
default VRF:
(config)#ipv6 firewall check duplicate-options

ipv6 firewall check ftp-bounce

Use the ipv6 firewall check ftp-bounce command enable the File Transfer Protocol (FTP) bounce attack
check for the Internet Protocol version 6 (IPv6) firewall. Use the no form of this command to disable the
FTP bounce attack check. Variations of this command include:
ipv6 firewall check ftp-bounce

ipv6 firewall vrf <name> check ftp-bounce
Syntax Description
(VRF) instance on which the enable the bounce attack check. If no VRF
instance is specified, the action is performed on the default unnamed VRF
instance.
Default Values
By default, FTP bounce attack check is enabled on the IPv6 firewall.
Command History
Functional Notes
In addition to allowing the flow of IPv6 FTP traffic through the IPv6 firewall, the IPv6 FTP application-level
gateway (ALG) can be used to protect against FTP bounce attacks. An FTP bounce attack is a network
attack where malicious hosts using proxy FTP can target a specific well-known service on one server
(Server A) by instructing another FTP server (Server B) to send a file to Server A that contains commands
relevant to the service being attacked. For example, this can allow a malicious host to forge mail on Server
A without making a direct connection. The lack of a direct file transfer between the attacker and the target
server makes the identity of the attacker difficult to determine.
The IPv6 FTP ALG, however, can be used to protect against such an attack. When this feature is enabled,
the IPv6 FTP ALG recognizes as an attack any extended port command (EPRT) sent by the FTP client that
has a TCP port number less than 1024, and the ALG closes the connection. The ALG performs this action
because TCP port numbers in the range from 0 to 1023 are used by well-known services.
Although the IPv6 FTP ALG can perform bounce attack checks when ports less than 1024
are specified in an EPRT, services running on ports greater than 1023 are still vulnerable
to FTP bounce attacks.
Usage Examples
The following example enables the FTP bounce attack check on the nondefault VRF instance RED1:
(config)#ipv6 firewall vrf RED1 check ftp-bounce

ipv6 firewall check header-order

Use the ipv6 firewall check header-order command to enable the dropping of Internet Protocol version 6
(IPv6) packets that have extension headers in an order different than the recommendations proposed in the
Systems and Network Analysis Center (SNAC) document Firewall Design Considerations for IPv6. Use
the no form of this command to disable the feature and allow the processing of IPv6 packets with
extension headers according to RFC 2460. Variations of this command include:
ipv6 firewall check header-order

ipv6 firewall vrf <name> check header-order
Syntax Description
configure. If no VRF is specified, the default unnamed VRF is configured.
Default Values
Command History
Usage Examples
The following example specifies that IPv6 packets with out-of-order headers are dropped on the default
VRF:
(config)#ipv6 firewall check header-order

ipv6 firewall check min-fragment-size <value>

Use the ipv6 firewall check min-fragment-size command to specify the smallest permitted size for
Internet Protocol version 6 (IPv6) fragmented packets. Packets less than the specified size are dropped.
Use the no form of this command to return to the default value. Variations of this command include:
ipv6 firewall check min-fragment-size <value>

ipv6 firewall vrf <name> check min-fragment-size <value>
Syntax Description
<value> Specifies the packet size in octets. Valid range is 56 to 1280 octets.
configure. If no VRF is specified, the default unnamed VRF is configured.
Default Values
By default, the IPv6 packet fragment size is set to 640 octets.
Command History
Usage Examples
The following example changes the smallest permitted size for IPv6 packet fragments on the default VRF
to 800 octets:
(config)#ipv6 firewall check min-fragment-size 800

ipv6 firewall check multiple-pad1

Use the ipv6 firewall check multiple-pad1 command to specify that Internet Protocol version 6 (IPv6)
packets with more than one Pad1 option back-to-back within the Destination Options or Hop-by-Hop
Options extension headers are dropped. Use the no form of this command to allow packets with more than
one Pad1 option back-to-back. Variations of this command include:
ipv6 firewall check multiple-pad1

ipv6 firewall vrf <name> check multiple-pad1
Syntax Description
to drop IPv6 packets with multiple Pad1 options. If no VRF is specified, the
packets on the default unnamed VRF are dropped.
Default Values
Command History
Usage Examples
The following example specifies that packets on the default VRF with more than one Pad1 option are
dropped:
(config)#ipv6 firewall check multiple-pad1

ipv6 firewall check reflexive-traffic

Use the ipv6 firewall check reflexive-traffic command to enable the AOS stateful inspection firewall to
process Internet Protocol version 6 (IPv6) traffic and check for reflexive traffic. Reflexive traffic refers to
packets that are routed out of the same interface on which they arrived. Use the no form of this command
to disable this check. Variations of this command include:
ipv6 firewall check reflexive-traffic

ipv6 firewall vrf <name> check reflexive-traffic
Syntax Description
to enable reflexive traffic checking. If no VRF is specified, IPv6 traffic is
checked on the default unnamed VRF.
Default Values
By default, this reflexive traffic is allowed to bypass the firewall and does not create a policy session.
Command History
Usage Examples
The following example enables the AOS IPv6 reflexive traffic check for the default VRF:
(config)#ipv6 firewall check reflexive-traffic

ipv6 firewall check tcp-seq-and-ack

Use the ipv6 firewall check tcp-seq-and-ack command to direct the Internet Protocol version 6 (IPv6)
firewall to inspect each packet of a Transmission Control Protocol (TCP) flow to ensure that the sequence
numbers and acknowledgement (ACK) numbers are within the expected window for that firewall session.
Use the no form of this command to disable the TCP sequence and ACK number check. Variations of this
command include:
ipv6 firewall check tcp-seq-and-ack

ipv6 firewall vrf <name> check tcp-seq-and-ack
Syntax Description
(VRF) instance on which to enable or disable the TCP sequence and ACK
number check. If no VRF instance is specified, the action is performed on
the default unnamed VRF instance.
Default Values
By default, the TCP sequence and ACK number check is enabled.
Command History
Usage Examples
The following example enables the TCP sequence and ACK number check on the nondefault VRF
instance RED1:
(config)#ipv6 firewall vrf RED1 check tcp-seq-and-ack

ipv6 firewall check udp-checksum-zero

Use the ipv6 firewall check udp-checksum-zero command to specify that Internet Protocol version 6
(IPv6) User Datagram Protocol (UDP) packets with a checksum value of zero are dropped. Use the no
form of this command to allow UDP packets with a checksum value of zero. Variations of this command
include:
ipv6 firewall check udp-checksum-zero

ipv6 firewall vrf <name> check udp-checksum-zero
Syntax Descriptions
to check UDP packets. If no VRF is specified, the default unnamed VRF is
inspected.
Default Values
Command History
Usage Examples
The following example specifies that UDP packets with a value of zero are dropped on the default VRF:
(config)#ipv6 firewall check udp-checksum-zero

ipv6 firewall check unknown-options

Use the ipv6 firewall check unknown-options command to specify that Internet Protocol version 6 (IPv6)
packets with unknown options in the Destination Options or Hop-by-Hop Options extension headers are
dropped. Use the no form of this command to allow IPv6 packets with unknown options in the extension
header. Variations of this command include:
ipv6 firewall check unknown-options

ipv6 firewall vrf <name> check unknown-options
Syntax Description
to check IPv6 packets. If no VRF is specified, traffic on the default unnamed
VRF is dropped.
Default Values
Command History
Usage Examples
The following example specifies that IPv6 packets with unknown option extension headers are dropped on
the default VRF:
(config)#ipv6 firewall check unknown-options

ipv6 firewall fast-allow-failover

Use the ipv6 firewall fast-allow-failover command to automatically clear all open Internet Protocol
version 6 (IPv6) firewall policy allow sessions when a route table change occurs. This allows the router to
immediately send traffic to the failover interface. Use the no form of this command to disable this
feature.Vairations of this command include:
ipv6 firewall fast-allow-failover

ipv6 firewall vrf <name> fast-allow-failover
Syntax Description
vrf <name> Optional. Enables or disables fast allow failover on the IPv6 firewall for a
specific virtual routing and forwarding (VRF) instance.
Default Values
By default, all AOS IPv6 security features are disabled until the IPv6 firewall is enabled. By default,
fast-allow-failover is disabled.
Command History
Functional Note
If the command is not enabled, the router tries to send traffic from existing allowed policy sessions out from
the failed IPv6 address until the session times out, resulting in a loss of connectivity. This command should
be configured when destination-specific rules are configured. Destination-specific rules are most often
used in failover and IPv6 load sharing configurations. Refer to the command ipv6 policy-class <ipv6 acp
name> on page 1541 for more information.
Usage Examples
The following example enables fast-allow-failover:
(config)#ipv6 firewall fast-allow-failover

ipv6 firewall filtering-behavior

Use the ipv6 firewall filtering-behavior command to modify the filtering behavior of the Internet
Protocol version 6 (IPv6) firewall. Modifying the filtering behavior settings for a particular port and
protocol allow for application-level gateway (ALG)-like behavior in certain applications without requiring
parsing of the Layer 5 packet contents used by these applications. By modifying IPv6 firewall filtering
behavior, you can enable firewall traversal for applications by adding one or more configuration options if
no ALG is available for the application (such as with Trivial File Transfer Protocol (TFTP)). Use the no
form of this command to return the firewall filtering behavior to the default value. Variations of this
command include:
ipv6 firewall filtering-behavior [tcp <port> | udp <port>] address-dependent

ipv6 firewall filtering-behavior [tcp <port> | udp <port>] address-port-dependent
ipv6 firewall filtering-behavior [tcp <port> | udp <port>] endpoint-independent
ipv6 firewall vrf <name> filtering-behavior [tcp <port> | udp <port>] address-dependent
ipv6 firewall vrf <name> filtering-behavior [tcp <port> | udp <port>] address-port-dependent
ipv6 firewall vrf <name> filtering-behavior [tcp <port> | udp <port>] endpoint-independent
Syntax Description
tcp <port> Specifies a Transmission Control Protocol (TCP) port for which the IPv6
firewall filtering behavior is changed. Valid range is 0 to 65535. The port
corresponds to the destination port of the firewall policy session, which is
the destination port of the internal traffic.
udp <port> Specifies a User Datagram Protocol (UDP) port for which the IPv6 firewall
filtering behavior is changed. Valid range is 0 to 65535. The port
corresponds to the destination port of the firewall policy session, which is
the destination port of the internal traffic.
address-dependent Specifies that address-dependent filtering is used for traffic initiated using
the specified destination port.
address-port-dependent Specifies that address- and port-dependent filtering is used for traffic
initiated using the specified destination port. This is the default firewall
filtering behavior for most ports.
endpoint-independent Specifies that endpoint-independent filtering is used for traffic initiated using
the specified destination port.
(VRF) instance on which to apply the filtering behavior. If no VRF instance is
specified, the action is performed on the default unnamed VRF instance.
Default Values
By default, most ports are filtered by traditional firewall filtering (address-port-dependent). By default,
UDP port 69, the TFTP port, uses address-dependent filtering.
Command History

Functional Notes
In AOS firmware release R10.1.0, the ability to configure IPv6 firewall filtering behavior was introduced.
The ordinary filtering behavior of the IPv6 firewall is to restrict permitted return traffic to the exact source
and destination IP addresses and ports of the initial traffic flow. This is called address- and port-dependent
filtering. In some applications, including TFTP, the external traffic generated as part of the application can
respond from a different external port than the one specified in the firewall configuration. This traffic might
not be allowed to traverse the firewall, depending on the configured access control policy (ACP) rules. If
available, an ALG could be used to accommodate such an application. The ALG would parse the
application layer payload for traffic from the initiating host, and create an appropriate pending policy
session to allow the expected response. With the release of R10.1.0, the IPv6 firewall incorporates two
additional configurable filtering behaviors that can take the place of such ALGs for certain applications.
The first additional method of firewall filtering is using address-dependent filtering. In this type of filtering,
return traffic from an external host to the initiating internal host is allowed from any port, but traffic
originating from any other external host will continue to be blocked. The second additional method of
firewall filtering is using endpoint-independent filtering. In this type of filtering, any external host can
respond to traffic from the initiating host from any port.
For more information about the configuration and use of IPv6 firewall filtering behaviors, refer to the
configuration guide Configuring IPv6 in AOS, available online at https://supportcommunity.adtran.com.
Usage Examples
The following example specifies that on the default unnamed VRF instance, TCP port 10000 and UDP port
40 are filtered by endpoint-independent filtering and that TCP port 20000 and UDP port 30 are filtered by
address-dependent filtering:
(config)#ipv6 firewall filtering-behavior tcp 10000 endpoint-independent

(config)#ipv6 firewall filtering-behavior tcp 20000 address-dependent
(config)#ipv6 firewall filtering-behavior udp 30 address-dependent
(config)#ipv6 firewall filtering-behavior udp 40 endpoint-independent

ipv6 firewall fin-timeout <timeout>

Use the ipv6 firewall fin-timeout command to configure the firewall policy session timeout for a
Transmission Control Protocol (TCP) policy session closed by a bidirectional FINISH (FIN). The policy
session timeout determines when the time to live (TTL) for the session expires, and thus ends the session.
Using the no form of this command returns the timeout to the default value. Variations of this command
include:
ipv6 firewall fin-timeout <timeout>

ipv6 firewall vrf <name> fin-timeout <timeout>
Syntax Description
<timeout> Specifies the session timeout in seconds. Valid range is 0 to 4294967295
seconds.
vrf <name> Optional. Specifies a nondefault virtual routing and forwarding (VRF) instance on
which to perform the timeout. If no VRF is specified, the action occurs on the
Default Values
By default, the FIN timeout is set to 4 seconds.
Command History
Functional Notes
A policy session closed by a TCP FIN is one in which a FIN has been received from both endpoints
participating in the session. This command is used when configuring firewall session timeouts for Internet
Protocol version 6 (IPv6).
If the timeout is defined to be zero, the policy session will be deleted immediately without entering a
post-connection state. This could be necessary for hosts that do not implement the TIME_WAIT TCP state
correctly, but instead permit immediately reopening closed sessions.
Usage Examples
The following example changes the IPv6 firewall session timeout for TCP policy sessions closed by a FIN
to 10 seconds:
(config)#ipv6 firewall fin-timeout 10

ipv6 firewall local-traffic-only

Use the ipv6 firewall local-traffic-only command to enable the Internet Protocol version 6 (IPv6) firewall
for the processing of local traffic only. Forwarded traffic is not sent to the firewall when this feature is
enabled. Use the no form of this command to disable the IPv6 firewall. Variations of this command
include:
ipv6 firewall local-traffic-only

ipv6 firewall vrf <name> local-traffic-only
Syntax Description
vrf <name> Optional. Specifies that the local traffic firewall is enabled on the specified
virtual routing and forwarding (VRF) instance. If no VRF is specified, the
firewall is enabled on the default (unnamed) VRF.
Default Values
Command History
Functional Notes
When the firewall is configured to process local traffic only (traffic arriving at the unit’s local IP stack),
routed traffic is allowed to flow through the AOS unit uninspected, but locally destined traffic is inspected
by the firewall. This feature allows the firewall to protect local services running on the AOS unit even when
routed traffic bypasses the firewall. When local traffic processing is enabled, several other security features
are impacted, such as IPsec, policy classes, IP route cache, and Generic Routing Encapsulation (GRE).
• Local traffic only firewall processing cannot be used with cryptography (ipv6 crypto) because for
IPsec to function, traffic must proceed through the firewall. If the firewall is configured to process local
traffic only, routed traffic that requires IPsec protection will not flow through the firewall and therefore
will not receive IPsec protection.
• Policy classes are applied only to traffic destined to the local stack when local traffic processing is
enabled. The self policy class is applied to local traffic originating from the local stack, allowing all
traffic, and cannot be changed.
• IP route cache entries are not created for local destinations or for the Loopback interface when local
traffic processing enabled.
• Local GRE traffic encapsulated by a GRE tunnel interface will bypass the firewall when local traffic
processing is enabled.
•
For additional IPv6 firewall configuration information, refer to ipv6 firewall on page 1515.
Usage Examples
The following example enables the firewall for local traffic processing on the default VRF:
(config)#ipv6 firewall local-traffic-only

ipv6 firewall policy-log threshold <value>

Use the ipv6 firewall policy-log threshold command to specify the number of Internet Protocol version 6
(IPv6) access control policy (ACP) events identified by AOS before generating a log message. Use the no
form of this command to return to the default value. Variations of this command include:
ipv6 firewall policy-log threshold <value>

ipv6 firewall vrf <name> policy-log threshold <value>
Syntax Description
<value> Specifies the number of IPv6 policy events AOS identifies before creating
the log. Valid range is 1 to 4294967295.
vrf <name> Optional. Specifies a virtual routing and forwarding (VRF) instance for AOS
to monitor. If no VRF is specified, the default unnamed VRF is monitored.
Default Values
By default, a log is generated after 100 policy events have been identified.
Command History
Usage Examples
The following example specifies that a log is generated when 150 IPv6 ACP events are detected on the
default VRF:
(config)#ipv6 firewall policy-log threshold 150

ipv6 firewall rst-timeout <timeout>

Use the ipv6 firewall rst-timeout command to configure the firewall policy session timeout for a
Transmission Control Protocol (TCP) policy session closed by a RESET (RST). The policy session
timeout determines when the time to live (TTL) for the session expires, and thus ends the session. Using
the no form of this command returns the timeout to the default value. Variations of this command include:
ipv6 firewall rst-timeout <timeout>

ipv6 firewall vrf <name> rst-timeout <timeout>
Syntax Description
seconds.
Default Values
By default, the RST timeout is set to 20 seconds.
Command History
Functional Notes
A TCP policy session closed by an RST is one in which an RST has been received from both endpoints
participating in the session, indicating that enough time has passed to complete the TCP reset process.
This command is used when configuring firewall session timeouts for Internet Protocol version 6 (IPv6).
If the timeout is defined to be zero, the policy session will be deleted immediately without entering a
post-connection state. This could be necessary for hosts that do not implement the TIME_WAIT TCP state
correctly, but instead permit immediately reopening closed sessions.
Usage Examples
The following example changes the IPv6 firewall session timeout for TCP policy sessions closed by a RST
sessions to 30 seconds:
(config)#ipv6 firewall rst-timeout 30

ipv6 firewall stealth

Use the ipv6 firewall stealth command to place the Internet Protocol version 6 (IPv6) firewall in stealth
mode. The stealth setting allows the route to be invisible as a route hop to associated devices. Use the no
form of this command to disable the stealth feature. Variations of this command include:
ipv6 firewall stealth

ipv6 firewall vrf <name> stealth
Syntax Description
vrf <name> Optional. Specifies a virtual routing and forwarding (VRF) instance to put in
stealth mode. If no VRF is specified, the default unnamed VRF is placed in
stealth mode.
Default Values
By default, stealth mode is disabled.
Command History
Usage Examples
The following example enables the stealth option for the default IPv6 VRF:
(config)#ipv6 firewall stealth

ipv6 firewall tcp-unestab-timeout <timeout>

Use the ipv6 firewall tcp-unestab-timeout command to configure the firewall policy session timeout for a
pre-established Transmission Control Protocol (TCP) policy session. The policy session timeout
determines when the time to live (TTL) for the session expires, and thus ends the session. Using the no
form of this command returns the timeout to the default value. Variations of this command include:
ipv6 firewall tcp-unestab-timeout <timeout>

ipv6 firewall vrf <name> tcp-unestab-timeout <timeout>
Syntax Description
seconds.
Default Values
By default, the timeout is set to 20 seconds for pre-established TCP firewall sessions.
Command History
Functional Notes
A pre-established TCP policy session is a firewall session that has been opened by a TCP SYN, on which
the full three-way TCP handshake has not yet been observed. This command is used when configuring
firewall session timeouts for Internet Protocol version 6 (IPv6), and specifies the time period allowed for
TCP to complete the three-way handshake at the beginning of the connection.
Usage Examples
The following example changes the IPv6 firewall session timeout for pre-established TCP sessions to 30
seconds:
(config)#ipv6 firewall tcp-unestab-timeout 30

ipv6 load-sharing
Use the ipv6 load-sharing command to allow parallel routes in the Internet Protocol version 6 (IPv6) route
table to be used to balance IPv6 traffic to a specific destination across up to six equal paths. When this
command is enabled, the IPv6 route table can use multiple best routes and alternate between them. When
this command is disabled, the IPv6 route table uses a single best route. Use the no form of this command to
disable IPv6 load sharing. Variations of this command include:
ipv6 load-sharing per-destination

ipv6 load-sharing per-packet
Syntax Description
per-destination Specifies that the route used to forward a packet is based on a hash of the
source and destination IPv6 packet.
per-packet Specifies that each forwarding route lookup rotates through all the parallel
best routes.
Default Values
By default, IPv6 load sharing is disabled.
Command History
Usage Examples
The following example enables IPv6 load sharing based on the source and destination of the IPv6 packets:
(config)#ipv6 load-sharing per-destination

ipv6 named-prefix <prefix name> <ipv6 prefix/prefix-length>

Use the ipv6 named-prefix command to manually assign a value to a named Internet Protocol version 6
(IPv6) prefix. A named prefix is useful when the upper part of the prefix could change over time (such as
when using provider-dependent addresses in Dynamic Host Control Protocol for IPv6 (DHCPv6)). By
creating a named prefix, the variable holding the value of the prefix is defined once, and then applied in
various ways without having to manually enter the prefix value at each use. Use the no form of this
command to remove one prefix from within a named prefix when the prefix and prefix length are specified,
or to remove all prefixes from within a named prefix if entered with only the prefix name. Variations of this
command include:
ipv6 named-prefix <prefix name> <ipv6 prefix/prefix-length>

ipv6 named-prefix <prefix name> <ipv6 prefix/prefix-length> expiration-date <date> <time>
Syntax Description
<prefix name> Specifies the name of the variable that holds the service provider
assigned value for the prefix.
<ipv6 prefix/prefix-length> Specifies the numerical value and length of the prefix. The prefix value
is specified in colon hexadecimal format (X:X::X/<Z>), for example:
2001:DB8:3F::/64. The prefix length (<Z>) is an integer with a value
between 0 and 128. The IPv6 prefix cannot be a link-local address.
expiration-date <date> <time> Optional. Specifies the time at which the prefix will expire. Enter future
expiration date value in the MM/DD/YY format, and the time parameter
in the HH:MM or HH:MM:SS format.
Default Values
By default, no named prefixes exist.
Command History
Functional Notes
Changes made to the named prefix are automatically applied at each interface using the named prefix
form of the IPv6 address command.
Usage Examples
The following example assigns a value to the previously created prefix PREFIX1:
(config)#ipv6 named-prefix PREFIX1 2001:DB8:3F::/64

ipv6 neighbor <ipv6 address> <interface> <mac address>

Use the ipv6 neighbor command to manually enter a static entry into the Internet Protocol version 6
(IPv6) Neighbor Discovery (ND) cache. Use the no form of this command to remove the static entry from
the neighbor cache. Variations of this command include:
ipv6 neighbor <ipv6 address> <interface> <mac address>

ipv6 neighbor <ipv6 address> mef-ethernet <slot/port> <mac address>
ipv6 neighbor <ipv6 address> system-control-evc
ipv6 neighbor <ipv6 address> system-control-evc <mac address>
ipv6 neighbor <ipv6 address> system-management-evc
ipv6 neighbor <ipv6 address> system-management-evc <mac address>
Syntax Description
<ipv6 address> Specifies the IPv6 address of the neighbor entry. IPv6 addresses should be
specified in colon hexadecimal format (X:X:X:X::X). For example,
2001:DB8:1::1.
<interface> Specifies the interface of the link on which the neighbor entry is connected.
Interfaces are specified using the <interface> <slot/port | interface id>
enter ppp 1.
<mac address> Specifies the medium access control (MAC) address of the neighbor. MAC
XX:XX:XX:XX:XX:XX (for example, 00:A0:C8:00:00:01).
system-control-evc Specifies the system control Ethernet virtual connection (EVC). This EVC
exists by default and cannot be deleted.
system-management-evc Specifies the system management EVC. This EVC exists by default and
cannot be deleted.
Default Values
By default, no static neighbor entries exist in the neighbor cache.
Command History
Release R10.10.0 Command was changed to include the system-control-evc and
Functional Notes
In IPv6, neighbors are usually managed dynamically using the ND protocol. However, you can manually
enter a static entry into the neighbor cache using the ipv6 neighbor command. When you enter a static
entry into the neighbor cache, you should be aware of the following:

• A static entry entirely overrides an existing or new dynamic entry learned through ND.
• Neighbor unreachability detection (NUD) is not performed on static neighbors, so the neighbor’s state
is limited to either an incomplete modified state (interface is down) or a reachable modified state
(interface is up).
• Using the no form of the ipv6 neighbor command removes static entries and not dynamic entries
from the neighbor cache.
• Using the command clear ipv6 neighbors on page 172 clears the dynamic entries from the neighbor
cache, but not the static entries.
• Disabling IPv6 on an interface does not remove the static neighbor cache entries, although it will
change the entry state to incomplete.
Usage Examples
The following example adds a static neighbor with an IPv6 address of 2001:DB8:3F::/48 on the Ethernet
0/1 interface, and has a MAC address of 00:A0:C8:00:00:01 to the neighbor cache:
(config)#ipv6 neighbor 2001:DB8:3F::/48 ethernet 0/1 00:A0:C8:00:00:01

ipv6 policy-class <ipv6 acp name>

Use the ipv6 policy-class command to create an Internet Protocol version 6 (IPv6) access control policy
(ACP) and enter the ACP configuration mode. Use the no form of this command to delete an IPv6 ACP
and all the entries it contains. Each ACP can contain up to 20 entries. For more information, refer to the
IPv6 Access Control Policy Command Set on page 4311.
Configured IPv6 ACPs will only be active if the command ipv6 firewall on page 1515 has
been entered at the Global Configuration mode prompt to enable the AOS IPv6 security
features. All configuration parameters are valid, but no security data processing will be
attempted unless the security features are enabled.
Before applying an ACP to an interface, verify your Telnet or secure shell (SSH)
connection will not be affected by the policy. If an ACP is applied to the interface you are
connecting through and it does not allow Telnet or SSH traffic, your connection will be
lost.
Syntax Description
Default Values
By default, there are no configured IPv6 ACPs.
Command History
Functional Notes
AOS IPv6 ACPs are used to allow or discard data for each physical interface. Each IPv6 ACP consists of
an action (allow, discard) and a selector IPv6 access control list (ACL). When IPv6 packets are received
on an interface, the configured IPv6 ACPs are applied to determine whether the data will be processed or
discarded.
IPv6 ACPs only work with IPv6 ACLs, and IPv4 ACPs only work with IPv4 ACLs. You cannot have an IPv6
ACP or ACL with the same name as an IPv4 ACP or ACL.
Usage Examples
The following example creates an IPv6 ACP named PRIVATEv6:
(config)#ip policy-class PRIVATEv6

(config-policy6-class)#

ipv6 policy-class <ipv6 acp name> max-sessions <number>

Use the ipv6 policy-class max-sessions command to specify the maximum number of allowed Internet
Protocol version 6 (IPv6) policy sessions on a specific IPv6 access control policy (ACP). For more details
on IPv6 ACP functionality in AOS, refer to the IPv6 Access Control Policy Command Set on page 4311.
Use the no form of this command to return to the default value.
Syntax Description
<ipv6 acp name> Identifies the configured IPv6 ACP to which the maximum session limit is
applied. Use an alphanumeric descriptor (maximum of 50 characters). All
ACP descriptors are case sensitive.
<number> Specifies the maximum number of allowed IPv6 ACP sessions. Valid range
is 1 up to a value based on the amount of RAM in the AOS unit (refer to
Default Values below).
Default Values
By default, the maximum IPv6 ACP sessions allowed are based on the amount of RAM in the AOS unit.
The following table outlines the default values based on RAM:
RAM Amount Default Max Sessions
64 MB 10000
128 MB 30000
256 MB 80000
512 MB 200000
768 MB 300000
1 GB 450000
Command History
Functional Notes
To set the system-wide maximum limit for ACP sessions (both IPv4 and IPv6), use the command
policy-class max-sessions <number> on page 1646.
Usage Examples
The following example allows no more than 100 policy sessions on the IPv6 ACP named PRIVATEv6:
(config)#ipv6 policy-class PRIVATEv6 max-sessions 100

ipv6 policy-class <ipv6 acp name> rpf-check

Use the ipv6 policy-class rpf-check command to verify that Internet Protocol version 6 (IPv6) traffic has
entered on the appropriate interface using a route lookup. Reverse path forwarding (RPF) is essentially a
spoofing check. For more details on IPv6 policy class functionality in AOS, refer to the IPv6 Access
Control Policy Command Set on page 4311. Use the no form of this command to disable this feature.
Syntax Description
<ipv6 acp name> Identifies the configured IPv6 access control policy (ACP) using an
alphanumeric descriptor (maximum of 50 characters). All ACP descriptors
are case sensitive.
rpf-check Enables RPF check (spoofing).
Default Values
This command is enabled by default.
Command History
Functional Notes
When enabled, after an IPv6 packet is received, the IPv6 firewall performs a route lookup on the packet’s
source IPv6 address to determine what interface would be used to forward the packet back to that
address. The firewall then checks the IPv6 ACP assigned to that interface. If the IPv6 ACP does not match
the IPv6 ACP of the interface on which the packet was received, the packet is dropped.
The rpf-check feature should be disabled if your application allows traffic to arrive on an interface sourced
from networks contradicting the route table. This feature can be disabled on a per ACP basis by issuing
this command in conjunction with the ACP name you do not want to be checked.
Usage Examples
The following example turns off the rpf-check feature for the IPv6 ACP named PRIVATEv6:
(config)#no ip policy-class PRIVATEv6 rpf-check

ipv6 policy-timeout
Use multiple ipv6 policy-timeout commands to customize policy timeout intervals for established Internet
Protocol version 6 (IPv6) firewall sessions. The policy session timeout determines when the time to live
(TTL) for the session expires and ends the session. This command configures the policy timeout for the
following protocols: (Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet
Control Message Protocol version 6 (ICMPv6), Authentication Header (AH) Protocol, generic routing
encapsulation (GRE), encapsulating security payload (ESP)) or specific services (by listing the particular
port number). Use the no form of this command to return to the default timeout values. Variations of this
command include:
ipv6 policy-timeout [vrf <name>] match <ipv6 acl name> [policy <ipv6 acp name>] <timeout>
ipv6 policy-timeout [vrf <name>] [all-protocols | ahp | esp | gre | icmpv6 | tcp | udp | <protocol
number>] [policy <ipv6 acp name>] <timeout>
ipv6 policy-timeout [vrf <name>] [tcp | udp] all-ports [policy <ipv6 acp name>] <timeout>
ipv6 policy-timeout [vrf <name>] [tcp | udp] <port> [policy <ipv6 acp name>] <timeout>
ipv6 policy-timeout [vrf <name>] [tcp | udp] range <beginning port> <ending port> [policy <ipv6 acp
name>] <timeout>
Syntax Description
match <ipv6 acl name> Specifies that if traffic creating the policy session matches the specified
IPv6 access control list (ACL), the policy timeout value set using this
command is used for the policy session. Because an ACL can be used
to specify protocol and port information, you do not need to specify
ports or protocols when using this version of the command. If the
named ACL does not exist when this command is issued, an implicit
ACL is created.
policy <ipv6 acp name> Optional. Specifies that if the policy session uses the specified IPv6
access control policy (ACP) as its ingress policy class, the policy
timeout value set using this command is used for the policy session
(provided the ACL or protocol/port information matches if specified). If
the named ACP does not exist when this command is issued, an
implicit ACP is created.
ahp Specifies the data protocol as AHP.
esp Specifies the data protocol as ESP.
gre Specifies the data protocol as GRE.
icmpv6 Specifies the data protocol as ICMPv6.
all-protocols Specifies the timeout for all protocols. This policy session timeout is
used when a specific protocol match is not found.

<protocol number> Specifies the IPv6 next header value (protocol number) to match for
using the specified timeout. Valid protocol number range is 0 to 255.
The following are accepted protocol numbers and their associated
protocols: 51 (AHP), 50 (ESP), 47 (GRE), 58 (ICMPv6), 6 (TCP), and
17 (UDP). Protocol numbers reserved for extension headers cannot be
used. For example, you cannot use 0 (hop-by-hop options), 43
(routing), 44 (fragment), 59 (no next header), 60 (destination options),
or 135 (mobility).
tcp Specifies the data protocol as TCP. If you are using TCP, you can also
specify the timeout for a specific port, a range of ports, or all TCP ports.
udp Specifies the data protocol as UDP. If you are using UDP, you can also
specify the timeout for a specific port, a range of ports, or all UDP ports.
all-ports Specifies all ports of either TCP or UDP are used if a specific match is
not found.
<port> Specifies a single TCP or UDP port. Keywords are available for
well-known protocols, as those listed below. Valid port range is 0 to
65535.
range Customizes timeout intervals for a range of TCP or UDP ports.
<beginning port>/<ending port> Specifies the range of ports, to which to apply the timeout value; valid
only for specifying TCP and UDP services. Valid ports range between 0
and 65535.
The following is the list of TCP port numbers that may be identified
bgp (Port 179) kshell (Port 544)
chargen (Port 19) login (Port 513)
cmd (Port 514) lpd (Port 515)
daytime (Port 13) nntp (Port 119)
discard (Port 9) pim-auto-rp (Port 496)
domain (Port 53) pop2 (Port 109)
echo (Port 7) pop3 (Port 110)
exec (Port 512) smtp (Port 25)
finger (Port 79) ssh (Port 22)
ftp (Port 21) sunrpc (Port 111)
ftp-data (Port 20) tacacs (Port 49)
gopher (Port 70) talk (Port 517)
hostname (Port 101) telnet (Port 23)
https (Port 443) time (Port 37)
ident (Port 113) uucp (Port 540)
irc (Port 194) whois (Port 43)
klogin (Port 543) www (Port 80)

The following is the list of UDP port numbers that may be identified
bootpc (Port 68 rip (Port 520)
bootps (Port 67) ripng (Port 521)
dnsix (Port 195) snmptrap (Port 162))
mobile-ip (Port 434) talk (Port 517)
ntp (Port 123)
instance on which to perform the policy timeout. If no VRF is specified,
the action is performed on the default unnamed VRF.
Default Values
By default, policy session timeouts are set to 600 seconds for established TCP policy sessions, and 60
seconds for all other protocols.
Command History
Release R10.1.0 Command was expanded to include the ripng option for UDP ports.
Functional Notes
This ipv6 policy-timeout command is used to configure the session timeout value for established policy
sessions. Use the commands ipv6 firewall rst-timeout <timeout> on page 1534, ipv6 firewall rst-timeout
<timeout> on page 1534, and ipv6 firewall tcp-unestab-timeout <timeout> on page 1536 to configure
timeout values for TCP FINISH (FIN), TCP RESET (RST), and pre-established TCP policy sessions.
Established TCP policy sessions are firewall sessions in which a three-way handshake has been
observed, but no RST has been received by either endpoint, nor has a FIN been received from both
endpoints. Established policy sessions can also be a stateless TCP policy session prior to the receipt of an
RST from either endpoint or a FIN from both endpoints, or a policy session for all non-TCP protocols.
Established policy session timeouts are configured to customize timeout intervals for protocols (by
specifying the protocol or a specific access control list (ACL)), specific services (by specifying the port
used or a specific ACL), and specific ingress policy classes. Multiple commands can be used to specify
different timeouts for different protocols, services, and ingress policy classes.

Usage Examples
The following examples configure multiple policy session timeouts based on different protocols (and the
associated ACLs):
(config)#ipv6 policy-timeout match A1 policy P1 1000

(config)#ipv6 policy-timeout match A2 policy P1 2000
(config)#ipv6 policy-timeout tcp ssh policy P1 3000
(config)#ipv6 policy-timeout tcp range 100 200 policy P1 4000
(config)#ipv6 policy-timeout tcp range 150 250 policy P1 5000
(config)#ipv6 policy-timeout tcp all-ports policy P1 6000
(config)#ipv6 policy-timeout match A3 7000
(config)#ipv6 policy-timeout tcp ssh 8000
(config)#ipv6 access-list extended A1

(config-ex6-nacl)#permit gre host 2001:DB8:1234:1::1 any
(config-ex6-nacl)#permit tcp any any eq www

(config-ex6-nacl)#permit tcp host 2001:DB8:1234:1::1 any

(config-ex6-nacl)#permit esp any any

ipv6 prefix-list <name> seq <number>

Use the ipv6 prefix-list seq command to specify an Internet Protocol version 6 (IPv6) prefix to be matched
when filtering IPv6 routes. Use the no form of this command to remove a prefix list. Variations of this
command include:
ipv6 prefix-list <name> seq <number> deny <ipv6 address/prefix-length>

ipv6 prefix-list <name> seq <number> deny <ipv6 address/prefix-length> ge <value>
ipv6 prefix-list <name> seq <number> deny <ipv6 address/prefix-length> le <value>
ipv6 prefix-list <name> seq <number> permit <ipv6 address/prefix-length>
ipv6 prefix-list <name> seq <number> permit <ipv6 address/prefix-length> ge <value>
ipv6 prefix-list <name> seq <number> permit <ipv6 address/prefix-length> le <value>
Syntax Description
<name> Specifies a particular prefix list. Prefix list names can be up to 80
characters in length.
<number> Specifies the entry's unique sequence number that determines the
processing order. Lower numbered entries are processed first.
Range is 1 to 4294967294.
permit <ipv6 address/prefix-length> Permits access to entries matching the specified network IPv6
address and the corresponding network prefix length. IPv6
addresses and prefixes are expressed in colon hexadecimal format
(for example, 2001:DB8:0:3F3B::/64).
deny <ipv6 address/prefix-length> Denies access to entries matching the specified network IPv6
address and the corresponding network prefix length. IPv6
addresses and prefixes are expressed in colon hexadecimal format
(for example, 2001:DB8:0:3F3B::/64).
le <value> Specifies the upper end of the range and indicates that the length
must be less than or equal to the specified value in order to match.
Range is 0 to 32.
ge <value> Specifies the lower end of the range and indicates that the length
must be greater than or equal to the specified value in order to
match. Range is 0 to 32.
Default Values
If no ge or le parameters are specified, an exact match is assumed. If only ge is specified, the AOS device
assumes 32 as the upper limit. If only le is specified, the AOS device assumes the network address’s
length as the lower limit.
Command History

Functional Notes
This command specifies a prefix to be matched when filtering routes. Prefix lists can be useful in
configurations of Border Gateway Protocol (BGP) to define the routes that an AOS device can advertise to
or receive from a BGP address family (AF) neighbor. Common uses for prefix lists include: preventing a
network from becoming a transit for external traffic when multihoming, receiving only routes from remote
virtual private network (VPN) sites, prohibiting the advertisement of a network, and load balancing
outbound traffic. When using this command, if the network address is entered without specifying a range
for prefix lengths, the router assumes that the route must be an exact match.
Optionally, this command may specify a range of prefix lengths. The following rule must be followed: len <
ge-value < le-value. A filter that exactly matches a prefix length can be created by entering the length for
both the ge and le values. A prefix list with no entries allows all routes. A route that does not match any
entries in a prefix list is dropped. As soon as a route is permitted or denied, there is no further processing
of the rule in the prefix list. A route that is denied with the initial entry of a prefix list will not be allowed, even
if it matches a permitting entry further down the list.
Usage Examples
The following example creates a prefix list entry in the IPv6 prefix list TEST that allows all routes to prefixes
in the 2001:DB8:0:3F3B::/64 network:
(config)#ipv6 prefix-list TEST seq 5 permit 2001:DB8:0:3F3B::/64 le 24

ipv6 route
Use the ipv6 route command to add an Internet Protocol version 6 (IPv6) static route to the IPv6 route
table. Use the no form of this command to remove a configured IPv6 static route. To specify a route using
a named prefix, refer to ipv6 route named-prefix on page 1553. Variations of this command include:
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address>

ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> [mef-ethernet <slot/port> |
system-control-evc | system-management-evc] tag <value>
system-control-evc | system-management-evc] track <name>
system-control-evc | system-management-evc] tag <value> track <name>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> <administrative distance>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> <administrative distance> tag <value>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> <administrative distance> track
<name>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> <administrative distance> tag <value>
track <name>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> <interface>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> <interface> tag <value>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> <interface> track <name>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> <interface> tag <value> track
<name>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> <interface> <administrative distance>
tag <value>
track <name>
tag <value> track <name>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> null 0
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> null 0 tag <value>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> null 0 track <name>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> null 0 tag <value> track <name>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> null 0 <administrative distance>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> null 0 <administrative distance> tag
<value>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> null 0 <administrative distance> track
<name>
ipv6 route [vrf <name>] <ipv6 prefix/prefix length> <ipv6 address> null 0 <administrative distance> tag
<value> track <name>

Syntax Description
<ipv6 prefix/prefix length> Specifies the network defined by this static route entry. IPv6 prefixes should
be expressed in colon hexadecimal format (X:X::X/<Z>). For example,
<ipv6 address> Optional. Specifies the next-hop IPv6 address defined by the static route.
This is not a link-local IPv6 address. IPv6 addresses should be expressed
in colon hexadecimal format (X:X:X:X::X). For example, 2001:DB8:1::1.
<interface> Optional. Specifies an egress interface on the router which connects to the
next-hop IPv6 device on the path toward the specified network. Interfaces
are entered in the <interface> <slot/port | interface id> format. You must use
the <interface> parameter in conjunction with the next-hop IPv6 address if
you are specifying a link-local IPv6 address (FE80::) as the next hop.
<administrative distance> Optional. Specifies an administrative distance associated with the static
route, and is used to determine the best route when multiple routes to the
same destination exist. The route with the lowest administrative distance is
the preferred route. Administrative distance range is 1 to 255.
tag <value> Optional. Specifies a number to use as a tag for this route. Valid range is 1
to 65535.
system-control-evc Optional. Specifies the system control Ethernet virtual connection (EVC).
This EVC is preconfigured on the unit.
system-mangement-evc Optional. Specifies the system management EVC. This EVC is
vrf <name> Optional. Specifies to create the static route on a specific virtual routing and
forwarding (VRF).
Default Values
By default, no static routes are added to the IPv6 route table. If a static route is created, the administrative
distance is 1 by default.
Command History


Release R10.11.0 Command was expanded to include the track parameter and MEF Ethernet
interface.
Functional Notes
Each static route is only added to the IPv6 route table when the IPv6 interface is configured and in an UP
state. There are three types of static routes that can be used: directly attached, recursive, and fully
specified.
A directly attached static route is a route in which the next hop for the route is entered as an interface.
Packets destined for the specified network are assumed to be directly reachable on the specified interface.
If you are using a directly attached static route, and the interface you are using uses Layer 2 addresses (for
example, as an Ethernet interface does), then address resolution is performed when a packet is delivered
to the network. For Point-to-Point Protocol (PPP) interfaces, the packet is simply forwarded through the
interface in the same way that a packet is forwarded when an IPv6 on-link prefix is defined at the interface.
A recursive static route is a route in which the next hop for the route is entered as the IPv6 address of the
next-hop router. When a recursive static route is used, AOS attempts to determine the interface used to
reach the next-hop address. Recursive routes are added to the route table only when the router has
determined which interface to use for egress traffic.
A fully specified static route is a route in which the next hop is entered as an IPv6 address and an interface
for the next-hop router is specified. This type of static route restricts the use of the route to the specified
interface. A fully specified static route MUST be used when the next hop is specified by its link-local
address, which alone has no context of location.
Usage Examples
The following example creates a static route in the IPv6 routing table that has a local-link next-hop
address, egresses from the ethernet 0/1 interface, includes a tag of 3, and has an administrative distance
of 2:
(config)#ipv6 route 2001:DB8:3F::/48 fe80::202:b3ff:fe1e:8345 ethernet 0/1 tag 3 2

ipv6 route named-prefix

Use the ipv6 route named-prefix command to add an Internet Protocol version 6 (IPv6) static route to the
IPv6 route table using a named prefix. Use the no form of this command to remove a configured IPv6
static route. To specify a route without using a named prefix, refer to ipv6 route on page 1550. Variations
ipv6 route [vrf <name>] named-prefix <prefix-name> <ipv6 prefix/prefix length> <ipv6 address>
[mef-ethernet <slot/port> | system-control-evc | system-management-evc] tag <value>
[mef-ethernet <slot/port> | system-control-evc | system-management-evc] track <name>
[mef-ethernet <slot/port> | system-control-evc | system-management-evc] tag <value>
track <name>
<administrative distance>
<administrative distance> tag <value>
<administrative distance> track <name>
<administrative distance> tag <value> track <name>
<interface>
<interface> tag <value>
<interface> track <name>
<interface> tag <value> track <name>
<interface> <administrative distance>
<interface> <administrative distance> tag <value>
<interface> <administrative distance> track <name>
<interface> <administrative distance> tag <value> track <name>
ipv6 route [vrf <name>] named-prefix <prefix-name> <ipv6 prefix/prefix length> <ipv6 address> null 0
tag <value>
track <name>

tag <value> track <name>

<administrative distance>
<administrative distance> tag <value>
<administrative distance> track <name>
<administrative distance> tag <value> track <name>
Syntax Description
<prefix name> Specifies a route is created using a named prefix. The <prefix name>
parameter specifies the prefix variable name.
<ipv6 prefix/prefix length> Specifies the network defined by this static route entry. IPv6 prefixes should
<ipv6 address> Specifies the next-hop IPv6 address defined by the static route. This is not a
link-local IPv6 address. IPv6 addresses should be expressed in colon
hexadecimal format (X:X:X:X::X). For example, 2001:DB8:1::1.
<interface> Optional. Specifies an egress interface on the router which connects to the
next-hop IPv6 device on the path toward the specified network. Interfaces
are entered in the <interface> <slot/port | interface id> format. You must use
the <interface> parameter in conjunction with the next-hop IPv6 address if
you are specifying a link-local IPv6 address (FE80::) as the next hop.
<administrative distance> Optional. Specifies an administrative distance associated with the static
route, and is used to determine the best route when multiple routes to the
same destination exist. The route with the lowest administrative distance is
the preferred route. Administrative distance range is 1 to 255.
tag <value> Optional. Specifies a number to use as a tag for this route. Valid range is 1
to 65535.
system-control-evc Optional. Specifies the system control Ethernet virtual connection (EVC).
This EVC is preconfigured on the unit.
system-management-evc Optional. Specifies the system management EVC. This EVC is

vrf <name> Optional. Specifies to create the static route on a specific virtual routing and
forwarding (VRF).
Default Values
By default, no static routes are added to the IPv6 route table. If a static route is created, the administrative
distance is 1 by default.
Command History
Release R10.11.0 Command was expanded to include the track parameter and MEF Ethernet
interface.
Functional Notes
Each static route is only added to the IPv6 route table when the IPv6 interface is configured and in an UP
state. There are three types of static routes that can be used: directly attached, recursive, and fully
specified.
A directly attached static route is a route in which the next hop for the route is entered as an interface.
Packets destined for the specified network are assumed to be directly reachable on the specified interface.
If you are using a directly attached static route, and the interface you are using uses Layer 2 addresses (for
example, as an Ethernet interface does), then address resolution is performed when a packet is delivered
to the network. For Point-to-Point Protocol (PPP) interfaces, the packet is simply forwarded through the
interface in the same way that a packet is forwarded when an IPv6 on-link prefix is defined at the interface.
A recursive static route is a route in which the next hop for the route is entered as the IPv6 address of the
next-hop router. When a recursive static route is used, AOS attempts to determine the interface used to
reach the next-hop address. Recursive routes are added to the route table only when the router has
determined which interface to use for egress traffic.
A fully specified static route is a route in which the next hop is entered as an IPv6 address and an interface
for the next-hop router is specified. This type of static route restricts the use of the route to the specified
interface. A fully specified static route MUST be used when the next hop is specified by its link-local
address, which alone has no context of location.
Usage Examples
The following example creates a static route named PREFIX1 in the IPv6 routing table that has a local-link
next-hop address, egresses from the ethernet 0/1 interface, includes a tag of 3, and has an administrative
distance of 2:
(config)#ipv6 route named-prefix PREFIX1 2001:DB8:3F::/48 fe80::202:b3ff:fe1e:8345 ethernet 0/1

tag 3 2

ipv6 unicast-routing
Use the ipv6 unicast-routing command to enable Internet Protocol version 6 (IPv6) unicast routing and
specify the router as an IPv6 neighbor. Use the no form of this command to disable the IPv6 routing
subsystem, remove any routing protocol entries from the IPv6 routing table, cease IPv6 routing functions,
and disable IPv6 unicast routing.
Syntax Description
No subcommands.
Default Values
By default, IPv6 unicast routing is disabled.
Command History
Functional Notes
This ipv6 unicast-routing command functions similarly to the ip routing command for IPv4 services. In
order to enable IPv6 unicast routing, you must first configure interfaces to use IPv6 before IPv6
communication takes place. When IPv6 unicast routing is enabled globally, the router flag is set to 1 in
neighbor advertisement (NA) messages.
Using the no form of this command disables the IPv6 routing subsystem, removes any routing protocol
entries from the IPv6 route table, causes IPv6 routing functions to cease, and disables IPv6 unicast
routing. In addition, NA
messages are sent at each interface indicating the neighbor is no longer a router (router flag is set to 0),
and that the router is no longer the default router for any advertised prefixes. When IPv6 unicast routing is
disabled, the existing IPv6 configuration is retained, but no IPv6 packets are routed and no routing
resources are consumed.
If IPv6 unicast routing is not enabled, but an interface has IPv6 enabled, that interface may communicate
as an IPv6 host to other devices. If IPv6 packets are received that are not addressed to that interface, the
packets are dropped.
Usage Examples
The following example enables IPv6 unicast routing and specifies the router as an IPv6 neighbor:
(config)#ipv6 unicast-routing

isdn-group <number>
Use the isdn-group command to enter the ISDN Group Configuration mode command set. Use the no
form of this command to disable this feature. Refer to the section Voice ISDN Group Command Set on
page 4641 for more information on the commands available for each group.
Syntax Description
<number> Specifies the integrated services digital network (ISDN) group. Range is 1 to
255.
Default Values
Command History
Functional Notes
An ISDN group allows the user to specify the maximum and minimum number of B-channels that can be
used for a specific type of call. It is a logical group of B-channels from one or more ISDN interfaces. The
interfaces can be of different types (e.g., primary rate interface (PRI) and basic rate interface (BRI)). An
ISDN interface can be a member of multiple ISDN groups that makes it possible to share its B-channels
between different types of calls.
Usage Examples
The following example uses the isdn-group command to enter the ISDN Group Configuration mode for
ISDN group 1:
(config)#isdn-group 1
(config-isdn-group 1)#

isdn-number-template
Use the isdn-number-template command to create an entry in the integrated services digital network
(ISDN) number-type template that is used when encoding the called party and calling party information
elements (IEs) for inbound and outbound ISDN calls. Use the no form of this command to delete the
configured entry. Variations of this command include the following:
isdn-number-template <template id> prefix <number> abbreviated <pattern>

isdn-number-template <template id> prefix <number> international <pattern>
isdn-number-template <template id> prefix <number> national <pattern>
isdn-number-template <template id> prefix <number> network-specific <pattern>
isdn-number-template <template id> prefix <number> plan <indicator> type <number> <pattern>
isdn-number-template <template id> prefix <number> subscriber <pattern>
isdn-number-template <template id> prefix <number> unknown <pattern>
Syntax Description
<template id> Specifies a numeric identifier for the template entry. Valid range is 1 to 255.
prefix <number> Specifies the expected prefix for the call type. Prefixes can be left blank
(using double quotation marks “ ”), or consist of unlimited length strings of
zeros and ones. For example, for international calls made from within the
United States, a prefix of 011 is expected.
abbreviated Specifies using abbreviated (bits 110) in the type of number (TON) octet.
Abbreviated is used mainly in private ISDN network applications and the
implementation is network dependent.
international Specifies using international (bits 001) in the TON octet. International is
used for calls destined outside the national calling area. International calls
have the international direct dialing (IDD) prefix removed. For example,
consider an international call of 011-N$, where the IDD prefix is 011 and the
N$ represents the digits necessary for routing the call at the destination.
When the called party IE is created for this call, the prefix is stripped and the
N$ digits are placed in the number digits field.
national Specifies using national (bits 010) in the TON octet. National is used for
calls destined for inside the national calling area (i.e., does not cross into an
international local access and transport area (LATA)). National calls have
the direct dialing prefix removed. For example, consider a national call with
a direct dialing prefix of 1 and NXX-NXX-XXXX to represent the ten-digit
number necessary for routing the call. When the called party IE is created
for this call, the prefix (1) is stripped and the NXX-NXX-XXXX digits are
placed in the number digits field.

network-specific Specifies using network-specific (bits 011) in the TON octet.

Network-Specific is used for calls that require special access to a private
network, which requires the use of a prefix that should be stripped once
access to the network has been gained. Network-specific calls have the
dialing prefix removed. For example, a call to a private network with the 700
consists of 700-N$, where 700 is the dialing prefix and N$ represents the
digits necessary for routing the call at the destination. When the Called
Party IE is created for this call, the prefix is stripped and the N$ is placed in
the Number Digits field.
plan <indicator> Specifies the numbering plan indicator (NPI) to use in combination with the
TON and associate it with a number pattern. Valid range is 0 to 15.
subscriber Specifies using subscriber (bits 100) in the TON octet. Subscriber is used
for local calls (not long distance). Subscriber calls, by default, have the area
code removed. For example, a subscriber call to 916-555-1212 would have
the prefix 916 stripped and 555-1212 in the number digits field. For areas
with mandatory ten-digit dialing, a blank prefix should be entered to ensure
that all ten digits are passed to the number digits field.
type <number> Specifies the TON to use in combination with the NPI and associate it with a
number pattern. Valid range is 0 to 7.
unknown Specifies using unknown (bits 000) in the TON octet. Unknown is used
when the number type is not known. Unknown numbers are assumed to
have no prefix, and the entire dialed number is presented in the number
digits field.
<pattern> Specifies a pattern for this template. Refer to Functional Notes for more
information.
Default Values
By default, the following number template for domestic emergency calls (911) is the only template
preconfigured in AOS:
isdn-number-template 0 prefix “ ” subscriber 911
Command History
Release A4.05 Command was expanded to include the plan <indicator> type <number>
<pattern> parameter.

Functional Notes
The command isdn-number-template <template id> prefix <number> plan <indicator> type <number>
<pattern> is used to associate any combination of NPIs and TONs with a number pattern. Not all
combination values are allowed, and AOS does not check the entry validity. Refer to the International
Telecommunication Union (ITU) recommendation Q.931 for the most current information.


Usage Examples
The following example creates a number template (labeled 1) and prefix (labeled 1) for national calls:
(config)#isdn-number-template 1 prefix 1 national Nxx-Nxx-xxxx

led status-led startup-state

Use the led status-led startup-state command to control the state of the status LED upon system startup
of an applicable AOS device. This command can be used to turn off the LED, as well as control both the
LED color and blink rate. Use the no form of this command to return to the default setting. Variations of
led status-led startup-state [green | red]

led status-led startup-state [green | red] blink [fast | slow]
led status-led startup-state red-green
led status-led startup-state off
Syntax Description
green Modifies the status LED display to green.
red Modifies the status LED display to red.
red-green Modifies the status LED to alternate between red and green
blink Specifies the status LED blink rate. If the blink rate is not specified, the
display color will be solid (i.e., non-blinking).
fast Specifies a blink rate of five times per second.
slow Specifies a blink rate of once per second.
off Turns off the status LED.
Default Values
By default, the status LED is solid green.
Command History
Functional Notes
This command only controls the state of the LED upon startup; it does not alter the current state of the
status LED.
Usage Examples
The following example changes the startup state of the status LED display to slow, blinking red:
(config)#led status-led startup-state red blink slow

license server
Use the license server command to configure a license server, from which license keys are automatically
retrieved by the AOS unit. This command must be issued before using the command license activate
<activation key> on page 499 to activate AOS feature licenses. Use the no form of this command to
remove the license server configuration and return to the default server. Variations of this command
include:
license server url <url>

license server vrf <name> url <url>
Syntax Description
url <url> Specifies the uniform resource locator (URL) address of the license server.
Specify the URL using either Hypertext Transfer Protocol (HTTP) or HTTP
Secure (HTTPS), for example, https://example.com.
vrf <name> Optional. Specifies a non-default virtual routing and forwarding (VRF)
instance on which to configure the license server.
Default Values
If no license server is configured, a license key request is automatically sent to
https://portal.adtran.com/web/ptapi/generate.
Command History
Functional Notes
The server configured with the command is used in conjunction with the command license activate
<activation key> on page 499. The activation keys used with the license activate command are provided
to you when you purchase licenses for additional AOS features. When the license activate command is
issued, the entered activation keys are automatically sent to the licensing server configured with the
license server command, and then the features are automatically licensed on the AOS unit.
This two-step licensing procedure replaces the four-step licensing process introduced in AOS firmware
release R11.8.0. For more information about the AOS feature licensing process, refer to the quick start
guide, Licensing AOS Features, available online at https://supportcommunity.adtran.com.
Usage Examples
The following example configures a license server with the URL https://example.com, on the default VRF,
for use with AOS feature license activation keys:
(config)#license server url https://example.com

line
Use the line command to enter the line configuration for the specified console, Telnet, or secure shell
(SSH) session. Refer to the sections Line (Console) Interface Command Set on page 2006, Line (Telnet)
Interface Command Set on page 2039, and Line (SSH) Interface Command Set on page 2023 for
information on the subcommands. Variations of this command include:
line console <line number>

line ssh <line number>
line ssh <line number> <ending number>
line telnet <line number>
line telnet <line number> <ending number>
Syntax Description
console Enters the configuration mode for the DB-9 (female) CONSOLE port located on
the rear panel of the unit. Refer to the section Line (Console) Interface
Command Set on page 2006 for information on the subcommands found in
that command set.
telnet Enters the configuration mode for Telnet session(s), allowing you to configure
for remote access. Refer to the section Line (Telnet) Interface Command Set
on page 2039 for information on the subcommands found in that command
set.
ssh Enters the configuration mode for SSH. Refer to the section Line (SSH)
Interface Command Set on page 2023 for information on the subcommands
found in that command set.
<line number> Specifies the starting session to configure for remote access. Valid range for
console is 0. Valid range for Telnet and SSH is 0 to 4.
If configuring a single Telnet or SSH session, enter a single line number.
<ending number> Optional. Specifies the last Telnet or SSH session to configure for remote
access. Valid range is 0 to 4.
For example, to configure all available Telnet sessions, enter line telnet
0 4.
Default Values
By default, there are no configured Telnet or SSH sessions. By default, the AOS line console parameters
are configured as follows:
Data Rate: 9600

Data bits: 8
Stop bits: 1
Parity Bits: 0
No flow control

Command History
Release 11.1 Command was expanded to include the SSH.
Usage Examples
The following example begins the configuration for the CONSOLE port located on the rear of the unit:
(config)#line console 0
(config-con0)#
The following example begins the configuration for all available Telnet sessions:
(config)#line telnet 0 4
(config-telnet0-4)#
The following example begins the configuration for all available SSH sessions:
(config)#line ssh 0 4
(config-ssh0-4)#

lldp
Use the lldp command to configure global settings that control the way Link Layer Discovery Protocol
(LLDP) functions. Use the no form of this command to return to the default setting. Variations of this
command include:
lldp med-fast-start-interval <value>

lldp minimum-transmit-interval <value>
lldp reinitialization-delay <value>
lldp system-capabilities exclude telephone
lldp transmit-interval <value>
lldp ttl-multiplier <value>
Syntax Description
med-fast-start-interval Specifies the fast start transmit interval (in seconds) that LLDP-Media
Endpoint Discovery (LLDP-MED) time length values (TLVs) are sent once
every second, allowing rapid automatic configuration of LLDP-MED capable
endpoints at startup. Range is 1 to 10 seconds. Default value is 4 seconds.
minimum-transmit-interval Defines the minimum amount of time between transmission of LLDP frames
in seconds. Range is 1 to 8192 seconds.
reinitialization-delay Defines the minimum amount of time to delay after LLDP is enabled on a
port before allowing transmission of additional LLDP frames on that port
in seconds. Range is 1 to 10 seconds.
system-capabilities Configures local system capabilities.
exclude telephone Excludes telephone flag in the system capabilities TLV. Enabling this
command prevents the AOS unit from advertising the telephone system
capabilities in both the system capabilities and enabled capabilities portions
of the LLDP packet.
transmit-interval Defines the delay between LLDP frame transmission attempts during
normal operation in seconds. Range is 5 to 32768 seconds.
ttl-multiplier Defines the time to live (TTL) multiplier to be applied to the transmit interval
to compute the time to live for data sent in an LLDP frame. Range is 2 to 10.
<value> Specifies the interval, delay, or multiplier.
Default Values
By default, med-fast-start-interval is 4 seconds; minimum-transmit-interval is 2 seconds;
reinitialization-delay is 2 seconds; transmit-interval is 30 seconds; and ttl-multiplier is 4.
Command History
Release 17.2 Command was expanded to include the med-fast-start-interval parameter.
Release A5.01 Command was expanded to include the system-capabilities and exclude
telephone parameters.

Functional Notes
Once a device receives data from a neighboring device in an LLDP frame, it will retain that data for a
limited amount of time. This amount of time is called time to live, and it is part of the data in the LLDP
frame. The time to live transmitted in the LLDP frame is equal to the transmit interval multiplied by the TTL
multiplier.
Usage Examples
The following example sets the LLDP minimum transmit interval to 10 seconds:
(config)#lldp minimum-transmit-interval 10
The following example sets the LLDP reinitialization delay to 5 seconds:
(config)#lldp reinitialization-delay 5
The following example sets the LLDP transmit interval to 15 seconds:
(config)#lldp transmit-interval 15
The following example sets the LLDP transmit interval to 15 seconds and the TTL multiplier to 2 for all
LLDP frames transmitted from the unit. The resulting TTL is 30 seconds:
(config)#lldp transmit-interval 15
(config)#lldp ttl-multiplier 2

load-protect
Use the load-protect command to enable and configure load-protect CPU throttling. Variations of this
command include:
load-protect background rate-limit

load-protect background rate-limit <increase percentage> <decrease percentage>
load-protect background interval <value> rate-limit
load-protect background interval <value> rate-limit <increase percentage> <decrease percentage>
load-protect cli rate-limit
load-protect cli rate-limit <increase percentage> <decrease percentage>
load-protect cli interval <value> rate-limit
load-protect cli interval <value> rate-limit <increase percentage> <decrease percentage>
Syntax Description
background Specifies the scope of the command is all encompassing.
cli Specifies the scope of the command is limited to the command line
interface.
interval <value> Optional. Sets the maximum latency, in milliseconds, allowed to occur
before declaring the CLI or background in congestion.
rate-limit Specifies that load protect be enabled utilizing a simple step function,
unless a percentage of increase and decrease are defined.
<increase percentage> Optional. Sets the percentage increase to be added to the current
percentage of packets that the CPU handles.
<decrease percentage> Optional. Sets the percentage decrease to be removed from the current
percentage of packets that the CPU handles.
Default Values
If no interval <value> is entered, the command defaults to a simple step function to throttle high CPU
utilization.
Command History
Usage Examples
The following example enables load protect for the CLI with a maximum latency of 200 ms:
(config)#load-protect cli interval 200 rate limit

load-protect protocol
Use the load-protect protocol command to enable and configure a specified protocol’s queue and values
for the load protect feature’s protocol rate limiter. Variations of this command include:
load-protect protocol arp cbs <number>

load-protect protocol arp cir <number>
load-protect protocol arp queue <number>
load-protect protocol default cir <number>
load-protect protocol default cir <number> cbs <number>
load-protect protocol dhcp cbs <number>
load-protect protocol dhcp cir <number>
load-protect protocol dhcp queue <number>
load-protect protocol icmp cbs <number>
load-protect protocol icmp cir <number>
load-protect protocol icmp queue <number>
load-protect protocol icmp-unreachable cbs <number>
load-protect protocol icmp-unreachable cir <number>
load-protect protocol icmp-unreachable queue <number>
load-protect protocol ipv6-hop-by-hop cbs <number>
load-protect protocol ipv6-hop-by-hop cir <number>
load-protect protocol ipv6-hop-by-hop queue <number>
load-protect protocol ipv6-nd cbs <number>
load-protect protocol ipv6-nd cir <number>
load-protect protocol ipv6-nd queue <number>
load-protect protocol ntp cbs <number>
load-protect protocol ntp cir <number>
load-protect protocol ntp queue <number>
load-protect protocol radius cbs <number>
load-protect protocol radius cir <number>
load-protect protocol radius queue <number>
load-protect protocol snmp cbs <number>
load-protect protocol snmp cir <number>
load-protect protocol snmp queue <number>
load-protect protocol ssh cbs <number>
load-protect protocol ssh cir <number>
load-protect protocol ssh queue <number>
load-protect protocol vrrp cbs <number>
load-protect protocol vrrp cir <number>
load-protect protocol vrrp queue <number>
load-protect protocol vrrpv3 cbs <number>
load-protect protocol vrrpv3 cir <number>
load-protect protocol vrrpv3 queue <number>

Syntax Description
arp Specifies internet protocol version 4 (IPv4) Address Resolution Protocol
(ARP) packets.
default Specifies the feature behavior for packets not specified by another protocol.
dhcp Specifies Dynamic Host Configuration Protocol version 4 (DHCPv4) and
DHCPv6 packets.
icmp Specifies all IPv4 and IPv6 Internet Control Message Protocol (ICMP)
packets, except for unreachables.
icmp-unreachable Specifies IPv4 and IPv6 ICMP unreachable packets.
ipv6-hop-by-hop Specifies any IPv6 packet with a hop-by-hop option correctly set on the
packet.
ipv6-nd Specifies IPv6 neighbor discovery packets.
ntp Specifies Network Time Protocol (NTP), Simple Network Time Protocol
(SNTP) packets.
radius Specifies Remote Authentication Dial-in User Service (RADIUS) packets.
snmp Specifies Simple Network Management Protocol (SNMP) packets.
ssh Specifies Secure Shell (SSH), Session Control Protocol (SCP) packets.
vrrp Specifies Virtual Router Redundancy Protocol version 2 (VRRPv2) packets.
vrrpv3 Specifies VRRPv3 packets.
cbs <number> Specifies the committed burst size (CBS) for the given protocol in number of
packets.
cir <number> Specifies the packet per second committed information rate (CIR) that is
rate limited to the CPU for the given protocol.
queue <number> Specifies the destination queue for the given protocol.
Default Values
By default the load protect feature is not enabled.
Command History
Usage Examples
The following example enables queue number 1 for all DHCPv4 and DHCPv6 packets whose CBS and
CIR values may then be configured:
(config)#load-protect protocol dhcp queue 1

load-protect queue <number> weight packet <weight>

Use the load-protect queue weight packet command to set the weighted round robin (WRR) weight in
packets per second for the specified queue.
Syntax Description
<number> Specifies the desired queue.
<weight> Specifies the WRR weight in packets per second.
Default Values
Command History
Usage Examples
The following example sets the number of packets per second to 50 for queue number 1:
(config)#load-protect queue 1 weight packet 50

local <start ip address> <end ip address> global <start ip address>

<end ip address>
Use the local global command to define local and global network range of addresses for static 1:1 network
address translation (NAT) mapping. This command is entered from within the NAT pool’s configuration
command set by using the ip nat pool command. Refer to ip nat pool <name> on page 1425 for more
information.
Syntax Description
<start ip address> Specifies the first IP address in the range.
<end ip address> Specifies the last IP address in the range.
IP addresses should be expressed in dotted decimal notation (for example,
10.10.10.1).
Default Values
Command History
Functional Notes
Static pools define a local network range of addresses whose size must be equal to the global range.
Source NAT will translate from the local range to the global range. Destination NAT will translate from the
global range to the local range. The addresses do not have to start at the same offset. If this command is
entered and the two ranges are not of the same size, an error message is displayed. The command will fail
and the pool will remain in its original state. If the pool was configured with an existing address range prior
to issuing the failed command, that range will remain unchanged. If no address range was present, the
pool will remain incomplete.
In some situations, an address needs to be excluded that falls within a range. For example, suppose you
are excluding 10.1.1.10 because it is the address used for many-to-one source NAT for other nonstatic
NAT hosts. This can be accomplished by creating multiple pools. This configuration requires multiple policy
class entries, but each can use the same access control list (ACL).
Usage Examples
The following example creates a static NAT pool named POOL1 and defines the local range from 10.1.1.1
to 10.1.1.12 and the global range as 192.168.1.1 to 192.168.1.12:

(config-natpool)#local 10.1.1.1 10.1.1.12 global 192.168.1.1 192.168.1.12

The following example creates two static NAT pools named POOL1 and POOL2. This example defines the
local range from 10.1.1.1 to 10.1.1.254 and the global range as 192.168.1.1 to 192.168.1.254 while
excluding the address 10.1.1.10:


logging console
Use the logging console command to enable AOS to log events to all consoles. Use the no form of this
command to disable console event logging.
Syntax Description
No subcommands.
Default Values
By default, logging console is disabled.
Command History
Usage Examples
The following example enables AOS to log events to all consoles:
(config)#logging console

logging email address-list <email address> ; <email address>

Use the logging email address-list command to specify one or more email addresses that will receive
event notification. The criteria for event matching is configured using the command logging email
priority-level on page 1581. Use the no form of this command to remove a listed address.
Syntax Description
<email address> Specifies the complete email address to use when sending logged
messages. (This field allows up to 256 characters.) Enter as many email
addresses as desired, placing a semi-colon (;) between addresses.
Default Values
By default, there are no configured logging email addresses.
Command History
Functional Notes
In order for the unit to send logging emails, the following features must be configured on the unit using the
associated commands:
• The primary and secondary Domain Name System (DNS) server IP address must be configured using
the command name-server on page 1614.
• Domain name lookup for DNS entries must be enabled using the command domain-lookup on page
1253.
• Event history logging must be enabled using the command event-history on on page 1291.
• Email logging must be enabled using the command logging email on on page 1580.
• The IPv4 address or host name of the SMTP mail server used for sending logging emails must be
configured using the command logging email receiver-ip <ipv4 address | hostname> on page 1583.
• The sender (From address) of the logging email must be configured using the command logging email
sender on page 1586.
• The source interface for communicating with the SMTP server must be specified using the command
logging email source-interface <interface> on page 1588.
Usage Examples
The following example specifies three email addresses to use when sending logged messages:
(config)#logging email address-list

admin@adtranemail.com;ntwk@adtranemail.com;support@adtranemail.com

logging email error-report address-list <email address> ;

<email address>
Use the logging email error-report address-list command to specify one or more email addresses to
receive exception reports and Hypertext Transfer Protocol (HTTP) error reports for use in troubleshooting.
Use the no form of this command to remove a listed address.
Syntax Description
<email address> Specifies the email address(es) to use when sending exception and HTTP
error reports. This field allows up to 256 characters. Enter as many email
addresses as desired, placing a semi-colon (;) between each address.
Default Values
Command History
Release R11.1 Command was introduced
Release R10.8.0 Command changed from logging email exception-report address-list to
logging email error-report address-list.
Functional Notes
When AOS experiences an exception, it will generate a file with detailed information that ADTRAN’s
Technical Support can use to diagnose the problem. This command allows the unit to email the exception
report to a list of addresses upon rebooting after the exception. In order for the unit to send logging emails,
the following features must be configured on the unit using the associated commands:
1253.
Usage Examples
The following example will enable exception report forwarding to john.doe@company.com using the
1.1.1.1 SMTP email server:
(config)#logging email error-report address-list john.doe@company.com

logging email ip urlfilter top-websites

Use the logging email ip urlfilter top-websites command to specify the parameters for receiving top
websites reports via email. Use the no form of this command to disable top websites reporting email
notification. Variations of this command include:
logging email ip urlfilter top-websites address-list <email addresses>

logging email ip urlfilter top-websites send-time <HH:MM:SS>
Syntax Description
address-list Specifies the configuration of a list of email addresses to receive top
websites reports.
send-time Specifies the configuration of when email reports for top websites will be
sent.
<email addresses> Specifies the complete email address to use when sending top websites
reports. (This field allows up to 256 characters.)
Enter as many email addresses as desired, placing a semi-colon (;)
between addresses.
<HH:MM:SS> Specifies the hours, minutes, and seconds in a 24-hour format for sending
top websites reports by email.
Default Values
By default, there are no configured logging email addresses or times for top websites reporting.
Once an address list is specified and top websites email reports are enabled, the default send-time for the
reports is 12:00 a.m.
Command History
Functional Notes
1253.

Usage Examples
The following example configures top websites reports to be emailed to sys.admin@adtran.com at
5:30 a.m.:
(config)#logging email ip urlfilter top-websites address-list sys.admin@adtran.com

(config)#logging email ip urlfilter top-websites send-time 05:30:00

logging email max-queue-depth

Use the logging email max-queue-depth to specify the maximum number of queued email messages
awaiting delivery via Simple Mail Transfer Protocol (SMTP). Messages generated when the queue is full
will be discarded without notification (except for the exception report email, which is always permitted in
the queue). Variations of this command include:
logging email max-queue-depth

logging email max-queue-depth <value>
Syntax Description
<value> Optional. Specifies the maximum number of email messages allowed in the
queue.
Default Values
By default, 100 messages are allowed in the queue.
Command History
Functional Notes
If messages are being generated faster than the SMTP client (or connected server) can process the
messages, the queue will become filled and subsequent messages will be discarded without notification. In
this case, the events causing the large number of messages to be generated should be investigated and
addressed, the severity threshold for email logging should be adjusted using the command logging email
priority-level on page 1581, or the queue size should be adjusted using this command, depending on
available memory resources.
1253.

Usage Examples
The following example specifies that 200 email messages are allowed in the queue:
(config)#logging email max-queue-depth 200

logging email on
Use the logging email on command to enable the AOS email event notification feature. Use the command
logging email address-list <email address> ; <email address> on page 1574 to specify email address(es)
that will receive notification when an event is received. Refer to logging email priority-level on page 1581
for defining matching the criteria. Use the no form of this command to disable the email notification
feature.
Syntax Description
No subcommands.
Default Values
By default, email event notification is disabled.
Command History
Functional Notes
The domain name is appended to the sender name when sending event notifications. Refer to the
command domain-name <domain name> on page 1255 for related information.
1253.
• Email logging must be enabled using the command logging email on.
Usage Examples
The following example enables the AOS email event notification feature:
(config)#logging email on

logging email priority-level

Use the logging email priority-level command to set the threshold for events sent to the addresses
specified using the command logging email address-list <email address> ; <email address> on page
1574. All events with the specified priority or higher will be sent to all addresses in the list. The command
logging email on on page 1580 must be enabled. Use the no form of this command to return to the default
priority. Variations of this command include:
logging email priority-level error

logging email priority-level fatal
logging email priority-level info
logging email priority-level notice
logging email priority-level warning
Syntax Description
Sets the minimum priority threshold for sending messages to email addresses specified using the logging
email address-list command. The following priorities are available (ranking from lowest to highest):

Default Values
By default, the logging email priority-level is set to warning.
Command History
Functional Notes
1253.

Usage Examples
The following example sends all messages with warning level or greater to the email addresses listed
using the logging email address-list command:
(config)#logging email priority-level warning

logging email receiver-ip <ipv4 address | hostname>

Use the logging email receiver-ip command to specify the IP address or host name of the email server to
use when sending email event notification. Use the no form of this command to remove a configured
address. Variations of this command include:
logging email receiver-ip <ipv4 address | hostname>

logging email receiver-ip <ipv4 address | hostname> allow-tls1.0
logging email receiver-ip <ipv4 address | hostname> allow-tls1.0 allow-tls1.1
logging email receiver-ip <ipv4 address | hostname> allow-tls1.0 allow-tls1.1 allow-sslv3
logging email receiver-ip <ipv4 address | hostname> allow-tls1.0 allow-sslv3
logging email receiver-ip <ipv4 address | hostname> allow-tls1.1
logging email receiver-ip <ipv4 address | hostname> allow-tls1.1 allow-sslv3
logging email receiver-ip <ipv4 address | hostname> allow-sslv3
logging email receiver-ip <ipv4 address | hostname> port <number>
logging email receiver-ip <ipv4 address | hostname> port <number> allow-tls1.0
logging email receiver-ip <ipv4 address | hostname> port <number> allow-tls1.0 allow-tls1.1
allow-sslv3
logging email receiver-ip <ipv4 address | hostname> port <number> allow-tls1.0 allow-sslv3
logging email receiver-ip <ipv4 address | hostname> port <number> allow-tls1.1
logging email receiver-ip <ipv4 address | hostname> port <number> allow-sslv3
logging email receiver-ip <ipv4 address | hostname> port <number> auth-username <username>
auth-password <password>
logging email receiver-ip <ipv4 address | hostname> port <number> allow-tls1.0 auth-username
<username> auth-password <password>
auth-username <username> auth-password <password>
allow-sslv3 auth-username <username> auth-password <password>
logging email receiver-ip <ipv4 address | hostname> port <number> allow-tls1.1 auth-username
logging email receiver-ip <ipv4 address | hostname> port <number> allow-sslv3 auth-username
logging email receiver-ip <ipv4 address | hostname> auth-username <username>
logging email receiver-ip <ipv4 address | hostname> allow-tls1.0 auth-username <username>
logging email receiver-ip <ipv4 address | hostname> allow-tls1.0 allow-tls1.1 auth-username
logging email receiver-ip <ipv4 address | hostname> allow-tls1.0 allow-tls1.1 allow-sslv3

logging email receiver-ip <ipv4 address | hostname> allow-tls1.0 allow-sslv3 auth-username

logging email receiver-ip <ipv4 address | hostname> allow-tls1.1 auth-username <username>
logging email receiver-ip <ipv4 address | hostname> allow-tls1.1 allow-sslv3 auth-username
logging email receiver-ip <ipv4 address | hostname> allow-sslv3 auth-username <username>
Syntax Description
<ipv4 address | hostname> Specifies the IPv4 address or host name of the email server to use when
sending logged messages. IPv4 addresses should be expressed in dotted
allow-tls1.0 Optional. Allows the email server to use Transport Layer Security protocol
version 1.0. If allow-tls1.0 is enabled, Secure Socket Layer version 3
(SSLv3) can also optionally be enabled.
allow-tls1.1 Optional. Allows the email server to use TLS protocol version 1.1. If
allow-tls1.1 is enabled, SSLv3 can also optionally be enabled.
allow-sslv3 Optional. Allows the server to use SSLv3. If SSLv3 is enabled, TLS
version 1.0 is automatically enabled.
auth-username <username> Optional. Specifies the user name to use if your email server requires
authentication.
auth-password <password> Optional. Specifies the password to use if your email server requires
authentication.
port <number> Optional. Specifies the port number of the remote email server. Range is 1
to 65535.
Default Values
By default, there are no configured email server addresses.
Command History
Release 15.1 Command was expanded to include the auth-username and
auth-password options.
Release 16.1 Command was expanded to include the port number specification option.
parameters.

Functional Notes
1253.
Usage Examples
The following example specifies an email server (with IP address 172.5.67.99) to use when sending
logged messages:
(config)#logging email receiver-ip 172.5.67.99

logging email sender

Use the logging email sender command to specify the sender in an outgoing logging email message. This
name will appear in the From field of the receiver’s inbox. Use the no form of this command to disable
this feature.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
1253.
sender.
Usage Examples
The following example sets a sender for outgoing messages:
(config)#logging email sender myUnit@myNetwork.com

logging email smdr address-list <email address> ; <email address>

Use the logging email smdr address-list command to specify one or more email addresses that will
receive notification when the station messaging detail record (SMDR) log had reached 80 percent of its
total capacity. Use the no form of this command to remove a listed address.
Syntax Description
<email address> Specifies the complete email address to use when sending logged SMDR
messages. (This field allows up to 256 characters.)
Enter as many email addresses as desired, placing a semi-colon (;)
between addresses.
Default Values
Command History
Functional Notes
1253.
Usage Examples
The following example specifies three email addresses to use when sending logged SMDR messages:
(config)#logging email smdr address-list

admin@adtranemail.com;ntwk@adtranemail.com;support@adtranemail.com

logging email source-interface <interface>

Use the logging email source-interface command to use the specified interface as the source for email
messages transmitted by the unit. Use the no form of this command if you do not wish to override the
normal source IP address.
Syntax Description
<interface> Specifies the interface to be used as the source for email messages.
dot11ap 1/1.1. Type logging email source-interface ? for a complete list
Default Values
Command History
interface.
Ethernet interface.
Functional Notes
1253.

logging email source-interface <interface>.
Usage Examples
The following example configures the unit to use the loopback 1 interface as the source IP for email
messages:
(config)#logging email source-interface loopback 1

logging facility <type>

Use the logging facility command to specify a syslog facility type for the syslog server. Error messages
meeting specified criteria are sent to the syslog server. For this service to be active, the command logging
forwarding on on page 1592 must be enabled. Use the no form of this command to return to the default
setting.
Syntax Description
<type> Specifies the syslog facility type. The following is a list of valid facility types:
auth Authorization system
cron Cron facility
daemon System daemon
kern Kernel
local0 - local7 Reserved for locally defined messages
lpr Line printer system
mail Mail system
news USENET news
sys9 - sys14 System use
syslog System log
user User process
uucp UNIX-to-UNIX copy system
Default Values
The default value is local7.
Command History
Usage Examples
The following example configures the syslog facility to the cron facility type:
(config)#logging facility cron

logging forwarding auxiliary-receiver-ip <ipv4 address>

Use the logging forwarding auxiliary-receiver-ip command to specify the IPv4 address of a secondary
syslog server to use when logging events that match the criteria configured using the command logging
forwarding priority-level on page 1594. This command can be applied to the default virtual private
network (VPN) routing and forwarding (VRF) instance or a specific VRF instance. Use the no form of this
command to remove an auxiliary receiver server address. Variations of this command include:
logging forwarding auxiliary-receiver-ip <ip address>

logging forwarding vrf <name> auxiliary-receiver-ip <ip address>
Syntax Description
<ipv4 address> Specifies the IPv4 address of a secondary syslog server to use when
logging messages. IPv4 addresses should be expressed in dotted decimal
vrf <name> Optional. Specifies a nondefault VRF instance on which the secondary
syslog server is located. If no VRF instance is specified, the default
unnamed VRF instance is assumed.
Default Values
By default, no secondary syslog servers are configured.
Command History
Release A4.05 Command was introduced in AOS voice products.
Functional Notes
Configuring a secondary syslog server allows the redundant transmission of messages to two different
servers. This server configuration is optional, and does not function as a failover address; therefore, the
primary server should always be configured using the command logging forwarding receiver-ip <ipv4
address> on page 1595. Syslog transmits to this auxiliary address independently of normal server
addresses.
Usage Examples
The following example specifies that messages are logged to both a primary syslog server (172.5.67.99)
and an auxiliary syslog server (172.5.69.100):
(config)#logging forwarding receiver-ip 172.5.67.99

(config)#logging forwarding auxiliary-receiver-ip 172.5.69.100

logging forwarding on
Use the logging forwarding on command to enable the AOS syslog event feature. Use the command
logging forwarding priority-level on page 1594 to specify the event matching criteria used by AOS to
determine whether a message should be forwarded to the syslog server. Use the no form of this command
to disable the syslog event feature.
Syntax Description
No subcommands.
Default Values
By default, syslog event notification is disabled.
Command History
Usage Examples
The following example enables the AOS syslog event feature:
(config)#logging forwarding on

logging forwarding debug <line>

Use the logging forwarding debug command to send debug messages for various protocols and features
to the AOS syslog server. Use the no form of this command to disable debug messages in the syslog
server.
your unit.
Syntax Description
<line> Specifies the protocol or feature for which debug messages are forwarded
to the syslog server.
Default Values
By default, debug messages are not sent to the syslog server.
Command History
Functional Notes
To receive debug messages through syslog, you must first set the syslog priority to debug, using the
command logging forwarding priority-level on page 1594.
Usage Examples
The following example specifies that Link Layer Discovery Protocol (LLDP) debug messages are sent to
the AOS syslog server:
(config)#logging forwarding debug lldp

logging forwarding priority-level

Use the logging forwarding priority-level command to set the threshold for events sent to the configured
syslog server specified using the command logging forwarding receiver-ip <ipv4 address> on page 1595.
All events with the specified priority or higher will be sent to all configured syslog servers. Use the no
form of this command to return to the default priority. Variations of this command include:
logging forwarding priority-level debug

logging forwarding priority-level error
logging forwarding priority-level fatal
logging forwarding priority-level notice
logging forwarding priority-level smdr
logging forwarding priority-level warning
Syntax Description
Sets the minimum priority threshold for sending messages to the syslog server specified using the logging
forwarding receiver-ip command. The following priorities are available (ranking from lowest to highest):
debug Logs subsystem debugging events.

smdr Logs events with smdr priorities.
Default Values
By default, the logging forwarding priority-level is set to warning.
Command History
Release 12.1 Command was expanded to include the smdr parameter.
Release R10.1.0 Command was expanded to include the debug keyword.
Usage Examples
The following example sends all messages with warning level or greater to the syslog server listed using
the logging forwarding receiver-ip command:
(config)#logging forwarding priority-level warning

logging forwarding receiver-ip <ipv4 address>

Use the logging forwarding receiver-ip command to specify the IPv4 address of the syslog server to use
when logging events that match the criteria configured using the command logging forwarding
priority-level on page 1594. Enter this command multiple times to develop a list of syslog servers to use.
This command can be applied to the default virtual private network (VPN) routing and forwarding (VRF)
instance or a specific VRF instance. Use the no form of this command to remove the entry. Variations of
logging forwarding receiver-ip <ipv4 address>

logging forwarding vrf <name> receiver-ip <ipv4 address>
Syntax Description
<ipv4 address> Specifies the IPv4 address of the syslog server to use when logging
messages. IPv4 addresses should be expressed in dotted decimal notation
(for example, 10.10.10.1).
vrf <name> Optional. Specifies a nondefault VRF instance on which the syslog server is
located. If no VRF instance is specified, the default unnamed VRF instance
is assumed.
Default Values
By default, there are no configured syslog server addresses.
Command History
Usage Examples
The following example specifies a syslog server (with address 172.5.67.99) to use when logging
messages:
(config)#logging forwarding receiver-ip 172.5.67.99

logging forwarding source-interface <interface>

Use the logging forwarding source-interface command to configure the specified interface’s for the
syslog server to use when logging events. This command can be applied to the default virtual private
network (VPN) routing and forwarding (VRF) instance or a specific VRF instance. Use the no form of this
command to remove the source-interface. Variations of this command include:
logging forwarding source-interface <interface>

logging forwarding vrf <name> source-interface <interface>
Syntax Description
<interface> Specifies the interface to be used as the source for event log traffic. Specify
atm 1.1. Type logging forwarding source-interface? for a complete list of
valid interfaces.
vrf <name> Optional. Specifies a nondefault VRF instance on which the syslog server is
located. If no VRF instance is specified, the default unnamed VRF instance
is assumed.
Default Values
Command History
interface.
Ethernet interface.
Functional Notes
to allow packets through firewalls that would normally be blocked.

Usage Examples
Configures the unit to use the loopback 1 interface as the source interface for event log traffic:
(config)#logging forwarding source-interface loopback 1

mac access-list standard <name>

Use the mac access-list standard command to create an empty medium access control (MAC) access
control list (ACL) and enter the Standard MAC Access List command set. Use the no form of this
command to delete a MAC ACL and all the entries contained in it. The mac access-list standard
command is currently for use only with wireless access points (APs). The following lists the complete
syntax for the mac access-list standard command:
(config)#mac access-list standard <name>

(config-std-mac-acl)#<action> <source>
Syntax Description
<name> Identifies the configured MAC ACL using an alphanumeric descriptor. All MAC
ACL descriptors are case sensitive.
<action> permit Permits entry to the access point for specified wireless station MACs.
<source> Specifies the source used for packet matching. Sources are expressed by
using host <mac address> to specify a single host address. MAC
addresses should be expressed in the following format: xx:xx:xx:xx:xx:xx
(for example, 00:A0:C8:00:00:01).
Default Values
By default, all AOS security features are disabled and there are no configured MAC ACLs.
Command History
Functional Notes
MAC ACLs are used as packet selectors by the wireless features; by themselves, the MAC ACLs do
nothing. A MAC ACL entry contains two parts: an action (permit) and a MAC address. A permit ACL is
used to match packets (meeting the specified pattern) to enter the AP. AOS provides only standard MAC
ACLs. Standard ACLs match based on the source of the packet.
Usage Examples
The following example creates a MAC ACL named Trusted to permit all packets entry to the AP with MAC
address 00:A0:C8:00:00:01.
(config)#mac access-list standard Trusted

(config-std-mac-acl)#permit 00:A0:C8:00:00:01
For more information about configuring MAC ACLs, refer to the MAC ACL quick configuration guide

mac address-table aging-time <value>

Use the mac address-table aging-time command to set the length of time dynamic medium access control
(MAC) addresses remain in the switch or bridge forwarding table. Use the no form of this command to
reset this length to the default setting.
Syntax Description
<value> Sets an aging time in seconds. Range is 10 to 1000000 seconds. Set to 0 to
disable the timeout.
Default Values
By default, the aging time is 300 seconds.
Command History
Usage Examples
The following example sets the aging time to 10 minutes:
(config)#mac address-table aging-time 600

mac address-table static <mac address>

Use the mac address-table static command to insert a static medium access control (MAC) address entry
into the MAC address table. Use the no form of this command to remove an entry from the table.
mac address-table static <mac address> bridge <bridge id> interface <interface>
mac address-table static <mac address> vlan <vlan id> interface <interface>
Syntax Description
in the following format xx:xx:xx:xx:xx:xx (for example, 00:A0:C8:00:00:01).
bridge <bridge id> Specifies a bridge interface ID. Valid range is 1 to 255.
vlan <vlan id> Specifies a virtual local area network (VLAN) interface ID.
interface <interface> Specifies an interface in the format <interface type [slot/port |
dot11ap 1/1.1. Type mac address-table static bridge interface ? or mac
address-table static <mac address> vlan <vlan id> interface ? for a
Default Values
By default, there are no static entries configured.
Command History
Release 10.1 Command was expanded to include the bridge interface.
Ethernet interface.
Usage Examples
The following example adds a static MAC address to Point-to-Point Protocol (PPP) 1 on bridge 4:
(config)#mac address-table static 00:A0:C8:00:00:01 bridge 4 interface ppp 1
The following example adds a static MAC address to Ethernet 0/1 on VLAN 4:
(config)#mac address-table static 00:A0:C8:00:00:01 00:12:79:00:00:01 vlan 4 interface ethernet 0/1

mac hw-access-list extended <name>

Use the mac hw-access-list extended command to create and name a medium access control (MAC)
hardware access control list (ACL). This command also enters the ACL’s configuration mode. Using the
no form of this command deletes the MAC hardware ACL.
For a complete list of all MAC hardware ACL configuration commands, refer to the
Syntax Description
<name> Specifies the name of the MAC hardware ACL.
Default Values
By default, all AOS security features are disabled, and there are no configured hardware ACLs.
Command History
Functional Notes
This command only creates an empty hardware ACL, it does not configure it. For additional MAC hardware
ACL configuration commands and configuration parameters, refer to the Hardware ACL and Access Map
Command Set on page 4220 or the Hardware ACLs in AOS configuration guide available online at
Usage Examples
The following example creates a MAC hardware ACL Trusted and enters the MAC hardware ACL
configuration mode:
(config)#mac hw-access-list extended Trusted

Configuring New MAC Hardware Extended ACL “Trusted”
(config-ext-mac-hw-nacl)#
Technology Review
Hardware ACLs are used as frame selectors by the hardware access maps; by themselves they do
nothing. Hardware ACLs are composed of an ordered list of entries with an implicit deny any at the end of
each list. A hardware ACL with no entries includes an implicit permit any. An ACL entry contains two parts:
an action (permit or deny) and a frame pattern. A permit ACL matches frames (meeting the specified
pattern) and allows them to enter the router system. A deny ACL advances AOS to the next access list
entry.

ACL criteria are compared to the incoming frame in the order in which they were entered or from the top of
the list down. Generally, the most specific entries should be at the top and the more general at the bottom.


mail-client <agent name>

Use the mail-client command to create a general-purpose mail agent and enter the Mail Agent
Configuration mode. Use the no form of this command to delete the mail agent. Refer to the Mail Agent
Command Set on page 4408 for more information.
Syntax Description
<agent name> Specifies the name of the created mail agent.
Default Values
By default, no mail agents exist.
Command History
Usage Examples
The following example creates a mail agent called myagent and enters the Mail Agent Configuration
mode:
(config)#mail-client myagent
(config-mail-client-myagent)#

mef evc <name>

Use the mef evc command to create an Ethernet virtual connection (EVC) and enter the EVC configuration
mode. Using the no form of this command removes the EVC from the AOS unit’s configuration.
Syntax Description
<name> Specifies the name for the EVC.
Default Values
By default, no EVCs are configured.
Command History
Functional Notes
The EVC connects two endpoints (for example, an Ethernet in the first mile (EFM) group and the Metro
Ethernet Forum (MEF) Ethernet interface) and passes Ethernet service frames though the endpoints. The
EVCs prevent data transfer between subscriber sites that are not part of the same EVC, thus providing
data privacy and security similar to a Frame Relay or an asynchronous transfer mode (ATM) permanent
virtual circuit (PVC). EVCs are configured to be part of a bonding group (EFM group).
More information about the configuration of EVCs can be found in the MEF EVC Command Set on page
3659 or in the Configuring EFM NIM2s and the MEF Ethernet Interface in AOS configuration guide
Usage Examples
The following example creates an EVC named DATA and enters the EVC configuration mode:
(config)#mef evc DATA

(config-evc-DATA)#

mef evc-map <name>

Use the mef evc-map command to create a Metro Ethernet Forum (MEF) Ethernet virtual connection
(EVC) map and enter the EVC Map Configuration mode. The EVC map is used to match traffic to a
specific EVC using matching criteria similar to that of quality of service (QoS) matching. Using the no
form of this command removes the EVC map from the AOS unit’s configuration.
Syntax Description
<name> Specifies the name of the EVC map.
Default Values
By default, no EVC maps are configured.
Command History
Functional Notes
Once an EVC map is created, it must be configured and applied to both an EVC and a user network
interface (UNI). For more information about the configuration of EVC maps, refer to MEF EVC Map
Command Set on page 3663 or the Configuring EFM NIM2s and the MEF Ethernet Interface in AOS
Usage Examples
The following example creates the EVC map Map1 and enters the EVC Map Configuration mode:
(config)#mef evc-map Map1


mef policer <name>

Use the mef policer command to create a Metro Ethernet Forum (MEF) policer policy and enter the MEF
Policer Policy Configuration mode. The EVC policer policy limits the amount of traffic outbound from the
AOS unit to the Metro Ethernet network (MEN). Using the no form of this command removes the MEF
policer policy from the AOS unit’s configuration.
Syntax Description
<name> Specifies the name of the MEF policer policy.
Default Values
By default, no MEF policer policies are configured.
Command History
Functional Notes
The EVC policer policy can limit traffic on Ethernet virtual connections (EVCs), user network interfaces
(UNIs), or EVC maps based on traffic committed burst size (CBS), committed information rate (CIR),
excess burst size (EBS), and excess information rate (EIR). These thresholds are used to determine when
the EVC bandwidth usage is too great, and the traffic is either queued or dropped based on the configured
thresholds. For more information about the configuration and use of EVC policer policies, refer to MEF
Policer Policy Command Set on page 3669 or the Configuring EFM NIM2s and the MEF Ethernet Interface
Usage Examples
The following example creates the MEF policer policy Policy1 and enters the MEF Policer Policy
Configuration mode:
(config)#mef policer Policy1

(config-policer-Policy1)#

mef qos
Use the mef qos command to configure the Metro Ethernet Forum (MEF) Ethernet quality of service
(QoS) parameters. These parameters specify the hardware queues used by the Ethernet virtual connection
(EVC) when traffic matching an EVC map is discovered, as well as the Metro Ethernet network (MEN)
priority given to untagged traffic. Using the no form of this command returns the MEF QoS settings to the
default values. Variations of this command include:
mef qos cos-map <number> <value>

mef qos untagged <value>
Syntax Description
cos-map <number> <value> Specifies default mapping of queues to class of service (CoS) markings for
EVC traffic. The <number> parameter is the queue to which a CoS value is
mapped. Valid range is 1 to 8. The <value> parameter is the CoS value
assigned to the queue. Valid value range is 0 to 7.
untagged <value> Specifies the MEN priority for untagged traffic on the EVC. Valid range is 0
to 7.
Default Values
By default, a MEN priority of 0 is assigned to untagged traffic.
The default MEF QoS queue assignments are outlined below.
One CoS Value Is Assigned to Each Queue

Queue and Assigned CoS Values
by Default
(config)#mef qos cos-map 1 1 CoS value 1 is assigned to queue 1 by default.
Command History

Functional Notes
The MEF QoS CoS map values are used by the EVC map when the MEN queue setting is specified as
inherit. For more information about the relationships between and configuration of MEF components, refer
to the Configuring EFM NIM2s and the MEF Ethernet Interface in AOS configuration guide available online
at https://supportcommunity.adtran.com.
Usage Examples
The following example specifies that traffic with CoS values 3 and 4 are mapped to queue 1:
(config)#mef qos cos-map 1 3 4
The following example specifies the MEN priority for untagged traffic is 5:
(config)#mef qos untagged 5

modem countrycode <value>

Use the modem countrycode command to specify the modem configuration for the applicable country.
Syntax Description
<value> Specifies the modem configuration for the applicable country. Refer to
Functional Notes for countrycode values.
Default Values
By default, modem countrycode is set to USA/Canada.
Command History
Functional Notes
The following country codes are available for modem configuration:
Algeria - Algeria Modem configuration

Argentina - Argentina Modem configuration
Australia - Australia Modem configuration
Austria - Austria Modem configuration
Bahrain - Bahrain Modem configuration
Belgium - Belgium Modem configuration
Bolivia - Bolivia Modem configuration
Brazil - Brazil Modem configuration
Chile - Chile Modem configuration
China - China Modem configuration
Colombia - Colombia Modem configuration
Costa_Rica - Costa_Rica Modem configuration
Cyprus - Cyprus Modem configuration
Czechoslovakia - Czechoslovakia Modem configuration
Denmark - Denmark Modem configuration
Ecuador - Ecuador Modem configuration
Egypt - Egypt Modem configuration
Finland - Finland Modem configuration
France - France Modem configuration
Germany - Germany Modem configuration
Greece - Greece Modem configuration
Guatemala - Guatemala Modem configuration
Hong_Kong - Hong_Kong Modem configuration
Hungary - Hungary Modem configuration
India - India Modem configuration
Indonesia - Indonesia Modem configuration
Ireland - Ireland Modem configuration
Israel - Israel Modem configuration

Italy - Italy Modem configuration

Japan - Japan Modem configuration
Jordan - Jordan Modem configuration
Korea - Korea Modem configuration
Kuwait - Kuwait Modem configuration
Lebanon - Lebanon Modem configuration
Malaysia - Malaysia Modem configuration
Mexico - Mexico Modem configuration
Morocco - Morocco Modem configuration
Netherlands - Netherlands Modem configuration
New_Zealand - New_Zealand Modem configuration
Norway - Norway Modem configuration
Oman - Oman Modem configuration
Panama - Panama Modem configuration
Peru - Peru Modem configuration
Philippines - Philippines Modem configuration
Poland - Poland Modem configuration
Portugal - Portugal Modem configuration
Puerto_Rico - Puerto_Rico Modem configuration
Qatar - Qatar Modem configuration
Russia - Russia Modem configuration
Saudi_Arabia - Saudi_Arabia Modem configuration
Singapore - Singapore Modem configuration
Slovakia - Slovakia Modem configuration
Slovenia - Slovenia Modem configuration
South_Africa - South_Africa Modem configuration
Spain - Spain Modem configuration
Sweden - Sweden Modem configuration
Switzerland - Switzerland Modem configuration
Syria - Syria Modem configuration
Taiwan - Taiwan Modem configuration
Thailand - Thailand Modem configuration
Trinidad - Trinidad Modem configuration
Tunisia - Tunisia Modem configuration
Turkey - Turkey Modem configuration
UAE - UAE Modem configuration
UK - UK Modem configuration
USA/Canada - USA/Canada Modem configuration
Uruguay - Uruguay Modem configuration
Venezuela - Venezuela Modem configuration
Yemen - Yemen Modem configuration

Usage Examples
The following example specifies to use the USA/Canada modem configuration.
(config)#modem countrycode USA/Canada

monitor session <number>

Use the monitor session command to configure a port mirroring session. Use the no form of this command
to remove a port mirroring session or to remove a source or destination interface. Variations of this
command include:
monitor session <number> destination interface <interface> no-isolate

monitor session <number> destination interface <interface> no-tag
monitor session <number> destination interface <interface> no-isolate no-tag
monitor session <number> destination interface <interface> no-tag no-isolate
monitor session <number> source interface <interface>
monitor session <number> source interface <interface> both
monitor session <number> source interface <interface> rx
monitor session <number> source interface <interface> tx
Syntax Description
<number> Selects the monitor session number (only one is allowed).
destination Selects the destination interface.
source Selects the source interface(s). A range of interfaces is allowed.
interface <interface> Specifies an interface in the format <interface type [slot/port |
dot11ap 1/1.1. Type monitor session <number> [destination | source]
interface ? for a complete list of valid interfaces.
both Optional. Monitors both transmitted and received traffic.
rx Optional. Monitors received traffic only.
tx Optional. Monitors transmitted traffic only.
no-tag Removes the virtual local area network (VLAN) tag that is normally
appended to mirrored traffic.
no-isolate Allows native traffic to continue to pass on the port set as the mirroring
session destination.
Default Values
By default, traffic is monitored in both directions. Also by default, the destination port is isolated from
passing native traffic.
Command History
Release 13.1 Command was expanded to include the no-isolate parameter.

Usage Examples
The following example sets Ethernet 0/1 as the destination interface and adds Ethernet 0/2, Ethernet 0/3,
and Ethernet 0/5 as source ports:
(config)#monitor session 1 destination interface eth 0/1

(config)#monitor session 1 source interface eth 0/2-3, eth 0/5
The following example sets gigabit switchport 0/1 as the destination interface and removes the VLAN tag:
(config)#monitor session 1 destination interface gigabit-switchport 0/1 no-tag
The following example sets switchport 0/1 as the source interface and monitors both transmitted and
received traffic:
(config)#monitor session 1 source interface switchport 0/1 both
The following example sets gigabit switchport 0/1, and switchport 0/2 through switchport 0/12 as source
interfaces and monitors only received traffic:
(config)#monitor session 1 source interface gigabit 0/1, eth 0/2-12 rx

name-server
Use the name-server command to designate an address for one or more name servers to use for
name-to-address domain naming server (DNS) resolution. This command can be applied to the default
virtual private network (VPN) routing and forwarding (VRF) instance or a specific VRF instance. Use the
no form of this command to remove an address. Variations of this command include:
name-server <ipv4 address>

name-server <ipv6 address>
name-server vrf <name> <ipv4 address>
name-server vrf <name> <ipv6 address>
Syntax Description
<ipv4 address> Specifies an Internet Protocol version 4 (IPv4) name server address. IPv4
addresses should be specified in dotted decimal notation (for example,
10.10.10.1).
<ipv6 address> Specifies an Internet Protocol version 6 (IPv6) name server address. IPv6
address should be expressed in colon hexadecimal format (X:X:X:X::X).
For example, 2001:DB8:1::1.
vrf <name> Optional. Specifies a nondefault VRF instance on which to add a name
server address. If no VRF instance is specified, the name server is added
on the default unnamed VRF instance.
Default Values
By default, no name servers are specified.
Command History
Release 18.3 Command was expanded to include IPv6 support for ADTRAN
Release R10.1.0 Command was expanded to include IPv6 support for ADTRAN voice
products.
Functional Notes
The addition of the server address occurs at the end of the IPv4 or IPv6 addresses in the server list. There
is no limit to the number of name server addresses that can be entered. Addresses added using this
command are combined with those learned dynamically, and if an IPv6 DNS name server is added, its
address is combined with those configured using IPv4 DNS.

Usage Examples
The following example specifies IPv4 host 172.34.1.111 as the primary name server and IPv4 host
172.34.1.2 as the secondary server:
(config)#name-server 172.34.1.111 172.34.1.2

network-forensics ip dhcp
Use the network-forensics ip dhcp command to enable passive monitoring of Dynamic Host
Configuration Protocol (DHCP) message exchanges between the server and the client. Using the no form
of this command disables network forensics.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Network forensics is an AOS feature that collects client information through DHCP messages sent
between clients connected to the network and the network server.
Once network forensics is enabled, the AOS unit begins collecting DHCP information. The collected data
can be viewed either by using the command show name-server on page 875 or debug network-forensics ip
dhcp on page 421 to view the information in realtime. For more information about network forensics, refer
to the Network Forensics in AOS troubleshooting guide available online at
Usage Examples
The following example enables the network forensics feature:
(config)#network-forensics ip dhcp

network-sync
Use the network-sync command to enable network synchronization (Network Sync) configuration and
enter the Network Sync Configuration mode. Use the no form of this command to remove Network Sync
configuration from the unit.
Syntax Description
No subcommands.
Default Values
By default, Network Sync is disabled.
Command History
Usage Examples
The following example enables Network Sync and enters the Network Sync Configuration mode:
(config)#network-sync
(config-ntwk-sync)#

no activchassis
Use the no activchassis command to disable ActivChassis and return the AOS device to a standalone
device.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Devices that are currently ActivChassis members can be restarted in standalone mode. To restart a device
in standalone mode, you must first disconnect the device from all other ActivChassis-enabled devices and
reboot the unit. The device attempts (and fails) to detect an ActivChassis, and successfully boots as a
standalone device. Once the device is disconnected from ActivChassis, and has been rebooted as a
standalone device, enter this command from the device’s local console. You must confirm that you want
the device configuration and mode to be altered. By confirming the action, the local manifest is updated
with indications that ActivChassis mode should be disabled at device boot. The startup configuration file is
backed up and then deleted, causing the configuration to return to default at the next boot. The device is
then rebooted and is in standalone mode.
Usage Examples
The following example disables ActivChassis and returns the device to standalone mode (after it has been
disconnected from the ActivChassis):
(config)#no activchassis

ntp ip access-class <ipv4 acl> in

Use the ntp ip access-class command to apply an Internet Protocol version 4 (IPv4) access control list
(ACL) to incoming connections on the IPv4 Network Time Protocol (NTP) server. Use the no form of this
command to remove the ACL from the NTP server. Variations of this command include:
ntp ip access-class <ipv4 acl> in

ntp ip access-class <ipv4 acl> in any-vrf
ntp ip access-class <ipv4 acl> in vrf <name>
Syntax Description
<ipv4 acl> Specifies the IPv4 ACL to apply to the IPv4 NTP server.
in Specifies that the ACL is applied to incoming connections.
any-vrf Optional. Specifies that incoming connections from any virtual routing and
forwarding (VRF) instance are allowed.
vrf <name> Optional. Specifies that incoming connections from the specified nondefault
VRF instance are allowed. If no VRF is specified, incoming connections
only from the default unnamed VRF instance are allowed.
Default Values
By default, no ACLs are applied to the NTP server.
Command History
Usage Examples
The following example applies the IPv4 ACL MYIPV4ACL to incoming connections on the default VRF
instance to the IPv4 NTP server:
(config)#ntp ip access-class MYIPV4ACL in

ntp ipv6 access-class <ipv6 acl> in

Use the ntp ipv6 access-class command to apply an Internet Protocol version 6 (IPv6) access control list
(ACL) to incoming connections on the IPv6 Network Time Protocol (NTP) server. Use the no form of this
command to remove the ACL from the NTP server. Variations of this command include:
ntp ipv6 access-class <ipv6 acl> in

ntp ipv6 access-class <ipv6 acl> in any-vrf
ntp ipv6 access-class <ipv6 acl> in vrf <name>
Syntax Description
<ipv6 acl> Specifies the IPv6 ACL to apply to the IPv6 NTP server.
in Specifies that the ACL is applied to incoming connections.
any-vrf Optional. Specifies that incoming connections from any virtual routing and
forwarding (VRF) instance are allowed.
vrf <name> Optional. Specifies that incoming connections from the specified nondefault
VRF instance are allowed. If no VRF is specified, incoming connections
only from the default unnamed VRF instance are allowed.
Default Values
By default, no ACLs are applied to the NTP server.
Command History
Usage Examples
The following example applies the IPv6 ACL MYIPV6ACL to incoming connections on the default VRF
instance to the IPv6 NTP server:
(config)#ntp ipv6 access-class MYIPV6ACL in

ntp master
Use the ntp master command to globally set the system as an authoritative Network Time Protocol (NTP)
server. Variations of this command include:
ntp master
ntp master <value>
Syntax Description
<value> Optional. Specify the stratum number. The valid range is 1 to 15. We
recommend not setting the stratum higher than 2.
Default Values
By default, the NTP server is not enabled.
Command History
Usage Examples
The following example enables the master NTP server:
(config)#ntp master

ntp max-associations <value>

Use the ntp max-associations command to set the maximum number of simultaneous Network Time
Protocol (NTP) associations allowed with other NTP clients or peers. Use the no form of this command to
Syntax Description
<value> Specify the maximum number of associations. The valid range is
1 to 4294967295.
Default Values
By default, the maximum associations is 100.
Command History
Usage Examples
The following example specifies the maximum associations of 250:
(config)#ntp max-associations 250

ntp peer <hostname | ipv4 address>

Use the ntp peer command to specify an Internet Protocol version 4 (IPv4) peer association with another
Network Time Protocol (NTP) system and configure its parameters. Any combination of peer associations
can be simultaneously configured. Specifying the virtual routing and forwarding (VRF) instance using the
vrf <name> keyword applies the association to the named VRF instance. Omitting the vrf <name>
keyword applies the association to the default unnamed VRF. Use the no form of this command to return
to the default setting. Variations of this command include:

ntp peer <hostname | ipv4 address> maxpoll <value>
ntp peer <hostname | ipv4 address> minpoll <value>
ntp peer <hostname | ipv4 address> normal-sync
ntp peer <hostname | ipv4 address> prefer
ntp peer <hostname | ipv4 address> source <interface>
ntp peer <hostname | ipv4 address> version
ntp peer <hostname | ipv4 address> efm-group <group id> maxpoll <value>
ntp peer <hostname | ipv4 address> efm-group <group id> minpoll <value>
ntp peer <hostname | ipv4 address> efm-group <group id> normal-sync
ntp peer <hostname | ipv4 address> efm-group <group id> prefer
ntp peer <hostname | ipv4 address> efm-group <group id> source <interface>
ntp peer <hostname | ipv4 address> efm-group <group id> source <interface> maxpoll <value>
ntp peer <hostname | ipv4 address> efm-group <group id> version
ntp peer <hostname | ipv4 address> efm-group <group id> version maxpoll <value>
ntp peer <hostname | ipv4 address> mef-ethernet <slot/port>

ntp peer <hostname | ipv4 address> mef-ethernet <slot/port> maxpoll <value>
ntp peer <hostname | ipv4 address> mef-ethernet <slot/port> minpoll <value>
ntp peer <hostname | ipv4 address> mef-ethernet <slot/port> normal-sync
ntp peer <hostname | ipv4 address> mef-ethernet <slot/port> prefer
ntp peer <hostname | ipv4 address> mef-ethernet <slot/port> source <interface>
ntp peer <hostname | ipv4 address> mef-ethernet <slot/port> source <interface> maxpoll <value>
ntp peer <hostname | ipv4 address> mef-ethernet <slot/port> version
ntp peer <hostname | ipv4 address> mef-ethernet <slot/port> version maxpoll <value>
ntp peer <hostname | ipv4 address> system-control-evc

ntp peer <hostname | ipv4 address> system-control-evc maxpoll <value>
ntp peer <hostname | ipv4 address> system-control-evc minpoll <value>
ntp peer <hostname | ipv4 address> system-control-evc normal-sync
ntp peer <hostname | ipv4 address> system-control-evc prefer
ntp peer <hostname | ipv4 address> system-control-evc source <interface>
ntp peer <hostname | ipv4 address> system-control-evc source <interface> maxpoll <value>
ntp peer <hostname | ipv4 address> system-control-evc version
ntp peer <hostname | ipv4 address> system-control-evc version maxpoll <value>
ntp peer <hostname | ipv4 address> system-management-evc

ntp peer <hostname | ipv4 address> system-management-evc maxpoll <value>

ntp peer <hostname | ipv4 address> system-management-evc minpoll <value>
ntp peer <hostname | ipv4 address> system-management-evc normal-sync
ntp peer <hostname | ipv4 address> system-management-evc prefer
ntp peer <hostname | ipv4 address> system-management-evc source <interface>
ntp peer <hostname | ipv4 address> system-management-evc source <interface> maxpoll <value>
ntp peer <hostname | ipv4 address> system-management-evc version
ntp peer <hostname | ipv4 address> system-management-evc version maxpoll <value>
ntp peer vrf <name> <hostname | ipv4 address>

ntp peer vrf <name> <hostname | ipv4 address> maxpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> minpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> normal-sync
ntp peer vrf <name> <hostname | ipv4 address> prefer
ntp peer vrf <name> <hostname | ipv4 address> source <interface>
ntp peer vrf <name> <hostname | ipv4 address> version
ntp peer vrf <name> <hostname | ipv4 address> efm-group <group id>
ntp peer vrf <name> <hostname | ipv4 address> efm-group <group id> maxpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> efm-group <group id> minpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> efm-group <group id> normal-sync
ntp peer vrf <name> <hostname | ipv4 address> efm-group <group id> prefer
ntp peer vrf <name> <hostname | ipv4 address> efm-group <group id> source <interface>
ntp peer vrf <name> <hostname | ipv4 address> efm-group <group id> source <interface> maxpoll
<value>
ntp peer vrf <name> <hostname | ipv4 address> efm-group <group id> version
ntp peer vrf <name> <hostname | ipv4 address> efm-group <group id> version maxpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port>

ntp peer vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> maxpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> minpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> normal-sync
ntp peer vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> prefer
ntp peer vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> source <interface>
ntp peer vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> source <interface>
maxpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> version
ntp peer vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> version maxpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> system-control-evc

ntp peer vrf <name> <hostname | ipv4 address> system-control-evc maxpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> system-control-evc minpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> system-control-evc normal-sync
ntp peer vrf <name> <hostname | ipv4 address> system-control-evc prefer
ntp peer vrf <name> <hostname | ipv4 address> system-control-evc source <interface>

maxpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> system-control-evc version
ntp peer vrf <name> <hostname | ipv4 address> system-control-evc version maxpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> system-management-evc

ntp peer vrf <name> <hostname | ipv4 address> system-management-evc maxpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> system-management-evc minpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> system-management-evc normal-sync
ntp peer vrf <name> <hostname | ipv4 address> system-management-evc prefer
ntp peer vrf <name> <hostname | ipv4 address> system-management-evc source <interface>
maxpoll <value>
ntp peer vrf <name> <hostname | ipv4 address> system-management-evc version
ntp peer vrf <name> <hostname | ipv4 address> system-management-evc version maxpoll <value>
Syntax Description
<hostname | ipv4 address> Specify the host name or IPv4 address of the NTP server. IP addresses
maxpoll <value> Optional. Specifies the maximum polling interval for NTP packets, in
seconds as a power of two. The allowable range is 4 to 17. For example,
setting the maxpoll to 10 would indicate a maximum polling interval of 1024
seconds. Refer to the fuctional notes of this command for more information.
minpoll <value> Optional. Specifies the minimum polling interval for NTP packets, in
setting the minpoll to 6 would indicate a minimum polling interval of 64
seconds. Refer to the Functional Notes for more information.
normal-sync Optional. Disables the rapid synchronization feature.
prefer Optional. Specifies the preference of using the specified server above all
other configured NTP servers.
source <interface> Optional. Specifies the source interface (physical or virtual) to use for the
peer. Specify an interface in the format <interface type [slot/port |
use ppp 1; and for an ATM subinterface, use atm 1.1. Type ntp peer
<name> source ? for a list of valid interfaces.
cannot be deleted.
version Specifies the version number for outgoing NTP packets. Valid range
is 2 to 4.

vrf <name> Specifies the name of the VRF to which to assign the association. If no VRF
is specified, the association is applied to the default unnamed VRF.
Default Values
By default, the ntp peer is not set. Once enabled, the default version is 4, the default minpoll interval is 6
(64 seconds) and the default maxpoll interval is 10 (1024 seconds).
Command History
Release 17.6 Command was expanded to include maxpoll and minpoll parameters.
Ethernet interface.
Release R10.1.0 Command was expanded to include the bridged virtual interface (BVI).
Release R11.2.0 Command was expanded to include Ethernet in the first mile (EFM) group
parameter.
interface.
Functional Notes
The IPv4 ntp peer command can be executed with any combination of the following parameters:
maxpoll <value>
minpoll <value>
normal-sync
prefer
source <interface>
version
For example, the normal-sync and source <interface> parameters can be used in conjunction with one
another. In this case, the command would look like this:
#ntp peer 10.10.10.1 normal-sync source ppp 1
These parameters can be combined in any order to obtain the desired configuration.
In order to determine the appropriate value to enter for maxpoll or minpoll, use the following formula:
2n where n = <value>. For example, to set the minimum polling interval to 64 seconds, you would enter 6
as the minpoll value. This corresponds to 26 in the formula, or 2x2x2x2x2x2, which equals 64 seconds.

Usage Examples
The following example defines 10.10.10.1 as the IPv4 NTP peer:
(config)#ntp peer 10.10.10.1
The following example creates an IPv4 peer association with 10.10.10.1 and sets the maximum polling
interval of 64 seconds:
(config)#ntp peer 10.10.10.1 maxpoll 6


Use the ntp peer command to enable Network Time Protocol (NTP), and specify an Internet Protocol
version 6 (IPv6) peer association with another NTP system and configure the association’s parameters.
Any combination of peer associations can be simultaneously configured. Specifying the virtual routing and
forwarding (VRF) instance using the vrf <name> keyword applies the association to the named VRF
instance. Omitting the vrf <name> keyword applies the association to the default unnamed VRF. Use the

ntp peer <hostname | ipv6 address> maxpoll <value>
ntp peer <hostname | ipv6 address> minpoll <value>
ntp peer <hostname | ipv6 address> normal-sync
ntp peer <hostname | ipv6 address> prefer
ntp peer <hostname | ipv6 address> source <interface>
ntp peer <hostname | ipv6 address> version
ntp peer <hostname | ipv6 address> <interface>

ntp peer <hostname | ipv6 address> <interface> maxpoll <value>
ntp peer <hostname | ipv6 address> <interface> minpoll <value>
ntp peer <hostname | ipv6 address> <interface> normal-sync
ntp peer <hostname | ipv6 address> <interface> prefer
ntp peer <hostname | ipv6 address> <interface> source <interface>
ntp peer <hostname | ipv6 address> <interface> version
ntp peer <hostname | ipv6 address> system-control-evc

ntp peer <hostname | ipv6 address> system-control-evc maxpoll <value>
ntp peer <hostname | ipv6 address> system-control-evc minpoll <value>
ntp peer <hostname | ipv6 address> system-control-evc normal-sync
ntp peer <hostname | ipv6 address> system-control-evc prefer
ntp peer <hostname | ipv6 address> system-control-evc source <interface>
ntp peer <hostname | ipv6 address> system-control-evc source <interface> maxpoll <value>
ntp peer <hostname | ipv6 address> system-control-evc version
ntp peer <hostname | ipv6 address> system-control-evc version maxpoll <value>
ntp peer <hostname | ipv6 address> system-management-evc

ntp peer <hostname | ipv6 address> system-management-evc maxpoll <value>
ntp peer <hostname | ipv6 address> system-management-evc minpoll <value>
ntp peer <hostname | ipv6 address> system-management-evc normal-sync
ntp peer <hostname | ipv6 address> system-management-evc prefer
ntp peer <hostname | ipv6 address> system-management-evc source <interface>
ntp peer <hostname | ipv6 address> system-management-evc source <interface> maxpoll <value>
ntp peer <hostname | ipv6 address> system-management-evc version
ntp peer <hostname | ipv6 address> system-management-evc version maxpoll <value>
ntp peer vrf <name> <hostname | ipv6 address>

ntp peer vrf <name> <hostname | ipv6 address> maxpoll <value>

ntp peer vrf <name> <hostname | ipv6 address> minpoll <value>

ntp peer vrf <name> <hostname | ipv6 address> normal-sync
ntp peer vrf <name> <hostname | ipv6 address> prefer
ntp peer vrf <name> <hostname | ipv6 address> source <interface>
ntp peer vrf <name> <hostname | ipv6 address> version
ntp peer vrf <name> <hostname | ipv6 address> <interface>

ntp peer vrf <name> <hostname | ipv6 address> <interface> maxpoll <value>
ntp peer vrf <name> <hostname | ipv6 address> <interface> minpoll <value>
ntp peer vrf <name> <hostname | ipv6 address> <interface> normal-sync
ntp peer vrf <name> <hostname | ipv6 address> <interface> prefer
ntp peer vrf <name> <hostname | ipv6 address> <interface> source <interface>
ntp peer vrf <name> <hostname | ipv6 address> <interface> version
ntp peer vrf <name> <hostname | ipv6 address> system-control-evc

ntp peer vrf <name> <hostname | ipv6 address> system-control-evc maxpoll <value>
ntp peer vrf <name> <hostname | ipv6 address> system-control-evc minpoll <value>
ntp peer vrf <name> <hostname | ipv6 address> system-control-evc normal-sync
ntp peer vrf <name> <hostname | ipv6 address> system-control-evc prefer
ntp peer vrf <name> <hostname | ipv6 address> system-control-evc source <interface> maxpoll
<value>
ntp peer vrf <name> <hostname | ipv6 address> system-control-evc version
ntp peer vrf <name> <hostname | ipv6 address> system-control-evc version maxpoll <value>
ntp peer vrf <name> <hostname | ipv6 address> system-management-evc

ntp peer vrf <name> <hostname | ipv6 address> system-management-evc maxpoll <value>
ntp peer vrf <name> <hostname | ipv6 address> system-management-evc minpoll <value>
ntp peer vrf <name> <hostname | ipv6 address> system-management-evc normal-sync
ntp peer vrf <name> <hostname | ipv6 address> system-management-evc prefer
ntp peer vrf <name> <hostname | ipv6 address> system-management-evc source <interface> maxpoll
<value>
ntp peer vrf <name> <hostname | ipv6 address> system-management-evc version
ntp peer vrf <name> <hostname | ipv6 address> system-management-evc version maxpoll <value>
Syntax Description
<hostname | ipv6 address> Specify the host name or IPv6 address of the NTP server. IPv6 addresses
should be expressed in colon hexadecimal format (X:X:X:X::X), for
example, 2001:DB8:1::1.

<interface> Specifies which interface NTP should use to send NTP requests. This
option is only available when a link-local IPv6 address is used for the NTP
peer, and it must be specified. Specify an interface in the format <interface
id.subinterface id]>. For example, for an Ethernet subinterface, use eth
0/1.1; for a PPP interface, use ppp 1; and for an ATM subinterface, use atm
1.1. Type ntp peer <name> source ? for a list of valid interfaces.
setting the maxpoll to 10 would indicate a maximum polling interval of 1024
seconds. Refer to the the Functional Notes for more information.
setting the minpoll to 6 would indicate a minimum polling interval of 64
seconds. Refer to the the Functional Notes for more information.
normal-sync Optional. Disables the rapid synchronization feature.
prefer Optional. Specifies the preference of using the specified peer above all
peer. Specify an interface in the format <interface type [slot/port |
use ppp 1; and for an ATM subinterface, use atm 1.1. Type ntp peer
cannot be deleted.
version Specifies the version number for outgoing NTP packets. Valid range
is 2 to 4.
Default Values
By default, the IPv6 ntp peer is not set. Once enabled, the default version is 4, the default minpoll interval
is 6 (64 seconds) and the default maxpoll interval is 10 (1024 seconds).
Command History

Release R13.7.0 Command was expanded to include the Gigabit Ethernet and virtual loacl
Functional Notes
The IPv6 ntp peer command can be executed with any combination of the following parameters:
maxpoll <value>
minpoll <value>
normal-sync
prefer
source <interface>
version
For example, the normal-sync and source <interface> parameters can be used in conjunction with one
another. In this case, the command would look like this:
#ntp peer fe80::2 vlan 1 normal-sync source ppp 1
Usage Examples
The following example defines fe80::2 vlan 1 as the IPv6 NTP peer:
(config)#ntp peer fe80::2 vlan 1
The following example creates an IPv6 peer association with 2001:DB8:1::1 and sets the maximum
polling interval of 64 seconds:
(config)#ntp peer 2001:DB8:1::1 maxpoll 6

ntp server <hostname | ipv4 address>

Use the ntp server command to specify an Internet Protocol version 4 (IPv4) server association with
another Network Time Protocol (NTP) system and configure its parameters. Any combination of server
associations can be simultaneously configured. Specifying the virtual routing and forwarding (VRF)
instance using the vrf <name> keyword applies the association to the named VRF instance. Omitting the
vrf <name> keyword applies the association to the default unnamed VRF. Use the no form of this

ntp server <hostname | ipv4 address> maxpoll <value>
ntp server <hostname | ipv4 address> minpoll <value>
ntp server <hostname | ipv4 address> prefer
ntp server <hostname | ipv4 address> source <interface>
ntp server <hostname | ipv4 address> version <number>
ntp server <hostname | ipv4 address> efm-group <group id>

ntp server <hostname | ipv4 address> efm-group <group id> maxpoll <value>
ntp server <hostname | ipv4 address> efm-group <group id> minpoll <value>
ntp server <hostname | ipv4 address> efm-group <group id> prefer
ntp server <hostname | ipv4 address> efm-group <group id> source <interface>
ntp server <hostname | ipv4 address> efm-group <group id> source <interface> maxpoll <value>
ntp server <hostname | ipv4 address> efm-group <group id> version
ntp server <hostname | ipv4 address> efm-group <group id> version maxpoll <value>
ntp server <hostname | ipv4 address> mef-ethernet <slot/port>

ntp server <hostname | ipv4 address> mef-ethernet <slot/port> maxpoll <value>
ntp server <hostname | ipv4 address> mef-ethernet <slot/port> minpoll <value>
ntp server <hostname | ipv4 address> mef-ethernet <slot/port> normal-sync
ntp server <hostname | ipv4 address> mef-ethernet <slot/port> prefer
ntp server <hostname | ipv4 address> mef-ethernet <slot/port> source <interface>
ntp server <hostname | ipv4 address> mef-ethernet <slot/port> source <interface> maxpoll <value>
ntp server <hostname | ipv4 address> mef-ethernet <slot/port> version
ntp server <hostname | ipv4 address> mef-ethernet <slot/port> version maxpoll <value>
ntp server <hostname | ipv4 address> system-control-evc

ntp server <hostname | ipv4 address> system-control-evc maxpoll <value>
ntp server <hostname | ipv4 address> system-control-evc minpoll <value>
ntp server <hostname | ipv4 address> system-control-evc normal-sync
ntp server <hostname | ipv4 address> system-control-evc prefer
ntp server <hostname | ipv4 address> system-control-evc source <interface>
ntp server <hostname | ipv4 address> system-control-evc source <interface> maxpoll <value>
ntp server <hostname | ipv4 address> system-control-evc version
ntp server <hostname | ipv4 address> system-control-evc version maxpoll <value>
ntp server <hostname | ipv4 address> system-management-evc

ntp server <hostname | ipv4 address> system-management-evc maxpoll <value>

ntp server <hostname | ipv4 address> system-management-evc minpoll <value>

ntp server <hostname | ipv4 address> system-management-evc prefer
ntp server <hostname | ipv4 address> system-management-evc source <interface>
ntp server <hostname | ipv4 address> system-management-evc source <interface> maxpoll <value>
ntp server <hostname | ipv4 address> system-management-evc version
ntp server <hostname | ipv4 address> system-management-evc version maxpoll <value>
ntp server vrf <name> <hostname | ipv4 address>

ntp server vrf <name> <hostname | ipv4 address> maxpoll <value>
ntp server vrf <name> <hostname | ipv4 address> minpoll <value>
ntp server vrf <name> <hostname | ipv4 address> prefer
ntp server vrf <name> <hostname | ipv4 address> source <interface>
ntp server vrf <name> <hostname | ipv4 address> version <number>
ntp server vrf <name> <hostname | ipv4 address> efm-group <group id>
ntp server vrf <name> <hostname | ipv4 address> efm-group <group id> maxpoll <value>
ntp server vrf <name> <hostname | ipv4 address> efm-group <group id> minpoll <value>
ntp server vrf <name> <hostname | ipv4 address> efm-group <group id> prefer
ntp server vrf <name> <hostname | ipv4 address> efm-group <group id> source <interface>
ntp server vrf <name> <hostname | ipv4 address> efm-group <group id> source <interface> maxpoll
<value>
ntp server vrf <name> <hostname | ipv4 address> efm-group <group id> version <number>
ntp server vrf <name> <hostname | ipv4 address> efm-group <group id> version <number> maxpoll
<value>
ntp server vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port>

ntp server vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> maxpoll <value>
ntp server vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> minpoll <value>
ntp server vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> prefer
ntp server vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> source <interface>
ntp server vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> source <interface>
maxpoll <value>
ntp server vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> version
ntp server vrf <name> <hostname | ipv4 address> mef-ethernet <slot/port> version maxpoll <value>
ntp server vrf <name> <hostname | ipv4 address> system-control-evc

ntp server vrf <name> <hostname | ipv4 address> system-control-evc maxpoll <value>
ntp server vrf <name> <hostname | ipv4 address> system-control-evc minpoll <value>
ntp server vrf <name> <hostname | ipv4 address> system-control-evc prefer
ntp server vrf <name> <hostname | ipv4 address> system-control-evc source <interface>
ntp server vrf <name> <hostname | ipv4 address> system-control-evc source <interface> maxpoll
<value>
ntp server vrf <name> <hostname | ipv4 address> system-control-evc version
ntp server vrf <name> <hostname | ipv4 address> system-control-evc version maxpoll <value>
ntp server vrf <name> <hostname | ipv4 address> system-management-evc

ntp server vrf <name> <hostname | ipv4 address> system-management-evc maxpoll <value>
ntp server vrf <name> <hostname | ipv4 address> system-management-evc minpoll <value>
ntp server vrf <name> <hostname | ipv4 address> system-management-evc prefer
ntp server vrf <name> <hostname | ipv4 address> system-management-evc source <interface>
maxpoll <value>
ntp server vrf <name> <hostname | ipv4 address> system-management-evc version
ntp server vrf <name> <hostname | ipv4 address> system-management-evc version maxpoll <value>
Syntax Description
<hostname | ipv4 address> Specify the host name or IPv4 address of the NTP server. IP addresses
setting the maxpoll to 10 would indicate a maximum polling interval of
1024 seconds. Refer to the the Functional Notes for more information.
setting the minpoll to 6 would indicate a minimum polling interval of
server. Specify an interface in the format <interface type [slot/port |
use ppp 1; and for an ATM subinterface, use atm 1.1. Enter ntp server
cannot be deleted.
version <number> Specifies the version number for outgoing NTP packets.
Default Values
By default, the IPv6 ntp server is not set. Once enabled, the default version is 4, the default minpoll
interval is 6 (64 seconds) and the default maxpoll interval is 10 (1024 seconds).

Command History
Release 17.6 Command was expanded to include maxpoll and minpoll parameters.
Ethernet interface.
Release R10.1.0 Command was expanded to include the bridged virtual interface (BVI).
Release R11.2.0 Command was expanded to include Ethernet in the first mile (EFM) group
parameter.
Functional Notes
The IPv4 ntp server command can be executed with any combination of the following parameters:
maxpoll <value>
minpoll <value>
prefer
source <interface>
version
For example, the prefer and source <interface> parameters can be used in conjunction with one another.
In this case, the command would look like this:
#ntp server 10.10.10.1 prefer source ppp 1
Usage Examples
The following example defines 10.10.10.1 as the preferred IPv4 NTP server:
(config)#ntp server 10.10.10.1 prefer

The following example associates the IPv4 NTP server 10.10.10.1 and sets the minimum polling interval of
256 seconds:
(config)#ntp server 10.10.10.1 maxpoll 8


Use the ntp server command to specify an Internet Protocol version 6 (IPv6) server association with
another Network Time Protocol (NTP) system and configure the association’s parameters. Any
combination of server associations can be simultaneously configured. Specifying the virtual routing and
forwarding (VRF) instance using the vrf <name> keyword applies the association to the named VRF
instance. Omitting the vrf <name> keyword applies the association to the default unnamed VRF. Use the

ntp server <hostname | ipv6 address> maxpoll <value>
ntp server <hostname | ipv6 address> minpoll <value>
ntp server <hostname | ipv6 address> prefer
ntp server <hostname | ipv6 address> source <interface>
ntp server <hostname | ipv6 address> version <number>
ntp server <hostname | ipv6 address> system-control-evc

ntp server <hostname | ipv6 address> system-control-evc maxpoll <value>
ntp server <hostname | ipv6 address> system-control-evc minpoll <value>
ntp server <hostname | ipv6 address> system-control-evc normal-sync
ntp server <hostname | ipv6 address> system-control-evc prefer
ntp server <hostname | ipv6 address> system-control-evc source <interface>
ntp server <hostname | ipv6 address> system-control-evc source <interface> maxpoll <value>
ntp server <hostname | ipv6 address> system-control-evc version
ntp server <hostname | ipv6 address> system-control-evc version maxpoll <value>
ntp server <hostname | ipv6 address> system-management-evc

ntp server <hostname | ipv6 address> system-management-evc maxpoll <value>
ntp server <hostname | ipv6 address> system-management-evc minpoll <value>
ntp server <hostname | ipv6 address> system-management-evc prefer
ntp server <hostname | ipv6 address> system-management-evc source <interface>
ntp server <hostname | ipv6 address> system-management-evc source <interface> maxpoll <value>
ntp server <hostname | ipv6 address> system-management-evc version
ntp server <hostname | ipv6 address> system-management-evc version maxpoll <value>
ntp server <hostname | ipv6 address> <interface>

ntp server <hostname | ipv6 address> <interface> maxpoll <value>
ntp server <hostname | ipv6 address> <interface> minpoll <value>
ntp server <hostname | ipv6 address> <interface> prefer
ntp server <hostname | ipv6 address> <interface> source <interface>
ntp server <hostname | ipv6 address> <interface> version <number>
ntp server vrf <name> <hostname | ipv6 address>

ntp server vrf <name> <hostname | ipv6 address> maxpoll <value>
ntp server vrf <name> <hostname | ipv6 address> minpoll <value>
ntp server vrf <name> <hostname | ipv6 address> prefer
ntp server vrf <name> <hostname | ipv6 address> source <interface>

ntp server vrf <name> <hostname | ipv6 address> version <number>
ntp server vrf <name> <hostname | ipv6 address> <interface>

ntp server vrf <name> <hostname | ipv6 address> <interface> maxpoll <value>
ntp server vrf <name> <hostname | ipv6 address> <interface> minpoll <value>
ntp server vrf <name> <hostname | ipv6 address> <interface> prefer
ntp server vrf <name> <hostname | ipv6 address> <interface> source <interface>
ntp server vrf <name> <hostname | ipv6 address> <interface> version <number>
ntp server vrf <name> <hostname | ipv6 address> system-control-evc

ntp server vrf <name> <hostname | ipv6 address> system-control-evc maxpoll <value>
ntp server vrf <name> <hostname | ipv6 address> system-control-evc minpoll <value>
ntp server vrf <name> <hostname | ipv6 address> system-control-evc prefer
ntp server vrf <name> <hostname | ipv6 address> system-control-evc source <interface>
ntp server vrf <name> <hostname | ipv6 address> system-control-evc source <interface> maxpoll
<value>
ntp server vrf <name> <hostname | ipv6 address> system-control-evc version
ntp server vrf <name> <hostname | ipv6 address> system-control-evc version maxpoll <value>
ntp server vrf <name> <hostname | ipv6 address> system-management-evc

ntp server vrf <name> <hostname | ipv6 address> system-management-evc maxpoll <value>
ntp server vrf <name> <hostname | ipv6 address> system-management-evc minpoll <value>
ntp server vrf <name> <hostname | ipv6 address> system-management-evc prefer
maxpoll <value>
ntp server vrf <name> <hostname | ipv6 address> system-management-evc version
Syntax Description
<hostname | ipv6 address> Specify the host name or IPv6 address of the NTP server. IPv6 addresses
should be expressed in colon hexadecimal format (X:X:X:X::X), for
example, 2001:DB8:1::1.
<interface> Specifies which interface NTP should use to send NTP requests. This
option is only available when a link-local IPv6 address is used for the NTP
peer, and it must be specified. Specify an interface in the format <interface
id.subinterface id]>. For example, for an Ethernet subinterface, use eth
0/1.1; for a PPP interface, use ppp 1; and for an ATM subinterface, use atm
1.1. Type ntp peer <name> source ? for a list of valid interfaces.
setting the maxpoll to 10 would indicate a maximum polling interval of

setting the minpoll to 6 would indicate a minimum polling interval of
server. Specify an interface in the format <interface type [slot/port |
use ppp 1; and for an ATM subinterface, use atm 1.1. Enter ntp server
cannot be deleted.
version <number> Specifies the version number for outgoing NTP packets.
Default Values
By default, the ntp server is not set. Once enabled, the default version is 4, the default minpoll interval is
6 (64 seconds) and the default maxpoll interval is 10 (1024 seconds).
Command History
Functional Notes
The IPv6 ntp server command can be executed with any combination of the following parameters:
maxpoll <value>
minpoll <value>
prefer
source <interface>
version
For example, the prefer and source <interface> parameters can be used in conjunction with one another.
In this case, the command would look like this:
#ntp server 10.10.10.1 prefer source ppp 1

Usage Examples
The following example defines fe80::2 vlan 1 as the preferred IPv6 NTP server:
(config)#ntp server fe80::2 vlan 1 prefer
The following example associates the IPv6 NTP server 2001:DB8:1::1 and sets the minimum polling
interval of 256 seconds:
(config)#ntp server 2001:DB8:1::1 maxpoll 8

ntp source <interface>

Use the ntp source command to specify the source interface for the Network Time Protocol (NTP)
packets. Specifying the virtual routing and forwarding (VRF) instance using the vrf <name> keyword
applies the association to the named VRF instance. Omitting the vrf <name> keyword applies the
association to the default unnamed VRF. Use the no form of this command to return to the default setting.
ntp source <interface>

ntp vrf <name> source <interface>
Syntax Description
<interface> Specifies the source interface (physical or virtual) to use for the server.
atm 1.1. Enter ntp source ? for a list of valid interfaces.
Default Values
By default, the NTP source interface is not set.
Command History
Ethernet interface.
Functional Notes
Usage Examples
The following example defines NTP source interface as ppp 1:
(config)#ntp source ppp 1

ntp update-rtc
Use the ntp update-rtc command to specify periodically updating the clock in real time. Use the no form
of this command to return to the default setting.
Syntax Description
No subcommands.
Default Values
By default, the Network Time Protocol (NTP) is disabled.
Command History
Usage Examples
The following example sets the clock to periodically update the timing:
(config)#ntp update-rtc

over-temperature protection
Use the over-temperature protection command to enter the Over-Temperature Protection Configuration
mode, from which to configure the over temperature protection feature. Additional commands are
available for configuring this feature and are explained in Over-Temperature Protection Command Set on
page 4431.
Syntax Description
No subcommands.
Default Values
By default, the over-temperature protection mode is disabled.
Command History
Functional Notes
For more information regarding over-temperature protection configuration, refer to the Over-Temperature
Protection Command Set on page 4431.
Usage Examples
The following example enters the Over-Temperature Protection Configuration mode:
(config)#over-temperature protection
(config-over-temp-protection)#

packet-capture <name>
Use the packet-capture command to create a packet-capture on the AOS device and enter the
packet-capture’s configuration mode. Packet-captures are used with network monitoring on interfaces to
effectively capture data packets as they traverse the network. Use the no form of this command to remove
the packet-capture. Variations of this command include:
packet-capture <name> standard

packet-capture <name> sip
Syntax Description
<name> Specifies the name of the packet-capture. Names can be between 1 and 32
characters in length.
standard Specifies that all ingress and egress Internet Protocol version 4 (IPv4)
packets are captured.
sip Specifies that all ingress and egress User Datagram Protocol (UDP)
packets that are related to Session Initiation Protocol (SIP) messages are
captured.
Default Values
By default, no packet-captures are configured.
Command History
Functional Notes
The AOS packet capture feature is used with network monitoring to effectively capture data packets as
they traverse the network. As data packets pass through an interface on which the packet capturing
feature is enabled, a packet-capture monitors the traffic and captures the header and payload of specified
packets as they pass through. The captured packets are then exported and stored in either flash memory
or CompactFlash storage, and can then be reviewed to determine the cause of network problems, identify
security threats, and to maintain efficient data transmission over the network. For more information about
the configuration and use of packet capturing, refer to Packet Capture Command Set on page 4435 or the
configuration guide Configuring Packet Capture in AOS, available online at
Usage Examples
The following example creates the standard packet-capture 7CAPTURE and enters the packet-capture
configuration mode:
(config)#packet-capture 7CAPTURE standard

(config-packet-capture-7CAPTURE)#

policer <name>
Use the policer command to create a Layer 2/Layer 3 Ethernet virtual connection (EVC) policer policy and
enter the Layer2/Layer 3 EVC Policer Policy Configuration mode. The EVC policer policy limits the
amount of traffic outbound from the AOS unit to the Metro Ethernet network (MEN). Using the no form of
this command removes the EVC policer policy from the AOS unit’s configuration. Variations of this
command include:
policer <name>
policer <name> <slot>
Syntax Description
<name> Specifies the name of the EVC policer policy.
<slot> Optional. Identifies the slot on which to apply the EVC policer policy.
Default Values
By default, no EVC policer policies are configured.
Command History
Functional Notes
The EVC policer policy can limit traffic on EVCs, user network interfaces (UNIs), or EVC maps based on
traffic committed burst size (CBS), committed information rate (CIR), excess burst size (EBS), and excess
information rate (EIR). These thresholds are used to determine when the EVC bandwidth usage is too
great, and the traffic is either queued or dropped based on the configured thresholds. For more information
about the configuration and use of EVC policer policies, refer to MEF Policer Policy Command Set on page
3669.
Usage Examples
The following example creates the EVC policer policy Policy1 and enters the Layer 2/Layer 3 EVC Policer
Policy Configuration mode:
(config)#policer Policer1
(config-policer Policer1)#

policy-class max-sessions <number>

Use the policy-class max-sessions command to specify the maximum number of allowed policy sessions
in the AOS product for both Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6)
combined. This command sets the maximum session limit for ALL access control policies (ACPs) on the
AOS unit. To set the maximum number of policy sessions only for IPv4, use the command ip policy-class
<ipv4 acp name> max-sessions <number> on page 1429. To set the maximum number of policy sessions
only for IPv6, use the command ipv6 policy-class <ipv6 acp name> max-sessions <number> on page
1542. Use the no form of this command to return to the default value.
Syntax Description
<number> Specifies the number of allowed ACP sessions. Valid range is 1 to a value
based on the amount of RAM in the AOS unit (refer to Default Values
below).
Default Values
By default, the maximum IPv4 and IPv6 ACP sessions allowed are based on the amount of RAM in the
AOS unit. The following table outlines the default values based on RAM:
RAM Amount Default Max Sessions
64 MB 10000
128 MB 30000
256 MB 80000
512 MB 200000
768 MB 300000
1 GB 450000
Command History
Usage Examples
The following example sets the maximum number of ACP sessions allowed in the AOS unit (for both IPv4
and IPv6 ACP sessions) to 250000:
(config)#policy-class max-sessions 250000

portal-list <name> <portal1 portal2 portal3...>

Use the portal-list command to create a portal list to associate with a local user name. Use the command
username <username> password <password> on page 1872 to assign this portal list to an previously
configured user name. Use the no form of this command to remove the portal list.
Entering this command with the same name, but a different portal list will overwrite the
original portal list.
Syntax Description
<name> Specifies the name of the portal list (maximum of 80 characters).
<portal> Specifies the portals assigned to this portal list. The list can contain any
combination of the portals listed below:
console Allows the list holder to access the unit via the console.
ftp Allows the list holder to access the unit via File Transfer Protocol (FTP).
http-admin Allows the list holder to view the configuration and statistics via Hypertext
Transfer Protocol (HTTP).
ssh Allows the list holder to access the unit via secure shell (SSH).
telnet Allows the list holder to access the unit via Telnet.
Default Values
By default, no portal lists are defined.
Command History
Functional Notes
The same portal list can be assigned to multiple user names. Once the list is assigned to the user name,
that user name can only authenticate the portals in the list. If a list is not assigned to a user name, that user
name can be used with any portal that is set for local login.
Usage Examples
The following example assigns the console, telnet, and ssh portals the portal list engineers:
(config)#portal-list engineers console telnet ssh

port-auth default
Use the port-auth default command to set all global port-authentication settings to their default states.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example sets all global port-authentication settings to their default states:
(config)#port-auth default

port-auth max-req <number>

Use the port-auth max-req command to specify the maximum number of identity requests the
authenticator will transmit before restarting the authentication process. Use the no form of this command
to return to the default setting.
Syntax Description
<number> Specifies the maximum number of authentication requests.
Default Values
By default, the maximum number of authentication requests is set at 2.
Command History
Usage Examples
The following example sets the maximum number of authentication requests at 4:
(config)#port-auth max-req 4

port-auth re-authentication
Use the port-auth re-authentication command to enable re-authentication. Use the no form of this
Syntax Description
No subcommands.
Default Values
By default, re-authentication is disabled.
Command History
Usage Examples
The following example enables re-authentication:
(config)#port-auth re-authentication

port-auth supplicant
Use the port-auth supplicant command to enable the port-authentication supplicant mode feature and to
enter the Port-Authentication Supplicant Configuration mode. Use the no form of this command to remove
the supplicant mode parameters. Variations of this command include:
port-auth supplicant
port-auth supplicant username <username> password <password>
Syntax Description
supplicant Specifies that port authentication is in supplicant mode.
username <username> Specifies the user name used for supplicant authentication.
password <password> Specifies the password used for supplicant authentication.
Default Values
By default, port authentication and port authentication supplicant mode is disabled.
Command History
Functional Notes
The supplicant user name and password can be stored in the port and set in the session if it exists. This
allows for the user name and password to be set before the supplicant functionality is enabled.
Usage Examples
The following example sets the user name of admin and the password of password for supplicant mode
authentication on the eth 0/1 interface:

(config-eth-0/1)#port-auth supplicant username admin password password

port-auth timeout
Use the port-auth timeout command to configure various port authentication timers. Use the no form of
port-auth timeout quiet-period <value>

port-auth timeout re-authperiod <value>
port-auth timeout tx-period <value>
Syntax Description
quiet-period <value> Specifies the amount of time the system will wait before attempting another
authentication once a failure has occurred. Range is 1 to 65535 seconds.
re-authperiod <value> Specifies the amount of time between scheduled re-authentication
attempts. Range is 1 to 4294967295 seconds.
tx-period <value> Specifies the amount of time the authenticator will wait between identity
requests. Range is 1 to 65535 seconds.
Default Values
By default, quiet-period is set to 60 seconds, re-authperiod is set to 3600 seconds (1 hour), and
tx-period is set to 30 seconds.
Command History
Usage Examples
The following example sets the quiet-period to 10 seconds:
(config)#port-auth timeout quiet-period 10

port-channel load-balance
Use the port-channel load-balance command to configure port aggregation load distribution. Use the no
form of this command to reset distribution to its default setting. Variations of this command include:
port-channel load-balance dst-mac

port-channel load-balance src-mac
Syntax Description
dst-mac Specifies the destination medium access control (MAC) address.
src-mac Specifies the source MAC address.
Default Values
By default, load balance is set to src-mac.
Command History
Functional Notes
During port aggregation, the port channel interface must determine on which physical port to transmit
packets. With the source-address configuration, the source MAC address of the received packets is used
to determine this allocation. Packets coming from a specific host always use the same physical port.
Likewise, when the destination address configuration is used, packets are forwarded based on the MAC
address of the destination. Packets destined for a specific host always use the same physical port.
Usage Examples
The following example sets the load distribution to use the destination MAC address:
(config)#port-channel load-balance dst-mac

power-supply shutdown automatic

Use the power-supply shutdown automatic command to enable the power supplies to automatically shut
down when the unit temperature exceeds the maximum operating temperature. Use the no form of this
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables the power supplies to shut down automatically if the temperature gets too
high:
(config)#power-supply shutdown automatic

privilege <mode> level <level>

Use the privilege level command to assigned a privilege level to specific commands. The exact command
mode name is required to identify the correct commands or command string. The command mode can be
learned using the command show command-mode on page 581. Variations of this command include:
privilege <mode> all level <level>

privilege <mode> all level <level> <command string>
privilege <mode> level <level> <command string>
The following command strings cannot have their privilege levels changed: exit, enable,
logout, and do.
Syntax Description
<mode> Specifies the exact command mode name to which the command or
command string belongs. Refer to the Functional Notes below for more
information.
all Specifies the privilege level be applied to all commands in the specified
command mode. When used in conjunction with the <command string>
variable, the privilege level is applied to only the parameters beyond the
specified command string. Refer to the examples in the Functional Notes
and Usage Examples below for more details.
level <level> Specifies the privilege level to be applied to the commands. Valid range is 1
through 7.
<command string> Optional. Specifies the command string to which the privilege level is to be
applied. This can include the full command string or partial command string.
Refer to the examples in the Functional Notes and Usage Examples below
for more details.
Default Values
By default, privilege levels are set to 1 for commands in the exec command mode and 7 for all other
command modes.
Command History
Release R11.3.0 Command was altered. The <command string> variable is no longer
required, but is optional. This allows the all keyword to be used to specify
changing the privilege level for all commands in a command mode.
Release R11.5.0 Command was expanded to include the Secure Realtime Transfer Protocol
(SRTP) and Transport Layer Security (TLS) profile command modes as well
as the standard Media Access Control (MAC) hardware access control list
(ACL) command set.

Release R11.9.0 Command was expanded to include the crypto-ipsec-profile, tunnel-gre

and tunnel-mgre command sets.
Release R11.10.0 Command was expanded to include the battery command set.
Functional Notes
The command mode name must be entered exactly in order to execute this command. Because the
available command modes differ between AOS products, the most reliable method for learning the
available command mode names is to use the CLI help. Enter the privilege ? command to display a list of
all available command modes on the AOS device. Refer to the Configuring Privilege Levels in AOS
configuration guide for more information.
The all keyword is useful for changing the privilege level on all commands within a command mode. For
example, to assign all commands in the interface-gigabit-ethernet command mode to privilege level 3,
enter the following command:
(config)#privilege interface-gigabit-ethernet all level 3
When used in conjunction with the <command string> variable, the all keyword changes the privilege level
for a group of commands with several parameters, such as show or debug commands. For example, to
assign all show commands a privilege level 5, enter the following command:
(config)#privilege exec all level 5 show
The command string can include more specific parameters to reduce the number of commands affected.
For example, entering privilege exec all level 5 show ip route, assigns the following list of commands a
privilege level 5:
show ip route
show ip route <ipv4 address>
show ip route <ipv4 address> <subnet mask>
show ip route <ipv4 address> longer-prefixes
show ip route <ipv4 address> <subnet mask> longer-prefixes
show ip route bgp
show ip route bgp verbose
show ip route connected
show ip route ospf
show ip route ospf verbose
show ip route rip
show ip route rip verbose
show ip route static
show ip route static verbose
show ip route summary
show ip route summary realtime
show ip route table
show ip route vrf <name>
show ip route vrf <name> <ipv4 address>
show ip route vrf <name> <ipv4 address> <subnet mask>

show ip route vrf <name> <ipv4 address> longer-prefixes

show ip route vrf <name> <ipv4 address> <subnet mask> longer-prefixes
show ip route vrf <name> bgp
show ip route vrf <name> connected
show ip route vrf <name> ospf
show ip route vrf <name> rip
show ip route vrf <name> static
show ip route vrf <name> summary
show ip route vrf <name> table
Any future AOS firmware updates in which new commands are introduced, will require the
new commands to be altered as necessary related to this privilege level configuration.
Usage Examples
The following example assigns the privilege level 3 to all commands within the Ethernet Interface
Configuration mode:
(config)#privilege interface-ethernet all level 3
The following example assigns the privilege level 3 to the shutdown command from within the Ethernet
Interface Configuration mode:
(config)#privilege interface-ethernet level 3 shutdown
The following example assigns the privilege level 3 to all show ip route command parameters by using the
all keyword:
(config)#privilege exec all level 3 show ip route

probe
Use the probe command to create a probe as part of network monitoring. This command is also used to
enter into the Network Monitoring Probe command set once a probe is created. A probe can be one of five
types: http-request, icmp-echo, icmp-timestamp, tcp-connect, or twamp. Each probe type has a set of
commands used for configuration. These additional commands are covered in Network Monitor Probe
Command Set on page 4047. Use the no form of this command to delete the probe. Variations of this
command include:
probe <name> http-request

probe <name> icmp-echo
probe <name> icmp-timestamp
probe <name> tcp-connect
probe <name> twamp
Issue the no shutdown command to activate the probe once it is configured. Issuing the
shutdown command at the probe configuration prompt will disable a probe, causing it to
cease generating traffic. While a probe is shut down, it will return a fail value to a track.
The probe is not operational until tolerance is defined. Refer to Network Monitor Probe
Command Set on page 4047 for more information.
Syntax Description
<name> Specifies the name of the probe being created, or indicates the probe
affected by the commands that follow.
http-request Specifies the probe type being created as an Hypertext Transfer Protocol
(HTTP) request.
icmp-echo Specifies the probe type being created as an Internet Control Message
Protocol (ICMP) echo.
icmp-timestamp Specifies the probe type being created as an ICMP timestamp.
tcp-connect Specifies the probe type being created as a Transmission Control Protocol
(TCP) connect.
twamp Specifies the probe type being created as a Two-Way Active Measurement
Protocol (TWAMP).
Default Values
By default, there are no probes configured.

Command History
Release 17.2 Command was expanded to include the ICMP timestamp and TWAMP
probe types.
Usage Examples
The following example creates an ICMP echo probe called probe1:
>enable
#configure terminal
(config)#probe probe1 icmp-echo
Technology Review
Probes are standalone objects that help determine the status of a route based on the success or failure of
probe traffic across the path. The probes can be configured to trigger at particular intervals. There are
three types of probes supported by AOS: icmp-echo, tcp-connect, and http-request. Commands
common to all the probe types are identified in the following section, as well as isolated commands that
only apply to the specific probe types.
Additional configuration commands are available for associating tracks with each probe. These are
explained in the Network Monitor Track Command Set on page 4083.

probe responder
Use the probe responder command to enable a probe responder to respond to specific probe packets.
Additional commands for each responder type are covered in Network Monitor Probe Responder
Command Set on page 4074. Use the no form of this command to stop the probe responder from
responding to the specific probe packets. Variations of this command include:
probe responder icmp-timestamp

probe responder twamp
probe responder udp-echo
Issue the no shutdown command to activate the probe responder once it is configured. By
default, probe responders are shut down when created. Issuing the shutdown command
disables the probe responder and it will not respond to packets.
Syntax Description
icmp-timestamp Specifies the probe responder type as Internet Control Message Protocol
(ICMP) timestamp.
twamp Specifies the probe responder type as Two-Way Active Measurement
Protocol (TWAMP).
udp-echo Specifies the probe responder type as a User Datagram Protocol (UDP)
echo.
Default Values
By default, there are no probe responders enabled.
Command History
Usage Examples
The following example enables the UDP echo probe responder:
>enable
#configure terminal
(config)#probe responder udp-echo

procare
Use the procare command to sync a device with an activated, qualifying ProCare plan with ADTRAN’s
ProCare server and enable the configuration backup service. For more information about verifying and
activating your ProCare plan, refer to the Functional Notes below. The backup service retains the last
saved configuration of the AOS device on the ADTRAN ProCare hosted infrastructure.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Only devices covered by an activated, qualifying ProCare plan will be able to communicate with the
ProCare hosted infrastructure. For more information about ProCare plans, visit www.adtran.com/procare.
Configuration backup service is not offered with ProCare Basic plans. To confirm or request activation,
email ProCareBackups@adtran.com and include your name, phone number, unit serial number, and the
public IP address for the device. To purchase a ProCare plan, please contact your preferred partner. For a
list of partners, click on the Where to Buy link at www.adtran.com.
To connect to ADTRAN ProCare, your device must have an Internet connection with a public IP address
that is not 0.0.0.0.
Usage Examples
The following example enables the configuration backup service:
<config>#procare

procloud
Use the procloud command to connect an AOS device to ADTRAN ProCloud service. For more
information about verifying and activating ProCloud, refer to the Functional Notes below.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
ADTRAN’s ProCloud service offers hosted, managed cloud network services. Only devices with qualifying
ProCloud coverage can use this service. To validate your coverage, call 1-800-874-2237, email
serviceplan@adtran.com, or visit the Service Plan Portal at www.adtran.com/serviceplan. To purchase a
ProCloud plan, please contact your preferred partner. For a list of partners, click on the Where to Buy link
at www.adtran.com.
To connect to ADTRAN ProCloud LAN, your device must have an Internet connection with a public IP
address that is not 0.0.0.0.
Usage Examples
The following example connects the device to the ADTRAN ProCloud service:
<config>#procloud

qos cos-map <cos queue id> <cos value>

Use the qos cos-map command to associate class of service (CoS) values with each queue. Use the no
form of this command to return to the default setting.
Syntax Description
<cos queue id> Specifies the queue number that you are assigning CoS value(s).
<cos value> Associates listed CoS values with a particular priority queue. Multiple CoS
values can be applied to a specified queue. Valid range is 0 to 7.
Default Values
On NetVanta switch products, there are four queues and the default CoS value mapped to each queue are
as outlined below:
Queue 1 is mapped to CoS 0 and 1
On carrier Ethernet products, there are eight queues and the default CoS values mapped to each queue
are as outlined below:
Queue 0 is mapped to CoS 1
Command History
Usage Examples
The following example maps CoS values 4 and 5 to queue 1:
(config)#qos cos-map 1 4 5

qos dscp-cos
Use the qos dscp-cos command to set the differentiated services code point (DSCP) to class of service
(CoS) map and enable the mapping process. Use the no form of this command to disable mapping.
qos dscp-cos <dscp value> to <cos value>

qos dscp-cos default
Syntax Description
<dscp value> Specifies DSCP values (separating multiple values with a space). Valid
range is 0 to 63.
<cos value> Specifies CoS values (separating multiple values with a space). Valid range
is 0 to 7.
default Sets the map to the following default values:
DSCP 0 | 8 | 16 | 24 | 32 | 40 | 48 | 56
CoS 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7
Default Values
Command History
Functional Notes
When one of the specified DSCP values is detected in an incoming packet, the CoS priority is altered
based on the corresponding map value. By configuring the list, the mapping functionality is enabled.
Usage Examples
The following example enables the mapping of DSCP values 24 and 48 to CoS values 1 and 2:
(config)#qos dscp-cos 24 48 to 1 2
The following example disables DSCP-to-CoS mapping:
(config)#no qos dscp-cos

qos map <name> <number>

Use the qos map command to create a quality of service (QoS) map and activate the QoS Map Command
Set (which allows you to edit a QoS map). For details on specific commands, refer to the Quality of Service
Map Command Set on page 4449. Use the no form of this command to delete a map entry. Variations of
qos map <name> <number>

qos map <name> <number> match-all
qos map <name> <number> match-any
Syntax Description
<name> Specifies the QoS map name.
<number> Assigns a sequence number to differentiate this QoS map and provide a
match order. Valid range is 0 to 65535.
match-all Optional. Indicates the traffic must match all conditions before the set action
is issued.
match-any Optional. Indicates the traffic can match any of the conditions to be
processed, which is the default behavior.
Default Values
By default, there are no QoS maps defined. Once created, the default behavior is to match any of the
conditions set for the QoS map.
Command History
Release 17.2 Command was expanded to include the match-all and match-any
parameters.
Functional Notes
AOS uses QoS maps to classify packets into groups for matching. A QoS map contains multiple class
entries, each of which has packet match cases, and a set of actions for the particular group (actions are
defined by bandwidth, priority, set, and shape commands). Multiple map entries for the same QoS map
are differentiated by a sequence number. The sequence number is used to assign the order in which the
conditions are matched.
Once created, a QoS map must be applied to an interface (using the qos-policy out command) in order to
actively process traffic. Refer to qos-policy on page 2291 for more information on assigning the map to an
interface. Any traffic for the interface that is not sent to the priority queue is sent using the default queuing
method for the interface (such as weighted fair queuing (WFQ)).

Usage Examples
The following example demonstrates basic settings for a QoS map and assigns a map to the Frame Relay
interface:
>enable
#config terminal
(config)#qos map VOICEMAP 10
(config-qos-map)#match precedence 5
(config-qos-map)#priority 512
(config-qos-map)#exit
(config)#interface fr 1
(config-fr 1)#qos-policy out VOICEMAP

qos policer mode non-bias

Use the qos policer mode non-bias command to specify the policer algorithm used in Metro Ethernet
Forum (MEF) policer quality of service (QoS) configurations. Use the no form of this command to specify
the policer uses the MEF10 reference algorithm.
Syntax Description
No subcommands.
Default Values
By default, the MEF policer is configured to use the non-bias setting.
Command History
Functional Notes
This command configures the AOS device to use a policer algorithm that largely eliminates the MEF10
policer algorithm’s bias for small frames. When a policer drops a packet in a flow, it drops all subsequent
packets in the flow until the policer credit builds up to at least the hardware maximum transmission unit
(MTU). Prior to AOS release R11.6.0, the hardware MTU was set to 2000 bytes. After AOS release
R11.6.0, the hardware MTU is set to 9200 bytes to allow for jumbo frames. When the no form of this
command is used, the policer uses the MEF10 reference algorithm, which has a bias for small frames over
large frames.
Usage Examples
The following example specifies that the MEF policer uses the MEF10 reference algorithm:
(config)#no qos policer mode non-bias

qos queue-type strict-priority

Use the qos queue-type strict-priority command to enable queuing based strictly on the priority of each
queue. Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
By default, the queue type is weighted round robin (WRR).
Command History
Usage Examples
The following example enables strict-priority queuing:
(config)#qos queue-type strict-priority

qos queue-type wrr

Use the qos queue-type wrr command to set weights for up to four queues. Use the no form of this
command to set all queues to be weighted round robin (WRR). Variations of this command include:
qos queue-type wrr <weight1> <weight2> <weight3> expedite

qos queue-type wrr <weight1> <weight2> <weight3> <weight4>
Syntax Description
<weight1-4> Sets the weight of each queue (up to four). All queue weights must be
greater than zero, except for the weight for the last queue (queue 4). The
range for queues 1 to 3 is 1 to 255. The range for queue 4 is 0 to 255.
expedite The queue 4 entry can be replaced by the expedite command. If set to
expedite, then it becomes a high-priority queue. All outbound traffic is
transmitted on an expedite queue prior to any other traffic in other queues.
Default Values
By default, all four weights are set to 25.
Command History
Functional Notes
The actual weight is a calculated value based on the sum of all entered weights. It is the ratio of the
individual weight over the sum of all weights.
For example:
If the user enters 10, 20, 30, and 40 as the weight values, the first queue will have a ratio of 1/10. This is
derived from the formula 10/(10+20+30+40). Therefore, this queue will transmit 1 packet out of every 10
opportunities.
Usage Examples
The following example configures weights for all four queues:
(config)#qos queue-type wrr 10 20 30 40

queue interface
Use the queue interface command to configure a queue on an interface. Use the no form of this command
to remove the queue configuration on the interface. Variations of this command include:
queue interface efm-group <slot/group> <queue>

queue interface gigabit-ethernet <slot/port> <queue>
Syntax Description
efm-group <slot/group> Specifies the queue is configured on an Ethernet in the first mile (EFM)
group interface. Group range is 1 to 1024.
gigabit-ethernet <slot/port> Specifies the Gigabit Ethernet interface on which to configure the queue.
<queue> Specifies the queue to configure. Carrier Ethernet products have eight
queues, with a valid range of 0 to 7.
Default Values
By default, no queues on configured on the EFM group or Gigabit Ethernet interfaces.
Command History
Functional Notes
Once you have entered the queue interface command, you can configure the queue from the Ethernet
virtual connection (EVC) Queue Configuration mode. Refer to Carrier Ethernet Queue Command Set on
page 3713 for queue configuration commands.
Usage Examples
The following example enters the queue’s configuration mode on an EFM group interface:
(config)#queue interface efm-group 1/1 5

(config-queue 5)#

queue time-constant wred <value>

Use the queue time-constant wred command to configure the weighted random early detection (WRED)
time constant used to calculate the average queue depth for all queues.
Syntax Description
<value> Specifies the time constant used to calculate the average queue depth for all
queues. Accepted values are 2, 4, 8, 16, 32, 62, 125, 250, and 500 milliseconds
(ms).
Default Values
Command History
Functional Notes
The WRED time constant allows the user to adjust the time component used to calculate the average
queue depth. For example, if the WRED time constant is set to 8 ms, the queue depth will be the average
number of packets over an 8 ms period of time. If the WRED time constant is set too low, bursty traffic may
inadvertently be marked for discard. Conversely, if the WRED time constant is set too high, traffic may
remain in the queue substantially longer than usual which can impact Transmission Control Protocol (TCP)
throughput. ADTRAN recommends setting the WRED time constant to the approximate round trip delay for
TCP packets.
Usage Examples
The following example sets the WRED queue time constant to 62 ms.
(config)#queue time-constant wred 62

radius-server
Use the radius-server command to configure several remote authentication dial-in user service (RADIUS)
parameters for all RADIUS servers on the network. Most of these global settings can be overridden on a
per-server basis (using the command radius-server host on page 1674). Use the no form of this command
to return to the default setting. Variations of this command include the following:
radius-server challenge-noecho
radius-server deadtime <value>
radius-server enable-username <name>
radius-server key <key>
radius-server retry <number>
radius-server timeout <value>
Syntax Description
challenge-noecho Specifies that when users enter text in response to challenge questions the
entered text does not appear on the screen.
deadtime <value> Specifies the time to wait (in minutes) before attempting to reconnect to a
RADIUS server that has timed out. Range is 0 to 1440 minutes. Changing
this parameter changes the time to wait for all configured RADIUS servers.
enable-username <name> Specifies a user name to be used for authentication to enter the Enable
mode. This user name is the name sent for AAA Enable mode access
requests. Changing this parameter changes the user name for all
configured RADIUS servers.
key <key> Specifies the encryption key shared by all RADIUS servers. This is a global
setting; however, it can be overridden on a per-server basis.
retry <number> Specifies the number of connection attempts to a RADIUS server. Attempt
range is 0 to 10. This is a global setting; however, it can be overridden on a
per-server basis.
timeout <value> Specifies the amount of time (in seconds) that RADIUS servers have to
respond to a request. Time range is 1 to 1000 seconds. This is a global
setting; however, it can be overridden on a per-server basis.
Default Values
challenge-noecho Echo is disabled and users do not see on-screen what they enter.
deadtime 0 minutes
enable-username $enab15$
key No default
retry 0 attempts
timeout 5 seconds

Command History
Release 7.1 Added the enable-username selection.
Functional Notes
It is recommended that you use a user name that is a unique name for your network and one that only the
network administrators know. If the default user name is used, it is possible for unauthorized users to gain
access to the network.
By default, there is a 0 minute wait time before attempting to reconnect to a timed out server. Leaving the
wait time at 0 minutes means that the server will never be declared dead. The time period value is 0 to
1440 minutes, although you should enter a value of at least 1 minute or greater.
Usage Examples
The following example shows a typical configuration of these parameters:
(config)#radius-server deadtime 10
(config)#radius-server enable-username fantastico
(config)#radius-server key mysecretkey
(config)#radius-server retry 4
(config)#radius-server timeout 2

radius-server host
Use the radius-server host command to specify the parameters for a remote authentication dial-in user
service (RADIUS) server. Specifying the virtual routing and forwarding (VRF) instance using the vrf
<name> keyword applies the configuration to the named VRF instance. Omitting the vrf <name>
keyword applies the settings to the default unnamed VRF. Use the no form of this command to return to
the default setting. Variations of this command include:
radius-server host <hostname | ip address>

radius-server host <hostname | ip address> acct-port <port>
radius-server host <hostname | ip address> auth-port <port>
radius-server host <hostname | ip address> key <key>
radius-server host <hostname | ip address> retransmit <number>
radius-server host <hostname | ip address> timeout <value>
radius-server vrf <name> host <hostname | ip address>
radius-server vrf <name> host <hostname | ip address> acct-port <port>
radius-server vrf <name> host <hostname | ip address> auth-port <port>
radius-server vrf <name> host <hostname | ip address> key <key>
radius-server vrf <name> host <hostname | ip address> retransmit <number>
radius-server vrf <name> host <hostname | ip address> timeout <value>
Each parameter after <hostname | ip address> specifies the characteristics of the

individual RADIUS server. Parameters can be entered in a single command line, in any
order, but each may only be used once.
Syntax Description
<hostname | ip address> Specifies the server to configure. IP addresses should be expressed in
dotted decimal notation (for example, 10.10.10.1). If a host name is used, a
domain naming system (DNS) server should be learned by the AOS device
using Dynamic Host Configuration Protocol (DHCP), Point-to-Point Protocol
(PPP), or specified in the Global Configuration mode with the command
name-server on page 1614.
acct-port <port> Specifies the User Datagram Protocol (UDP) port used by the AAA
accounting server. Port range is 0 to 65535. This command is reserved for
future use as currently AOS does not allow RADIUS servers for use with
AAA accounting.
auth-port <port> Specifies the UDP port used by the AAA authentication server. The port
key <key> Specifies the encryption key used by the RADIUS server. This command
overrides the global RADIUS key setting (set with the command
radius-server on page 1672). This command must be entered last in the
command line because everything after the key parameter is read as the
new key.
retransmit <number> Specifies the number of connection attempts made to the server. Attempt
range is 1 to 100.

timeout <value> Specifies the time to wait (in seconds) for this server to reply to requests.
Default Values
By default, acct-port is set to 1813 and auth-port is set to 1812. By default, the key, retransmit and
timeout values are the values set by the command radius-server on page 1672.
Command History
Functional Notes
At a minimum, the address (IP or host name) of the server must be given. The other parameters can be
entered in any order (except the key parameter) and, if the parameters are not specified, they will take
default values or fall back on the global RADIUS server’s default settings (set using the command
radius-server on page 1672).
If global password protection is enabled on the AOS device, encryption will be applied to the authentication
key (key <key>). If global password protection is off, the authentication key will display as clear text. Refer
to service password-encryption on page 1691 for more information
Usage Examples
The following example specifies that the RADIUS server at IP address 10.10.10.2 uses the global key
setting (left unspecified), a timeout value of 10 seconds, the default authorization port (left unspecified),
and a retransmit number of 5:
(config)#radius-server host 10.10.10.2 retransmit 5 timeout 10
The following example specifies that the RADIUS server at IP address 10.10.10.2 on VRF RED, uses the
global key setting (left unspecified), a timeout value of 10 seconds, the default authorization port (left
unspecified), and a retransmit number of 5:
(config)#radius-server vrf RED host 10.10.10.2 retransmit 5 timeout 10

resource-utilization
Use the resource-utilization command to set a threshold limit for CPU or heap utilization notifications.
When the utilization threshold is surpassed, a resource trap is sent. Use the no form of this command to
remove the threshold setting. Variations of this command include:
resource-utilization cpu threshold <percentage> time-interval <value>

resource-utilization heap threshold <percentage>
Syntax Description
cpu Sets the threshold for CPU utilization notification.
heap Sets the threshold for heap utilization notification.
threshold <percentage> Specifies the threshold limit as a percentage of resource utilization.
Valid range is 1 to 100 percent.
time-interval <value> Specifies the time interval for the actual utilization to exceed the threshold
before a notification is sent. Valid range is 1 to 86400 seconds.
Default Values
By default, there are no thresholds configured.
Command History
Functional Notes
Simple Network Management Protocol (SNMP) resource traps must be enabled before exceeded
threshold notifications are sent. Refer to snmp-server enable traps on page 1784.
Usage Examples
The following example configures the CPU resource notification to be sent when the CPU usage maintains
at least 75 percent utilization for 40 seconds:
(config)#resource-utilization cpu threshold 75 time-interval 40

restricted boot
Use the restricted boot command to restrict issuing specific bootcode commands. Refer to the Functional
Notes below. Use the no form of this command to disable the feature.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Once enabled, the restricted boot feature will prohibit a user from performing any of the following functions
in bootcode:
• Bypass password option

• Bypass startup-config option
• Erase or overwrite individual files
• Copy files from flash
The erase file-system and erase * commands are both allowed for unit recovery even when
restricted boot is enabled.
This command is not available in vAOS instances.
Usage Examples
The following example enables the restricted boot feature:
(config)#restricted boot

rtcp
Use the rtcp command to enable sending Realtime Transport Control Protocol (RTCP) sender reports to
improve interoperation with other network equipment. The RTCP Sender Report is sent at periodic
intervals when when RTP is being received. Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
By default, RTCP sender reports are disabled.
Command History
Functional Notes
RTCP sender reports are sent for the following call scenarios:
• Session Initiation Protocol (SIP) to foreign exchange station (FXS)

• SIP to foreign exchange office (FXO)
• SIP to T1 (primary rate interface (PRI) and robbed-bit signaling (RBS))
For SIP to SIP calls, RTCP sender reports are passed through the unit unmodified.
For all supported products, the RTCP port number is the next odd port number following the even
Realtime Transport Protocol (RTP) port number.
If, during a call, RTP is not being sent (i.e., RTP is receive-only), then a sender report is sent instead of a
receiver report as described in RFC 3550.
Usage Examples
The following example enables the sending of RTCP sender reports:
(config)#rtcp

route-map
Use the route-map command to create a route map and enter the Route Map Configuration command set.
A route map is a type of filter that matches various attributes and then performs actions on the way the
route is redistributed. Use the no form of this command to delete a route map. Variations of this command
include:
route-map <name> <number>

route-map <name> deny <number>
route-map <name> permit <number>
Syntax Description
<name> Specifies a name for the route map.
deny Specifies not to redistribute routes matching the route map attributes.
permit Redistributes routes matching the route map attributes.
<number> Specifies a sequence number of this route entry. Range is 1 to 4294967295.
Default Values
By default, no route maps are defined.
Command History
Functional Notes
Route maps can be used to filter inbound and outbound routes and to apply attributes to the routes being
filtered. A route map applied to outbound data determines how the router advertises routes to a neighbor.
The outbound route map can be configured to perform such tasks as:
• Define the routes that the router can advertise according to specified attributes or prefixes.
• Prepend private AS numbers to specific routes to help balance inbound traffic.
• Set an MED on specific routes to help balance inbound traffic.
• Request that the neighbor advertise the route to certain communities only.
• When a route map is applied to inbound data, it determines which of the service provider advertised
routes the local router accepts.
The inbound route map can be configured to perform such tasks as:
• Filter external routes according to specified attributes or prefixes

• Apply attributes to filtered routes, including:
– Local preference
– Community
– MED value
– Prepended AS path
• Delete communities defined for the routes

The route map itself is created first. Matching criteria and attributes are defined within the route map
configuration menu. Once a route map has been established, it can be assigned to a BGP neighbor.
Match and set commands used for filtering and defining attributes are found in the Route Map Command
Set on page 4153.
Usage Examples
The following example creates the route map, specifies that routes matching its criteria will be denied, and
assigns a sequence number of 100:
(config)#route-map MyMap deny 100

(config-route-map)#
You can then define the attributes of the route map from the Route Map Configuration command set. Enter
a ? at the (config-route-map)# prompt to explore the available options.

router bgp <value>

Use the router bgp command to enable BGP and enter the BGP Configuration mode. Refer to the BGP
Command Set on page 3966 for more information. Use the no form of this command to disable Border
Gateway Border (BGP) routing.
Syntax Description
<value> Specifies the AS number of the local system of which this BGP router is a
member. Range is 1 to 4294967295.
Default Values
By default, BGP is disabled.
Command History
Release 18.1 Command was altered to support 4-byte AS numbers (previously AOS only
supported 2-byte numbers).
Functional Notes
The AS number of the local system of which this BGP router is a member must always be entered with this
command, even when re-entering BGP Configuration mode after BGP has already been activated on the
router.
Usage Examples
The following example uses the router bgp command to enable BGP and enter the BGP Configuration
mode:
(config)#router bgp 100

(config-bgp)#

router ospf <process id>

Use the router ospf command to activate Open Shortest Path First version 2 (OSPFv2) in the router and to
enter the OSPF Configuration mode. This command creates a new OSPFv2 process, or allows you to edit a
previously configured OSPFv2 process. Refer to the Router OSPFv2 Command Set on page 4105 for more
information. Use the no form of this command to remove the OSPFv3 process and all of its settings at both
the global and interface level. Variations of this command include:
router ospf
router ospf <process id>
router ospf <process id> vrf <name>
Syntax Description
<process id> Specifies a process ID for the OSPFv2 process. These IDs must be unique
among all other OSPFv2 processes on the device. Valid ID range is 1 to
65535.
instance on which to create the OSPFv2 process. If no VRF is specified, the
process is created on the default (unnamed) VRF.
Default Values
By default, OSPF is disabled.
Command History
Release R11.3.0 Command was expanded to include the <process id> and vrf <name>
parameters.
Functional Notes
AOS can be configured to use OSPF with the firewall enabled (using the ip firewall command). To do this,
configure the OSPF networks as usual, specifying which networks the system will listen for and broadcast
OSPF packets to. Refer to ip firewall on page 1359 for more information.
To apply stateful inspection to packets coming into the system, create a policy class that describes the type
of action desired and then associate that policy class to the particular interface (refer to ip policy-class
<ipv4 acp name> on page 1426). The firewall is intelligent and will only allow OSPF packets that were
received on an OSPF configured interface. No modification to the policy class is required to allow OSPF
packets into the system.
Usage Examples
The following example uses the router ospf command to enter the OSPF Configuration mode:
(config)#router ospf 1

router ospfv3 <process id>

Use the router ospfv3 command to enable Open Shortest Path First version 3 (OSPFv3), create an
OSPFv3 process, and enter the router’s OSPFv3 Configuration mode. This command creates a new
OSPFv3 process, or allows you to edit a previously configured OSPFv3 process. Use the no form of this
command to remove the OSPFv3 process and all of its settings at both the global and interface level.
router ospfv3 <process id>

router ospfv3 <process id> vrf <name>
Syntax Description
<process id> Specifies a process ID for the OSPFv3 process. These IDs must be unique
among all other OSPFv3 processes on the device. Valid ID range is 1 to
65535.
instance on which to create the OSPFv3 process. If no VRF is specified, the
process is created on the default (unnamed) VRF.
Default Values
By default, no OSPFv3 processes or process IDs exist.
Command History
Functional Notes
For more information about commands available in the OSPFv3 Configuration mode, refer to Router
OSPFv3 Command Set on page 4126.
For more information about configuring OSPFv3, refer to the configuration guide Configuring OSPFv3 in
AOS, available online at https://supportcommunity.adtran.com.
Usage Examples
The following example enables OSPFv3, creates the OSPFv3 process 5, and enters the OSPFv3
Configuration mode:
(config)#router ospfv3 5
(config-ospfv3)#

router pim-sparse
Use the router pim-sparse command to globally enable protocol-independent multicast (PIM) on the unit
and to enter the PIM Sparse Configuration mode. Use the no form of this command to disable PIM Sparse
routing. Refer to the Router PIM Sparse Command Set on page 4186 for more information on the
subcommands for PIM Sparse Configuration mode.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Additional commands for PIM are found in the related interface configuration modes. Refer to the
ip pim-sparse commands in sections such as Ethernet Interface Command Set on page 2141, Frame
Relay Subinterface Command Set on page 2733, HDLC Interface Command Set on page 2873, Loopback
Interface Command Set on page 2953, PPP Interface Command Set on page 3045, Tunnel Interface
Command Set on page 3196, and VLAN Interface Command Set on page 3355 for more information.
Usage Examples
The following example uses the router pim-sparse command to enter the PIM Sparse Configuration
mode:
(config)#router pim-sparse
(config-pim-sparse)#

router rip
Use the router rip command to enter the RIP Configuration mode. Use the no form of this command to
disable Routing Information Protocol (RIP) routing. Refer to the Router RIP Command Set on page 4190
Syntax Description
No subcommands.
Default Values
By default, RIP is disabled.
Command History
Usage Examples
The following example uses the router rip command to enter the RIP Configuration mode:
(config)#router rip
(config-rip)#
Technology Review
The RIP protocol is based on the Bellham-Ford (distance-vector) algorithm. This algorithm provides that a
network will converge to the correct set of shortest routes in a finite amount of time, provided that:
Gateways continuously update their estimates of routes.
Updates are not overly delayed and are made on a regular basis.
The radius of the network is not excessive.
No further topology changes take place.
RIP is described in RFC 1058 (Version 1) and updated in RFCs 1721, 1722, and 1723 for Version 2.
Version 2 includes components that ease compatibility in networks operating with RIP V1.
All advertisements occur on regular intervals (every 30 seconds). Normally, a route that is not updated for
180 seconds is considered dead. If no other update occurs in the next 60 seconds for a new and better
route, the route is flushed after 240 seconds. Consider a connected route (one on a local interface). If the
interface fails, an update is immediately triggered for that route only (advertised with a metric of 16).
Now consider a route that was learned and does not receive an update for 180 seconds. The route is
marked for deletion, and even if it was learned on an interface, a poisoned (metric equals 16) route should
be sent by itself immediately and during the next two update cycles with the remaining normal split horizon
update routes. Following actual deletion, the poison reverse update ceases. If an update for a learned
route is not received for 180 seconds, the route is marked for deletion. At that point, a 120-second garbage
collection (GC) timer is started. During the GC timer period, expiration updates are sent with the metric for
the timed-out route set to 16.

If an attached interface goes down, the associated route is immediately (within the same random
five-second interval) triggered. The next regular update excludes the failed interface. This is the so-called
first hand knowledge rule. If a gateway has first hand knowledge of a route failure (connected interfaces) or
reestablishment, the same action is taken. A triggered update occurs, advertising the route as failed
(metric equals 16) or up (normal metric) followed by the normal scheduled update.
The assumption here is that if a gateway missed the triggered update, it will eventually learn from another
gateway in the standard convergence process. This conserves bandwidth.
RIP-Related Definitions:
Route A description of the path and its cost to a network.

Gateway A device that implements all or part of RIP (a router).
Hop A metric that provides the integer distance (number of intervening
gateways) to a destination network gateway.
Advertisement A broadcast or multicast packet to port 520 that indicates the route for a
given destination network.
Update An advertisement sent on a regular 30-second interval, including all routes
exclusive of those learned on an interface.

schedule <name>
Use the schedule command to create a general-purpose schedule. Use the no form of this command to
delete a schedule. Variations of this command include:
schedule <name>
Additional subcommands are available once you have entered the Schedule Configuration mode:
absolute start <schedule> end <schedule>

periodic <day> [<time> to <time>]
periodic <day> <time> to <day> <time>
periodic <day> [<time> for <duration>]
periodic <day> <time> for <duration>
periodic <time> for <duration> <day>
periodic daily <time> to <time>
periodic daily <time> for <duration>
periodic weekday <time> to <time>
periodic weekday <time> for <duration>
periodic weekend <time> to <time>
periodic weekend <time> for <duration>
relative start-after <delay>
Syntax Description
<name> Specifies the name of the schedule.
absolute start end Indicates the schedule’s start and end time and date values.
<schedule> Specifies the start and end schedules. Schedules are expressed in the
format <time> <day> <month> <year> (for example, 08:15 2 February
2007).
<time> Time is expressed in the 24-hour format hours:minutes (HH:MM) (for
example, 08:15).
<day> The day of the month is expressed with a number. Range is 1 to 31.
<month> The name of the month can be spelled out or abbreviated.
<year> The year is expressed in the format YYYY (for example, 2007).
periodic Specifies the weekly behavior of the schedule by configuring start/end days,
times, and duration.
to Specifies the schedule’s start/end day and time.
for <duration> Specifies the schedule’s duration. Duration is expressed in the 24-hour
format hours:minutes (HH:MM).
daily Optional. Specifies recurring period to be every day of the week.
weekday Optional. Specifies recurring period to be Monday through Friday.
weekend Optional. Specifies recurring period to be Saturday and Sunday.
<time> Time is expressed in the 24-hour format hours:minutes (HH:MM) (for
example, 08:15).

<day> The day of the week can be spelled out or abbreviated.

relative start-after <delay> Specifies the time delay before the schedule becomes active. Valid range is
1 to 65535 seconds.
Default Values
By default, no schedules exist.
Functional Notes
Periodic schedules can be expressed in the format <day> <time> to <day> <time> (for example, periodic
monday 08:15 to wednesday 17:15), or up to 7 days can be entered (for example, periodic tuesday
wednesday thursday 08:15 to 17:15).
Command History
Release 16.1 Command was expanded to include the for parameter.
Usage Examples
The following example creates a schedule Closed and enters the Schedule Configuration mode:
(config)#schedule Closed
(config-schedule-Closed)#
The following example sets the start time in the schedule named Closed to 8:15 a.m. on February 2, 2007,
and sets the end time to 10:15 a.m. on April 2, 2007:
(config-schedule-Closed)#absolute start 08:15 2 february 2007 end 10:15 2 april 2007
The following example sets the recurring start and end day and time in the schedule named Closed to
Saturday from 8:15 a.m. to 5:15 p.m.:
(config-schedule-Closed)#periodic saturday 08:15 to 17:15
The following example sets the execution delay for the schedule named Closed to 30 seconds:
(config-schedule-Closed)#relative start-after 30
The following example sets the duration for the schedule named Closed to 30 minutes at 1:00 p.m. every
day of the week:
(config-schedule-Closed)#periodic daily 13:00 for 00:30

sdp grammar hold

Use the sdp grammar hold command to specify how to format hold messages in Session Description
Protocol (SDP) announcements. Use the no form of this command to return to the default value. Variations
of this command include the following:
sdp grammar hold rfc2543

sdp grammar hold rfc3264
Syntax Description
rfc2543 Specifies the use of RFC 2543 for formatting hold messages.
rfc3264 Specifies the use of RFC 3264 for formatting hold messages.
Default Values
By default, RFC 2543 is used for formatting hold messages.
Command History
Usage Examples
The following example specifies to use RFC 3264 to format hold messages:
(config)#sdp grammar hold rfc3264

sdp grammar ptime

Use the sdp grammar ptime command to specify which packet times to send in Session Description
Protocol (SDP) announcements. Use the no form of this command to return to the default value. Variations
sdp grammar ptime explicit

sdp grammar ptime implicit
Syntax Description
explicit Specifies sending all packet times.
implicit Specifies sending only packet times of 10 and 30 ms.
Default Values
By default, implicit packet times are sent.
Command History
Usage Examples
The following example specifies sending explicit packet times:
(config)#sdp grammar ptime explicit

service password-encryption
Use the service password-encryption command to turn on global password protection. Use the no form
If you need to go back to a previous revision of the code (e.g., AOS Revision 10), this
command must be disabled first. Once the service is disabled, all necessary passwords
must be re-entered so that they are in the clear text form. If this is not done properly, you
will not be able to log back in to the unit after you revert to a previous revision that does
not support password encryption.
Syntax Description
No subcommands.
Default Values
By default, global password protection is disabled.
Command History
Functional Notes
When enabled, all currently configured passwords are encrypted. Also, any new passwords are encrypted
after they are entered. Password encryption is applied to all passwords, including passwords for user
name, Enable mode, Telnet/console, Point-to-Point Protocol (PPP), Border Gateway Protocol (BGP), and
authentication keys. When passwords are encrypted, unauthorized persons cannot view them in
configuration files since the encrypted form of the password is displayed in the running-config. While this
provides some level of security, the encryption method used with password encryption is not a strong form
of encryption so you should take additional network security measures.
You cannot recover a lost encrypted password. You must erase the startup-config and set a
new password.
Usage Examples
The following example enables password encryption for all passwords on the unit:
(config)#service password-encryption

sfp trap threshold alarm time-interval <value>

Use the sfp trap threshold alarm time-interval command to set the polling interval for monitoring the
sfp alarm thresholds. Use the no form of this command to return to the default setting.
Syntax Description
<value> Specifies the minimum polling interval in seconds. Valid range is from 1 to
86400 seconds.
Default Values
By default, the alarm polling interval is 300 seconds.
Command History
Usage Examples
The following example configures the sfp trap threshold alarm polling interval to 600 seconds:
(config)#sfp trap threshold alarm time-interval 600

shaper <name>
Use the shaper command to create an Ethernet virtual connection (EVC) rate shaper and enter the shaper
configuration mode. Use the no form of this command to remove the shaper. Variations of this command
include:
shaper <name>
shaper <name> <slot>
Syntax Description
<name> Specifies the name of the rate shaper.
<slot> Optional. Specifies the slot to which the rate shaper is applied.
Default Values
By default, no EVC shapers are configured.
Command History
Usage Examples
The following example creates an EVC rate shaper named Shaper1 on slot 0:
(config)#shaper Shaper1 0
Technology Review
Rate shaping is a mechanism designed to smooth out bursts of traffic. Unlike a policer, which discards
large bursts of traffic, a shaper is able to delay bursts. The port shaper uses a token bucket, much like a
policer, however when large bursts are received, the packets are queued rather than being discarded
immediately. When a packet arrives at the shaper, if there are sufficient tokens available, the packet is
transmitted without delay. If there are insufficient tokens in the bucket, the packet is delayed until there are
enough tokens in the bucket to allow transmission. The benefit of a shaper is that it will not drop frames
with a small burst of traffic, but it does add latency. The benefit of a policer is that it does not add latency
while protecting the network, but does drop any traffic that exceeds the burst capacity. Selecting one over
the other is dependent on the latency and/or loss tolerance of the data. Rate shapers are much friendlier to
Transmission Control Protocol (TCP) traffic flows than policers. A small delay in latency leads to better
TCP Goodput than large losses of traffic that can force TCP to revert to Slow Start. Traffic may still be
discarded due to the queue congestion management strategy employed.

sip
Use the sip command to enable the AOS Session Initiation Protocol (SIP) stack and to specify the protocol
and port used by the SIP stack. When the SIP stack is enabled, memory is allocated for SIP functionality.
Use the no form of this command to disable the SIP stack and free the memory allocated to the stack.
sip
sip tcp
sip tcp <port>
sip udp
sip udp <port>
sip vrf <name>
Syntax Description
tcp Optional. Specifies that the SIP stack operates using Transmission Control
Protocol (TCP).
udp Optional. Specifies that the SIP stack operates using User Datagram
Protocol (UDP).
<port> Optional. Specifies the TCP or UDP port used by the SIP stack. Range is 1
to 65535.
vrf <name> Optional. Enables the SIP stack on the specified nondefault virtual routing
Default Values
By default, the SIP stack is enabled on AOS voice products and disabled on AOS data products. The SIP
stack operates using UDP on port 5060 if no protocol or port are specified. If a protocol is specified, but no
port is specified, the SIP stack uses port 5060.
Command History
Release 15.1 Command was expanded to include the tcp, udp, and <port> parameters.
Functional Notes
By default, the AOS SIP application layer gateway (ALG) is enabled. This ALG allows the firewall to
examine all SIP packets it identifies and to maintain information of SIP transmissions on the network based
on the SIP header. The SIP ALG requires the use of the SIP stack and the SIP proxy server in order to
properly route SIP calls and maintain the SIP information. For more details on the operation of SIP and the
SIP ALG, refer to the command ip firewall alg on page 1365.

For proper SIP operation, the firewall must also be configured to allow for dynamic holes for the Realtime
Transfer Protocol (RTP) and the Realtime Transfer Control Protocol (RTCP) traffic associated with SIP
calls between user agents. This functionality must be manually enabled. For more details on enabling this
functionality, refer to the command ip rtp firewall-traversal on page 1448.
The SIP stack is used for many AOS features, including Transparent Proxy and Voice Quality Monitoring
(VQM) Reporting. Refer to the configuration guides available online at
https://supportcommunity.adtran.com for more information about SIP operation with specific features.
Usage Examples
The following example enables the SIP stack and specifies that the stack operates using TCP:
(config)#sip tcp

sip access-class <name> in

Use the sip access-class in command to limit the traffic allowed to reach the Session Initiation Protocol
(SIP) stack by applying access control lists (ACLs) to incoming connections. Use the no form of this
command to disable this feature. Variations of this command include:
sip access-class ip <name> in

sip access-class ipv6 <name> in
Syntax Description
ip Specifies an Internet Protocol version 4 (IPv4) ACL.
ipv6 Specifies an Internet Protocol version 6 (IPv6) ACL.
<name> Specifies the name of a previously configured ACL to apply to incoming
traffic.
Default Values
By default, no ACL is configured or applied, and all traffic reaches the SIP stack.
Command History
Release R10.8.0 Command syntax was changed to relocate the ip keyword and add the ipv6
keyword.
Functional Notes
The sip access-class in command can be entered multiple times to apply multiple ACLs to incoming
traffic to the SIP stack.
For more information regarding ACL configuration, refer to the IPv4 Access Control List Command Set on
page 4237 and IPv6 Access Control List Command Set on page 4281.
Usage Examples
The following example specifies an IPv4 SIP ACL name of HSV:
(config)#sip access-class ip HSV in

sip authenticate
Use the sip authenticate command to enable the Session Initiation Protocol (SIP) server authentication.
Use the no form of this command to disable the feature.
Syntax Description
No subcommands.
Default Values
By default, the SIP server authentication is disabled.
Command History
Usage Examples
The following example enables the SIP server authentication:
(config)#sip authenticate

sip database local

Use the sip database local command to store the location database of Session Initiation Protocol (SIP)
user agents (UAs) across a power loss using memory on the local router. Use the no form of this command
to disable this feature.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example specifies storing the location database on the local router:
(config)#sip database local

sip default-call-routing
Use the sip default-call-routing command to specify the method used to route a call in the internal
transaction distribution unit (TDU) when the destination of a call is ambiguous. Use the no form of this
sip default-call-routing proxy

sip default-call-routing reject
sip default-call-routing switchboard
Syntax Description
proxy Specifies that the call is routed to a proxy server.
reject Specifies that the call is rejected.
switchboard Specifies that the call is routed to an internal switchboard.
Default Values
By default, the call routing method is proxy.
Command History
Functional Notes
The sip default-call-routing command is applicable to AOS voice products only. This command is not
available on AOS data products.
Usage Examples
The following example specifies that calls are routed to an internal switchboard:
(config)#sip default-call-routing switchboard

sip grammar
Use the sip grammar command to populate privacy lists, indicating how caller ID is handled. Use the no
form of this command to return to the default setting. Variations of this command include:
sip grammar default-privacy critical

sip grammar default-privacy header
sip grammar default-privacy none
sip grammar default-privacy session
sip grammar default-privacy user
sip grammar restricted-privacy critical
sip grammar restricted-privacy header
sip grammar restricted-privacy none
sip grammar restricted-privacy session
sip grammar restricted-privacy user
Syntax Description
default-privacy Specifies entries into the default-privacy list for unrestricted caller ID calls.
restricted-privacy Specifies entries into the restricted-privacy list for restricted caller ID calls.
critical Adds critical to the Privacy header format. At least one other entry must be
added to the list when using this setting.
header Adds header to the Privacy header format.
none Adds none to the Privacy header format. No other entries can be added to
the list when using this setting.
session Adds session to the Privacy header format.
user Adds user to the Privacy header format.
Default Values
By default, both privacy lists are empty.
Command History
Usage Examples
The following example sets all calls to have session privacy:
(config)#sip grammar default-privacy session

sip grammar alert-info url <url>

Use the sip grammar alert-info url command to specify the Alert-Info header host in outbound Session
Initiation Protocol (SIP) messages. Use the no form of this command to return to the default setting.
Syntax Description
<url> Specifies an Hypertext Transfer Protocol (HTTP) uniform resource locator (URL)
to be used in the Alert-Info header for IP phone tone.
Default Values
By default, the local loopback address is the host in the Alert-Info header (127.0.0.1).
Command History
Usage Examples
The following example sets the Alert-Info header to use a specific URL as shown in the sample header
below:
(config)#sip grammar alert-info url www.notused.com
Sample header:
Alert-Info:<http://www.notused.com>;info=alert-internal

sip grammar contact host local

Use the sip grammar contact host local command to configure the Contact header on Session Initiation
Protocol (SIP) messages. Use the no form of this command to return to the default setting. Variations of
sip grammar contact host local

sip grammar contact host local fqdn
Syntax Description
host local Specifies that the local IP is used in the SIP Contact header.
fqdn Optional. Specifies that a fully qualified domain name (FQDN) is used in the
SIP Contact header.
Default Values
By default, SIP Contact headers use a local IP.
Command History
Usage Examples
The following example specifies that AOS device should use a FQDN in the Contact header of SIP
messages:
(config)#sip grammar contact host local fqdn

sip grammar contact host port persistent

Use the sip grammar contact host port persistent command to configure the AOS device to use the
Transmission Control Protocol (TCP) port from which AOS initiated a Transport Layer Security (TLS)
connection in the Contact uniform resource identifier (URI) sent by AOS. Use the no form of this
Syntax Description
host Specifies the Contact header Host field setting.
port Specifies the Contact header host port.
persistent Specifies that the persistent connection port should be used for the Contact
header host port.
Default Values
Command History
Release R11.5.0 Command was introduced
Functional Notes
This configuration is useful when using client-only authentication. With this type of authentication, a
persistent connection is established to the SIP server. Many SIP servers and enterprise session border
controllers (eSBCs) need to see the TCP port from which AOS initiated the TLS connection in the Contact
URI sent by AOS.
Usage Examples
The following example specifies that AOS device should use the TCP port from which AOS initiated the
TLS connection in the Contact URI sent by AOS:
(config)#sip grammar contact host port persistent

sip grammar from

Use the sip grammar from command to configure the From header on Session Initiation Protocol (SIP)
messages. Use the no form of this command to return to the default setting. Variations of this command
include:
sip grammar from host domain

sip grammar from host local
sip grammar from host local fqdn
sip grammar from host override registered-users domain
sip grammar from host override registered-users local
sip grammar from host override registered-users sip-server
sip grammar from host sip-server
sip grammar from user domestic
sip grammar from user domestic <Txx>
sip grammar from user international
sip grammar from user international <Txx>
Syntax Description
host Specifies the Host field formatting.
domain Specifies the Domain for formatting the header.
local Specifies the Local IP for formatting the header.
fqdn Optional. Specifies a fully qualified domain name (FQDN) is used for
formatting the header.
override registered-users Overrides the current sip grammar from host setting for SIP messages
originating from registered users.
sip-server Specifies the SIP server for formatting the header.
user Specifies the User field formatting.
domestic Sends the number as specified by the calling party.
international Sends the number with E.164 formatting.
<Txx> Optional. Indicates a two-digit trunk identifier (i.e., T01).
Default Values
By default, the host for formatting messages is sip-server. Also, the default for the user format is
domestic.
Command History
Release 13.1 Command was expanded to include the domestic and international formats
for the From User header.
Release A5.01 Command was expanded to include the override registered-users
parameter.

Release R13.11.0 Command was expanded to include the fqdn parameter.
Functional Notes
Omitting the trunk option when issuing the sip grammar from user command specifies the User header
globally.
Usage Examples
The following example sets the From header format to use a local IP:
(config)#sip grammar from host local
The following example sets the From header format to use calling party format on trunk T02:
(config)#sip grammar from user domestic T02
Technology Review
This technology review provides information about the E.164 recommendation for International numbering
plans and telephone number formats.
A fully specified telephone number can have a maximum of 15 digits, including country code, area code,
and the subscriber’s number. These numbers usually consist of a + prefix. E.164 numbers exclude dialing
prefixes. The most familiar prefixes are international direct dialing (IDD) and national direct dialing (NDD).
In countries other than the USA, the IDD and NDD are represented by different numbers.
Additionally, E.123 describes the use of + to indicate a fully specified international number. The + is used in
SIP headers to provide consistency across national and international phone calls.
AOS products provide support for E.164 by being able to specify a country code and an IDD prefix.
National format telephone numbers are converted to international format by prefixing them with + and the
country code. On outbound international calls, + is substituted for the IDD. On incoming international calls,
the + is removed. If the country code matches the configured value, it too is removed.
Setting the From header to international will cause phone numbers to be formatted as
indicated by E.164. The country code must be configured, and the number must be of type
national for this feature to work successfully.

sip grammar p-asserted-identity host

Use the sip grammar p-asserted-identity host command to enable and format the private extensions to
Session Initiation Protocol (SIP) for asserted identity within trusted networks. Use the no form of this
sip grammar p-asserted-identity host domain

sip grammar p-asserted-identity host local
sip grammar p-asserted-identity host local fqdn
sip grammar p-asserted-identity host sip-server
Syntax Description
domain Specifies the domain host for formatting the header.
local Specifies the local IP as host for formatting the header.
fqdn Optional. Specifies a fully qualified domain name (FQDN) is used for
formatting the header.
sip-server Specifies the SIP server as host for formatting the header.
Default Values
By default, the host for formatting messages is sip-server.
Command History
Release R13.11.0 Command was expanded to include the fqdn parameter.
Usage Examples
The following example sets the P-Asserted-Identity to use a local IP:
(config)#sip grammar p-asserted-identity host local

sip grammar p-early-media supported

Use the sip grammar p-early-media supported command to enable sending a P-Early-Media header with
a value of "supported" in Session Initiation Protocol (SIP) INVITE, PRACK, and UPDATE requests. Use
the no form of this command to disable the early media detection feature.
Syntax Description
No subcommands.
Default Values
By default, sending of the P-Early-Media header is disabled.
Command History
Functional Notes
Support for sending the P-Early-Media header can be configured globally, using the sip grammar
p-early-media supported command described here, or it can be configured on a per-trunk basis, using
the command grammar p-early-media supported on page 5062. The trunk setting will always take
precedence over the globally configured setting.
Usage Examples
To enable sending the P-Early-Media header, enter the command as follows:
(config)#sip grammar p-early-media supported

sip grammar proxy-require privacy

Use the sip grammar proxy-require privacy command to add a proxy-require header to Session
Initiation Protocol (SIP) message packets containing a privacy header. Use the no form of this command to
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example allows a proxy-require header to be added to packets containing a privacy header:
(config)#sip grammar proxy-require privacy

sip grammar refer-to

Use the sip grammar refer-to command to configure the Session Initiation Protocol (SIP) Refer-To
header on intratrunk attended transfers. Use the no form of this command to return to the default setting.
sip grammar refer-to intratrunk-attended-transfer source contact

sip grammar refer-to intratrunk-attended-transfer source to-from
Syntax Description
intratrunk-attended-transfer source Configures the source for Refer-To header of an intratrunk
attended transfer.
contact Specifies the Contact header as the source for the Refer-To
header.
to-from Specifies either the To or From header as the source for Refer-To
header.
Default Values
By default, the To or From header is the source for the Refer-To header on intratrunk attended transfers.
Command History
Usage Examples
The following example specifies the Contact header as the source for the Refer-To header of an intratrunk
attended transfer:
(config)#sip grammar refer-to intratrunk-attended-transfer source contact

sip grammar request-uri

Use the sip grammar request-uri command to format the Request uniform resource identifier (URI) for
Session Initiation Protocol (SIP) messages. Use the no form of this command to return to the default
sip grammar request-uri host domain

sip grammar request-uri host sip-server
sip grammar request-uri host-resolve
sip grammar request-uri transmit-network-selection <parameter name>
Syntax Description
host domain Specifies the domain for formatting the header.
host sip-server Specifies the SIP server IP for formatting the header.
host-resolve Enables the local unit to resolve the domain before
resolving the request URI.
transmit-network-selection <parameter name> Specifies that Transmit Network Selection is included in
the request URI.
Default Values
By default, the host for formatting messages is the SIP server. Also by default, host-resolve is disabled.
Command History
Release R10.8.0 Command syntax was changed to remove the ip
keyword.
Release R13.8.0 Command was expanded to include the
transmit-network-selection parameter.
Usage Examples
The following example enables SIP messages to resolve the request URI from the host domain:
(config)#sip grammar request-uri host domain
The following example enables SIP messages to resolve the request URI from the local unit:
(config)#sip grammar request-uri host-resolve

sip grammar require 100rel

Use the sip grammar require 100rel command to add 100rel to the Require header of a Session Initiation
Protocol (SIP) provisional response. Use the no form of this command to return to the default setting.
Syntax Description
No subcommands.
Default Values
By default, sip grammar require 100rel is disabled.
Command History
Functional Notes
This command enables or disables the sending of reliable provisional responses to clients that support
100rel. Reliable provisional responses will always be sent to clients that require 100rel even with sip
grammar require 100rel disabled.
Usage Examples
The following example enables sip grammar require 100rel:
(config)#sip grammar require 100rel
Technology Review
There are two Require headers that may use the 100rel tag, one in the initial request, and one in the
provisional response.
The user agent client (UAC) is used to initiate SIP requests. When the UAC creates a new request, it can
require reliable provisional responses for that request by adding the option tag 100rel to the Require
header of that request.
The user agent server (UAS) contacts the user when SIP requests are received, and returns responses on
behalf of the user, using provisional responses for request progress information. Provisional responses
(100 to 199) are transmitted on a best-effort basis. By using reliable provisional responses, responses are
sent by the UAS until they are acknowledged as received. This is especially beneficial when sending
provisional responses over an unreliable transport, such as User Datagram Protocol (UDP).
The UAS must send any non-100 provisional responses reliably if the initial request contained a Require
header field with the option tag 100rel. If the UAS is unwilling to do so, it must reject the initial request with
a Bad Extension message and include an Unsupported header field containing the option tag 100rel. If the
client supports 100rel, the UAS has the option of sending provisional responses with or without the
Require 100rel tag as instructed by the sip grammar require 100rel command.

sip grammar supported 100rel

Use the sip grammar supported 100rel command to include 100rel in the supported header of the Session
Initiation Protocol (SIP) message. Use the no form of this command to return to the default setting.
Syntax Description
No subcommands.
Default Values
By default, sip grammar supported 100rel is disabled.
Command History
Usage Examples
The following example enables sip grammar supported 100rel:
(config)#sip grammar supported 100rel

sip grammar to host

Use the sip grammar to host command to format the host format of the To header of a Session Initiation
Protocol (SIP) message. Use the no form of this command to return to the default setting. Variations of this
command include:
sip grammar to host domain

sip grammar to host sip-server
Syntax Description
domain Specifies the domain for formatting the header.
sip-server Specifies the SIP server for formatting the header.
Default Values
By default, the host for formatting messages is the SIP server.
Command History
Usage Examples
The following example sets the To header format to use a domain host:
(config)#sip grammar to host domain

sip grammar user-agent

Use the sip grammar user-agent command to configure the user agent (UA) header format in Session
Initiation Protocol (SIP) messages. The UA header can be given the default value for the product, a
user-defined value, or no value at all, in which case the UA header is not sent in SIP messages. In addition,
other specific values can be included in the UA header. Use the no form of this command to return to the
default of the product. Variations of this command include the following:
sip grammar user-agent <word>

sip grammar user-agent default
sip grammar user-agent include custom-text <word>
sip grammar user-agent include firmware-version
sip grammar user-agent include hostname
sip grammar user-agent include serial-number
sip grammar user-agent none
Syntax Description
<word> Specifies a word as a user-defined value to replace the default UA value.
Maximum 128 letters.
default Returns the UA header field to the default value.
include Specifies that additional information is included in the UA header.
custom-text <word> Specifies that a user-defined value is included in the UA header. Maximum
128 letters.
firmware-version Specifies that the firmware version is included in the UA header.
hostname Specifies that the host name is included in the UA header.
serial-number Specifies that the serial number is included in the UA header.
none Disables the UA header field resulting in no UA header sent in SIP
messages.
Default Values
By default, the UA value is set to the default value of the product.
Command History
Release R10.3.0 Command was expanded to include the include parameters.
Usage Examples
The following example removes the UA header field from SIP messages:
(config)#sip grammar user-agent none

sip hmr
Use the sip hmr command to apply a Session Initiation Protocol (SIP) header manipulation rule (HMR)
policy to all SIP traffic on the AOS device. Use the no form of this command to remove the HMR policy.
sip hmr <name> in

sip hmr <name> out
Syntax Description
<name> Specifies the name of the HMR policy to apply to the SIP traffic.
in Specifies that the HMR policy is applied to ingress SIP traffic.
out Specifies that the HMR policy is applied to egress SIP traffic.
Default Values
By default, no SIP HMR policies are applied to SIP traffic.
Command History
Functional Notes
For more information about SIP HMR and its uses and configuration, refer to the configuration guide
Usage Examples
The following example adds the HMR policy MYPOLICY1 to the AOS unit for all inbound SIP traffic:
(config)#sip hmr MYPOLICY1 in

sip inbound-trunk-matching
Use the sip inbound-trunk-matching command to enable and configure inbound trunk matching. Use the
no form of this command to return to the default settings. Variations of this command include:
sip inbound-trunk-matching default-trunk <Txx>

sip inbound-trunk-matching prefer trunk-routing
sip inbound-trunk-matching require-registration
Syntax Description
default-trunk <Txx> Specifies a trunk to use when matching fails. The trunk is specified in the format
Txx (e.g., T01).
prefer trunk-routing Specifies that trunk matches are preferred over users.
require-registration Indicates that the request uniform resource identifier (URI) user is required to be
registered on a trunk.
Default Values
By default, there is no default trunk set and the require-registration option is disabled.
Command History
Release A4.01 Command was expanded to include the prefer trunk-routing parameter.
Usage Examples
The following example configures AOS to require registration for inbound trunk matching:
(config)#sip inbound-trunk-matching require-registration

sip location
Use the sip location command to manually add a Session Initiation Protocol (SIP) user agent (UA) to the
location database. Use the no form of this command to disable this feature. Variations of this command
include:
sip location <username> <ip address>

sip location <username> <ip address> <port>
sip location <username> <ip address> <port> tcp
sip location <username> <ip address> <port> tcp <number>
sip location <username> <ip address> <port> udp
sip location <username> <ip address> <port> udp <number>
Syntax Description
<username> Specifies the user name for the UA being added to the location database.
<ip address> Specifies the IP address for the UA being added to the location database.
example, 10.10.10.1). IPv6 addresses should be expressed in colon
<port> Optional. Specifies the port of the UA to add to the database. If no port is
specified, default port is 5060.
tcp Optional. Specifies the use of Transmission Control Protocol (TCP) for
session communication.
udp Optional. Specifies the use of User Datagram Protocol (UDP) for session
communication.
<number> Optional. Specifies the time in seconds that a user is stored in the database.
Range from 0 to 36000. If no time is specified, default time is zero seconds.
Default Values
Command History
Release 15.1 Command was expanded to include a choice of transport protocols and
expiration time.
Usage Examples
The following example specifies an IPv4 SIP location of 192.33.5.99 for a user named 2001:
(config)#sip location 2001 192.33.5.99

sip prefer double-reinvite

Use the sip prefer double-reinvite command to specify globally that Session Initiation Protocol (SIP)
double reInvite messages are included in calls in the system. Calls that typically require a double reInvite
are forwarded calls from call overage and any attended transfer, and when these calls connect, a double
reInvite message is initiated when the feature is enabled. Using the no form of this command indicates that
double reInvites are not globally preferred. Use the commands prefer double-reinvite on page 5099 and
prefer reinvite-without-sdp on page 5100 to specify the trunk settings for this feature.
This command should only be issued by advanced users or at the direction of ADTRAN
technical support.
Syntax Description
No subcommands.
Default Values
By default, all calls in the system prefer a double reInvite.
Command History
Functional Notes
The sip prefer double-reinvite command is used in the Global Configuration mode to determine whether
a double reInvite is preferred in calls in the system. By default, the system is configured so that double
reInvites are preferred, and all trunk accounts prefer a double reInvite. Double reInvites are used, for
example, when a SIP trunk in local transfer mode is providing ring-back during a blind transfer. In this
scenario, a double reInvite must occur in order to establish a talk path after the transfer target answers.
You can specify whether a specific trunk prefers a double reInvite by using the command prefer
double-reinvite on page 5099.
You can also specify whether Session Description Protocol (SDP) is used in the double reInvite message.
To send a double reInvite without SDP, refer to the command prefer reinvite-without-sdp on page 5100.
When a double reInvite is initiated, the first reInvite without SDP is not sent to the account that does not
require it. When both accounts do not require a reInvite with SDP, the target account sends the initial
reInvite message.
Usage Examples
The following example specifies that SIP double reInvites are not preferred in the system:
(config)#no sip prefer double-reinvite

sip privacy
Use the sip privacy command to specify outbound calls to include privacy headers (when configured) and
inbound calls to be filtered on privacy settings. Use the no form of this command to return to the default
setting.
Syntax Description
No subcommands.
Default Values
By default, Session Initiation Protocol (SIP) privacy is disabled.
Command History
Usage Examples
The following example enables SIP privacy:
(config)#sip privacy

sip proxy
Use the sip proxy command to enable Stateful and Outbound modes of Session Initiation Protocol (SIP)
proxy operation at the global level. Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Although the sip proxy command enables Stateful and Outbound modes of SIP proxy operation, it is also
necessary to use this command in conjunction with the sip proxy transparent command for transparent
proxy mode. For more information about transparent proxy, refer to the command sip proxy transparent on
page 1756.
For more information about SIP proxy, refer to the Configuring SIP Proxy in AOS configuration guide
Usage Examples
The following example allows the SIP proxy server to operate in the Stateful and Outbound modes:
(config)#sip proxy

sip proxy allowed-servers <hostname | ip address>

Use the sip proxy allowed-servers command to specify a server to which devices behind the proxy are
allowed to send Session Initiation Protocol (SIP) traffic. Use the no form of this command to return to the
default setting.
Syntax Description
<hostname | ip address> Specifies the fully qualified domain name (FQDN) or IP address of the SIP
proxy server. IPv4 addresses should be expressed in dotted decimal
notation (for example, 208.61.209.1). IPv6 addresses should be expressed
in colon hexadecimal notation (for example, 2001:DB8:1::1).
Default Values
By default, SIP traffic to any server is allowed in Transparent and Outbound proxy modes. This means that
if no server is specified, traffic to any server is permitted, but if this command is entered, only traffic to the
configured servers is allowed.
Command History
Functional Notes
The sip proxy allowed-servers command can be entered multiple times to allow traffic to multiple
servers.
Usage Examples
The following example adds the server with an IPv4 address of 10.200.1.9 as an allowed SIP proxy server:
(config)#sip proxy allowed-servers 10.200.1.9

sip proxy dial-string source

Use the sip proxy dial-string source command to specify the dial-string source for the Session Initiation
Protocol (SIP) proxy server. Use the no form of this command to return to the default setting. Variations of
sip proxy dial-string source request-uri

sip proxy dial-string source to
Syntax Description
request-uri Specifies the Request-URI user field as the dial-string source.
to Specifies the To header as the dial-string source.
Default Values
By default, the dial-string source is set to request-uri.
Command History
Usage Examples
The following example sets the To header as the dial-string source:
(config)#sip proxy dial-string source to

sip proxy domain <string>

Use the sip proxy domain command to specify a domain string for Session Initiation Protocol (SIP) proxy
messaging. Use the no form of this command to return to the default setting.
Syntax Description
<string> Specifies the domain string for SIP messaging.
Default Values
By default, sip proxy domain is not configured.
Command History
Usage Examples
The following example specifies Sample as the SIP proxy domain string:
(config)#sip proxy domain Sample

sip proxy emergency-call-routing

Use the sip proxy emergency-call-routing command to first specify the Session Initiation Protocol (SIP)
proxy method used to route a call during failover and to then specify the calls that are considered
emergency calls for SIP proxy emergency routing. Use the no form of this command to disable emergency
call routing and to remove the call routing templates. Variations of this command include:
sip proxy emergency-call-routing local

sip proxy emergency-call-routing proxy
sip proxy emergency call-routing accept <template>
sip proxy emergency-call-routing reject <template>
Syntax Description
local Specifies that all emergency calls are routed directly through the
switchboard.
proxy Specifies that all emergency calls are routed through the proxy before
sending them to the switchboard.
accept <template> Specifies that calls matching the template are accepted as emergency calls.
Refer to the Functional Notes section of this command for more information.
reject <template> Specifies that calls matching the template are rejected as emergency calls.
Refer to the Functional Notes section of this command for more information.
Default Values
By default, the SIP proxy is set to send all emergency calls directly through the switchboard (the local
parameter). By default, no emergency number templates or patterns are configured in the system;
therefore, no calls are classified as emergency calls.
Command History
Functional Notes
Before specifying which calls are defined as emergency calls, you should configure the method used for
routing emergency calls (using the sip proxy emergency-call-routing local or sip proxy
emergency-call-routing proxy commands). For the default emergency call routing method (local) to
function on AOS data products, a local SIP gateway must be configured using the command sip proxy
local-gateway <hostname | ip address> on page 1743. On AOS voice products, the local SIP gateway is
enabled by default.
After the emergency call routing method has been specified, emergency calls must be defined for
emergency call routing to perform any action. Emergency call definitions are configured using the sip
proxy emergency-call routing accept <template> and sip proxy emergency-call-routing reject
<template> commands.



Usage Examples
The following example enables SIP proxy emergency call routing on an AOS voice product and specifies
the routing method as proxy:
(config)#sip proxy emergency-call-routing proxy
The following example specifies a local SIP gateway and enables SIP proxy emergency call routing on an
AOS data product:
(config)#sip proxy local-gateway 10.19.209.55

(config)#sip proxy emergency-call-routing local
The following example specifies that 911 calls are accepted as emergency calls on an AOS voice product:
(config)#sip proxy emergency-call-routing proxy

(config)#sip proxy emergency-call-routing accept 911

The following example specifies that 911 calls are accepted as emergency calls on an AOS data product:
(config)#sip proxy local-gateway 10.19.209.55

(config)#sip proxy emergency-call-routing local
(config)#sip proxy emergency-call-routing accept 911

sip proxy failover accept-registrations

Use the sip proxy failover accept-registrations command to configure the Session Initiation Protocol
(SIP) proxy server to accept new registrations when the system is in survivability (failover) mode. Use the
no form of this command to return to the default setting.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables the server to accept registration during failover conditions:
(config)#sip proxy failover accept-registrations

sip proxy failover codec-group <name>

Use the sip proxy failover codec-group command to specify the Session Initiation Protocol (SIP) proxy
server’s coder-decoder (CODEC) when the system is in failover mode. Use the no form of this command
Syntax Description
<name> Specifies the name of a previously created CODEC list to be used during
failover.
Default Values
By default, no CODEC list is configured or applied.
Command History
Functional Notes
The sip proxy failover codec-group command is available on AOS voice products only. This command is
not available on AOS data products. For more information regarding CODEC list configuration, refer to the
Voice CODEC List Command Set on page 4879.
For more information regarding SIP proxy configuration, refer to the Configuring SIP Proxy in AOS
Usage Examples
The following example enables the CODEC list named List1 during failover:
(config)#sip proxy failover codec-group List1

sip proxy failover dial-string source

Use the sip proxy failover dial-string source command to specify the dial-string source for the Session
Initiation Protocol (SIP) proxy server when the system is in survivability (failover) mode. Use the no form
of this command to return to the default setting. Variations of this command include:
sip proxy failover dial-string source request-uri

sip proxy failover dial-string source to
Syntax Description
request-uri Specifies the Request-URI user field as the dial-string source.
to Specifies the To header as the dial-string source.
Default Values
By default, the dial-string source is request-uri.
Command History
Usage Examples
The following example specifies using the To header for the dial-string source:
(config)#sip proxy failover dial-string source to

sip proxy failover direct-inbound

Use the sip proxy failover direct-inbound command to allow direct inbound routing of calls to proxy
users during failover mode without first routing the call out a Session Initiation Protocol (SIP) trunk. This
feature is used when a network configuration does not use a SIP trunk. Use the no form of this command to
Syntax Description
No subcommands.
Default Values
By default, direct inbound call routing is disabled.
Command History
Usage Examples
The following example enables direct inbound routing of calls during failover:
(config)#sip proxy failover direct-inbound

sip proxy failover group match-value <pattern> new-value <pattern>

Use the sip proxy failover group match-value new-value command to enable forking of calls to users
registered with unique extensions in survivability (failover) mode. Use the no form of this command to
return to remove the entry.
The following configurations can lead to unexpected behavior:

• Matching a valid extension with multiple groups.
• Creating a failover group with an existing extension.
Syntax Description
<pattern> Specifies a number pattern using either traditional number matching or
regular expression matching methods. Refer to the Functional Notes below
Default Values
By default, there are no failover group patterns defined.
Command History
Functional Notes
For more information about configuring SIP proxy failover, refer to the Configuring SIP Proxy in AOS
Both the match-value <pattern> and the new-value <pattern> parameters can be defined using traditional
number matching and regular expression matching methods. Traditional number matching uses numbers
and wildcard variables to enter a pattern.



In regular expressions number matching, the match strings are encapsulated by paired / (slash) symbols.
This indicates that the pattern is to be treated as a regular expression. Using regular expressions allows
greater flexibility in matching multiple number templates with fewer expressions.
AOS is compatible with Perl compatible regular expressions (PCREs). More information on
understanding and using regular expressions is available at http://www.pcre.org.
The use of quotation marks in a command syntax, when entering a string is not necessary
unless the string requires using a space or ?. Using either of these characters outside of
quotation marks is interpreted by the CLI as commands and not recognized as part of the
string. The use of quotation marks in the following examples are provided to cover all
possible user-entered strings. These examples can be entered without the quotation marks
and function in the same manner.
Usage Examples
The following example uses the regular expression number matching method to match a dial string
beginning with 5551111.sca and create a failover group that can be dialed as 5551111:
(config)#sip proxy failover group match-value “/^5551111\.sca/” new-value “/5551111/”

sip proxy failover match-alias <pattern> substitute <pattern>

Use the sip proxy failover match-alias substitute command to configure an alias to match a dial string
and substitute the specified pattern. This feature is used to route a survivability call when the Session
Initiation Protocol (SIP) proxy is in failover mode. If an INVITE message is directed toward a matching
alias, the substitution pattern is evaluated and compared to current proxy users. The first user to match the
substitution pattern is selected to receive the SIP message. Use the no form of this command to return to
Syntax Description
<pattern> Specifies a number pattern using either traditional number matching or
regular expression matching methods. Refer to the Functional Notes below
Default Values
By default, there are not match-alias substitutions defined.
Command History
Functional Notes
SIP proxy failover occurs using an automatically created trunk contained in AOS’s basic configuration. This
trunk is a hidden SIP trunk with the same default settings as a regular SIP trunk. For more information
about configuring SIP proxy failover, refer to the Configuring SIP Proxy in AOS configuration guide
Both the match-alias <pattern> and the substitute <pattern> parameters can be defined using traditional
number matching and regular expression matching methods. Traditional number matching uses numbers
and wildcard variables to enter a pattern.



quotation marks is interpreted by the CLI as commands and not recognized as part of the
string. The use of quotation marks in the following examples are provided to cover all
possible user-entered strings. These examples can be entered without the quotation marks
and function in the same manner.
Usage Examples
The following example uses the traditional number matching method to match a 7-digit number beginning
with 555 and replace it with 5551111:
(config)#sip proxy failover match-alias “555XXXX” substitute “5551111”
The following example uses the regular expression number matching method to match a 7-digit number
beginning with 555 and replace it with 5551111:
(config)#sip proxy failover match-alias “/555\d{4}/” substitute “/5551111/”

sip proxy failover match-digits <value>

Use the sip proxy failover match-digits command to specify the number of least-significant digits of the
dial string to match in order to route a surviving call to proxy users during when in failover mode. Use the
no form of this command to return to the default setting.
Syntax Description
<value> Specifies the number of digits within a template to match during failover.
The valid range is 1 to 255.
Default Values
By default, the number of match-digits is not specified.
Command History
Functional Notes
The sip proxy failover match-digits command can be entered multiple times.
Session Initiation Protocol (SIP) proxy failover occurs using an automatically created trunk contained in
AOS’s basic configuration. This trunk is a hidden SIP trunk with the same default settings as a regular SIP
trunk. For more information about configuring SIP proxy failover, refer to the Configuring SIP Proxy in AOS
Usage Examples
The following example sets the sip proxy failover match-digits to 7:
(config)#sip proxy failover match-digits 7

sip proxy failover register-expires <value>

Use the sip proxy failover register-expires command to specify the length of time Session Initiation
Protocol (SIP) phone registrations remain in the SIP Proxy database while in failover mode. Once the
register-expires time has elapsed, the SIP phones must re-register or they will be removed from the SIP
Proxy database. This setting only applies when the SIP Proxy is in failover mode. Use the no form of this
Syntax Description
<value> Specifies the amount of time (in seconds) that the registration is valid. Time
Default Values
By default, the registration value is 300 seconds.
Command History
Usage Examples
The following example specifies the failover registration is valid for 120 seconds:
(config)#sip proxy failover register-expires 120

sip proxy failover sip-keep-alive

Use the sip proxy failover sip-keep-alive command to configure the Session Initiation Protocol (SIP)
proxy server keep-alive method when the system is in survivability (failover) mode. Keep-alive messages
must be sent between the SIP device and the registrar to keep the connected channel open for
communication. Use the no form of this command to return to the default setting. Variations of this
sip proxy failover sip-keep-alive info

sip proxy failover sip-keep-alive info <value>
sip proxy failover sip-keep-alive options
sip proxy failover sip-keep-alive options <value>
Syntax Description
<value> Specifies the amount of time in seconds between keep-alive messages sent
during a call. The range is 30 to 3600 seconds.
info Specifies using the INFO keep-alive method on this trunk.
options Specifies using the OPTIONS keep-alive method on this trunk.
Default Values
By default, this command is not configured.
Command History
Usage Examples
The following example enables the INFO method to be used as the SIP keep-alive method with the timeout
between messages set to 3 minutes:
(config)#sip proxy failover sip-keep-alive info 180

sip proxy failover trust-domain

Use the sip proxy failover trust-domain command to enable the AOS unit to use P-Asserted Identity
Session Initiation Protocol (SIP) privacy when communicating with the softswitch when in failover mode.
Use the no form of this command to disable this feature. Variations of this command include:
sip proxy failover trust-domain

sip proxy failover trust-domain p-asserted-identity-required
Syntax Description
p-asserted-identity-required Specifies that P-Asserted-Identity is required for this domain.
Default Values
Command History
Functional Notes
The sip proxy failover trust-domain command allows the AOS unit to look at any P-Asserted-Identity
header the phones might send while the AOS device is in failover mode. The
p-asserted-identity-required parameter is only used with nonstandard softswitches and should not be
used in normal configurations.
Usage Examples
The following example specifies that P-Asserted-Identity is enabled:
(config)#sip proxy failover trust-domain

sip proxy force-port-translation

Use the sip proxy force-port-translation command to enable force-port-translation for Session
Initiation Protocol (SIP) proxy operation. Enabling this feature allows a SIP user to register from multiple
phones to the SIP Proxy. Use the no form of this command to return to the default setting. Variations of
sip proxy force-port-translation

sip proxy force-port-translation exclude-via
This command has a very limited application and only applies to very specific network
configurations. If you are not familiar with its usage, contact ADTRAN Technical Support
for assistance.
Syntax Description
exclude-via Indicates excluding the Via header from port translation.
Default Values
Command History
Release 17.9 Command was introduced for AOS data products.
Release A2.07 Command was included for AOS voice products.
Functional Notes
Enabling force-port-translation allows the SIP Proxy to create a unique registration in the user database
for the same user from multiple phones. This feature retains the key generated by the proxy and inserted
into the user portion of the Contact header. It also uses the source port that is generated by the firewall
when doing NAT. The source port is inserted at the end of the host portion of any address translated in the
SIP header. Enabling the exclude-via parameter on this command, excludes the Via header from the
source port translation.
Usage Examples
The following example enables force-port-translation:
(config)#sip proxy force-port-translation

sip proxy grammar

Use the sip proxy grammar command to specify the Session Initiation Protocol (SIP) proxy grammar
options. Use the no form of this command to return to the default setting. Variations of this command
include:
sip proxy grammar contact outbound-server-reference host domain

sip proxy grammar contact outbound-server-reference host sip-server
sip proxy grammar expires param-conversion
sip proxy grammar non-invite domain-undo
sip proxy grammar from host domain
sip proxy grammar from host sip-server
sip proxy grammar request-uri host domain
sip proxy grammar request-uri host sip-server
sip proxy grammar to host domain
sip proxy grammar to host sip-server
Syntax Description
expires param-conversion Enables conversion of Expires parameters to Expires headers.
non-invite domain-undo Enables translation of domain address to proxy address for inbound stateful
requests.
from Configures grammar for the From header.
request-uri Configures grammar for the Request URI header.
to Configures grammar for the To header.
host Configures the host portion of the specified header.
domain Specifies using the configured domain string in the specified header.
sip-server Specifies using the resolved SIP server address in the specified header.
contact Configures grammar for the Contact header.
outbound-server-reference Configures the Contact header grammar for outbound server references.
Default Values
By default, sip proxy grammar for all option headers is sip-server.
Command History
Release 17.3 Command was expanded to include the Expires header option.
Release A2 Command was expanded to include the Non-Invite header option.
Release A5.01 Command was expanded to include the Contact header option and
outbound-server-reference parameter.

Usage Examples
The following example configures the To header using the configured SIP proxy domain string:
(config)#sip proxy grammar to host domain

sip proxy hmr

Use the sip proxy hmr command to apply a Session Initiation Protocol (SIP) header manipulation rule
(HMR) policy to SIP traffic to or from devices (such as phones) behind a SIP proxy or to SIP proxy traffic
travelling to or from proxy servers. Use the no form of this command to remove the HMR policy.
sip proxy hmr server <name> in

sip proxy hmr server <name> out
sip proxy hmr user <name> in
sip proxy hmr user <name> out
Syntax Description
<name> Specifies the name of the HMR policy to apply to the SIP traffic.
server Specifies that the HMR policy is applied to SIP traffic to or from SIP proxy
servers.
user Specifies that the HMR policy is applied to SIP traffic to or from devices
behind the SIP proxy (such as phones).
in Specifies the HMR policy is applied to ingress traffic.
out Specifies the HMR policy is applied to egress traffic.
Default Values
By default, no SIP HMR policies are applied to SIP traffic.
Command History
Functional Notes
For more information about SIP HMR and its uses and configuration, refer to the configuration guide
Usage Examples
The following example adds the HMR policy MYPOLICY1 for all inbound SIP proxy user traffic:
(config)#sip hmr proxy user MYPOLICY1 in
The following example adds the HMR policy MYPOLICY1 for all inbound SIP proxy server traffic:
(config)#sip hmr proxy server MYPOLICY1 in

sip proxy local-gateway <hostname | ip address>

Use the sip proxy local-gateway command to configure the local Session Initiation Protocol (SIP)
gateway. Use the no form of this command to disable this feature. Variations of this command include:
sip proxy local-gateway <hostname | ip address>

sip proxy local-gateway <hostname | ip address> tcp
sip proxy local-gateway <hostname | ip address> tcp <port>
sip proxy local-gateway <hostname | ip address> udp
sip proxy local-gateway <hostname | ip address> udp <port>
Syntax Description
<hostname | ip address> Specifies the host name or IP address of the local SIP proxy gateway. IPv4
10.10.10.1). IPv6 addresses should be expressed in colon hexadecimal
notation (for example, 2001:DB8:1::1).
tcp Optional. Configures the gateway to use Transmission Control Protocol
(TCP).
udp Optional. Configures the gateway to use User Datagram Protocol (UDP).
<port> Optional. Specifies the TCP or UDP port used by the gateway. Range is 1 to
65535.
Default Values
By default, the sip proxy local-gateway is not configured. When configured, the default protocol is udp on
port 5060. If a particular protocol is configured and no port is specified, the default port is set to 5060.
Command History
Functional Notes
The sip proxy local-gateway command enables the necessary local SIP gateway in AOS data products.
This gateway is necessary for routing emergency calls when using SIP proxy. On AOS voice products, the
local gateway is enabled by default.
Usage Examples
The following example sets the local gateway:
(config)#sip proxy local-gateway serviceprovider@network.com

sip proxy register rate-adaption

Use the sip proxy register rate-adaption command to configure REGISTER rate-adaption for Session
Initiation Protocol (SIP) proxy users. This command allows you to reduce the rate that SIP proxy users’
REGISTER requests are forwarded by the unit to the SIP server. Use the no form of this command to
return to disable this feature. Variations of this command include:
sip proxy register rate-adaption

sip proxy register rate-adaption server-expires <value>
sip proxy register rate-adaption threshold absolute <value>
sip proxy register rate-adaption threshold percentage <percentage>
sip proxy register rate-adaption user-expires <value>
Syntax Description
server-expires <value> Specifies the expiration period requested from the SIP
server in the REGISTER request. Valid range is 30 to
86400 seconds.
threshold absolute <value> Specifies a fixed amount of time that is used to determine
when the unit will forward a REGISTER request from the
SIP proxy user to the SIP server. The value of this
parameter must be less than the value set by the
server-expires <value> parameter. Valid range is 5 to
604800 seconds
threshold percentage <percentage> Specifies a percentage of the REGISTER expiration period
that is used to determine when the unit will forward a
REGISTER request from the SIP proxy user to the SIP
server. Valid range is 10 to 90 percent.
user-expires <value> Specifies the expiration period (in seconds) given to the
SIP proxy user in the REGISTER response. Valid range is
30 to 86400 seconds.
Default Values
The default server-expires value is 3600. The default user-expires value is 60. The default threshold is
threshold percentage 50.
Command History

Functional Notes
This command allows the unit to reduce the load of REGISTER requests sent by SIP proxy users to the
SIP server. When this command is enabled, the unit modifies the Expires header to be a large value in
outbound REGISTER requests to the SIP server (defined by the server-expires <value> parameter). In
the corresponding responses from the SIP server, the unit modifies the Expires header to be a small value
when forwarding the REGISTER response to the phone (defined by the user-expires <value> parameter).
The ratio between these two times determines how many REGISTER requests (after the first) the unit
forwards to the SIP server and how many REGISTER requests the unit will handle locally. SIP proxy user
REGISTER requests are forwarded by the unit if the time remaining in the REGISTER expiration period is
less than or equal to the REGISTER expiration period received from the SIP server minus the threshold
(defined by the threshold absolute <value> and threshold percentage <percentage> parameters) minus
the modified REGISTER expiration period forwarded to the SIP proxy user. All other REGISTER requests
from SIP proxy users are handled locally by the unit. For example, if the REGISTER expiration period from
the SIP server is 3600 seconds, the threshold is set to threshold absolute 180, and the REGISTER
expiration period in the modified REGISTER response forwarded to the user is 60 seconds, then the first
REGISTER request from the SIP proxy user that occurs after 3360 seconds (3600 - 180 - 60) will be
forwarded to the SIP server. Similarly, if the REGISTER expiration period from the SIP server is 3600
seconds, the threshold is set to threshold percent 10, and the modified Expires period in the REGISTER
response given to the user is 60 seconds, then the first REGISTER request from the SIP proxy user that
occurs after 3180 seconds (3600 - .10(3600) - 60) will be forwarded to the SIP server.
Usage Examples
The following example specifies a rate-adaption threshold of 10 percent of the Expires period from the SIP
server:
(config)#sip proxy register rate-adaption threshold percentage 10

sip proxy routing contact-comparison strict

Use the sip proxy routing contact-comparison strict command to configure the Session Initiation
Protocol (SIP) proxy server to make strict comparisons between Contact headers. Use the no form of this
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example modifies the Contact comparison settings to make strict comparisons of Contact
headers during routing:
(config)#sip proxy routing contact-comparison strict

sip proxy routing server-selection in-dialog

Use the sip proxy routing server-selection in-dialog command to configure the Session Initiation
Protocol (SIP) server selection method used by the SIP proxy for new outbound SIP requests within an
existing dialog. Use the no form of this command to return to the default setting.Variations of this
sip proxy routing server-selection in-dialog configured

sip proxy routing server-selection in-dialog learned
Syntax Description
configured Specifies that the SIP proxy uses configured SIP servers (in order) as the
destination for new outbound SIP requests in an existing dialog.
learned Specifies that the SIP proxy uses the SIP server learned from a given dialog
as the destination for new outbound SIP requests in that dialog.
Default Values
By default, the SIP proxy server selection is set to learned.
Command History
Usage Examples
The following example configures the SIP proxy to use previously configured SIP servers as the
destination for new outbound SIP requests in an existing dialog:
(config)#sip proxy routing server-selection in-dialog configured

sip proxy sip-server monitor

Use the sip proxy sip-server monitor command to enable the Session Initiation Protocol (SIP) proxy
server monitor feature and enter the SIP Proxy SIP-Server Monitor command set. Use the no form of this
command to disable the feature and return to the default settings. For more information on commands
available for configuring this feature, refer to SIP Proxy Monitor Command Set on page 4851.
Syntax Description
No subcommands.
Default Values
By default, sip proxy sip-server monitor is disabled.
Command History
Functional Notes
The SIP proxy SIP server monitor feature adds rollover support to the SIP proxy in stateful mode. If the
currently selected SIP server becomes unresponsive, the proxy uses a secondary proxy server for all
future calls. The proxy monitor polls the failed SIP servers to detect when they are operational again. Calls
are routed to more preferred servers as service is restored.
Usage Examples
The following example enables the sip proxy sip-server monitor and enters the SIP Proxy SIP-Server
Monitor configuration mode:
(config)#sip proxy sip-server monitor

Configuring New Proxy Monitor.
(config-proxy-monitor)#

sip proxy sip-server monitor stateful

Use the sip proxy sip-server monitor stateful command to enable the Session Initiation Protocol (SIP)
proxy server monitor feature for transparent SIP proxy. Use the no form of this command to disable the
feature and return to the default settings. Variations of this command include:
sip proxy sip-server monitor stateful-transparent

sip proxy sip-server monitor stateful-only
Syntax Description
stateful-transparent Specifies that SIP monitor is enabled for stateful and transparent SIP proxy.
stateful-only Specifies that SIP monitor is enabled for stateful SIP proxy only.
Default Values
By default, sip proxy sip-server monitor is set to stateful-only.
Command History
Functional Notes
This command sets the SIP monitor state for the transparent SIP proxy; it does NOT create a SIP proxy
monitor for non-transparent proxy, or enter the monitor’s configuration. The SIP monitor for
non-transparent proxy configuration is available only using the command sip proxy sip-server monitor on
page 1748.
When the transparent proxy monitor is enabled, it compares the destination SIP server in the SIP packet to
the configured list of SIP servers. If the destination matches a server in the list, the proxy determines if any
of the configured servers are UP. If at least one server is up, the transparent proxy does not go into failover
mode, and the phone is expected to try another SIP server. If none of the monitored servers are UP, the
proxy transitions the call to failover mode.
Usage Examples
The following example enables the SIP transparent proxy monitor:
(config)#sip proxy sip-server monitor stateful-transparent

sip proxy sip-server primary

Use the sip proxy sip-server primary command to configure the primary Session Initiation Protocol (SIP)
server softswitch. Use the no form of this command to disable the softswitch. The softswitch cannot be
disabled unless all configured secondary softswitches are removed (refer to the command sip proxy
sip-server secondary on page 1753). Variations of this command include:
sip proxy sip-server primary <hostname | ip address>

sip proxy sip-server primary <hostname | ip address> tcp
sip proxy sip-server primary <hostname | ip address> tcp <port>
sip proxy sip-server primary <hostname | ip address> tls <profile name>
sip proxy sip-server primary <hostname | ip address> tls <profile name> <TLS port>
srv <service-name-prefix>
srv <service-name-prefix> <transport-name-prefix>
sip proxy sip-server primary <hostname | ip address> tls <profile name> srv <service-name-prefix>
sip proxy sip-server primary <hostname | ip address> tls <profile name> srv <service-name-prefix>
<transport-name-prefix>
sip proxy sip-server primary <hostname | ip address> udp
sip proxy sip-server primary <hostname | ip address> udp <port>
Syntax Description
<hostname | ip address> Specifies the fully qualified domain name (FQDN) or IP address of the
outbound SIP proxy server. IPv4 addresses should be expressed in dotted
decimal notation (for example, 208.61.209.1). IPv6 addresses should be
expressed in colon hexadecimal notation (for example, 2001:DB8:1::1).
tcp Optional. Configures the softswitch to use Transmission Control Protocol
(TCP).
<port> Optional. Specifies the TCP port used by the softswitch. Range is 1 to
65535.
tls <profile name> Optional. Specifies the SIP traffic uses Transport Layer Security (TLS). If
TLS is specified, a TLS profile must be specified. The TLS profile must have
been created prior to issuing this command (refer to the command tls-profile
<profile name> on page 1870).
<TLS port> Optional. Specifies the TLS destination port. Range is 1 to 65535.
srv <service name prefix> Optional. Specifies the service name prefix for the DNS SRV request.
Underscores are added automatically.
<transport-name-prefix> Optional. Specifies the transport prefix for the DNS SRV request.
udp Optional. Configures the softswitch to use User Datagram Protocol (UDP).
<port> Optional. Specifies the UDP port used by the softswitch. Range is 1 to
65535.

Default Values
By default, no softswitches are configured. If a softswitch is configured, the default protocol is UDP on port
5060. If a particular protocol is configured and no port is specified, the default port is set to 5060.
If TLS is used, port 5061 is used by default. By default, SIP TLS requests use sips as the service name
prefix and tcp as the transport name prefix.
Command History
Release R13.1.0 Command was expanded to include the tls <profile name>, <TLS port>,
and srv parameters.
Functional Notes
The guidelines for configuring the softswitch(es) depend on the mode of operation selected. Softswitch
configuration is always needed for Stateful mode. It is only needed for Outbound mode and Transparent
mode when the SIP Request does not contain any fields that can be resolved to the softswitch’s location.
If a host name is used to specify the outbound SIP proxy server, a domain naming system (DNS) server
must be configured on the AOS unit using the command name-server on page 1614 or learned via a
dynamic IP interface.
To configure the primary softswitch with a TLS profile, the TLS profile must have been created prior to
issuing this command (refer to the command tls-profile <profile name> on page 1870). If a specified TLS
profile is ever deleted, this softswitch is automatically removed from the AOS device’s configuration. If the
TLS profile specified by the primary softswitch is removed from the AOS device configuration, both the
primary and all secondary softswitches are automatically removed from the AOS device configuration.
Usage Examples
The following example sets the primary softswitch:
(config)#sip proxy sip-server primary 208.61.209.1

sip proxy sip-server rollover

Use the sip proxy sip-server rollover command to configure the rollover behavior of the Session
Initiation Protocol (SIP) proxy. This setting specifies the conditions necessary to trigger the proxy to roll
over to the next SIP server. Use the no form of this command to return to the default setting. Variations of
sip proxy sip-server rollover service-unavailable-or-timeout

sip proxy sip-server rollover timeout-only
Syntax Description
service-unavailable-or-timeout Specifies the rollover to the next SIP server to occur after
receiving a 503 Service Unavailable message or no response.
timeout-only Specifies the rollover to the next SIP server to occur only after no
response is received.
Default Values
By default, the sip-server rollover is set to timeout-only.
Command History
Usage Examples
The following example sets the SIP server rollover to service-unavailable-or-timeout:
(config)#sip proxy sip-server rollover service-unavailable-or-timeout

sip proxy sip-server secondary

Use the sip proxy sip-server secondary command to configure the secondary Session Initiation Protocol
(SIP) softswitch. This command can be entered multiple times to specify numerous secondary
softswitches. Use the no form of this command to disable this feature. Variations of this command include:
sip proxy sip-server secondary <hostname | ip address>

sip proxy sip-server secondary <hostname | ip address> tcp
sip proxy sip-server secondary <hostname | ip address> tcp <port>
sip proxy sip-server secondary <hostname | ip address> tls <profile name>
sip proxy sip-server secondary <hostname | ip address> tls <profile name> <TLS port>
srv <service-name-prefix>
srv <service-name-prefix> <transport-name-prefix>
sip proxy sip-server secondary <hostname | ip address> tls <profile name> srv <service-name-prefix>
sip proxy sip-server secondary <hostname | ip address> tls <profile name> srv <service-name-prefix>
<transport-name-prefix>
sip proxy sip-server secondary <hostname | ip address> udp
sip proxy sip-server secondary <hostname | ip address> udp <port>
Syntax Description
<hostname | ip address> Specifies the fully qualified domain name (FQDN) or IP address of the
outbound SIP proxy server. IPv4 addresses should be expressed in dotted
expressed in colon hexadecimal notation (for example, 2001:DB8:1::1).
tcp Optional. Configures the softswitch to use Transmission Control Protocol
(TCP).
<port> Optional. Specifies the TCP port used by the softswitch. Range is 1 to
65535.
tls <profile name> Optional. Specifies the SIP traffic uses Transport Layer Security (TLS). If
TLS is specified, a TLS profile must be specified. The TLS profile must have
been created prior to issuing this command (refer to the command tls-profile
<profile name> on page 1870).
<TLS port> Optional. Specifies the TLS destination port. Range is 1 to 65535.
srv <service name prefix> Optional. Specifies the service name prefix for the DNS SRV request.
udp Optional. Configures the softswitch to use User Datagram Protocol (UDP).
<port> Optional. Specifies the UDP port used by the softswitch. Range is 1 to
65535.

Default Values
By default, no softswitches are configured. If a softswitch is configured, the default protocol is UDP on port
5060. If a particular protocol is configured and no port is specified, the default port is set to 5060.
If TLS is used, port 5061 is used by default. By default, SIP TLS requests use sips as the service name
prefix and tcp as the transport name prefix.
Command History
Release R13.1.0 Command was expanded to include the tls <profile name>, <TLS port>,
and srv parameters.
Functional Notes
The guidelines for configuring the softswitch(es) depend on the mode of operation selected. Softswitch
configuration is always needed for Stateful mode. It is only needed for Outbound mode and Transparent
mode when the SIP Request does not contain any fields that can be resolved to the softswitch’s location.
When disabling softswitches, all secondary softswitches must be removed before the primary softswitch
can be removed.
If a host name is used to specify the outbound SIP proxy server, a domain naming system (DNS) server
must be configured on the AOS unit using the command name-server on page 1614 or learned via a
dynamic IP interface.
To configure the secondary softswitch with a TLS profile, the TLS profile must have been created prior to
issuing this command (refer to the command tls-profile <profile name> on page 1870). If a specified TLS
profile is ever deleted, this softswitch is automatically removed from the AOS device’s configuration. If the
TLS profile specified by the secondary softswitch is removed from the AOS device configuration, the
secondary softswitch is automatically removed from the AOS device configuration.
Usage Examples
The following example sets the secondary softswitch:
(config)#sip proxy sip-server secondary 208.61.209.2

sip proxy srtp server <profile name>

Use the sip proxy srtp server command to configure Secure Realtime Transport Protocol (SRTP) on the
on the server side of the Session Initiation Protocol (SIP) proxy. Use the no form of this command to
disable the SRTP feature. Variations of this command include:
sip proxy srtp server <profile name>

sip proxy srtp server <profile name> allow-non-rtp-media
sip proxy srtp server <profile name> allow-non-rtp-media tls-optional
sip proxy srtp server <profile name > tls-optional
Syntax Description
<profile name> Specifies the SRTP profile name.
allow-non-rtp-media Optional. Configures the SRTP to allow non-Realtime Transport Protocol
(RTP) media, such as T.38 over UDPTL, that cannot be protected by SRTP.
When this option is specified, RTP media is secured by SRTP, but any
non-RTP media is forwarded unsecured.
tls-optional Optional. Removes the requirement that SRTP key negotiation is protected
by Transport Layer Security (TLS). ADTRAN does not recommend this
configuration.
Default Values
By default, no SRTP profile is configured. If an SRTP profile is configured, it rejects any non-RTP media by
default. In addition, if an SRTP profile is configured TLS is required by default.
Functional Notes
SRTP must be configured with a profile name; however, the optional allow-non-rtp-media and
tls-optional parameters can be entered in the CLI in any order, or before the profile name is specified.
Command History
Usage Examples
The following example configures an SRTP profile PROFILE1 on the SIP proxy server that allows
non-RTP media:
(config)#sip proxy srtp server PROFILE1 allow-non-rtp-media

sip proxy transparent

Use the sip proxy transparent command to enable Session Initiation Protocol (SIP) proxy operation in the
transparent mode. Use the no form of this command to disable this feature. Variations of this command
include:
sip proxy transparent

sip proxy transparent nat-simulate
sip proxy transparent ip-spoofing
Syntax Description
nat-simulate Optional. Specifies the network address translation (NAT) simulation.
ip-spoofing Optional. Specifies that the source IP address on SIP packets heading
towards the phone is replaced with the softswitch IP address.
Default Values
Command History
Release A1 Command was expanded to include the NAT simulation.
Release R11.9.0 Command was expanded to include the ip-spoofing parameter.
Functional Notes
For an AOS product to use SIP proxy in transparent mode, SIP proxy must be enabled. To enable SIP
proxy, enter the sip proxy command before entering the sip proxy transparent command.
For an AOS data product to use SIP proxy in transparent mode, the firewall SIP application layer gateway
(ALG) must be disabled. For more information on disabling the firewall SIP ALG, refer to the command ip
firewall alg on page 1365.
For more information on the operation and configuration of SIP proxy in transparent mode, refer to the
Configuring SIP Proxy in AOS configuration guide available online at
Usage Examples
The following example enables SIP proxy to operate in transparent mode on an AOS voice product:
(config)#sip proxy
(config)#sip proxy transparent
The following example enables SIP proxy to operate in transparent mode on an AOS data product:
(config)#no ip firewall alg sip

(config)#sip proxy

(config)#sip proxy transparent

sip proxy user-template <name>

Use the sip proxy user-template command to create a Session Initiation Protocol (SIP) proxy user
template and enter the proxy user template configuration mode. Use the no form of this command to
remove the template. Refer to the Proxy User Template Command Set on page 4841 for more information.
Syntax Description
<name> Specifies the name of the proxy user template being created.
Default Values
Command History
Functional Notes
Additional information is available in the following sections of this guide:
For more information about SIP proxy, refer to the command sip proxy on page 1720. For more information
about transparent proxy, refer to the command sip proxy transparent on page 1756.
For more information about SIP proxy, refer to the configuration guide Configuring SIP Proxy in AOS
Usage Examples
The following example creates a proxy user template named Set1 and enters the proxy user template
configuration mode:
(config)#sip proxy user-template Set1

(config-template-Set1)#

sip qos dscp <value>

Use the sip qos dscp command to configure the differentiated services code point (DSCP) value to mark
Session Initiation Protocol (SIP) packets with. This marking can then be used by the quality of service
(QoS) mechanisms to give priority for this type of traffic in the unit. Use the no form of this command to
Syntax Description
<value> Specifies the DSCP value. Valid range is 0 to 63.
Default Values
Command History
Usage Examples
The following example sets the DSCP value to 63:
(config)#sip qos dscp 63

sip registrar
Use the sip registrar command to configure the Session Initiation Protocol (SIP) registrar server used for
registering user agents (UAs) into the location database. For more details on SIP operation, refer to the
Technology Review section of the command ip firewall alg on page 1365. Use the no form of the sip
registrar command to disable the registrar server. Variations of this command include:
sip registrar
sip registrar authenticate
sip registrar default-expires <value>
sip registrar max-expires <value>
sip registrar min-expires <value>
sip registrar realm <string>
Syntax Description
authenticate Specifies that authentication is required for each UA during registration.
default-expires <value> Specifies the default expiration period for the UA listing in the location
database. UAs requesting registration without specifying an expiration
period are given this default expiration period. Range is 0 to
2592000 seconds.
max-expires <value> Specifies the maximum expiration period for the UA listing in the location
database. All UAs registering with the SIP proxy server request an
expiration period for the listing in the database. UAs requesting an
expiration period between the max-expires and min-expires values are
honored. Range is 0 to 2592000 seconds.
min-expires <value> Specifies the minimum expiration period for the UA listing in the location
database. All UAs registering with the SIP proxy server request an
expiration period for the listing in the database. UAs requesting an
expiration period between the max-expires and min-expires values are
honored. Range is 0 to 2592000 seconds.
realm <string> Specifies a realm (using an ASCII character string) for the UA listing in the
location database.
Default Values
By default, the registrar server is disabled.
Command History

Usage Examples
The following example sets the default expiration to 5 seconds:
(config)#sip registrar default-expires 5
The following example sets the realm string:
(config)#sip registrar realm voice.adtran.com

sip secure remote-user

Use the sip secure remote-user command to enter the remote user security command set and configure the
blacklist options. Use the no form of this command to return to the default settings.
Additional subcommands are available once you have entered the SIP Secure Remote User Configuration
mode:
blacklist
blacklist attack-threshold <number>
blacklist time <seconds>
Syntax Description
blacklist Enables the blacklist to record unauthorized attempts to access the system
by an unknown voice user.
attack-threshold <number> Optional. Specifies the number of unauthorized attempts allowed before
placing the IPv4 address on the blacklist. Valid range is 1 to 1000.
time <seconds> Optional. Specifies the number of seconds entries remain on the blacklist
before they are automatically removed. Entries do not persist across
reboots. Valid range is 0 to 2147483646. If the time is set to 0, the entries
will be permanent.
Default Values
By default, the blacklist attack-threshold is 5 attempts. The blacklist time is 3600 seconds.
Functional Notes
When the blacklist is enabled, the system monitors the configured secure ports (refer to sip udp <port>
secure remote-user on page 1775) for received REGISTER and INVITE attempts from remote voice
users that fail to authenticate. SIP server authentication (refer to) and SIP register authentication (refer to)
must be enabled to take advantage of the blacklist feature.
Command History
Usage Examples
The following example enters the SIP Security Remote User Configuration mode to enable the blacklist
and set the attack threshold to 10 and the time to 4800 seconds:
(config)#sip secure remote-user

(config-secure-remote)#blacklist
(config-secure-remote)#blacklist attack-threshold 10
(config-secure-remote)#blacklist time 4800

sip session-timer
Use the sip session-timer command to configure the Session Initiation Protocol (SIP) session timer. This
feature requires user agents (UAs) to periodically send re-INVITE requests (referred to as session refresh
requests) to keep the session alive. Use the no form of this command to disable the SIP session timer.
sip session-timer
sip session timer min-se <value>
sip session timer session-expires <value>
Syntax Description
min-se <value> Specifies the minimum session interval the unit will accept. The value of this
parameter cannot be greater than the value of the session-expires
parameter. Range is 90 to 3600 seconds.
session-expires <value> Specifies the maximum amount of time that can occur between refresh
requests before the session is considered timed out and is torn down.
Default Values
By default, the SIP session timer is disabled.
Command History
Functional Notes
Entering sip session-timer without designating values for session-expires or min-se assigns the default
values 1800 and 90 to session-expires and min-se, respectively.
Disabling the SIP session timer does not delete the stored values for min-se and session-expires; it only
disables the SIP session timer.
Usage Examples
The following example enables the SIP session timer and sets the session expiration to 2600 seconds:
(config)#sip session-timer session-expires 2600

sip timer
Use the sip timer command to configure the Session Initiation Protocol (SIP) timers. These timers affect
how long a SIP transaction resource is reserved once the final message in a transaction is received. Use the
no form of this command to return to the default value. Variations of this command include:
sip timer d <value>

sip timer d t1-derived
sip timer j <value>
sip timer j t1-derived
sip timer T1 <value>
sip timer T2 <value>
ADTRAN does not recommend changing T1 and T2 timer values. T1 and T2 timers are
base timers within the unit, and any changes will affect other timers which are based off of
these timers.
Syntax Description
d <value> Specifies the D timer. Valid range is 0 to 3200 ms.
j <value> Specifies the J timer. Valid range is 0 to 3200 ms.
t1-derived Specifies that the D or J timer is derived from the T1 timer value. This value
is equal to 64*T1 value.
T1 <value> Specifies the T1 timer. This timer is an estimate of network round trip time,
and is used as the initial request retransmit interval. Several other SIP
timers are derived from the T1 value. Valid range is 50 to 1000 ms.
T2 <value> Specifies the T2 timer. This timer is the maximum retransmit interval for
nonINVITE requests and INVITE responses. Valid range is 1000 to
32000 ms.
Default Values
By default, the T1 timer is set to 500 milliseconds, and the T2 timer is set to 4000 milliseconds.
By default, the D and J timers are set to t1-derived.
Command History
Release R10.10.0 Command was expanded to include the d and j timers. These parameters
replace the sip transaction fast-terminate command.

Functional Notes
The D and J timers depend on the T1 timer value for operation. If a value is specified for the D or J timers,
the dependence upon the T1 timer value is removed. When the D and J values are configured, timer
updates are immediately recognized by the SIP stack. When the D and J timers depend on the T1 timer,
they are updated when the T1 value changes.
Usage Examples
The following example configures the T1 timer to 1000 milliseconds:
(config)#sip timer T1 1000

sip timer registration-failure-retry <value>

Use the sip timer registration-failure-retry command to configure the time (in seconds) that will elapse
before a Session Initiation Protocol (SIP) endpoint will retry registration with the SIP server after a
registration failure has occurred. Use the no form of this command to return to the default value.
Syntax Description
<value> Specifies time in seconds. Range is 10 to 604800 seconds.
Default Values
By default, the registration-failure-retry timer is set to 60 seconds.
Command History
Usage Examples
The following example allows a retry attempt to begin after 32 seconds:
(config)#sip timer registration-failure-retry 32

sip timer rollover <value>

Use the sip timer rollover command to specify the time period (in seconds) that the Session Initiation
Protocol (SIP) proxy is set to wait for a response to a request before attempting to find an alternate
destination. Use the no form of this command to return to the default value.
Syntax Description
<value> Specifies the time period in seconds. Range is 1 to 32 seconds.
Default Values
By default, the rollover timer is set to 3 seconds.
Command History
Functional Notes
The sip timer rollover command sets the SIP timer B value for Invite transactions originating from a SIP
trunk. When originating a call, the SIP trunk attempts to send Invite messages to the primary SIP server
and waits for a response. If there is no response, the SIP trunk waits for 0.5 seconds before attempting to
send another Invite to the same SIP server. If no response, the SIP trunk waits for 1 second before
attempting to send another Invite, then waits 2 seconds, and so on. These increasing intervals are shown
in the diagram below.
Times are shown in seconds.
The rollover timer allows the user to control how long to wait before trying the next server. In the diagram
above, the red line indicates the rollover timer expiration. If there is no response after the timer expires, the
SIP trunk will attempt to send Invite messages to the highest priority backup SIP server obtained via DNS
service (SRV). The SIP trunk starts over at T=0 with the next server and doesn't send any more messages
to the timed out server. As long as the SIP trunk does not receive a response, it will continue this cycle until
it has attempted to contact all the SIP servers.

Usage Examples
The following example allows connection attempts to continue for up to 32 seconds before rolling over to
another destination:
(config)#sip timer rollover 32

sip timer rollover register

Use the sip timer rollover register command to specify the time period (in seconds) that the Session
Initiation Protocol (SIP) proxy waits for a response to a REGISTER request before attempting to find an
alternate destination. Use the no form of this command to return to the default value. Variations of this
command include:
sip timer rollover register <value>

sip timer rollover register follow-primary
Syntax Description
<value> Specifies the rollover time period for REGISTER events in seconds. Range
is 1 to 32 seconds.
follow-primary Links the rollover timer for REGISTER events to the primary rollover timer
specified by the sip timer rollover command.
Default Values
By default, the rollover timer for REGISTER events is set to follow-primary.
Command History
Usage Examples
The following example allows REGISTER request attempts to continue without response for up to
32 seconds before rolling over to another destination:
(config)#sip timer rollover register 32

sip timer subscription-failure-retry <value>

Use the sip timer subscription-failure-retry command to specify the time period (in seconds) that will
elapse before a subscription request will be resent to the Session Initiation Protocol (SIP) server after a
subscription request failure has occurred. Use the no form of this command to return to the default value.
Syntax Description
<value> Specifies the time period in seconds. Range is 10 to 604800 seconds.
Default Values
By default, the subscription failure retry timer is set to 60 seconds
Command History
Usage Examples
The following example allows a retry to occur after 32 seconds:
(config)#sip timer subscription-failure-retry 32

sip tls
Use the sip tls command to enable Transport Layer Security (TLS) on the AOS device. Use the no form of
this command to disable TLS. Variations of this command include:
sip tls
sip tls <port>
Syntax Description
<port> Optional. Specifies the Transmission Control Protocol (TCP) port on which
the Session Initiation Protocol (SIP) stack listens for TLS packets. Valid
Default Values
By default, TLS is disabled. When enabled, the port is set to 5061 by default.
Command History
Functional Notes
TLS is a cryptographic protocol that provides communication security over the internet. TLS profiles are
created and applied to SIP trunks to provide peer authentication through the exchange of symmetric keys
and authentication certificates. Refer to the SIP TLS Profile Command Set on page 4866 for more
information about TLS configuration.
Usage Examples
The following example enables TLS on the AOS device:
(config)#sip tls

sip tone-file-prefix
Use the sip tone-file-prefix command to specify the file location (flash or CompactFlash) and location
prefix of the call progress tone files that the unit should use for blind transfers over Session Initiation
Protocol (SIP) trunks operating in local transfer mode. Use the no form of this command to return to the
default value. Variations of this command include:
sip tone-file-prefix cflash <location prefix>

sip tone-file-prefix flash <location prefix>
Syntax Description
<location prefix> Specifies the location prefix of the tone files to be used.
cflash Specifies that the tone files are located in the unit’s CompactFlash.
flash Specifies that the tone files are located in the unit’s flash memory.
Default Values
By default, AOS units with voice features that lack a digital signal processor (DSP) provide North American
ringback and disconnect tones.
By default, AOS units with a DSP use the DSP to generate ringback tones based on the system country
setting. For more information on how to configure the system country, refer to the command voice
system-country <name> on page 1955.
Command History
Functional Notes
This command only designates the file location (flash or CompactFlash) and location prefix of call progress
tones used during blind transfers over SIP trunks operating in local transfer mode. To fully configure
international call progress tones during blind transfers, you must enable the AOS unit’s File Transfer
Protocol (FTP) server, upload the appropriate .wav files to the unit using an FTP client, and configure the
unit to use the uploaded files. For more information on configuring call progress tones for blind transfers
over SIP trunks operating in local transfer mode, refer to the International Configuration Guide available on
ADTRAN’s Support Forum at https://supportcommunity.adtran.com.

Below is a list of the available countries or regions and their corresponding location prefix.
Australia Adtran-UK Japan Adtran-JP

Belgium Adtran-BE Luxembourg Adtran-DE
Canada Adtran-NA Mexico Adtran-MX
China Adtran-CN Netherlands Adtran-ETSI
Denmark Adtran-ETSI Norway Adtran-ETSI
Finland Adtran-FI Spain Adtran-ETSI
France Adtran-FR Sweden Adtran-ETSI
Germany Adtran-DE Switzerland Adtran-ETSI
Hong Kong Adtran-HK UAE Adtran-UK
India Adtran-IN UK Adtran-UK
Ireland Adtran-IE USA Adtran-NA
Italy Adtran-ETSI
Usage Examples
The following example configures the unit to use tone files stored in flash memory that have the Adtran-UK
location prefix:
(config)#sip tone-file-prefix flash Adtran-UK

sip trunk-auth-name-source
Use the sip trunk-auth-name-source command to configure the authentication name source for the
Session Initiation Protocol (SIP) trunks. Use the no form of this command to return to the default setting.
sip trunk-auth-name-source account-id

sip trunk-auth-name-source message
Syntax Description
account-id Specifies using the corresponding account ID.
message Specifies using the To or From user when selecting the authentication name
and password.
Default Values
By default, the trunk authentication name source is message.
Command History
Usage Examples
The following example configures the trunk authentication name source to use the account ID:
(config)#sip trunk-auth-name-source account-id

sip udp <port> secure remote-user

Use the sip udp secure remote-user command to enable remote user security on the specified User
Datagram Protocol (UDP) port. This allows SIP traffic only from configured remote voice users, causing
SIP traffic from unconfigured remote voice users to be dropped. Use the no form of this command to
Syntax Description
<port> Specifies the UDP port used by the gateway. Range is 1 to 65535.
Default Values
By default, SIP traffic from any remote voice user is permitted through the UDP port, but if this command is
entered, only traffic from configured remote voice users is allowed.
Command History
Usage Examples
The following example enables remote user security for UDP port 25069:
(config)#sip udp 25069 secure remote-user

snmp agent
Use the snmp agent command to enable the Simple Network Management Protocol (SNMP) agent. Use
Syntax Description
No subcommands.
Default Values
By default, the SNMP agent is disabled.
Command History
Release 18.2 Command was changed from ip snmp agent to snmp agent to incorporate
Internet Protocol version 6 (IPv6) for ADTRAN internetworking products
only.
Release R10.1.0 Command syntax was changed to remove the ip keyword in ADTRAN voice
products.
Functional Notes
Allows a MIB browser to access standard MIBs within the product. This also allows the product to send
traps to a trap management station.
SNMP can be used with either Internet Protocol version 4 (IPv4) or IPv6.
Usage Examples
The following example enables the IP SNMP agent:
(config)#snmp agent

snmp ifmib alias long

Use the snmp ifmib alias long command to configure the Simple Network Management Protocol (SNMP)
IF.MIB alias settings to allow an alias string to be up to 255 characters long. Use the no form of this
command to return to the default SNMP IF.MIB setting.
Syntax Description
No subcommands.
Default Values
By default, the maximum length of the SNMP IF.MIB alias is 64 characters.
Command History
Usage Examples
The following example enables a longer SNMP IF.MIB alias length:
(config)#snmp ifmib alias long

snmp-server chassis-id “<string>”

Use the snmp-server chassis-id command to specify an identifier for the Simple Network Management
Protocol (SNMP) server. Use the no form of this command to return to the default value.
Syntax Description
“<string>” Identifies the product using an alphanumeric string enclosed in quotation
marks (up to 32 characters in length).
Default Values
By default, the snmp-server chassis-id is set to Chassis ID.
Command History
Usage Examples
The following example configures a chassis ID of A432692:
(config)#snmp-server chassis-id A432692

snmp-server community
Use the snmp-server community command to specify a community string to control access to the Simple
Network Management Protocol (SNMP) information. Use the no form of this command to remove a
specified community. Variations of this command include:
snmp-server community <community>

snmp-server community <community> [ip access-class <ipv4 acl>] [ipv6 access-class <ipv6 acl>]
snmp-server community <community> [ip access-class <ipv4 acl>] [ipv6 access-class <ipv6 acl>]
[any-vrf | vrf <name>]
snmp-server community <community> ro
snmp-server community <community> ro [ip access-class <ipv4 acl>] [ipv6 access-class <ipv6 acl>]
snmp-server community <community> ro [ip access-class <ipv4 acl>] [ipv6 access-class <ipv6 acl>]
[any-vrf | vrf <name>]
snmp-server community <community> rw
snmp-server community <community> rw [ip access-class <ipv4 acl>] [ipv6 access-class
<ipv6 acl>]
snmp-server community <community> rw [ip access-class <ipv4 acl>] [ipv6 access-class
<ipv6 acl>] [any-vrf | vrf <name>]
snmp-server community <community> view <name>
snmp-server community <community> view <name> [ip access-class <ipv4 acl>]
[ipv6 access-class <ipv6 acl>]
snmp-server community <community> view <name> [ip access-class <ipv4 acl>]
[ipv6 access-class <ipv6 acl>] [any-vrf | vrf <name>]
snmp-server community <community> view <name> ro
snmp-server community <community> view <name> ro [ip access-class <ipv4 acl>]
snmp-server community <community> view <name> ro [ip access-class <ipv4 acl>]
snmp-server community <community> view <name> rw
snmp-server community <community> view <name> rw [ip access-class <ipv4 acl>]
snmp-server community <community> view <name> rw [ip access-class <ipv4 acl>]
Syntax Description
<community> Specifies the community string (a password to grant SNMP access).
ip access-class <ipv4 acl> Optional. Specifies an Internet Protocol version 4 (IPv4) access control
list (ACL) name used to limit access. Refer to ip access-list extended
<ipv4 acl name> on page 1336 and ip access-list standard <ipv4 acl
name> on page 1338 for more information on creating IPv4 ACLs
ipv6 access-class <ipv6 acl> Optional. Specifies an Internet Protocol version 6 (IPv6) ACL name
used to limit access. Refer to ipv6 access-list extended <ipv6 acl
name> on page 1492 and ipv6 access-list standard <ipv6 acl name>
on page 1494 for more information on creating IPv6 ACLs.
ro Optional. Grants read-only access, allowing retrieval of MIB objects.

rw Optional. Grants read-write access, allowing retrieval and modification

of MIB objects.
view <name> Optional. Specifies a previously defined view. Views define specific MIB
objects available to the specified community string. For information on
creating a new view, refer to snmp-server view <name> <value> on
page 1823.
any-vrf Optional. Specifies the ACL is applied to any virtual routing and
vrf <name> Optional. Specifies the ACL is applied to a specific VRF instance.
The parameters [any-vrf | vrf <name>] can only be entered if an ip access-class or ipv6
access-class is specified.
Default Values
By default, there are no configured SNMP communities.
Command History
Release 9.1 Command was expanded to include the view parameter.
Release 18.2 Command syntax was changed to include the ip access-class and
ipv6 access-class parameters for IPv6 support in ADTRAN
Release R10.1.0 Command syntax was changed to include the ip access-class and
ipv6 access-class parameters for IPv6 support in ADTRAN voice
products.
parameters.
Functional Notes
SNMP server communities can specify up to two ACLs to control access, one each for IPv4 and IPv6
protocols. When two ACLs are used, they must use the same VRF restriction (the default VRF, any VRF, or
a specific VRF.) If no VRF is named, the default unnamed VRF is assumed.

Usage Examples
The following example specifies a community named MyCommunity, specifies a previously defined view
named blockinterfaces, and assigns read-write access:
(config)#snmp-server community MyCommunity view blockinterfaces rw

snmp-server contact
Use the snmp-server contact command to specify Simple Network Management Protocol (SNMP) server
contact information. Use the no form of this command to remove a configured contact. Variations of this
command include:
snmp-server contact email <address>

snmp-server contact pager <number>
snmp-server contact phone <number>
snmp-server contact “<string>”
Syntax Description
email <address> Specifies email address for the SNMP server contact.
pager <number> Specifies pager number for the SNMP server contact.
phone <number> Specifies phone number for the SNMP server contact.
“<string>” Populates the sysContact string using an alphanumeric string enclosed in
quotation marks (up to 32 characters in length).
Default Values
Command History
Usage Examples
The following example specifies 6536999 for the pager number:
(config)#snmp-server contact pager 6536999

snmp-server context <string> vrf <name>

Use the snmp-server context vrf command to map the Simple Network Management Protocol (SNMP)
context to the appropriate non-default virtual routing and forwarding (VRF) instance. Use the no form of
Syntax Description
context <string> Specifies the SNMP context name.
vrf <ame> Specifies the non-default VRF instance to which to map the SNMP context.
Default Values
By default, there are no VRF context mappings.
Command History
Functional Notes
VRF context mapping is used to map the context of SNMP requests to the appropriate VRF instance. This
is only necessary in multi-VRF installations where the content of the following four management
information base (MIB) tables are used:
• IP-MIB::ipAddressTable
• IP-MIB::ipAddrTable
• IP-FORWARD-MIB::inetCidrRouteTable
• IP-FORWARD-MIB::ipCidrRouteTable
Context mapping does not apply to SNMP version 1 and version 2.
If your installation meets the above requirements, additional steps must be taken to ensure SNMP
requests reach the correct destination.
• Define VRF instances on the AOS router. (Refer to Configuring Multi-VRF in AOS for more information.)
• Define a VRF context mapping to associate the VRF instance to the appropriate context name.
• Create an SNMP group for each non-default VRF instance. (Refer to the command snmp-server group
on page 1791 for more information.)
• Create an SNMP user and associate the user to appropriate SNMP group for each VRF instance. (Refer
to snmp-server user on page 1813 command for more information.)
Usage Examples
The following example maps the SNMP context RED-CONTEXT to the VRF instance RED:
(config)#snmp-server context RED-CONTEXT vrf RED

snmp-server enable traps

Use the snmp-server enable traps command to enable all Simple Network Management Protocol
(SNMP) traps available on your system. Use the no form of this command to disable SNMP traps.
snmp-server enable traps

snmp-server enable traps application
snmp-server enable traps battery
snmp-server enable traps bgp
snmp-server enable traps delay track <name>
snmp-server enable traps dying-gasp
snmp-server enable traps entity
snmp-server enable traps eps
snmp-server enable traps fan
snmp-server enable traps frame-relay
snmp-server enable traps network-sync
snmp-server enable traps resource
snmp-server enable traps rps
snmp-server enable traps sfp
snmp-server enable traps snmp
snmp-server enable traps unit
snmp-server enable traps track
snmp-server enable traps voice
snmp-server enable traps vrrp
Syntax Description
application Optional. Enables SNMP traps for applications (such as, Domain Naming
System (DNS) traps).
battery Optional. Enables traps for battery status.
bgp Optional. Enables the Border Gateway Protocol (BGP) traps.
dying-gasp Optional. Enables the dying-gasp traps. Refer to the Functional Notes
below for more information on configuring a dying-gasp trap host.
delay track <name> Optional. Enables SNMP traps to be buffered instead of sent immediately
based on the status of the named track.
entity Optional. Enables the entity sensor traps such as insertion and deletion of a
small form-factor pluggable (SFP) interface module.
eps Optional. Enables the external power supply (EPS) traps for connection
state changes and failures.
fan Optional. Enables the fan failure notification traps.
frame-relay Optional. Enables the Frame Relay notification traps.
network-sync Optional. Enables the network synchronization notification traps.
resource Optional. Enables the resource utilization notification traps. This option is
only available on AOS voice products.

rps Optional. Enables the redundant power supply (RPS) traps for connection
state changes and failures.
sfp Optional. Enables the small form-factor pluggable (SFP) traps.
snmp Optional. Enables the SNMP notification traps.
The following SNMP traps are supported:
coldStart
warmStart
linkUp
linkDown
authenticationFailure
track Optional. Enables the network monitor track traps.
unit Optional. Enables user login/logout traps for the unit.
voice Optional. Enables voice notification traps.
vrrp Optional. Enables Virtual Router Redundancy Protocol version 2 (VRRPv2)
and version 3 (VRRPv3) traps.
Default Values
By default, there are no traps enabled.
Command History
Release 17.3 Command was expanded to include the Frame Relay.
Release 17.6 Command was expanded to include voice traps.
Release A2.04 Command was expanded to include resource traps.
Release 18.1 Command was expanded to include bgp and track traps.
Release R10.3.0 Command was expanded to include application traps.
Release R10.8.0 Command was expanded to include eps and rps traps.
Release R10.11.0 Command was expanded to include entity, fan and network-sync traps.
Release R11.3.0 Command was expanded to include vrrp traps.
Release R11.6.0 Command was expanded to include dying-gasp traps.
Release R11.11.0 Command was expanded to include battery traps.
Release R13.3.0 Command was expanded to include sfp and unit traps. Added the ability to
delay traps for tracks.
Functional Notes
Resource utilization traps are configured by using the command resource-utilization on page 1676.
If dying-gasp traps are enabled, the SNMP host must be configured separately to receive the traps using
the snmp-server host [<ip address> | vrf <name> <ip address>] dying-gasp-traps [1 | 2] command.
Refer to snmp-server host dying-gasp-traps on page 1799 for more information.

Usage Examples
The following example enables SNMP traps:
(config)#snmp-server enable traps snmp
The following example enables all traps:
(config)#snmp-server enable traps

snmp-server engineID local <hex string>

Use the snmp-server engineID local command to change the default and manually set the Simple
Network Management Protocol (SNMP) version 3 (v3) engine ID for the local machine. Use the no form
of this command to return to the default engine ID.
Syntax Description
<hex string> Defines the engine ID for the system. Engine IDs are the 12-octet
hexadecimal representation (24 characters using 0 through 9 and/or
a through f) defining a system on the management domain. Refer to the
Technology Review for more detailed information on engine ID octet
assignments.
SNMP v3 requires unique engine IDs for all systems in the management domain. Use the
default engine ID when possible to ensure the uniqueness of the numbers. Problems can
occur on a management network that contains duplicate engine IDs.
Default Values
By default, the local SNMP-server engine ID is 8000029803xxxxxxxxxxxx (where the string of Xs
represents the system medium access control (MAC) address).
Command History
Usage Examples
The following example changes the default engine ID for the local system to 80 00 02 98 00 00 00 00 00 00
01 (where 80 00 02 98 represents the Internet Assigned Numbers Authority (IANA) ID for ADTRAN and
00 00 00 00 00 00 01 arbitrarily represents the first system on the management domain):
(config)#snmp-server engineID local 8000029800000000000001
Technology Review
The SNMP v3 engine ID is a unique identifier for a system on a management domain. The default engine
ID contains 11 octets (in hexadecimal notation) that represent certain information about the system. The
default engine ID format is as follows:
Octets 1 to 4 Octet 5 Octets 6 to 11

03
IANA ID for the Identifies that octets 6 System MAC address
product manufacturer through 11 contain a
MAC address

The first 4 octets of the default engine ID for ADTRAN products is 80000298. Octets 1 through 4 represent
the SNMP private enterprise number (assigned by the IANA) for the product manufacturer. The leading bit
of octet 1 (the most significant bit) will always be a 1 for a default engine ID (making the leading character
in the hex string an 8). ADTRAN products use the IANA ID of 664 (which is 02 98 in hexadecimal notation).
Octet 5 is set to 03 to indicate that the engine ID uses a MAC address as the unique identifier. The last six
octets of the default engine ID for ADTRAN routers contain the MAC address for the Ethernet 0/1 interface
(for example, 00127905257c).
The snmp-server engineID local command overrides the default engine ID and replaces it with the first
24 characters of the user-entered string. Because the string is in hexadecimal notation, only numbers 0
through 9 and characters a through f are valid. If fewer than 24 characters are entered in the string, pad the
end of the entered string with zeros (least significant bits) until the 24-character string is complete. For
example, a user input of 8000029805 results in an engine ID of 800002980500000000000000.

snmp-server engineID remote

Use the snmp-server engineID remote command to identify a remote Simple Network Management
Protocol (SNMP) entity’s engine ID. The remote engine ID is necessary before SNMP version 3
(SNMPv3) inform notifications can be acknowledged. Refer to the command snmp-server user on page
1813 for additional information about how it is used in conjunction with this command. Use the no form of
this command to remove the remote SNMP entity’s engine ID. Variations of this command include:
snmp-server engineID remote auto-link <hex string>

snmp-server engineID remote <ip address> <hex string>
snmp-server engineID remote vrf <name> <ip address> <hex string>
Syntax Description
auto-link Specifies that the remote SNMP device Internet Protocol version 4 (IPv4)
address follows the active auto-link server.
<ip address> Specifies the IPv4 or Internet Protocol version 6 (IPv6) address for the
remote SNMP device. IPv4 addresses should be expressed in dotted
expressed in colon hexadecimal format X:X:X:X::X, for example,
2001:DB8:1::1.
<hex string> Specifies the engine ID for the remote SNMP device.
vrf <name> Specifies the VRF instance on which the remote SNMP device exists. If no
VRF is specified, the SNMP device exists on the default unnamed VRF.
Default Values
By default, there are no remote engine IDs identified.
Command History
Release R10.7.0 Command was expanded to include the auto-link parameter.
Functional Notes
Use the following requirements to avoid errors when configuring SNMP server and multi-VRF in AOS:
• For a remote engine ID with a VRF specified, a remote user with the same host address and VRF must
be configured.
• If a VRF name is not specified for the remote engine ID and user, the default VRF will be used.
• A VRF associated with a remote address must be the same as the access class list (ACL) VRF and
must match the remote engineID VRF. If they do not match, an error will display.

Usage Examples
The following example identifies a remote SNMP device with an IPv4 address of 10.10.12.2 and an engine
ID of 80000298000000A0C8000001:
(config)#snmp-server engineID remote 10.10.12.2 80000298000000A0C8000001

snmp-server group
Use the snmp-server group command to specify a new Simple Network Management Protocol (SNMP)
server group to control access to SNMP information. Use the no form of this command to remove a
specified group. Variations of this command include:
snmp-server group <groupname> v1

snmp-server group <groupname> v1 [ip access-class <ipv4 acl> | ipv6 access-class <ipv6 acl>]
[notify <name>] [read <name>] [write <name>] [any-vrf | vrf <name>]
snmp-server group <groupname> v2c
snmp-server group <groupname> v2c [ip access-class <ipv4 acl> | ipv6 access-class <ipv6 acl>]
snmp-server group <groupname> v3 auth
snmp-server group <groupname> v3 auth context <string>
snmp-server group <groupname> v3 auth [ip access-class <ipv4 acl> | ipv6 access-class <ipv6 acl>]
snmp-server group <groupname> v3 auth context <string> [ip access-class <ipv4 acl> | ipv6
access-class <ipv6 acl>] [notify <name>] [read <name>] [write <name>] [any-vrf | vrf <name>]
snmp-server group <groupname> v3 noauth
snmp-server group <groupname> v3 noauth context <string>
snmp-server group <groupname> v3 noauth [ip access-class <ipv4 acl> | ipv6 access-class
<ipv6 acl>] [notify <name> | read <name> | write <name>] [any-vrf | vrf <name>]
snmp-server group <groupname> v3 noauth context <string> [ip access-class <ipv4 acl> | ipv6
access-class <ipv6 acl>] [notify <name> | read <name> | write <name>] [any-vrf |
vrf <name>]
snmp-server group <groupname> v3 priv
snmp-server group <groupname> v3 priv context <string>
snmp-server group <groupname> v3 priv [ip access-class <ipv4 acl> | ipv6 access-class <ipv6 acl>]
snmp-server group <groupname> v3 priv context <string> [ip access-class <ipv4 acl> | ipv6
access-class <ipv6 acl>] [notify <name>] [read <name>] [write <name>] [any-vrf | vrf <name>]
Syntax Description
<groupname> Specifies the name of the SNMP server group (32 characters
maximum).
v1 Specifies using SNMP version 1 security model.
v2c Specifies using SNMP version 2c security model.
v3 Specifies using SNMP version 3 user-based security model (USM).
auth Optional. Only used in SNMP version 3. Indicates that authentication is
used.
noauth Optional. Only used in SNMP version 3. Indicates that no authentication
is used.
priv Optional. Only used in SNMP version 3. Indicates that privacy
authentication is used.

context <string> Optional. Only used in SNMP version 3 with multi-VRF installations.
Specifies a context for VRF context mapping.
list (ACL) entry.
ipv6 access-class <ipv6 acl> Optional. Specifies an Internet Protocol version 6 (IPv6) ACL entry.
notify <name> Optional. Specifies a previously configured SNMP view name to which
the group has notify access (32 characters maximum). If a view is not
specified, the system automatically assigned a default notify-view with
no restrictions.
read <name> Optional. Specifies a previously configured SNMP view name to which
the group has read access (32 characters maximum). If a view is not
specified, the system automatically assigned a default read-view with
no restrictions.
write <name> Optional. Specifies a previously configured SNMP view name to which
the group has write access(32 characters maximum). If a write-view is
not specified, write access is restricted for all users of the group.
vrf <name> Optional. Specifies the ACL is applied to a specific non-default VRF
instance.
Default Values
If no views are specified, the system automatically assigns default read- and notify-views that have no
restrictions.
Command History
products.
parameters.
Release R10.11.0 Command was expanded to include the context <string> parameter.
Functional Notes
SNMP groups are used to map SNMP users to SNMP views. To create a group, specify one or more views
to which users will have access. A given view can be accessed by more than one group, as needed.

SNMP context mapping is only used in conjunction with multi-VRF configurations to ensure proper delivery
of SNMP requests. The SNMP context is mapped to a specific VRF instance to differentiate between the
same IP address used across multiple VRFs.
SNMP server communities can specify up to two ACLs to control access, one each for IPv4 and IPv6
protocols. When two ACLs are used, they must use the same VRF restriction (the default VRF, any VRF, or
a specific VRF.) If no VRF is named, the default unnamed VRF is assumed.
Usage Examples
The following example defines a group called securityV3auth using version 3 security model,
authentication, and no ACL to verify:
(config)#snmp-server group securityV3auth v3 auth

snmp-server host auto-link dying-gasp-traps

Use the snmp-server host auto-link dying-gasp-traps command to configure the unit to send Simple
Network Management Protocol (SNMP) dying-gasp traps messages to the active auto-link server. Use the
no form of this command to disable the setting. Variations of this command include the following:
snmp-server host auto-link dying-gasp-traps 1 <community>

snmp-server host auto-linkdying-gasp-traps 1 version 1 <community>
snmp-server host auto-link dying-gasp-traps 1 version 2c <community>
snmp-server host auto-link dying-gasp-traps 1 version 3 auth <user name>
snmp-server host auto-link dying-gasp-traps 1 version 3 noauth <user name>
snmp-server host auto-link dying-gasp-traps 1 version 3 priv <user name>
snmp-server host auto-link dying-gasp-traps 2 <community>
snmp-server host auto-link dying-gasp-traps 2 version 1 <community>
snmp-server host auto-link dying-gasp-traps 2 version 2c <community>
snmp-server host auto-link dying-gasp-traps 2 version 3 auth <user name>
snmp-server host auto-link dying-gasp-traps 2 version 3 noauth <user name>
snmp-server host auto-link dying-gasp-traps 2 version 3 priv <user name>
Syntax Description
version 1 Specifies using SNMP version 1 security model.
version 2c Specifies using SNMP version 2c security model.
version 3 Specifies using SNMP version 3 user-based security model (USM).
auth Only used in SNMP version 3. Indicates that authentication is used.
noauth Only used in SNMP version 3. Indicates that no authentication is used.
priv Only used in SNMP version 3. Indicates that privacy authentication is used.
<community> Specifies the community string (used as a password, 16 characters
maximum) for authorized agents to obtain access to SNMP information.
<user name> Specifies the user name for SNMP version 3 security.
Default Values
Command History
Usage Examples
The following example configures an auto-link host as the first priority server to receive dying-gasp traps
using SNMP version 2c and sets the community string to MyCommunity:
(config)#snmp-server host auto-link dying-gasp-traps 1 version 2c MyCommunity

snmp-server host auto-link informs

Use the snmp-server host auto-link informs command to configure the unit to send Simple Network
Management Protocol (SNMP) INFORM messages to the active auto-link server. Use the no form of this
command to disable the setting. Variations of this command include the following:
snmp-server host auto-link informs <community>

snmp-server host auto-link informs version 1 <community>
snmp-server host auto-link informs version 1 <community> battery
snmp-server host auto-link informs version 1 <community> eps
snmp-server host auto-link informs version 1 <community> rps
snmp-server host auto-link informs version 1 <community> sfp
snmp-server host auto-link informs version 1 <community> snmp
snmp-server host auto-link informs version 1 <community> unit
snmp-server host auto-link informs version 2c <community>
snmp-server host auto-link informs version 2c <community> battery
snmp-server host auto-link informs version 2c <community> eps
snmp-server host auto-link informs version 2c <community> rps
snmp-server host auto-link informs version 2c <community> sfp
snmp-server host auto-link informs version 2c <community> snmp
snmp-server host auto-link informs version 2c <community> unit
snmp-server host auto-link informs version 3 auth <community>
snmp-server host auto-link informs version 3 auth <community> battery
snmp-server host auto-link informs version 3 auth <community> eps
snmp-server host auto-link informs version 3 auth <community> rps
snmp-server host auto-link informs version 3 auth <community> sfp
snmp-server host auto-link informs version 3 auth <community> snmp
snmp-server host auto-link informs version 3 auth <community> unit
snmp-server host auto-link informs version 3 noauth <community>
snmp-server host auto-link informs version 3 noauth <community> battery
snmp-server host auto-link informs version 3 noauth <community> eps
snmp-server host auto-link informs version 3 noauth <community> rps
snmp-server host auto-link informs version 3 noauth <community> sfp
snmp-server host auto-link informs version 3 noauth <community> snmp
snmp-server host auto-link informs version 3 noauth <community> unit
snmp-server host auto-link informs version 3 priv <community>
snmp-server host auto-link informs version 3 priv <community> battery
snmp-server host auto-link informs version 3 priv <community> eps
snmp-server host auto-link informs version 3 priv <community> rps
snmp-server host auto-link informs version 3 priv <community> sfp
snmp-server host auto-link informs version 3 priv <community> snmp
snmp-server host auto-link informs version 3 priv <community> unit
Syntax Description


<community> Specifies the community string (used as a password) (16 characters
battery Optional. Allows battery trap informs.
eps Optional. Allows external power supply (EPS) informs.
rps Optional. Allows redundant power supply (RPS) informs.
sfp Optional. Allows small form-factor pluggable (SFP) informs.
snmp Optional. Allows SNMP informs.
unit Optional. Allows unit informs for user login/logout.
Default Values
Command History
Release R10.9.0 Command was expanded to include the eps and rps parameters.
Release R11.11.0 Command was expanded to include the battery parameter.
Release R13.2.0 Command was expanded to include the sfp and unit parameters.
Usage Examples
The following example sends all SNMP informs to the auto-link host and community string MyCommunity
using SNMP version 2c:
(config)#snmp-server host auto-link informs version 2c MyCommunity snmp

snmp-server host auto-link traps

Use the snmp-server host auto-link traps command to configure the unit to send traps to the active
auto-link server. Use the no form of this command to disable the setting. Variations of this command
snmp-server host auto-link traps <community>

snmp-server host auto-link traps version 1 <community> [application] [battery] [bgp] [entity] [eps]
[fan] [frame-relay] [network-sync] [over-temperature] [resource] [rps] [sfp] [snmp] [track] [unit]
[voice] [vrrp]
snmp-server host auto-link traps version 2c <community> [application] [battery] [bgp] [entity] [eps]
[fan] [frame-relay] [network-sync] [over-temperature] [resource] [rps] [sfp] [snmp] [track] [unit]
[voice] [vrrp]
snmp-server host auto-link traps version 3 auth <community> [application] [battery] [bgp] [entity]
[eps] [fan] [frame-relay] [network-sync] [over-temperature] [resource] [rps] [sfp] [snmp] [track]
[unit] [voice] [vrrp]
snmp-server host auto-link traps version 3 noauth <community> [application] [battery] [bgp] [entity]
snmp-server host auto-link traps version 3 priv <community> [application] [battery] [bgp] [entity]
Syntax Description
version 1 Specifies using Simple Network Management Protocol (SNMP) version 1
security model.
application Optional. Allows application traps (such as, Domain Naming System (DNS)
traps).
battery Optional. Enables battery status traps.
bgp Optional. Allows Border Gateway Protocol (BGP) traps.
eps Optional. Allows external power supply (EPS) traps.
fan Optional. Enables the fan failure notification trap.
frame-relay Optional. Allows Frame Relay traps.
over-temperature Optional. Enables the over-temperature protection traps.

resource Optional. Enables the resource utilization set of traps.

rps Optional. Allows redundant power supply (RPS) traps.
sfp Optional. Allows small form-factor pluggable (SFP) traps.
snmp Optional. Allows SNMP traps.
unit Optional. Allows unit traps for user login/logout.
track Optional. Allows network monitor track traps.
voice Optional. Allows voice traps.
vrrp Optional. Allows Virtual Router Redundancy Protocol version 2 (VRRPv2)
Default Values
Command History
Release 17.6 Command was expanded to include the frame-relay parameter.
Release 17.9 Command was expanded to include more frame-relay options, more snmp
options, and the voice parameter. In addition, the snmp-server host <ip
address> traps version 3 priv <community> version of the command was
removed.
Release 18.1 Command was expanded to include the bgp and track parameter.
Release R10.4.0 Command was expanded to include the application parameter.
Release R10.8.0 Command was expanded to include the eps and rps parameters.
Release R10.11.0 Command was expanded to include entity, fan, and network-sync traps.
Release R11.6.0 Command was expanded to include the over-temperature protection.
Usage Examples
The following example sends all enabled traps to the auto-link host using SNMP version 2c and sets the
community string to MyCommunity:
(config)#snmp-server host auto-link traps version 2c MyCommunity

snmp-server host dying-gasp-traps

Use the snmp-server host dying-gasp-traps command to configure the unit to send Simple Network
Management Protocol (SNMP) dying-gasp traps messages to the specified SNMP host. Use the no form of
this command to remove a specified host. Variations of this command include the following:
snmp-server host [<ip address> | <name>] dying-gasp-traps 1 <community>

snmp-server host [<ip address> | <name>] dying-gasp-traps 1 version 1 <community>
snmp-server host [<ip address> | <name>] dying-gasp-traps 1 version 2c <community>
snmp-server host [<ip address> | <name>] dying-gasp-traps 1 version 3 auth <user name>
snmp-server host [<ip address> | <name>] dying-gasp-traps 1 version 3 noauth <user name>
snmp-server host [<ip address> | <name>] dying-gasp-traps 1 version 3 priv <user name>
snmp-server host [<ip address> | <name>] dying-gasp-traps 2 <community>
snmp-server host [<ip address> | <name>] dying-gasp-traps 2 version 1 <community>
snmp-server host [<ip address> | <name>] dying-gasp-traps 2 version 2c <community>
snmp-server host [<ip address> | <name>] dying-gasp-traps 2 version 3 auth <user name>
snmp-server host [<ip address> | <name>] dying-gasp-traps 2 version 3 noauth <user name>
snmp-server host [<ip address> | <name>] dying-gasp-traps 2 version 3 priv <user name>
snmp-server host vrf <name> [<ip address> | <name>] dying-gasp-traps 1 <community>
snmp-server host vrf <name> [<ip address> | <name>] dying-gasp-traps 1 version 1 <community>
snmp-server host vrf <name> [<ip address> | <name>] dying-gasp-traps 1 version 2c <community>
snmp-server host vrf <name> [<ip address> | <name>] dying-gasp-traps 1 version 3 auth <user
name>
snmp-server host vrf <name> [<ip address> | <name>] dying-gasp-traps 1 version 3 noauth <user
name>
snmp-server host vrf <name> [<ip address> | <name>] dying-gasp-traps 1 version 3 priv <user
name>
snmp-server host vrf <name> [<ip address> | <name>] dying-gasp-traps 2 <community>
snmp-server host vrf <name> [<ip address> | <name>] dying-gasp-traps 2 version 1 <community>
snmp-server host vrf <name> [<ip address> | <name>] dying-gasp-traps 2 version 2c <community>
snmp-server host vrf <name> [<ip address> | <name>] dying-gasp-traps 2 version 3 auth <user
name>
snmp-server host vrf <name> [<ip address> | <name>] dying-gasp-traps 2 version 3 noauth <user
name>
snmp-server host vrf <name> [<ip address> | <name>] dying-gasp-traps 2 version 3 priv <user
name>
Syntax Description
<ip address> Specifies the IP address (either Internet Protocol version 4 (IPv4) or Internet
Protocol version 6 (IPv6)) of the SNMP host that receives the SNMP
information. IPv4 addresses should be expressed in dotted decimal notation
(for example, 10.10.10.1). IPv6 addresses should be expressed in colon
hexadecimal format X:X:X:X::X, for example, 2001:DB8:1::1.
<name> Specifies the Fully Qualified Domain Name (FQDN) (e.g., adtran.com) of
the SNMP host that receives the SNMP information.

vrf <name> Optional. Specifies the VRF instance on which the host exists. If a VRF
instance is not specified, the default unnamed VRF is assumed.
<community> Specifies the community string (used as a password, 16 characters
<user name> Specifies the user name for SNMP version 3 security.
Default Values
Command History
Release R13.3.0 Command was expanded to allow the <name> of a FQDN server to be
specified as the recipient of SNMP information.
Functional Notes
Usage Examples
The following example configures an SNMP server host at IPv4 address 190.3.44.69 as the first priority
server to receive dying-gasp traps using SNMP version 2c and set the community string to
MyCommunity:
(config)#snmp-server host 190.3.44.69 dying-gasp-traps 1 version 2c MyCommunity

snmp-server host informs

Use the snmp-server host informs command to configure the unit to send Simple Network Management
Protocol (SNMP) INFORM messages to the specified SNMP host. Use the no form of this command to
remove a specified host. Variations of this command include the following:
snmp-server host [<ip address> | <name>] informs <community>

snmp-server host [<ip address> | <name>] informs version 1 <community>
snmp-server host [<ip address> | <name>] informs version 1 <community> [battery] [eps] [rps] [sfp]
[snmp] [unit]
snmp-server host [<ip address> | <name>] informs version 2c <community>
snmp-server host [<ip address> | <name>] informs version 2c <community> [battery] [eps] [rps] [sfp]
[snmp] [unit]
snmp-server host [<ip address> | <name>] informs version 3 auth <community>
snmp-server host [<ip address> | <name>] informs version 3 auth <community> [battery] [eps] [rps]
[sfp] [snmp] [unit]
snmp-server host [<ip address> | <name>] informs version 3 noauth <community>
snmp-server host [<ip address> | <name>] informs version 3 noauth <community> [battery] [eps]
[rps] [sfp] [snmp] [unit]
snmp-server host [<ip address> | <name>] informs version 3 priv <community>
snmp-server host [<ip address> | <name>] informs version 3 priv <community> [battery] [eps] [rps]
[sfp] [snmp] [unit]
snmp-server host vrf <name> [<ip address> | <name>] informs <community>
snmp-server host vrf <name> [<ip address> | <name>] informs version 1 <community>
snmp-server host vrf <name> [<ip address> | <name>] informs version 1 <community> [battery] [sfp]
[snmp] [unit]
snmp-server host vrf <name> [<ip address> | <name>] informs version 2c <community>
snmp-server host vrf <name> [<ip address> | <name>] informs version 2c <community> [battery]
[sfp] [snmp] [unit]
snmp-server host vrf <name> [<ip address> | <name>] informs version 3 auth <community>
snmp-server host vrf <name> [<ip address> | <name>] informs version 3 auth <community> [battery]
[sfp] [snmp] [unit]
snmp-server host vrf <name> [<ip address> | <name>] informs version 3 noauth <community>
snmp-server host vrf <name> [<ip address> | <name>] informs version 3 noauth <community>
[battery] [sfp] [snmp] [unit]
snmp-server host vrf <name> [<ip address> | <name>] informs version 3 priv <community>
snmp-server host vrf <name> [<ip address> | <name>] informs version 3 priv <community> [battery]
[sfp] [snmp] [unit]
Syntax Description

battery Optional. Allows battery trap informs.
eps Optional. Allows external power supply (EPS) informs.
rps Optional. Allows redundant power supply (RPS) informs.
sfp Optional. Allows small form-factor pluggable (SFP) informs.
snmp Optional. Allows SNMP informs.
unit Optional. Allows unit informs for user login/logout.
Default Values
Command History
Release 13.1 Command was expanded to include the informs options.
Release R10.9.0 Command was expanded to include the eps and rps parameters on the
default VRF instance.
Release R11.11.0 Command was expanded to include the battery parameter.
Functional Notes

Usage Examples
The following example sends all SNMP informs to the host at IPv4 address 190.3.44.69 and community
string MyCommunity using SNMP version 2c:
(config)#snmp-server host 190.3.44.69 informs version 2c MyCommunity snmp

snmp-server host traps

Use the snmp-server host traps command to configure the unit to send traps to the specified SNMP host.
Use the no form of this command to remove a specified host. Variations of this command include the
following:
snmp-server host [<ip address> | <name>] traps <community>

snmp-server host [<ip address> | <name>] traps version 1 <community> [application] [battery] [bgp]
[eps] [entity] [fan] [frame-relay] [network-sync] [over-temperature] [resource] [rps] [sfp] [snmp]
[track] [unit] [voice] [vrrp]
snmp-server host [<ip address> | <name>] traps version 2c <community> [application] [battery] [bgp]
[eps] [entity] [fan] [frame-relay] [network-sync] [over-temperature] [resource] [rps] [sfp] [snmp]
[track] [unit] [voice] [vrrp]
snmp-server host [<ip address> | <name>] traps version 3 auth <community> [application] [battery]
[bgp] [eps] [entity] [fan] [frame-relay] [network-sync] [over-temperature] [resource] [rps] [sfp]
[snmp] [track] [unit] [voice] [vrrp]
snmp-server host [<ip address> | <name>] traps version 3 noauth <community> [application]
[battery] [bgp] [eps] [entity] [fan] [frame-relay] [network-sync] [over-temperature] [resource]
[rps] [sfp] [snmp] [track] [unit] [voice] [vrrp]
snmp-server host [<ip address> | <name>] traps version 3 priv <community> [application] [battery]
[bgp] [eps] [entity] [fan] [frame-relay] [network-sync] [over-temperature] [resource] [rps] [sfp]
snmp-server host vrf <name> [<ip address> | <name>] traps <community>

snmp-server host vrf <name> [<ip address> | <name>] traps version 1 <community> [application]
[battery] [bgp] [entity] [fan] [frame-relay] [network-sync] [over-temperature] [resource] [sfp]
snmp-server host vrf <name> [<ip address> | <name>] traps version 2c <community> [application]
snmp-server host vrf <name> [<ip address> | <name>] traps version 3 auth <community>
[application] [battery] [bgp] [entity] [fan] [frame-relay] [network-sync] [over-temperature]
[resource] [sfp] [snmp] [track] [unit] [voice] [vrrp]
snmp-server host vrf <name> [<ip address> | <name>] traps version 3 noauth <community>
[application] [battery] [bgp] [entity] [fan] [frame-relay] [network-sync] [over-temperature] [sfp]
snmp-server host vrf <name> [<ip address> | <name>] traps version 3 priv <community> [application]
Syntax Description

traps Enables traps to this host. If the version is not specified, version 1 is used.
application Optional. Allows application traps (such as, Domain Naming System (DNS)
traps).
battery Optional. Enables battery status traps.
bgp Optional. Allows Border Gateway Protocol (BGP) traps.
eps Optional. Allows external power supply (EPS) traps.
fan Optional. Enables the fan failure notification traps.
frame-relay Optional. Allows Frame Relay traps.
over-temperature Optional. Enables the over-temperature protection traps.
resource Optional. Enables the resource utilization set of traps.
rps Optional. Allows redundant power supply (RPS) traps.
sfp Optional. Allows small form-factor pluggable (SFP) traps.
snmp Optional. Allows SNMP traps.
unit Optional. Allows unit traps for user login/logout.
track Optional. Allows the network monitor track traps.
voice Optional. Allows voice traps.
vrrp Optional. Allows Virtual Router Redundancy Protocol version 2 (VRRPv2)
Default Values

Command History
Release 17.6 Command was expanded to include the frame-relay parameter.
Release 17.9 Command was expanded to include more frame-relay options, more snmp
options, and the voice parameter. In addition, the snmp-server host <ip
address> traps version 3 priv <community> version of the command was
removed.
Release 18.1 Command was expanded to include the bgp and track parameter.
Release R10.4.0 Command was expanded to include the application parameter.
Release R10.8.0 Command was expanded to include the eps, rps, and vrf <name>
parameter.
Release R10.11.0 Command was expanded to include entity, fan, and network-sync traps.
Release R11.6.0 Command was expanded to include over-temperature protection.
Release R13.2.0 Command was expanded to include sfp and unit parameters.
Functional Notes
Usage Examples
The following example sends all SNMP traps to the host at IPv4 address 190.3.44.69 and sets the
community string to MyCommunity using SNMP version 2c:
(config)#snmp-server host 190.3.44.69 traps version 2c MyCommunity snmp

snmp-server inform
Use the snmp-server inform command to set the number of retry attempts for a response and set the
amount of time to wait for a response before allowing a new request. Use the no form of this command to
return to the default setting. Variations of this command include the following:
snmp-server inform retries <number>

snmp-server inform timeout <value>
Syntax Description
retries <number> Specifies number of retries for a response. The range is from 1 to 100.
timeout <value> Specifies time (in seconds) to wait for a response. The range is from 1 to
1000 seconds.
Default Values
By default, the retry count is set to 3 and the timeout is set to 5 seconds.
Command History
Usage Examples
The following example sets the retry count to 10:
(config)#snmp-server inform retries 10

snmp-server location “<string>”

Use the snmp-server location command to specify the Simple Network Management Protocol (SNMP)
system location string. Use the no form of this command to return to the default value.
Syntax Description
“<string>” Populates the system location string using an alphanumeric string enclosed
in quotation marks (up to 32 characters in length).
Default Values
By default, the snmp-server location is set to ADTRAN.
Command History
Usage Examples
The following example specifies a location of 5th Floor Network Room:
(config)#snmp-server location “5th Floor Network Room”

snmp-server management-url <url>

Use the snmp-server management-url command to specify the uniform resource locator (URL) for the
device’s management software. Use the no form of this command to remove the management URL.
Syntax Description
<url> Specifies the URL for the management software.
Default Values
By default, no URL is defined.
Command History
Usage Examples
The following example specifies the URL http://www.mywatch.com as the device’s management
software:
(config)#snmp-server management-url http://www.mywatch.com

snmp-server management-url-label <label>

Use the snmp-server management-url-label command to specify a label for the uniform resource locator
(URL) of the device’s management software. Use the no form of this command to remove the label.
Syntax Description
<label> Specifies a label for the URL of the management software (maximum length
255 characters).
Default Values
Command History
Usage Examples
The following example specifies the label watch for the management software:
(config)#snmp-server management-url-label watch

snmp-server source-interface <interface>

Use the snmp-server source-interface command to specify a source interface for Simple Network
Management Protocol (SNMP) traffic (including traps and get/set requests) originated by the unit. The IP
address of the specified interface is used to source all SNMP traffic. The named Virtual Routing and
Forwarding (VRF) instance further identifies the source interface when multiple VRF instances are
configured on the router. Use the no form of this command to remove the specified interface.Variations of
snmp-server source-interface <interface>

snmp-server vrf <name> source-interface <interface>
Syntax Description
<interface> Specifies the interface that should originate SNMP traffic. Specify an
access point, use dot11ap 1/1.1. Type snmp-server source-interface ?
for a complete list of valid interfaces.
vrf <name> Optional. Specifies the VRF instance on which the source interface exists.
Default Values
By default, there is no source-interface defined.
Command History
interface.
Ethernet interface.
Release R10.8.0 Command was expanded to include the vrf <name> parameters.
Functional Notes
of whether multi-VRF is configured. Therefore, executing the above mentioned command without

Usage Examples
The following example specifies that the ethernet 0/1 on VRF RED should be the source for all SNMP
traps and get/set requests:
(config)#snmp-server vrf RED source-interface ethernet 0/1

snmp-server user
Use the snmp-server user command to configure Simple Network Management Protocol (SNMP) users to
control access to SNMP information. Use the no form of this command to remove a user from the specified
SNMP server group. Variations of this command include:
snmp-server user <username> <groupname> v1

snmp-server user <username> <groupname> v1 [ip access-class <ipv4 acl> | ipv6 access-class
snmp-server user <username> <groupname> v2c
snmp-server user <username> <groupname> v2c [ip access-class <ipv4 acl> | ipv6 access-class
snmp-server user <username> <groupname> v3
snmp-server user <username> <groupname> v3 [ip access-class <ipv4 acl> | ipv6 access-class
snmp-server user <username> <groupname> v3 auth md5 <password> [ip access-class <ipv4 acl> |
ipv6 access-class <ipv6 acl>] [any-vrf | vrf <name>]
snmp-server user <username> <groupname> v3 auth md5 <password> priv des <password>
[ip access-class <ipv4 acl> | ipv6 access-class <ipv6 acl>] [any-vrf | vrf <name>]
snmp-server user <username> <groupname> v3 auth sha <password> [ip access-class <ipv4 acl> |
snmp-server user <username> <groupname> v3 auth sha <password> priv des <password>
If service password-encryption is enabled, the running configuration changes to include

the keyword encrypted before each password entry, which is masked. Refer to the
command service password-encryption on page 1691.
Syntax Description
<username> Specifies the name of the user.
<groupname> Specifies the name of the group to which the user belongs.
v1 Specifies using the SNMP version 1 security model.
v2c Specifies using the SNMP version 2c security model.
v3 Specifies using the SNMP version 3 (user-based) security model).
auth md5 <password> Optional. Uses the HMAC-MD5-96 authentication level and a password
string to build the key for the authentication level.
auth sha <password> Optional. Uses the HMAC-SHA-96 authentication level and a password
priv des <password> Optional. Uses the CBC-DES privacy authentication algorithm and a
password string used for data encryption between the host and agent.
list (ACL) entry.

vrf <name> Optional. Specifies the ACL is applied to a specific VRF instance. If no
VRF is provided, the default unnamed VRF is assumed.
It is necessary to configure the SNMP engine ID before configuration of the remote users
for a particular agent can be completed. Refer to the command snmp-server engineID
remote on page 1789 for instructions in setting the engine ID with the remote option.
Default Values
Command History
products.
parameters.
Functional Notes
The snmp-server user command can specify up to two ACLs to control access, one each for IPv4 and
IPv6 protocols. When two ACLs are used, they must use the same VRF restriction (the default VRF, any
VRF, or a specific VRF.) If no VRF is named, the default unnamed VRF is assumed.
Usage Examples
The following example enters a new user named BobbyW and assigns the user to a group called
securityV3auth using version 3 security model, message digest 5 (MD5) authentication method with a
password of passWORD6243, and no ACL to verify:
(config)#snmp-server user BobbyW securityV3auth v3 auth md5 passWORD6243

Technology Review
SNMP server users are configured and attached to a specified group with an SNMP version. The SNMP
version defines the security model of the group, with SNMP version 1 (SNMPv1) being the least secure
and SNMP version 3 (SNMPv3) the most secure. Groups also define the read, write, notify, and view
access for each user that resides in the group.
Trap notifications in SNMP v1 and SNMP version 2 (SNMPv2) are sent once and do not require an
acknowledgement upon receipt. With SNMPv3, a new form of notification type was introduced, called an
inform. Unlike a trap sent with SNMPv1/v2, an inform requires a response be sent to the originating entity.
If the originator of the inform notification does not receive the response before a specified timeout, the
originator can resend until an acknowledgement response is received or a specified retry value is reached.
Sending informs requires that the originator of the inform know the user, engine ID, security parameters,
and belong to a group that grants access to the information.
SNMPv3 uses services, such as authentication, privacy, and ACLs to provide a higher level of security not
present with v1 or v2. Of these new services, identifying an SNMP server user on a remote entity is
necessary to receive and originate notifications, and also to generate and respond to commands.

snmp-server user <username> <groupname> remote <host> v3

Use the snmp-server user remote v3 command to configure Simple Network Management Protocol
version 3 (SNMPv3) users residing on a remote SNMP entity, to control access to SNMP information. The
named Virtual Routing and Forwarding (VRF) instance further identifies the remote entity when multiple
VRF instances are configured on the router. Use the no form of this command to remove a user from the
specified SNMP group. Variations of this command include:
snmp-server user <username> <groupname> remote <host> v3

snmp-server user <username> <groupname> remote <host> v3 [ip access-class <ipv4 acl> |
snmp-server user <username> <groupname> remote <host> v3 auth md5 <auth password>
snmp-server user <username> <groupname> remote <host> v3 auth md5 <auth password> priv des
<priv password> [ip access-class <ipv4 acl> | ipv6 access-class <ipv6 acl>] [any-vrf | vrf <name>]
snmp-server user <username> <groupname> remote <host> v3 auth sha <auth password>
snmp-server user <username> <groupname> remote <host> v3 auth sha <auth password> priv des
snmp-server user <username> <groupname> remote vrf <vrf name> <host> v3
snmp-server user <username> <groupname> remote vrf <vrf name> <host> v3
snmp-server user <username> <groupname> remote vrf <vrf name> <host> v3 auth md5
<auth password> [ip access-class <ipv4 acl> | ipv6 access-class <ipv6 acl>] [any-vrf | vrf <name>]
snmp-server user <username> <groupname> remote vrf <vrf name> <host> v3 auth md5
<auth password> priv des <priv password> [ip access-class <ipv4 acl> | ipv6 access-class
snmp-server user <username> <groupname> remote vrf <vrf name> <host> v3 auth sha
<auth password> [ip access-class <ipv4 acl> | ipv6 access-class <ipv6 acl>] [any-vrf | vrf <name>]
snmp-server user <username> <groupname> remote vrf <vrf name> <host> v3 auth sha
<auth password> priv des <priv password> [ip access-class <ipv4 acl> | ipv6 access-class <ipv6
acl>] [any-vrf | vrf <name>]

Syntax Description
<groupname> Specifies the name of the group to which the user belongs.

<host> Identifies the host name or Internet Protocol version4 (IPv4) or Internet
Protocol version 6 (IPv6) address of a remote SNMP entity to which the
user belongs. The remote host is necessary for acknowledgement of
SNMP version 3 notifications. IPv4 addresses should be expressed in
dotted decimal notation (for example, 10.10.10.1). IPv6 addresses
should be expressed in colon hexadecimal format X:X:X:X::X, for
example, 2001:DB8:1::1.
vrf <vrf name> Optional. When used after the remote keyword, specifies the remote
host exists on the named VRF. If no VRF is provided, the default
unnamed VRF is assumed.
v3 Uses SNMP version 3 (user-based security model).
auth md5 <auth password> Optional. Uses the HMAC-MD5-96 authentication level and a password
auth sha <auth password> Optional. Uses the HMAC-SHA-96 authentication level and a password
priv des <priv password> Optional. Uses the CBC-DES privacy authentication algorithm and a
list (ACL) entry.
Default Values
Command History
Release 14.1 Command was expanded to include the remote <host> parameter.
products.

parameters.
Functional Notes
When configuring a remote engine ID with a VRF specified, a remote user with the same host address and
VRF must be configured.
Usage Examples
securityV3auth on the remote host at IPv4 address 198.168.1.3, using version 3 security model, message
digest 5 (MD5) authentication method with a password of passWORD6243, and no ACL to verify:
(config)#snmp-server user BobbyW securityV3auth remote 198.168.1.3 v3 auth md5

passWORD6243
Technology Review

Remote users are specified with an IP address or port number for the remote SNMP entity where the user
resides. Configuration of the SNMP remote engine ID is necessary before SNMPv3 inform notifications
can be acknowledged. This is accomplished using the snmp-server engineID remote command. The
remote entity’s SNMP engine ID is used for password authentication and privacy digests. The
configuration acknowledgments of informs will fail if the remote engine ID is not configured first. A
management device must know about the user, the engine ID of the device, and security parameters, such
as authentication, passwords, and security level in order for the command to be processed by the
receiving agent.

snmp-server user <username> <groupname> remote auto-link v3

Use the snmp-server user remote auto-link v3 command to configure Simple Network Management
Protocol version 3 (SNMPv3) users residing on a remote SNMP entity, to control access to SNMP
information. The remote SNMP device Internet Protocol version 4(IPv4) address follows the active
auto-link server. Refer to the command auto-link on page 1206 for more information on enabling
auto-link. Use the no form of this command to remove a user from the specified SNMP group. Variations
snmp-server user <username> <groupname> remote auto-link v3

snmp-server user <username> <groupname> remote auto-link v3 [ip access-class <ipv4 acl> | ipv6
access-class <ipv6 acl>] [any-vrf | vrf <name>]
snmp-server user <username> <groupname> remote auto-link v3 auth md5 <auth password>
snmp-server user <username> <groupname> remote auto-link v3 auth md5 <auth password> priv des
snmp-server user <username> <groupname> remote auto-link v3 auth sha <auth password>
snmp-server user <username> <groupname> remote auto-link v3 auth sha <auth password> priv des

Syntax Description
<groupname> Specifies the name of the group the user belongs to.
remote auto-link Specifies that the remote SNMP device IPv4 address follows the active
auto-link server.
v3 Uses SNMP version 3 (user-based security model).
auth md5 <auth password> Optional. Uses the HMAC-MD5-96 authentication level and a password
auth sha <auth password> Optional. Uses the HMAC-SHA-96 authentication level and a password
priv des <priv password> Optional. Uses the CBC-DES privacy authentication algorithm and a
list (ACL) entry.

Default Values
Command History
Release 14.1 Command was expanded to include the remote <host> parameter.
products.
parameters.
Functional Notes
When configuring a remote engine ID with a VRF specified, a remote user with the same host address and
VRF must be configured.
Usage Examples
securityV3auth using version 3 security model on a remote auto-link server and authentication method
message digest 5 (MD5) with a password of passWORD6243 and no ACL to verify:
(config)#snmp-server user BobbyW securityV3auth remote auto-link v3 auth md5 passWORD6243

Technology Review
Remote users are specified with an IP address or port number for the remote SNMP entity where the user
resides. Configuration of the SNMP remote engine ID is necessary before SNMPv3 inform notifications
can be acknowledged. This is accomplished using the snmp-server engineID remote command. The
remote entity’s SNMP engine ID is used for password authentication and privacy digests. The
configuration acknowledgments of informs will fail if the remote engine ID is not configured first. A
management device must know about the user, the engine ID of the device, and security parameters, such
as authentication, passwords, and security level in order for the command to be processed by the
receiving agent.

snmp-server view <name> <value>

Use the snmp-server view command to create or modify a Simple Network Management Protocol
(SNMP) view entry. Use the no form of this command to remove an entry. Variations of this command
include:
snmp-server view <name> <value> excluded

snmp-server view <name> <value> included
Syntax Description
<name> Specifies a label for the view record being created. The name is a record
reference.
<value> Specifies the object identifier (OID) to include or exclude from the view. To
identify the subtree, specify a string using numbers, such as 1.4.2.6.8.
Replace a single subidentifier with the asterisk (*) to specify a subtree
family.
excluded Specifies a view to be excluded.
included Specifies a view to be included.
Default Values
Command History
Usage Examples
The snmp-server view command can include or exclude a group of OIDs. The following example shows
how to create a view (named blockInterfaces) to exclude the OID subtree family 1.3.3.1.2.1.2:
(config)#snmp-server view blockInterfaces 1.3.3.1.2.1.2.* excluded
The following example shows how to create a view (named block) to include a specific OID:
(config)#snmp-server view block 1.3.3.1.2.1.2. included

sntp retry-timeout <value>

Use the sntp retry-timeout command to set the amount of time to wait for a response before allowing a
new request. Use the no form of this command to return to the default setting.
Syntax Description
<value> Specifies time (in seconds) to wait for a response before retrying. The range
is from 3 to 2000000 seconds.
Default Values
By default, the retry timeout is set to 5 seconds.
Command History
Usage Examples
The following example sets the Simple Network Time Protocol (SNTP) retry timeout to 10 seconds:
(config)#sntp retry-timeout 10

sntp server
Use the sntp server command to set the host name of the Simple Network Time Protocol (SNTP) server,
as well as the version of SNTP to use. SNTP is an abbreviated version of the Network Time Protocol
(NTP). SNTP is used to set the time of the AOS product over a network. The SNTP server usually serves
the time to many devices within a network. Use the no form of this command to return to the default
sntp server [<hostname> | <ip address>]

sntp server [<hostname> | <ip address>] version <number>
Syntax Description
<hostname> Specifies the host name of the SNTP server.
<ip address> Specifies the IP address of the SNTP server. IP addresses should be
version <number> Optional. Specifies which NTP version is used. Valid range is 1 to 3.
Default Values
By default, NTP version is set to 1.
Command History
Usage Examples
The following example sets the SNTP server to time.nist.gov using SNTP version 1 (the default version):
(config)#sntp server time.nist.gov
The following example sets the SNTP server as time.nist.gov. All requests for time use version 2 of the
SNTP:
(config)#sntp server time.nist.gov version 2

sntp wait-time <value>

Use the sntp wait-time command to set the time between updates from the time server. Use the no form of
Syntax Description
<value> Specifies time (in seconds) between updates. Range is 10 to 2000000
seconds.
Default Values
By default, the wait time is set to 86400 seconds (1 day).
Command History
Usage Examples
The following example sets the Simple Network Time Protocol (SNTP) wait time to two days:
(config)#sntp wait-time 172800

spanning-tree edgeport bpdufilter default

Use the spanning-tree edgeport bpdufilter default command to enable the bridge protocol data unit
(BPDU) filter on all ports by default. Use the no form of this command to disable the setting.
Syntax Description
No subcommands.
Default Values
By default, spanning-tree edgeport bpdufilter default is disabled.
Command History
Functional Notes
The BPDU filter blocks any BPDUs from being transmitted and received on an interface. This can be
overridden on an individual port.
Usage Examples
The following example enables the bpdufilter on all ports by default:
(config)#spanning-tree edgeport bpdufilter default
To disable the BPDU filter on a specific interface, issue the appropriate commands for the given interface
using the following commands as an example:

(config-eth 0/1)#spanning-tree edgeport bpdufilter disable

spanning-tree edgeport bpduguard default

Use the spanning-tree edgeport bpduguard default command to enable the bridge protocol data unit
(BPDU) guard on all ports by default. Use the no form of this command to disable the setting.
Syntax Description
No subcommands.
Default Values
Disabled by default.
Command History
Functional Notes
The bpduguard blocks any BPDUs from being received on an interface. This can be overridden on an
individual port.
Usage Examples
The following example enables the BPDU guard on all ports by default.
(config)#spanning-tree edgeport bpduguard default
To disable the BPDU guard on a specific interface, issue the appropriate commands for the given interface
using the following commands as an example:

(config-eth 0/1)#spanning-tree edgeport bpduguard disable

spanning-tree edgeport default

Use the spanning-tree edgeport default command to configure all ports to be edgeports by default. Use
the no form of this command to disable the setting. This command is overridden by the spanning-tree
edgeport command configured in the interface configuration mode.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example configures all interfaces running spanning tree to be edgeports by default:
(config)#spanning-tree edgeport default
An individual interface can be configured to not be considered an edgeport. For example:

(config-eth 0/1)#spanning-tree edgeport disable
or

(config-eth 0/1)#no spanning-tree edgeport

spanning-tree edgeport rootguard default

Use the spanning-tree edgeport rootguard default command to enable root guard on all interfaces
configured as an edgeport. Use the no form of this command to disable the setting.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Root guard blocks an interface from being elected to the root port role. If information about a superior root
bridge is received, the interface will no longer forward traffic until superior root bridge proposals stop. If an
interface has bridge protocol data unit (BPDU) filter or BPDU guard configured, configuring root guard will
have no effect on the operation of the interface. The root guard setting can be overridden on an individual
port basis.
Usage Examples
The following example enables the root guard on all ports by default.
(config)#spanning-tree edgeport rootguard default
To disable the root guard on a specific interface, issue the appropriate commands for the given interface.
The following example disables the root guard on the gigabit switchport interface 0/3:
(config)#interface gigabit-switchport 0/3

(config-giga-swx 0/3)#spanning-tree edgeport rootguard disable

spanning-tree forward-time <value>

Use the spanning-tree forward-time command to specify the delay interval (in seconds) when forwarding
spanning-tree packets. Use the no form of this command to return to the default interval.
Syntax Description
<value> Specifies the forwarding delay interval in seconds. Range is 4 to
30 seconds.
Default Values
By default, the forwarding delay is set to 15 seconds.
Command History
Usage Examples
The following example sets the forwarding time to 18 seconds:
(config)#spanning-tree forward-time 18

spanning-tree hello-time <value>

Use the spanning-tree hello-time command to specify the delay interval (in seconds) between hello
bridge protocol data units (BPDUs). To return to the default interval, use the no form of this command.
Syntax Description
<value> Specifies the delay interval (in seconds) between hello BPDUs. Range is
0 to 1000000 seconds.
Default Values
By default, the delay is set to 2 seconds.
Command History
Usage Examples
The following example configures a spanning-tree hello-time interval of 10000 seconds:
(config)#spanning-tree hello-time 10000

spanning-tree max-age <value>

Use the spanning-tree max-age command to specify the interval (in seconds) the spanning tree will wait
to receive bridge protocol data units (BPDUs) from the root bridge before assuming the network has
changed (thus re-evaluating the spanning-tree topology). Use the no form of this command to return to the
default interval.
Syntax Description
<value> Specifies the wait interval (in seconds) between received BPDUs (from the
root bridge). Range is 6 to 40 seconds.
Default Values
By default, the wait interval is set at 20 seconds.
Command History
Usage Examples
The following example configures a wait interval of 35 seconds:
(config)#spanning-tree max-age 35

spanning-tree mode
Use the spanning-tree mode command to choose a spanning tree mode of operation. Use the no form of
spanning-tree mode rstp

spanning-tree mode stp
Syntax Description
rstp Enables Rapid Spanning Tree Protocol (RSTP).
stp Enables spanning-tree protocol.
Default Values
By default, spanning-tree mode is set to rstp.
Command History
Usage Examples
The following example sets the spanning-tree mode to rstp:
(config)#spanning-tree mode rstp

spanning-tree pathcost method

Use the spanning-tree pathcost method command to select a short or long pathcost method used by the
spanning-tree protocol. Use the no form of this command to return to the default setting. Variations of this
command include:
spanning-tree pathcost method long

spanning-tree pathcost method short
Syntax Description
long Specifies a long pathcost method.
short Specifies a short pathcost method.
Default Values
By default, spanning-tree pathcost is set to short.
Command History
Usage Examples
The following example specifies that the spanning-tree protocol use a long pathcost method:
(config)#spanning-tree pathcost method long

spanning-tree priority <value>

Use the spanning-tree priority command to set the priority for spanning-tree interfaces. The lower the
priority value, the higher the likelihood the configured spanning-tree interface will be the root for the
bridge group. To return to the default bridge priority value, use the no form of this command.
Syntax Description
<value> Sets a priority value for the bridge interface. Configuring this value to a low
number increases the interface’s chance of being the root. Therefore, the
maximum priority level would be 0. Range is 0 to 65535.
Default Values
By default, the priority level is set to 32768.
Command History
Usage Examples
The following example sets spanning-tree priority to the maximum level:
(config)#spanning-tree priority 0

srtp-profile <profile name>

Use the srtp-profile command to enter the Secure Realtime Transfer Protocol (SRTP) Profile
Configuration mode, from which the operation of SRTP is configured. Use the no form of this command to
remove the profile.
Syntax Description
<profile name> Specifies the name of the SRTP profile to create.
Default Values
By default, no SRTP profiles exist.
Command History
Functional Notes
Each entity on the AOS device that uses SRTP must have an SRTP profile applied in order to function.
Many SRTP profiles can exist and be referenced by many entities using SRTP on the AOS device. The
same SRTP profile can be used by as many entities using SRTP as required. The SRTP profile essentially
operates as a template for SRTP operation and is applied on a per-trunk basis. For more information
regarding SRTP configuration, refer to the SRTP Profile Command Set on page 4874.
Usage Examples
The following example creates the SRTP profile SRTPPROFILE1 and enters the profile’s configuration
mode:
(config)#srtp-profile SRTPPROFILE1
(config-srtp-profile-SRTPPROFILE1)#

ssh-server <port>
Use the ssh-server command to specify an alternate Transmission Control Protocol (TCP) port for secure
shell (SSH) servers. Use the no form of this command to return to the default setting.
Syntax Description
<port> Specifies the alternate TCP port for the SSH server.
Default Values
By default, the SSH server listens on TCP port 22.
Command History
Release 18.2 Command was introduced. This command replaces the ip ssh-server
<port> command for ADTRAN internetworking products only.
Release R10.1.0 Command was introduced. This command replaces the ip ssh-server
<port> command for ADTRAN voice products.
Functional Notes
SSH is a version of Telnet that allows you to run command line and graphical applications (as well as,
transfer files) over an encrypted connection.
Usage Examples
The following example configures the SSH server to listen on TCP port 2200, instead of the default port 22:
(config)#ip ssh-server 2200
To return to the default setting, use the no form of the command. For example:
(config)#no ip ssh-server 2200

ssh-server authentication
Use the ssh-server authentication command to enable password and/or public key authentication for
secure shell (SSH) connections to the system. Use the no form of this command to return to the default.
ssh-server authentication password

ssh-server authentication pubkey
ssh-server authentication password pubkey
Syntax Description
password Specifies to allow password authentication for SSH connections.
pubkey Specifies to allow public key authentication for SSH connections.
Default Values
By default, both password and pubkey authentication are enabled.
Command History
Usage Examples
The following example enables public key authentication for SSH connections on the system:
(config)#ssh-server authentication pubkey

ssh-server cipher
Use the ssh-server cipher command to configure the secure shell (SSH) server cipher algorithm used in
SSH connections to the system. Use the no form of this command to disable a cipher. Variations of this
command include:
ssh-server cipher 3des-cbc

ssh-server cipher aes128-ctr
ssh-server cipher aes256-ctr
Syntax Description
3des-cbc Enables 3des-cbc as a supported cipher for SSH connections.
aes128-ctr Enables aes128-ctr as a supported cipher for SSH connections.
aes256-ctr Enables aes256-ctr as a supported cipher for SSH connections.
Default Values
By default, taes128-ctr and aes256-ctr are enabled and 3des-cbc is disabled.
Command History
Usage Examples
The following example disables aes128-ctr for SSH connections on the system:
(config)#no ssh-server cipher aes128-ctr

ssh-server kex
Use the ssh-server kex command to configure the secure shell (SSH) server key exchange (KEX)
algorithm used in SSH connections to the system. Use the no form of this command to disable an
algorithm. Variations of this command include:
ssh-server kex diffie-hellman-group1-sha1

ssh-server kex diffie-hellman-group14-sha1
Syntax Description
diffie-hellman-group1-sha1 Enables the Diffie-Hellman Group 1 key exchange, with SHA-1 as the
hash, as a supported key exchange method for SSH connections.
diffie-hellman-group-14-sha1 Enables the Diffie-Hellman Group 14 key exchange, with SHA-1 as the
hash, as a supported key exchange method for SSH connections.
Default Values
By default, the Diffie-Hellman Group 1 key exchange (diffie-hellman-group1-sha1) is disabled and the
Diffie-Hellman Group 14 key exchange (diffie-hellman-group14-sha1) is enabled.
Command History
Usage Examples
The following example disables the Diffie-Hellman Group 1 key exchange for SSH connections on the
system, if it has been enabled:
(config)#no ssh-server kex diffie-hellman-group1-sha1

ssh-server mac
Use the ssh-server mac command to configure the secure shell (SSH) server message authentication code
(MAC) algorithm used in SSH connections to the system. Use the no form of this command to disable an
algorithm. Variations of this command include:
ssh-server mac hmac-sha1

ssh-server mac hmac-sha2-256
Syntax Description
hmac-sha1 Enables SHA-1 hash-based MAC (HMAC) encryption for securing SSH
connections.
hmac-sha2-256 Enables SHA-256 HMAC encryption for securing SSH connections.
Default Values
By default, the SHA-1 HMAC algorithm (hmac-sha1) is disabled and the SHA-256 HMAC algorithm
(hmac-sha2-256) is enabled.
Command History
Usage Examples
The following example disables SHA-1 HMAC algorithm for SSH connections on the system, if it has been
enabled:
(config)#no ssh-server mac hmac-sha1

ssh-server pubkey-chain
Use the ssh-server pubkey-chain command to enter the secure shell (SSH) Server Public Key
Configuration mode and configure the SSH public key chain for public key based authentication. From
within the SSH Server Public Key Configuration mode, a public key can be added for a remote device to
gain access to the system through SSH connection. Use the no form of this command to remove the public
key. Once ssh-server pubkey-chain command is entered into the system, the username and key type must
follow with a subsequent command. To enter the SSH Server Public Key Configuration mode, enter the
command as follows:
ssh-server pubkey-chain
The following subcommands are available once you enter the SSH Server Public Key Configuration mode:
username <username> key-hash ssh-dss <input>

username <username> key-hash ssh-rsa <input>
username <username> key-string
username <username> privilege <level> key-hash ssh-hash <input>
username <username> privilege <level> key-hash ssh-rsa <input>
username <username> privilege <level> key-string
Syntax Description
username <username> Specifies the username of a remote device user to allow access through
SSH connections. Only one key per user is allowed.
key-hash Specifies adding a public key hash (SHA1 hash of Digital Signature
Standard (DSS) or Rivest-Shamir-Adleman (RSA) formats) for the specified
user.
ssh-dss <input> Specifies SHA1 hash of DSS format. The <input> is the actual key hash for
this user.
ssh-rsa <input> Specifies the SHA1 hash of RSA format. The <input> is the actual key hash
for this user.
key-string Specifies using a public key string (DSS or RSA format) for the specified
user. Key strings can be entered in either openSSH or PEM format.
privilege <level> Optional. Specifies a privilege level for this user at the time of
authentication. Valid entries are 1 to 7.
Default Values
By default, there are no SSH users authorized to gain access to the system using public keys.
Command History
Release R10.11.0 Command was expanded to include the privilege parameter.
Release R12.2.0 Command was expanded to include support for RSA keys.

Functional Notes
Users can have one or both (DSS or RSA) key types at any given time. The system can store up to 100
user keys on the system at a time.
Once the command username <username> key-string is entered, a prompt results requesting the key
string for the user be entered. After entering the key string, press Enter twice or type quit on a single line
to end this function and return to the Global Configuration mode.
Usage Examples
The following example adds a public key for the remote user ALPHA1 using a key-string in openSSH
format:
(config)#ssh-server pubkey-chain
(config-ssh-pubkey)#username ALPHA1 key-string
(config-ssh-pubkey-ALPHA1)#
Enter user's public key (DSS). End with two consecutive carriage returns or the word "quit" on a line by
itself:
ssh-dss
AAAB3NzaC1kc3MAAACBAOLniJWw39O5IXjm83M0DKOAKKa8wEB0zhr1SCnESmrnipCRagU2W
GzTcr9npbD2OFpDrUFZf9VDItIjs+uR3yA8CbN52nS8ICOsVjjg7rnPUZb5giwPEir7WTICCe2g9ssRBJ
zXodn4X+2kGSwcDQhD2zsTs6o9sltT9AID65y9AAAAFQD8ADcvXx46s8lfRGPwfWgAlzGh0QAAAIA
qgGhQHe0jrgfTwdSxIr+pVCvHvW//eDoCa/M9/PrWnuCmV3oKpGAbqcbaHYnX0CxCY9qNguABiFfY
OTP9GDSy8PKXEg1praIEM21GTNtt3kZU9rH/ReZiMLXa6kPZDx4wTPfV3smEwKIWIvWFQypbdNZ
TSoJY7YKvezo+8J3fegAAAIApJW5seH5ume7mkmiI53LAKyfxrHu4CM3fI+kDQNTJg1YRoJkDEJ6KK
ph0D79xprl/i2SSJEkKHV2SEOr8Iu/vFx71xaZxWNbnkZwnMaDQGNYjUQJAioqN9IVi+HTnZ75yCU4x
h9HjbKt/S2UuEh9+s3cKdV37ohbDKyQruU9vhw== ALPHA1@sample.adtran.com
Success!
The following example adds a public key for the remote user ALPHA1 using a key string in PEM format:
(config-ssh-pubkey)#username ALPHA1 key-string
(config-ssh-pubkey-ALPHA1)#
Enter the user’s public key (DSS). End with two consecutive carriage returns or the word “quit” on a
line by itself:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "dsa-key-20130916"
AAAAB3NzaC1kc3MAAACBAKE3uUZO0sKCjQwtK+uTeAHexx2QpGU8nXxMJ4nCALIH
KVn0YRPOZtmSbutDrMHkCG2aBqT16KGs2l0pECD0KNNNp0ayuQCxJrd8UjDI8CA2
80GGc3IPdT3f18RLZEQRar1FYo4LFmYhA4DQkR46eJvvXLRia5uJlNysj6/QGMub
AAAAFQDZznKwiYd+CMOvSeYTJxHoUm3vOwAAAIEAi1N+eDtABpgACRffzIAypPdx
Flu2+VYtZWtPFgfyV8qNSAUUp/0e8U71BweQwBrypfaVrVOOKeuET1FxBqZZoAQa
eH/lMF+MxZ8MOW6krWwl+z8Jw9R9z+KlJUXmd1Tr1+oriKPmLidzd37jFXIufv5H
TiD1yzo18LeumBMxAeQAAACANJKNBR9NV6g6EF8o3AT91UcwFkXCIPJ8Tdgai7fB
REen0pSrg17ENWU5NTPhqMBb7aHjYrEre5TJNF0LZlSRAOwLVOFUPu3/GjVZ0iOE
yKSm6W08oGU5aoMhC/+nRUqaXScNRfh32UsAItJQGgtaIePTPHK3x53+bXY1fr3b

3L4=
Success!
The following example adds a public key for the remote user CHARLIE3 using the hash key
A54568F4DA1BAB8BB53CF0ABD818FCDA:
(config-ssh-pubkey)#username CHARLIE3 key-hash ssh-dss
A54568F4DA1BAB8BB53CF0ABD818FCDA
(config-ssh-pubkey-CHARLIE3)#
The following example removes the key string for the user ALPHA1:
(config-ssh-pubkey-ALPHA1)#no ALPHA1 key-string

stack
Use the stack command to configure switch-stacking options. Use the no form of this command to disable
this feature. Variations of this command include:
stack master
stack master <vlan id>
stack master <vlan id> <ip address> <subnet mask>
stack member <mac address>
stack member <mac address> <unit id>
stack vlan <vlan id>
Syntax Description
master Specifies that the unit will be the master of the stack.
<vlan id> Specifies the virtual local area network (VLAN) ID the stack will use for
communication.
<ip address> Configures the network mask of the private IP network. IP addresses
<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses
(network). Subnet masks can be expressed in dotted decimal notation (for
example, 255.255.255.0) or as a prefix length (for example, /24).
member Adds a switch to the stack.
<mac address> Specifies a valid 48-bit medium access control (MAC) address of the unit
being added. MAC addresses should be expressed in the following format
<unit id> Specifies the unit ID of the switch being added.
vlan <vlan id> Specifies the VLAN ID of the stack of which you are a member.
Default Values
By default, stack VLAN is 2386, and the stack IP network is 169.254.0.0 /24.
Command History
Usage Examples
The following example configures the unit to be the stack master and use the default stack VLAN and IP
network.
(config)#stack master 2000
The following example configures the unit to be the stack master and use VLAN 2000 as the management
VLAN and 192.168.1.0 /24 as the management network.
(config)#stack master 2000 192.168.1.0 /24

The following example adds the switch with the CPU MAC address 00:A0:C8:00:8C:20 to the stack; also
assigns the number 2 as the new stack member's unit ID.
(config)#stack member 00:A0:C8:00:8C:20 2
The following example specifies that this unit is in the stack using VLAN 2000 as its management VLAN;
also specifies that this unit is in stack member mode (not a stack-master).
(config)#stack vlan 2000

statistics rate-interval <value>

Use the statistics rate-interval command to specify the interval (in seconds) to receive interface statistics.
Use the no form of this command to return to the default interval.
Syntax Description
<value> Specifies the wait interval. Range is 30 to 600 seconds (in 30 second
increments).
Default Values
By default, the wait interval is set at 300 seconds.
Command History
Usage Examples
The following example configures a wait interval of 90 seconds:
(config)#statistics rate-interval 90

system-control-evc
Use the system-control-evc command to enter the system control Ethernet virtual connection (EVC)
configuration mode. This configuration mode is used for dynamic provisioning and to separate the session
control Point-to-Point Protocol over Ethernet (PPPoE) interface from regular customer services.
Syntax Description
No subcommands.
Default Values
By default, the system control EVC is always activated.
Command History
Functional Notes
The configuration commands for the system control EVC are outlined in the System Control EVC
Usage Examples
The following example enters the system control EVC configuration mode:
(config)#system-control-evc
(config-sys-cntrl-evc)#

system-management-evc
Use the system-management-evc command to enter the System Management Ethernet Virtual
Connection (EVC) Configuration mode. This configuration mode is used to configure an inband IP
network interface for the purposes of system management and control. The configuration commands for
the system management EVC are outlined in the System Management EVC Command Set on page 3828.
Syntax Description
No subcommands.
Default Values
By default, the system management EVC is always activated.
Command History
Usage Examples
The following example enters the system management EVC configuration mode:
(config)#system-management-evc
(config-sys-mgmt-evc)#

system mtu <size>

Use the system mtu command to set the maximum transmission unit (MTU) size for all ports on the AOS
device and allow Ethernet frames larger than 1518 bytes (known as jumbo frames) to pass. Use the no
form of this command to return to the default.
Syntax Description
<size> Indicates the transmission size in bytes. The valid range is 1518 to the
maximum byte size allowed for the unit being configured.
The MTU size specified does not include an 802.1Q virtual local area network (VLAN) tag.
For example, if the MTU size is set to allow 1518 bytes, an 802.1Q tagged packet of 1522
bytes would still be accepted.
Default Values
By default, the MTU size is 1518.
Changing the default value (1518) in a switch already installed in a network could cause
traffic disruption.
Command History
Usage Examples
The following example sets the maximum transmission unit size for all ports on the device to 9216 bytes:
(config)#system mtu 9216

tacacs-server
Use the tacacs-server command to configure several terminal access controller access-control system plus
(TACACS+) parameters for all TACACS+ servers on the network. Most of these global settings can be
overridden on a per-server basis (using the command tacacs-server host on page 1853). Use the no form of
this command to return to the default setting. Variations of this command include the following:
tacacs-server key <key>

tacacs-server packet maxsize <value>
tacacs-server timeout <value>
Syntax Description
key <key> Specifies the encryption key used by all TACACS+ servers. This is a
global setting; however, it can be overridden on a per-server basis.
packet maxsize <value> Specifies the maximum packet size that can be sent to any TACACS+
server. Packet maxsize range is 10240 to 65535 kilobytes.
timeout <value> Specifies the time (in seconds) that the AOS unit will wait for the
server’s reply before declaring an error. The time range is 1 to 1000
seconds. This is a global setting; however, it can be overridden on a
per-server basis.
Default Values
By default, there is no key specified for TACACS+ servers, the packet maxsize is set to 10240 kb, and the
TACACS+ server timeout is set to 5 seconds.
Command History
Usage Examples
The following example sets a timeout limit of 60 seconds for all TACACS+ servers:
(config)#tacacs-server timeout 60

tacacs-server host
Use the tacacs-server host command to specify the parameters for a terminal access controller
access-control system plus (TACACS+) server. Specifying the virtual routing and forwarding (VRF)
instance using the vrf <name> keyword applies the configuration to the named VRF instance. Omitting
the vrf <name> keyword applies the configuration to the TACACS+ server for the default unnamed VRF.
Use the no form of this command to return to the default setting. Variations of this command include the
following:
tacacs-server host <hostname> | <ip address>

tacacs-server host <hostname> | <ip address> key <key>
tacacs-server host <hostname> | <ip address> port <port>
tacacs-server host <hostname> | <ip address> timeout <value>
tacacs-server vrf <name> host <hostname> | <ip address>
tacacs-server vrf <name> host <hostname> | <ip address> key <key>
tacacs-server vrf <name> host <hostname> | <ip address> port <port>
tacacs-server vrf <name> host <hostname> | <ip address> timeout <value>
Each parameter after <hostname | ip address> specifies the characteristics of the

individual TACACS+ server. Parameters can be entered in a single command line, in any
order, but each may only be used once.
Syntax Description
<hostname> | <ip address> Specifies the server to configure. IP addresses should be expressed in
dotted decimal notation (for example, 10.10.10.1). If a host name is used, a
domain naming system (DNS) server should be learned by the AOS device
using Dynamic Host Configuration Protocol (DHCP), Point-to-Point Protocol
(PPP), or specified in the Global Configuration mode with the command
name-server on page 1614.
key <key> Specifies the encryption key used by the TACACS+ server. This command
overrides the global TACACS+ key setting (set with the command
tacacs-server on page 1852). This command must be entered last in the
command line because everything after the key parameter is read as the
new key.
port <port> Specifies the Transmission Control Protocol (TCP) port used by the
TACACS+ server. Range is 1 to 65535.
timeout <value> Specifies the time to wait (in seconds) for the server to reply to requests.
Default Values
By default, the TACACS+ server uses TCP port 49. By default, the key and timeout values are the values
set by the command tacacs-server on page 1852.

Command History
Functional Notes
At a minimum, the address (IP or host name) of the server must be given. The other parameters can be
entered in any order (except the key parameter) and, if the parameters are not specified, they will take
default values or fall back on the global TACACS+ server’s default settings (set using the command
tacacs-server on page 1852).
If global password protection is enabled on the AOS device, encryption will be applied to the authentication
key (key <key>). If global password protection is off, the authentication key will display as clear text. Refer
to service password-encryption on page 1691 for more information
Usage Examples
The following example specifies that the TACACS+ server at IP address 10.10.10.4 uses the global key
setting (left unspecified), a timeout value of 10 seconds, and the default TCP port (left unspecified):
(config)#tacacs-server host 10.10.10.4 timeout 10
The following example specifies that the TACACS+ server at IP address 10.10.10.4 on VRF RED, uses the
global key setting (left unspecified), a timeout value of 10 seconds, and the default TCP port (left
unspecified):
(config)#tacacs-server vrf RED host 10.10.10.4 timeout 10

tcl run <name> track <track name>

Use the tcl run track command to initiate a tool command language (Tcl) script based on the result of
monitoring the change of state of a track. Use the no form of this command to disable the track monitoring
for the given script. This command is only available on platforms with Network Monitoring enabled. For
more information on creating tracks, refer to track <name> on page 1871 and the Network Monitor Track
Command Set on page 4083. Variations of this command include:
tcl run <name> track <track name> on-pass

tcl run <name> track <track name> on-fail
Syntax Description
<name> Specifies an inline Tcl script or Tcl script file.
<track name> Specifies the name of the track to be monitored.
on-pass Specifies the file should be run when the track meets the passing condition.
on-fail Specifies the file should be run when the track meets the failure condition.
Default Values
Command History
Release R11.11.1 Command was expanded to include inline scripts.
Usage Examples
The following example activates a Tcl script to be run when the failure condition is met on track_a:
(config)#tcl run test1.tcl track track_a on-fail

tcl script <name> <delimiter>

Use the tcl script command to create a new named tool command language (Tcl) script, and enter the input
mode for the new script.
Syntax Description
<name> Specifies the name of the inline Tcl script to be created.
<delimiter> Specifies the delimiter character to be used to terminate the input mode for
the inline Tcl script.
Default Values
Command History
Usage Examples
The following example creates the test1 inline Tcl script, with @ specified as the delimiter character, enters
the input mode for the script, enters a Tcl command, and then exits the input mode using the specified
delimeter character:
(config)#tcl script test1 @

event notice “TEST”
@
(config)#

telnet

Syntax Description
<ip address | hostname> Specifies the IP address or host name of the remote system. IP addresses
Default Values
Command History
Functional Notes
Usage Examples
>enable
#telnet 10.200.4.15
User Access Login:
Password:

>enable
#telnet 10.200.4.15 port 8010
User Access Login:
Password:

telnet-server <port>
Use the telnet-server command to specify an alternate Transmission Control Protocol (TCP) port for
Telnet servers. Use the no form of this command to return to the default setting.
Syntax Description
<port> Specifies the alternate TCP port for the Telnet server.
Default Values
By default, the Telnet server listens on TCP port 23.
Command History
Release 18.2 Command was introduced. This command replaces the ip telnet-server
<port> command for ADTRAN internetworking products only.
Release R10.1.0 Command was introduced. This command replaces the ip telnet-server
<port> command for ADTRAN voice products.
Usage Examples
The following example configures the Telnet server to listen on TCP port 2323, instead of the default port
23:
(config)#ip telnet-server 2323
To return to the default setting, use the no form of the command. For example:
(config)#no telnet-server 2200

test template match <string> to <pattern>

Use the test template match to command to evaluate dial strings and regular expressions for template
matching and substitution. Once the command is entered, a response is provided indicating if the match
was successful. Variations of this command include the following:
test template match <string> to <pattern>

test template match <string> to <pattern> substitute-using <pattern>
Syntax Description
<string> Specifies a specific dial string to match. Valid entries can include a
combination of characters * and 0 through 9.
<pattern> Specifies a pattern using either traditional number matching or regular
expression matching methods. Refer to the Functional Notes below for
more information.
substitute-using Optional. Displays the resulting substitution.
Default Values
Command History
Functional Notes
The <pattern> parameter can be defined using traditional number matching or regular expression
matching methods. Traditional number matching uses numbers and wildcard variables to enter a pattern.



quotation marks is interpreted by the command line interface (CLI) as a command and is
not recognized as part of the string. The use of quotation marks in the following examples
are provided to cover all possible user-entered strings. These examples can be entered
without the quotation marks and function in the same manner.
Usage Examples
The following is a sample response using the test template match command with traditional number
matching:
(config)#test template match “5551234” to “555XXXX”

Match Result -> Match

The following is a sample response using the test template match command with regular expression
matching:
(config)#test template match “5551234” to “/555\d{4}/”

Match Result -> Match
The following is a sample response using the test template match <string> to <pattern>
substitute-using <pattern> command with traditional number matching:
(config)#test template match “5551234” to “555XXXX” substitute-using “1359555XXXX”

Substitute Result -> 13595551234
The following is a sample response using the test template match <string> to <pattern>
substitute-using <pattern> command with regular expression matching:
(config)#test template match “5552121DE” to “/(\d+).*/” substitute-using “/\1/”

Substitute Result -> 5552121

tftp ip access-class <ipv4 acl> in

Use the tftp ip access-class class command to apply an Internet Protocol version 4 (IPv4) access control
list (ACL) to all self-bound IPv4 Trivial File Transfer Protocol (TFTP) incoming connections. Use the no
form of this command to remove the ACL. Variations of this command include:
tftp ip access-class <ipv4 acl> in

tftp ip access-class <ipv4 acl> in any-vrf
tftp ip access-class <ipv4 acl> in vrf <name>
Syntax Description
<ipv4 acl> Specifies the IPv4 ACL to apply to the TFTP connections.
in Specifies that the ACL is applied to incoming TFTP connections.
any-vrf Optional. Allows incoming TFTP connections from any Virtual Routing and
Forwarding (VRF) instance.
vrf <name> Optional. Allows incoming TFTP connections from a specified VRF
instance.
Default Values
By default, no ACLs are configured or applied to TFTP connections.
Command History
parameters.
Usage Examples
The following example applies the previously configured IPv4 ACL MatchAll to inbound TFTP
connections:
(config)#tftp ip access-class MatchAll in

tftp ipv6 access-class <ipv6 acl> in

Use the tftp ipv6 access-class in command to apply an Internet Protocol version 6 (IPv6) access control
list (ACL) to all self-bound IPv4 Trivial File Transfer Protocol (TFTP) incoming connections. Use the no
form of this command to remove the ACL. Variations of this command include:
tftp ipv6 access-class <ipv6 acl> in

tftp ipv6 access-class <ipv6 acl> in any-vrf
tftp ipv6 access-class <ipv6 acl> in vrf <name>
Syntax Description
<ipv6 acl> Specifies the IPv6 ACL to apply to the TFTP connections.
in Specifies that the ACL is applied to incoming TFTP connections.
any-vrf Optional. Allows incoming TFTP connections from any Virtual Routing and
Forwarding (VRF) instance.
vrf <name> Optional. Allows incoming TFTP connections from a specified VRF
instance.
Default Values
By default, no ACLs are configured or applied to TFTP connections.
Command History
parameters.
Usage Examples
The following example applies the previously configured IPv6 ACL MatchAll to inbound TFTP
connections:
(config)#tftp ipv6 access-class MatchAll in

tftp server
Use the tftp server command to enable the Trivial File Transfer Protocol (TFTP) server. The
default-filesystem parameter specifies the default location for the TFTP server to retrieve and store files.
Use the no form of this command to disable the TFTP server. Variations of this command include:
tftp server
tftp server overwrite
tftp server default-filesystem cflash
tftp server default-filesystem flash
tftp server default-filesystem usbdrive0
Syntax Description
overwrite Enables the TFTP server to overwrite existing files.
default-filesystem cflash Optional. Specifies that the TFTP server use CompactFlash® as the
default-filesystem flash Optional. Specifies that the TFTP server use flash as the default file
system.
default-filesystem usbdrive0 Optional. Specifies that the TFTP server use Universal Serial Bus
(USB) flash drive memory as the default file system.
Default Values
Command History
Release 13.1 Command was expanded to include the overwrite feature.
Release 17.3 Command was expanded to include the default-filesystem parameter.
Release 18.2 Command was changed from ip tftp server to tftp server to accommodate
Internet Protocol version 6 (IPv6) for ADTRAN internetworking products
only. In addition, the command was expanded to include the usbdrive0
parameter.
Release R10.1.0 Command was changed from ip tftp server to tftp server to accommodate
Internet Protocol version 6 (IPv6) for ADTRAN voice products.
Usage Examples
The following example enables the TFTP server:
(config)#tftp server
The following example specifies CompactFlash as the default file system:
(config)#tftp server default-filesystem cflash

tftp source-interface <interface>

Use the tftp source-interface command to use the specified interface’s IP address as the source IP address
for Trivial File Transfer Protocol (TFTP) client traffic transmitted by the unit. Use the no form of this
command if you do not wish to override the normal source IP address.
Syntax Description
<interface> Specifies the interface to be used as the source IP address for TFTP traffic.
dot11ap 1/1.1. Type tftp source-interface ? for a complete list of valid
interfaces.
Default Values
Command History
interface.
Ethernet interface.
Release 18.2 Command was changed from ip tftp source-interface to tftp
source-interface to incorporate Internet Protocol version 6 (IPv6) for
ADTRAN internetworking products only.
Release R10.1.0 Command was changed from ip tftp source-interface to tftp
source-interface to incorporate Internet Protocol version 6 (IPv6) for
ADTRAN voice products.
Functional Notes
Usage Examples
The following example configures the unit to use the loopback 1 interface as the source IP for TFTP
traffic:
(config)#tftp source-interface loopback 1

thresholds
Use the thresholds command to specify DS1 performance counter thresholds. Use the no form of this
thresholds BES [15Min | 24Hr] <number>

thresholds CSS [15Min | 24Hr] <number>
thresholds DM [15Min | 24Hr] <number>
thresholds ES [15Min | 24Hr] <number>
thresholds LCV [15Min | 24Hr] <number>
thresholds LES [15Min | 24Hr] <number>
thresholds PCV [15Min | 24Hr] <number>
thresholds SEFS [15Min | 24Hr] <number>
thresholds SES [15Min | 24Hr] <number>
thresholds UAS [15Min | 24Hr] <number>
Threshold settings are applied to ALL DS1s.
Syntax Description
BES Specifies the bursty errored seconds threshold.
CSS Specifies the controlled slip seconds threshold.
DM Specifies the degraded minutes threshold.
ES Specifies the errored seconds threshold.
LCV Specifies the line code violations threshold.
LES Specifies the line errored seconds threshold.
PCV Specifies the path coding violations threshold.
SEFS Specifies the severely errored framing seconds threshold.
SES Specifies the severely errored seconds threshold.
UAS Specifies the unavailable seconds threshold.
15Min Specifies that the threshold you are setting is for the counter’s 15-minute
statistics.
24Hr Specifies that the threshold you are setting is for the counter’s 24-hour
statistics.
<number> Specifies the maximum occurrences allowed for this error type. Once a
threshold is exceeded, an event is sent to the console specifying the
appropriate counter. Additionally, if Simple Network Management Protocol
(SNMP) traps are enabled, the unit will send a trap with the same
information as the console event.

Default Values
The default values for this command are as follows:
thresholds BES 15Min 10

thresholds BES 24Hr 100
thresholds CSS 15Min 1
thresholds CSS 24Hr 4
thresholds DM 15Min 1
thresholds DM 24Hr 4
thresholds ES 15Min 65
thresholds ES 24Hr 648
thresholds LCV 15Min 13340
thresholds LCV 24Hr 133400
thresholds LES 15Min 65
thresholds LES 24Hr 648
thresholds PCV 15Min 72
thresholds PCV 24Hr 691
thresholds SEFS 15Min 2
thresholds SEFS 24Hr 17
thresholds SES 15Min 10
thresholds SES 24Hr 100
thresholds UAS 15Min 10
thresholds UAS 24Hr 10
Command History
Usage Examples
The following example sets the threshold for the 15-minute and 24-hour bursty errored seconds counter to
25 and 200, respectively:
(config)#thresholds BES 15Min 25

(config)#thresholds BES 24Hr 200

timing-source
Use the timing-source command to configure the timing source used for reference timing. Use the no
form of this command to return to the default setting. Variations of this command include the following:
timing-source e1 <interface id> secondary

timing-source e1 <interface id>
timing-source internal
timing-source internal secondary
timing-source t1 <interface id>
timing-source t1 <interface id> secondary
Syntax Description
e1 <interface id> Recovers clocking from the specified E1 interface.
internal Provides timing using the internal 1.544 MHz clock generator.
t1 <interface id> Recovers clocking from the specified T1 or DSX-1 interface.
secondary Optional. Signifies that the clock source specified in the command is to be
the secondary clock source.
Default Values
By default, the primary clock source is set to internal.
Command History
Release A5.01 Command was expanded to include the E1 interface.
Functional Notes
If both the primary and secondary clock sources fail, the unit automatically switches to internal timing.
Usage Examples
The following example configures the unit to use an internal timing source:
(config)#timing-source internal
The following examples set the t1 0/1 interface as the primary timing source and the t1 0/2 interface as the
secondary timing source:
(config)#timing-source t1 0/1
(config)#timing-source t1 0/2 secondary

tls-profile <profile name>

Use the tls-profile command to enter the Transport Layer Security (TLS) Profile Configuration mode,
from which the operation of TLS is configured. Use the no form of this command to remove the profile.
Syntax Description
<profile name> Specifies the name of the TLS profile to create.
Default Values
By default, no TLS profiles exist.
Command History
Functional Notes
Each entity on the AOS device that uses TLS must have a TLS profile applied in order to function. Many
TLS profiles can exist and be referenced by many entities using TLS on the AOS device. The same TLS
profile can be used by as many entities using TLS as required. The TLS profile essentially operates as a
template for TLS operation and is applied on a per-trunk basis. For more information regarding TLS
configuration, refer to the SIP TLS Profile Command Set on page 4866.
Usage Examples
The following example creates the TLS profile TLSPROFILE1 and enters the profile’s configuration mode:
(config)#tls-profile TLSPROFILE1
(config-tls-profile-TLSPROFILE1)#

track <name>
Use the track command to create a track as part of network monitoring. This command is also used to
enter into the Network Monitoring Track command set once a track is created. These additional commands
are covered in Network Monitor Track Command Set on page 4083. Use the no form of this command to
delete the track.
Issuing the shutdown command once the track is configured will force the track to fail.
Issuing the no shutdown command will enable the track.
Syntax Description
<name> Specifies the name of the track being created.
Default Values
By default, there are no tracks configured.
Command History
Functional Notes
Track objects can be associated with probes to monitor their states. Upon a change in the probe state, the
probe sends an event to any track registered with the probe. In response, the track performs the action
indicated.
Track objects are associated with probes by using the commands test if on page 4087 and test list on page
4093.
Usage Examples
The following example creates an track called track_a:
>enable
#configure terminal
(config)#track track_a
(config-track)#
Technology Review
Tracks are objects created to monitor other objects for a change in their state. The tracks can be
configured to perform a specific action based upon the second object state detected. Association between
a track and another object (for example, a probe, schedule, or interface) occurs through referencing the
second object in the track’s configuration. Once the track is registered with the second object, whenever a
change occurs with that object’s state, an event is sent to the track. Additional configuration commands are
available for creating probes. These are explained in the Network Monitor Probe Command Set on page
4047.


Use the username password command to configure the user name and password to use for all protocols
requiring a user name-based authentication system, including File Transfer Protocol (FTP) server
authentication, line (login local-user list), and Hypertext Transfer Protocol (HTTP) access. Using the
portal-list parameter associates a portal list with the user. Using the privilege parameter specifies a
privilege level for the user. Use the no form of this command to remove a user name and password.

username <username> portal-list <name> password <password>
username <username> portal-list <name> privilege <level> password <password>
username <username> privilege <level> password <password>
username <username> privilege <level> portal-list <name> password <password>
Syntax Description
<username> Specifies a user name using an alphanumerical string up to 30 characters in
length (the user name is case sensitive).
password <password> Specifies a password using an alphanumerical string up to 30 characters in
length (the password is case sensitive).
portal-list <name> Optional. Specifies the name of the portal list assigned to this user.
privilege <level> Optional. Specifies privilege level for this user. Valid entries are 1 to 7.
Default Values
By default, there is no established user name or password. By default, there is no portal list assigned to
user names. If this command is entered without a privilege level specified, the default privilege level
assigned to the user is level 7.
Command History
Release 17.1 Command was expanded to include the portal-list parameter.
Release A1 Command was expanded to include the password parameter.
Release R10.11.0 Command was expanded to include the privilege parameter.
Functional Notes
All users defined using the username/password command are valid for access to the unit using the login
local-userlist command.
Before a portal list can be associated with a user name, it must be defined using the command portal-list
<name> <portal1 portal2 portal3...> on page 1647.

Usage Examples
The following example creates a user name of ADTRAN with password ADTRAN:
(config)#username ADTRAN password ADTRAN
The following example associates the portal list ENGINEERS with the user name ADTRAN and the
password ADTRAN:
(config)#username ADTRAN portal-list ENGINEERS password ADTRAN
The following example specifies a privilege level 4 with the user name ADTRAN and the password
ADTRAN:
(config)#username ADTRAN privilege 4 password ADTRAN

vlan <vlan id>

Use the vlan command to enter the Virtual Local Area Network (VLAN) Configuration mode. Use the no
form of this command to remove a VLAN ID. Refer to the VLAN Command Set on page 3341 for more
information.
Syntax Description
<vlan id> Specifies a valid VLAN ID. Range is 1 to 4094.
Default Values
Command History
Usage Examples
The following example enters the VLAN Configuration mode for VLAN 1:
(config)#vlan 1
(config-vlan 1)#

voice alias <name> equals <number>

Use the voice alias equals command to configure the name and number for the call routing alias. This
feature allows a single call destination to be reached by an alternate name and number. Use the no form of
this command to disable this feature.
Syntax Description
<name> Specifies the alias name to describe the call destination.
<number> Assigns the alias number to mask the original number.
Default Values
Command History
Usage Examples
The following example activates the Lobby voice alias at extension 4100:
(config)#voice alias Lobby equals 4100

voice ani-list <name>

Use the voice ani-list command to create a list of automatic number identification (ANI) information and
enter the ANI list configuration mode. Use the no form of this command to remove the ANI list.
Additional subcommands are available once you have entered the ANI list configuration mode:
ani <template>
Syntax Description
<name> Specifies the name of the ANI list.
ani <template> Specifies the ANI digits of the calling party to add to the ANI list. Digits
include a combination of wildcards and numerical digits. Refer to the
Functional Notes of this command for more information on using wildcards.
Default Values
By default, no ANI lists are configured.
Command History
Functional Notes
ANI lists are used to permit or deny specific calling parties from accessing trunk groups to which the ANI
list is applied.



Usage Examples
The following example creates an ANI list called TEST1 and specifies which numbers are included in the
ANI list:
(config)#voice ani-list TEST1

(config-ani-list-TEST1)#ani 555-81xx

voice announcement trunk-unavailable

Use the voice announcement trunk-unavailable command to enable the playing of an announcement
when a call is made and the trunk for that call is unavailable. Use the no form of this command to disable
the option.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables the trunk-unavailable announcement:
(config)#voice announcement trunk-unavailable

voice autoattendant
Use the voice autoattendant command to configure the auto attendant options for the system. Use the no
form of the commands to disable the setting. For more voice auto attendant options, refer to voice
call-appearance-mode on page 1880. Variations of this command include the following:
voice autoattendant <name>

voice autoattendant <name> extension <number>
voice autoattendant alias <name>
voice autoattendant did <number>
voice autoattendant extension <number>
Syntax Description
<name> Specifies a name for this auto attendant.
alias <name> Specifies an alias name to use as an alternate when accessing the auto
attendant.
did <number> Configures the direct inward dialing (DID) number to assign to the auto
attendant.
extension <number> Specifies the extension for auto attendant system login access.
Default Values
Command History
Usage Examples
The following example configures the aOperator as an alias for the auto attendant:
(config)#voice autoattendant alias aOperator

voice call-appearance-mode
Use the voice call-appearance-mode command to configure the unit to allow single or multiple call
appearances to user account phones. Use the no form of this command to return to the default setting.
voice call-appearance-mode multiple

voice call-appearance-mode single
Syntax Description
multiple Allows multiple call appearances. For analog phones, this is limited to 2 call
appearances; for Session Initiation Protocol (SIP) phones, 6 call
appearances are allowed.
single Allows only a single call appearance.
Default Values
By default, this is set to multiple.
Command History
Functional Notes
Each incoming call is classified as a call appearance. For example, call waiting supports two call
appearances simultaneously. Without call waiting, only one call appearance is supported at a time.
Usage Examples
The following example sets the unit to allow multiple call appearances:
(config)#voice call-appearance-mode multiple

voice caller-id timezone <value>

The voice caller-id timezone command sets the time zone used for the caller identification (ID) timestamp
of an inbound call. This setting is independent of the clock timezone set by the command clock timezone
<value> on page 1226. The caller ID timestamp is calculated using the system clock (clock set <time>
<day> <month> <year> on page 1225) and the caller ID time zone offset. Use the no form of this
Syntax Description
<value> Time zone values are specified in the Functional Notes section for this
command.
Default Values
By default, the caller ID timezone is set to the current system time zone. For more information on the
system time zone, refer to the command clock timezone <value> on page 1226.
Command History
Depending on the clock timezone chosen, one-hour daylight savings time (DST) correction
may be enabled automatically. Refer to the command clock on page 1224 for more
information.
Functional Notes
clock timezone +1-Amsterdam clock timezone +8-Bejing

clock timezone +1-Belgrade clock timezone +8-Irkutsk
clock timezone +1-Brussels clock timezone +8-Kuala-Lumpur
clock timezone +1-Sarajevo clock timezone +8-Perth
clock timezone +1-West-Africa clock timezone +8-Taipei
clock timezone +10-Brisbane clock timezone +9-Osaka
clock timezone +10-Canberra clock timezone +9-Seoul
clock timezone +10-Guam clock timezone +9-Yakutsk
clock timezone +10-Hobart clock timezone +9:30-Adelaide
clock timezone +10-Vladivostok clock timezone +9:30-Darwin
clock timezone +11 clock timezone -1-Azores
clock timezone +12-Auckland clock timezone -1-Cape-Verde
clock timezone +12-Fiji clock timezone -10
clock timezone +13 clock timezone -11
clock timezone +2-Athens clock timezone -12
clock timezone +2-Bucharest clock timezone -2
clock timezone +2-Cairo clock timezone -3-Brasilia
clock timezone +2-Harare clock timezone -3-Buenos-Aires

clock timezone +2-Helsinki clock timezone -3-Greenland

clock timezone +2-Jerusalem clock timezone -3:30
clock timezone +3-Baghdad clock timezone -4-Atlantic-Time
clock timezone +3-Kuwait clock timezone -4-Caracus
clock timezone +3-Moscow clock timezone -4-Santiago
clock timezone +3-Nairobi clock timezone -5
clock timezone +3:30 clock timezone -5-Bogota
clock timezone +4-Abu-Dhabi clock timezone -5-Eastern-Time
clock timezone +4-Baku clock timezone -6-Central-America
clock timezone +4:30 clock timezone -6-Central-Time
clock timezone +5-Ekaterinburg clock timezone -6-Mexico-City
clock timezone +5-Islamabad clock timezone -6-Saskatchewan
clock timezone +5:30 clock timezone -7-Arizona
clock timezone +5:45 clock timezone -7-Mountain-Time
clock timezone +6-Almaty clock timezone -8
clock timezone +6-Astana clock timezone -9
clock timezone +6-Sri-Jay clock timezone -0-Universal Coordinated Time
clock timezone +6:30 (UTC)
clock timezone +7-Bangkok clock timezone GMT-Casablanca
clock timezone +7-Kranoyarsk clock timezone GMT-Dublin
Usage Examples
The following example sets the caller ID time zone for Santiago, Chile.
>enable
(config)#clock timezone -4-Santiago

voice callerid-type <method>

Use the voice callerid-type command to specify the caller ID method for the system. Select the caller ID
type that is required by your telecommunications provider. Use the no form of this command to disable the
setting.
Syntax Description
<method> Specifies the type of caller ID to use with the system. The available options
are:
• Australia_FSK
• Belgium_FSK
• Canada_Stentor
• Denmark_DTMF
• Finland_DTMF
• Italy_FSK
• Mexico_FSK
• Netherlands_DTMF
• Norway_FSK
• Sweden_DTMF
• UK_BT
• UK_CCA
• United_Arab_Emirates_FSK
• US_Bellcore
Default Values
By default, the caller ID type is set to US_Bellcore.
Command History
Release A2 Command was expanded to include Australia_FSK.
Release A4.05 Command was expanded to include Mexico_FSK.
Release A5.01 Command was expanded to include United_Arab_Emirates_FSK.
Usage Examples
The following example specifies using the Italian method for the caller ID type:
(config)#voice callerid-type Italy_FSK

voice cause-code-map
Use the voice cause-code-map command to configure the cause code and Session Initiation Protocol (SIP)
message numbers for the primary rate interface (PRI). Cause codes and SIP message numbers are
associated with a particular connection failure, and notifies the system when problems occur. Use the no
voice cause-code-map from-pri <value> <value>

voice cause-code-map to-pri <value> <value>
Syntax Description
from-pri <value> <value> Enter the cause code number to map to the SIP message. The valid range
is 1 to 127. Next, enter the SIP message number to be used. The valid
to-pri <value> <value> Enter the SIP message number to map to the PRI cause code map. The
valid range is 400 to 606. The second <value> is the PRI cause code
number. The valid range is 1 to 127.
Default Values
Command History
Usage Examples
The following example sets the cause code number to 28 to associate with SIP messages:
(config)#voice cause-code-map from-pri 28

voice class-of-service <set name>

Use the voice class-of-service command to create a voice class of service (CoS) rule set and to enter the
Voice Class of Service command set. These additional commands are covered in Voice CoS Command Set
on page 4883. Use the no form of this command to delete a configured CoS rule set.
Syntax Description
<set name> Specifies the name of the CoS rule set.
Default Values
Command History
Usage Examples
The following example creates a new CoS rule set called set1:
(config)#voice class-of-service set1

Configuring New Level “set1”.
(config-cos-set1)#

voice codec-country <name>

Use the voice codec-country command to assign a country setting for the plain old telephone service
(POTS) (analog) coder-decoders (CODECs). Use the no form of this command to delete a configured
country setting.
Syntax Description
<name> Specifies the CODEC country name. The available options are Australia,
Belgium, Canada, China_Hong_Kong, Denmark, Etsi, Finland, France,
Germany, Ireland, Italy, Luxembourg, Mexico, Netherlands, Norway,
Puerto_Rico, Spain, Sweden, Switzerland, United_Arab_Emirates,
United_Kingdom, and United_States.
Default Values
By default, the CODEC country setting is United_States.
Command History
Release A2 Command was expanded to include Australia.
Release A2.04 Command was expanded to include Belgium, France, Germany, Ireland,
Italy, Luxembourg, Spain, Switzerland, and United_Kingdom.
Release A4.05 Command was expanded to include China_Hong_Kong, Denmark, Etsi,
Finland, Mexico, Netherlands, Norway, Sweden, and
United_Arab_Emirates.
Usage Examples
The following example assigns Canada as the CODEC country:
(config)#voice codec-country Canada

voice codec-list <name>

Use the voice codec-list command to create a named coder-decoder (CODEC) list for call negotiation and
to enter the CODEC list configuration mode. Use the no form of this command to delete a configured
CODEC list.
Syntax Description
<name> Specifies the CODEC list name.
Default Values
By default, there are no configured voice CODEC lists.
Command History
Functional Notes
CODEC lists are list of CODECs arranged in preferred order with the first listed CODEC being the most
preferred for call negotiation. Using the voice codec-list command enters the configuration mode for the
CODEC list, where you can enter the types of CODECs to be used, and their order of preference. CODEC
lists are then applied to interfaces, voice trunks, or voice accounts to be used for call negotiation. For more
information on configuring and applying CODEC lists, refer to Voice CODEC List Command Set on page
4879.
Usage Examples
The following example creates a new CODEC list named List1:
(config)#voice codec-list List1

Configuring New Codec List “List1”.
(config-codec)#

voice codec-priority
Use the voice codec-priority command to specify which coder-decoder (CODEC) list is set as the priority.
Use the no form of this command to disable the setting. Variations of this command include:
voice codec-priority trunk

voice codec-priority user
voice codec-priority offer-sdp
Syntax Description
trunk Specifies using the trunk’s CODEC list as the priority CODEC list.
user Specifies using the user’s CODEC list as the priority CODEC list.
offer-sdp Specifies using Session Description Protocol (SDP) offer/answer
exchanges to set CODEC priority.
Default Values
Command History
Release A2 Command was expanded to include the offer-sdp parameter.
Functional Notes
The voice codec-priority command specifies the CODEC selection method at the unit’s global level.
Selections are made from preconfigured CODEC lists. For more information about configuring and
applying CODEC lists, refer to the Voice CODEC List Command Set on page 4879.
Usage Examples
The following example specifies using the trunk’s CODEC list as the priority CODEC list:
(config)#voice codec-priority trunk

voice compand-type
Use the voice compand-type command to set the companding type to match your telecommunications
provider. Use the no form of this command to return to the default setting. Variations of this command
include:
voice compand-type a-law

voice compand-type u-law
Syntax Description
a-law Specifies the A-law compand type. This compand type is mainly used in
European telephone networks for the conversion between analog and
digital signals in pulse-code modulation (PCM) applications, and is similar
to the North American U-law standard.
u-law Specifies the U-law compand type.This compand type is also known as
Mu-law, and is the PCM quasi-logarithmic curve. It is the 64 kbps standard
North America voice amplitude sample used for encoding and decoding.
Default Values
By default, the companding type is set to u-law.
Command History
Usage Examples
The following example configures the companding type to a-law:
(config)#voice compand-type a-law

voice conference local

Use the voice conference local command to configure the local conference feature. The voice
conferencing-mode command must be first set to local before these commands will take effect. Refer to
voice conferencing-mode on page 1892. Use the no form of this command to return to the default setting.
voice conference local max-sessions <number>

voice conference local originator flashhook drop
voice conference local originator flashhook ignore
voice conference local originator flashhook split
voice conference local originator onhook persist
voice conference local originator onhook terminate
voice conference local party-disconnect continue
voice conference local party-disconnect transfer
Syntax Description
max-sessions <number> Specifies the maximum number of simultaneous 3-way conference
sessions. If set to 0, the maximum number of sessions is defined by the
capability of the hardware platform.
originator Specifies the behavior of actions performed by the conference originator
once the conference has been established.
flashhook drop Indicates that when a flashhook is issued, the last party added to the 3-way
conference will be dropped and the call will continue between the two
remaining parties.
flashhook ignore Indicates that when a flashhook is issued, it will be ignored. The 3-way
conference will continue without interruption.
flashhook split Indicates that when a flashhook is issued, the 3-way conference will be split
into two calls, one between the originator and the first party and one
between the originator and the second party. When a flashhook is issued
after the split, it will toggle the originator between the two calls.
onhook persist Indicates that when the originator goes on-hook, the two parties in the
conference are connected together.
onhook terminate Indicates that when the originator goes on-hook, the remaining parties are
disconnected.
party-disconnect Specifies the conference behavior after a member disconnects.
continue Indicates the conference is maintained with the remaining parties.
transfer Indicates the conference is dropped and a direct connection between the
remaining parties is re-established.
Default Values
By default, the max-sessions is set to 3, originator onhook is set to persist, originator flashhook is set
to drop, and party-disconnect is set to continue.

Command History
Functional Notes
The voice conference local settings are only valid when the voice conferencing-mode is set to local.
Refer to voice conferencing-mode on page 1892 for more information.
Usage Examples
The following example sets the unit to a maximum of 5 local conference sessions:
(config)#voice conference local max-sessions 5
The following example sets the behavior of the conference session to ignore a flash-hook issued by the
conference originator:
(config)#voice conference local originator flashhook ignore

voice conferencing-mode
Use the voice conferencing-mode command to determine if voice conferencing bridging will be handled
within the unit or from a far-end conferencing server. Use the no form of this command to return to the
voice conferencing-mode local

voice conferencing-mode network
Syntax Description
local Specifies voice conferencing will be handled within the unit.
network Specifies voice conferencing will be handled by a far-end conferencing
server.
Default Values
By default, the voice conferencing mode is set to network.
Command History
Functional Notes
The voice conferencing mode is only valid when the flashhook mode is set to interpreted. Refer to the
command voice flashhook mode on page 1906 for more information.
Usage Examples
The following example sets the conferencing mode to handle conference bridging within the local unit:
(config)#voice conferencing-mode local

voice country-code <number>

Use the voice country-code command to enter the country code for this location. The country code is used
to determine if an incoming call is international. If a call originates from the Session Initiation Protocol
(SIP) wide area network (WAN) and it matches the specified voice country code number, the call is not
considered international and the country code is stripped before passing the call to the customer premises
equipment (CPE). Use the no form of this command to delete the country code.
Syntax Description
<number> Specifies the country code of this location. One, two, and three (maximum)
digit country codes are accepted.
Default Values
Command History
Functional Notes
For a comprehensive list of numeric country codes for specific countries, refer to the International
Configuration Guide available online at https://supportcommunity.adtran.com.
Usage Examples
The following example specifies a voice country-code of 44 (United Kingdom):
(config)#voice country-code 44

voice coverage <name>

Use the voice coverage command to create and modify a global call coverage list to be used to control call
routing when a user’s phone is not answered. This command also enters the global call coverage
configuration mode. Use the no form of this command to remove a call coverage list.
Syntax Description
<name> Specifies a name for the call coverage list.
Default Values
Command History
Functional Notes
The voice coverage command creates a global call coverage list for the AOS product and enters the list’s
configuration mode. The configurable options for this list are detailed in Call Coverage Command Set on
page 4703.
The global call coverage list can be overridden on a per-user or per-group basis using the coverage
command from the appropriate configuration mode.
Usage Examples
The following example specifies that the call coverage list named Absent be used for global call coverage:
(config)#voice coverage Absent

Configuring New Global Call Handling List “Absent”
(config-gch)#

voice current-mode
Use the voice current-mode command to activate a particular system mode on the unit. Variations of this
command include:
voice current-mode custom1

voice current-mode default
voice current-mode lunch
voice current-mode night
voice current-mode override
voice current-mode weekend
Syntax Description
[custom1-custom3] Specifies the custom system mode to use.
default Specifies using the default system mode.
lunch Specifies using the lunch time system mode.
night Specifies using the night time system mode.
override Specifies using the override system mode.
weekend Specifies using the weekend system mode.
Default Values
By default, the system mode is set to default.
Command History
Functional Notes
This command is used to put the unit into a specific system mode. The unit remains in the activated system
mode until it is changed manually or a schedule change occurs triggering a transition to another system
mode. Schedules are configured using the command voice system-mode on page 1956.
If the system is in override, the unit will ignore any schedule that exists. The unit will stay in override until
manually changed. This command is saved into the dynvoice-config file to preserve the state of the unit in
case of power failure.
Usage Examples
The following example sets the current system mode to lunch:
(config)#voice current-mode lunch

voice dial-plan
Use the voice dial-plan command to add a global number complete pattern. Use the no form of this
command to delete configured dial plans. Variations of this command include:
voice dial-plan <pattern id> 900-number <pattern>

voice dial-plan <pattern id> 900-number <pattern> [<ndt name> | default | none]
voice dial-plan <pattern id> always-permitted <pattern>
voice dial-plan <pattern id> always-permitted <pattern> [<ndt name> | default | none]
voice dial-plan <pattern id> extensions <pattern>
voice dial-plan <pattern id> extensions <pattern> [<ndt name> | default | none]
voice dial-plan <pattern id> internal-operator <pattern>
voice dial-plan <pattern id> internal-operator <pattern> [<ndt name> | default | none]
voice dial-plan <pattern id> international <pattern>
voice dial-plan <pattern id> international <pattern> [<ndt name> | default | none]
voice dial-plan <pattern id> local <pattern>
voice dial-plan <pattern id> local <pattern> [<ndt name> | default | none]
voice dial-plan <pattern id> long-distance <pattern>
voice dial-plan <pattern id> long-distance <pattern> [<ndt name> | default | none]
voice dial-plan <pattern id> operator-assisted <pattern>
voice dial-plan <pattern id> operator-assisted <pattern> [<ndt name> | default | none]
voice dial-plan <pattern id> specify-carrier <pattern>
voice dial-plan <pattern id> specify-carrier <pattern> [<ndt name> | default | none]
voice dial-plan <pattern id> toll-free <pattern>
voice dial-plan <pattern id> toll-free <pattern> [<ndt name> | default | none]
voice dial-plan <pattern id> [user1 | user2 | user3] <pattern>
voice dial-plan <pattern id> [user1 | user2 | user3] <pattern> [<ndt name> | default | none]
Syntax Description
<pattern id> Specifies dial pattern identification. Valid range is 1 to 255.
900-number Adds a pattern to the 900 number group.
always-permitted Adds a pattern to the always permitted group.
extensions Adds a pattern to the internal group.
internal-operator Adds a pattern to the internal operator group.
international Adds a pattern to the international group.
local Adds a pattern to the local group.
long-distance Adds a pattern to the long distance group.
operator-assisted Adds a pattern to the operator assisted group.
specify-carrier Adds a pattern to the specify carrier group.
toll-free Adds a pattern to the toll free group.
user1 Adds a pattern to the user 1 group.

<pattern> Specifies a dialing pattern. You can enter a complete phone number, or
wildcards can be used to define the dialing pattern. Refer to Functional
Notes of this command for more information on using wildcards.
<ndt name> Optional. Specifies the named-digit-timeout to associate with this dial plan
entry. The named-digit-timeout is assigned a timeout value with the voice
timeouts named-digit-timeout command (refer to voice timeouts on page
1957).
default Optional. Sets the named-digit-timeout to the default value. The default
value is set with the voice timeouts interdigit command (refer to voice
timeouts on page 1957).
none Optional. Indicates that no named-digit-timeout is associated with this dial
plan entry.
Default Values
By default, no dial plans are configured.
Command History
Release A2 Command was expanded to include the named-digit-timeouts.
Functional Notes



Usage Examples
The following example adds the pattern 8000 to the local group:
(config)#voice dial-plan 1 local 8000
The following example adds the pattern NXX-XXXX to the local group and associates it with the short1
named-digit-timeout:
(config)#voice dial-plan 2 local NXX-XXXX short1

voice did <number> extension <extension>

Use the voice did extension command to add a direct inward dialing (DID) number. Use the no form of
this command to delete a configured translation.
Syntax Description
<number> Specifies the direct inward dial lookup number.
<extension> Specifies the target account of the DID translation.
Default Values
Command History
Usage Examples
The following example directs DID number 5558123 to extension 8123:
(config)#voice did 5558123 extension 8123

voice directory <name>

Use the voice directory command to create or modify a voice directory and enter the Voice Directory
Configuration mode. Use the no form of this command to delete a configured voice directory. Variations
voice directory <name>
The following additional subcommands are available once you have entered the Voice Directory
Configuration mode:
directory-include <number> first-name <name>

directory-include <number> first-name <name> last-name <name>
Syntax Description
<name> Specifies the name of the directory to create or modify.
directory-include <number> Specifies the extension of the user to be added to the dial-by-name
directory. Adding users to the directory allows them to call parties using a
name stored in the system. Use the no form of this command to remove a
user from the directory.
first-name <name> Specifies the user’s first name.
last-name <name> Optional. Specifies the user’s last name.
Default Values
By default, no voice directories are configured.
Command History
Functional Notes
Adding a voice directory is useful when taking advantage of the dial-by-name feature. By default, a system
directory is always available. All voice users are automatically added as members of the system directory.
Usage Examples
The following example creates a new voice directory with name Engineering:
(config)#voice directory Engineering
The following example adds Jan Doe to the Engineering dial-by-name directory:
(config)#voice directory Engineering

(config-dir)#directory-include 5555 first-name Jan last-name Doe

voice disconnect-mode
Use the voice disconnect-mode command to control the disconnect mode of the unit. Use the no form of
voice disconnect-mode dialtone

voice disconnect-mode fast-busy
Syntax Description
dialtone Specifies issuing dial tone after disconnect on the unit.
fast-busy Specifies issuing fast-busy tone after disconnect on the unit.
Default Values
By default, this command is set to dialtone.
Command History
Usage Examples
The following example configures the unit to disconnect issuing a fast-busy tone:
(config)#voice disconnect-mode fast-busy

voice emergency-services
Use the voice emergency-services command to enable the local emergency service numbers. Local
emergency service numbers are configured automatically when the system country is specified. Use the no
form of this command to disable the local emergency service numbers.
Syntax Description
No subcommands.
Default Values
By default, local emergency service numbers are enabled.
Command History
Usage Examples
The following example disables local emergency service numbers:
(config)#no voice emergency-services

voice fax-tone
Use the voice fax-tone command to choose which tones initiate modem passthrough mode or T.38 mode.
Use the no form of this command to inhibit a specified tone from initiating T.38 or modem passthrough
call handling. Variations of this command include:
voice fax-tone default

voice fax-tone modem-passthrough default
voice fax-tone modem-passthrough t30-cng
voice fax-tone modem-passthrough v21-preamble
voice fax-tone modem-passthrough v25-ans
voice fax-tone modem-passthrough v25-ans-pr
voice fax-tone modem-passthrough v8-ansam
voice fax-tone modem-passthrough v8-ansam-pr
voice fax-tone t38 default
voice fax-tone t38 t30-cng
voice fax-tone t38 v21-preamble
voice fax-tone t38 v25-ans
voice fax-tone t38 v25-ans-pr
voice fax-tone t38 v8-ansam
voice fax-tone t38 v8-ansam-pr
Syntax Description
default Restores the default tones for initiating modem passthrough mode or T.38
mode, depending on where it is used in the command syntax. For example,
issuing voice fax-tone default restores defaults for both modes, while
issuing voice fax-tone t38 default only restores defaults for T.38 mode.
modem-passthrough Specifies modem passthrough mode.
t38 Specifies T.38 mode.
t30-cng Specifies the T.30 calling tones.
v21-preamble Specifies the V.21 preamble flag tones.
v25-ans Specifies the V.25 answer tones.
v25-ans-pr Specifies the V.25 answer tones with phase reversals.
v8-ansam Specifies the V.8 answer tones with amplitude modulation.
v8-ansam-pr Specifies the V.8 answer tones with amplitude modulation and phase
reversals.
Default Values
By default, all tones are enabled for the modem-passthrough list. Only the v21-preamble is enabled by
default for the T.38 list.

Command History
Release A5.01 Command default was changed so that only the v21-preamble tone is
enabled by default for the T.38 tone list.
Functional Notes
When a fax tone is enabled, the tone is eligible to initiate either modem-passthrough or T.38 handling,
depending on the command entered. T.38 fax tone commands take priority over modem passthrough fax
tone commands. For example, in the default configuration with all commands enabled, any detected tone
on a call would cause a reINVITE to T.38, as long as T.38 is enabled on the user (or primary rate interface
(PRI/CAS trunk). If T.38 is not enabled, the call would be reINVITED to G.711 in modem passthrough
mode.
Usage Examples
The following example disables t30-cng fax tone for modem passthrough mode:
(config)#no voice fax-tone modem-passthrough t30-cng

voice feature-mode
Use the voice feature-mode command to configure control of the voice features. Use the no form of this
voice feature-mode local

voice feature-mode network
Syntax Description
local Allows voice features to be handled by the local unit.
network Allows voice features to be handled by the network.
Default Values
By default, the voice feature mode is set to network.
Command History
Usage Examples
The following example sets the control of the voice features to the local unit:
(config)#voice feature-mode local

voice flashhook mode

Use the voice flashhook mode command to determine if flashhook events will be interpreted locally or
will be forwarded to the far end. Use the no form of this command to return to the default setting.
voice flashhook mode interpreted

voice flashhook mode transparent
Syntax Description
interpreted Allows the local unit to interpret flashhook events.
transparent Specifies flashhook events to be transparent to the provider.
Default Values
By default, the voice flashhook mode is set to interpreted.
Command History
Usage Examples
The following example sets the flashhook mode to allow the local unit to interpret flashhook events:
(config)#voice flashhook mode interpreted

voice flashhook threshold <min time> <max time>

Use the voice flashhook threshold command to configure the minimum and maximum time the switch
hook must be held to be interpreted as a flash. Use the no form of this command to return to the default
setting.
Syntax Description
<min time> Specifies minimum flashhook time in milliseconds. Valid range is from
300 to 1000 milliseconds.
<max time> Specifies maximum flashhook time in milliseconds. Valid range is from
300 to 1000 milliseconds.
Default Values
By default, the flashhook threshold times are 300 milliseconds (minimum) and 1000 milliseconds
(maximum).
Command History
Usage Examples
The following example configures the flashhook thresholds at a minimum of 400 to a maximum of 900:
(config)#voice flashhook threshold 400 900

voice forward-mode
Use the voice forward-mode command to control the forwarding mode of the unit. Use the no form of this
voice forward-mode local

voice forward-mode network
Syntax Description
local Allows forwards to be handled locally by the unit.
network Allows forwards to be handled by the network.
Default Values
By default, this command is set to network.
Command History
Usage Examples
The following example configures the unit to handle forwards locally:
(config)#voice forward-mode local

voice grouped-trunk <name>

Use the voice grouped-trunk command to create a grouped trunk and to enter the Grouped Trunk
command set. Refer to Voice Trunk Group Command Set on page 4689 for details. Use the no form of this
command to delete a configured grouped trunk.
Syntax Description
<name> Specifies the name of the trunk group.
Default Values
By default, there are no configured grouped trunks.
Command History
Usage Examples
The following example creates the trunk group trunk3:
(config)#voice grouped-trunk trunk3

(config-TRUNK3)#

voice hold-reminder
Use the voice hold-reminder command to specify how long a call can be on hold before the hold reminder
rings the phone again. Use the no form of this command to return to the default setting. Variations of this
command include:
voice hold-reminder <value>

voice hold-reminder <value> <interval>
Syntax Description
<value> Specifies how long a call can be on hold before the hold reminder rings the
phone again. Range is 5 to 30 seconds.
<interval> Optional. Specifies the interval at which all subsequent reminder rings will
occur. Range is 10 to 120 seconds.
Default Values
The defaults for this command are a 10-second hold time before the first reminder ring with 30-second
intervals between subsequent rings.
Command History
Usage Examples
The following example sets the first reminder ring to occur after the call has been on hold for 20 seconds
(with subsequent reminder rings occurring every 15 seconds until the call is picked up):
(config)#voice hold-reminder 20 15

voice international-prefix
Use the voice international-prefix command to configure the international prefix for this unit. Use the no
form of this command to delete a configured prefix. Variations of this command include:
voice international-prefix <prefix>

voice international-prefix abbreviated
Syntax Description
abbreviated Specifies the international prefix be replaced with a plus symbol (+) in the
Session Initiation Protocol (SIP) header.
<prefix> Specifies the up to four digits for the prefix.
Default Values
By default, there is no configured international prefix.
Command History
Usage Examples
The following example configures 011 as the international prefix:
(config)#voice international-prefix 011

voice line <name>

Use the voice line command to create (or modify) a voice line and enter voice line’s configuration mode.
Use the no form of this command to delete a configured voice line.
Syntax Description
<name> Specifies the name or description of the voice line.
Default Values
By default, there are no configured voice lines.
Command History
Usage Examples
The following example creates the voice line Public, and enters its voice line configuration mode:
(config)#voice line Public

Configuring New Line “Public”.
(config-Public)#

voice logging smdr

Use the voice logging smdr command to enable local logging of station message detail records (SMDRs).
Use the no form of this command to disable local logging of SMDR reporting.
Syntax Description
No subcommands.
Default Values
By default, SMDR reporting is disabled.
Command History
Functional Notes
SMDRs are used to log information about individual calls. The recorded information includes call
timestamps, call lengths, participating parties, call origination and destination details, and other information
related to calls made or received through the voice network system. Several programs are available that
collect SMDR information in order to provide call accounting, find call trends, and supply network
administrators with information about productivity. For more information about configuring SMDR in AOS,
refer to the configuration guide Configuring SMDR Reports for the NetVanta 7000 Series, available online
at https://supportofurms.adtran.com.
Usage Examples
The following example enables SMDR local logging:
(config)#voice logging smdr

voice logging smdr format

Use the voice logging smdr format command to specify the format of station message detail record
(SMDR) logs. Use the no form of this command to return to the default SMDR format. Variations of this
command include:
voice logging smdr format v1

voice logging smdr format v2
Syntax Description
v1 Specifies that SMDR version 1 is used.
v2 Specifies that SMDR version 2 is used.
Default Values
By default, v1 SMDR formats are used.
Command History
Functional Notes
As of AOS firmware release R10.4.0, there are two SMDR versions. Both versions provide SMDRs in a
single line of output that contains useful information about call activity. The first SMDR version (v1)
provides the call date, time, duration, billing and origination codes, call originating and destination slot/port,
calling and called party name and number, conference call flags, and special handling flags. The second
SMDR version (v2) provides a unique ID for the call, the call date and start time, the call ring, hold, and
billable time, the billing code, whether the call was internal or external, the originating and destination
slot/port or trunk, calling and called party name and number, call destination name and ID, the dialed digits,
the call status, and the SMDR version used to generate the call report. For more information about
configuring SMDR in AOS, refer to the configuration guide Configuring SMDR Reports for the NetVanta
7000 Series, available online at https://supportofurms.adtran.com.
Usage Examples
The following example specifies that version 2 formatting is used for SMDR reporting:
(config)#voice logging smdr format v2

voice loopback <number>

Use the voice loopback command to configure the auto attendant options for the system. Use the no form
of the commands to disable the setting. For more voice loopback account options, refer to Voice Loopback
Account Command Set on page 4531.
Syntax Description
<number> Specifies the extension for the loopback account.
Default Values
Command History
Usage Examples
The following example creates a loopback with extension (account) number 5555:
(config)#voice loopback 5555

voice mail
Use the voice mail command to configure voicemail options for the unit. Use the no form of this command
to disable the setting. Refer to voice mail check on page 1917 for additional arguments. Variations of this
voice mail alias <name>

voice mail asterisk
voice mail class-of-service <name>
voice mail did <number>
voice mail extension <extension>
voice mail internal
voice mail leave-extension <extension>
voice mail max-login-attempts <number>
Syntax Description
alias <name> Specifies an alias name to use as an alternate when accessing
voicemail.
asterisk Enables voicemail on an external Asterisk server.
class-of-service <name> Configures the voicemail class of services.
did <number> Configures the direct inward dialing (DID) number to assign to
voicemail.
internal Enables internal voicemail on the CompactFlash®.
extension <extension> Specifies the extension users will dial to retrieve their voicemail.
leave-extension <extension> Specifies the extension users will dial to leave a voicemail without
ringing an extension. If a user forwards their phone to this extension,
their calls will automatically forward to their voice mailbox.
max-login-attempts <number> Specifies the maximum number login attempts to voicemail accounts.
Range is 0 to 9 attempts.
Default Values
Command History
Usage Examples
The following example specifies extension 7500 for voicemail retrieval:
(config)#voice mail extension 7500

voice mail check

Use the voice mail check command to configure user parameters for the voicemail check extension. Use
the no form of this command to disable the setting. Variations of this command include the following:
voice mail check alias <name>

voice mail check sip-identity <station> <Txx>
voice mail check sip-identity <station> <Txx> register
voice mail check sip-identity <station> <Txx> register auth-name <username> password <password>
Syntax Description
alias <name> Specifies an alias name to use as an alternate when accessing the
check extension.
sip-identity <station> <Txx> Specifies the station to be used for Session Initiation Protocol (SIP)
trunk (e.g., station extension). Also, specifies the SIP trunk through
which to register the server. The trunk is specified in the format Txx
(e.g., T01).
register Registers the user to the server.
auth-name <username> Sets the user name that will be required as authentication for
registration to the SIP server.
password <password> Sets the password that will be required as authentication for
Default Values
Command History
Usage Examples
The following example configures the voice mail check sip-identity to use extension 6000 as its identity
on trunk T04:
(config)#voice mail check sip-identity 6000 T04

voice mail leave

Use the voice mail leave command to configure user parameters for the voicemail leave extension. Use the
no form of this command to disable the setting. Variations of this command include the following:
voice mail leave alias <name>

voice mail leave sip-identity <station> <Txx>
voice mail leave sip-identity <station> <Txx> register
voice mail leave sip-identity <station> <Txx> register auth-name <username> password <password>
Syntax Description
alias <name> Specifies an alias name to use as an alternate when accessing the
check extension.
sip-identity <station> <Txx> Specifies the station to be used for Session Initiation Protocol (SIP)
trunk (e.g., station extension). Also, specifies the SIP trunk through
which to register the server. The trunk is specified in the format Txx
(e.g., T01).
auth-name <username> Sets the user name that will be required as authentication for
Default Values
Command History
Usage Examples
The following example configures the voice mail leave sip-identity to use extension 8000 as its identity
on trunk T06:
(config)#voice mail leave sip-identity 8000 T06

voice mail sip-identity

Use the voice mail sip-identity command to configure Session Initiation Protocol (SIP) voicemail options
for the unit. Use the no form of this command to disable the setting. Variations of this command include
the following:
voice mail sip-identity <sip ID> <sip trunk>

voice mail sip-identity <sip ID> <sip trunk> register
voice mail sip-identity <sip ID> <sip trunk> register auth-name <username> password <password>
Syntax Description
<sip ID> <sip trunk> Specifies a number to be used as the SIP ID (e.g., station
extension) and the SIP trunk through which you will register to the
server.
auth-name <username> Sets the user name that will be required as AUTHENTICATION for
Default Values
Command History
Usage Examples
The following example specifies trunk T02 and extension 5800 for voice mail sip-identity:
(config)#voice mail sip-identity 5800 T02

voice match ani <template> substitute <template>

Use the voice match ani substitute command to configure automatic number identification (ANI)
substitution for inbound voice trunks. Use the no form of this command to remove the substitution.
voice match ani <template> substitute <template>
Syntax Description
ani <template> Specifies the ANI information to be substituted. This information is entered
using wildcards and numerical digits. Refer to the Functional Notes of this
command for available wildcards and proper data entry.
substitute <template> Specifies the ANI information that is substituted for the original ANI
information. This information is entered using wildcards and numerical
digits. When using wildcards in the match and substitute template, both
must be of the same type and position in the number template or AOS will
not allow the substitution. Refer to the Functional Notes of this command for
available wildcards and proper data entry.
Default Values
By default, no ANI substitution is configured.
Command History
Functional Notes
The convention for ANI templates is very similar to dial plan entries. Valid characters for templates are as
follows:




Usage Examples
The following example specifies that the ANI information from numbers 555-8111 to 555-8115 on all
inbound trunks will be substituted by 555-8110:
(config)#voice match ani 555-811[1-5] substitute 555-8110
Technology Review
The traditional ANI substitution feature operates at a global level on inbound trunks. The feature allows the
substitution of calling party information with information determined by the user. This version of ANI
substitution is applied only to internal caller ID at the inbound trunk, and only affects the number, not the
name, of the calling party.
In this version of ANI substitution, DNIS substitution is also available. DNIS substitution is configured on a
per-trunk basis for outbound trunks. DNIS substitution in this version only affects the number, not the
name, of the called party.

voice mgcp-endpoint <index>

Use the voice mgcp-endpoint command to create a Media Gateway Control Protocol (MGCP) endpoint,
assign it an index, and enter the endpoint configuration mode. Use the no form of this command to destroy
the specified endpoint.
Syntax Description
<index> Specifies the numerical value of the endpoint as part of the endpoint’s
default naming structure. Range is 1 to 255.
Default Values
By default, no endpoints are configured.
Command History
Functional Notes
By default, when endpoints are created and given an index number, they are named in the following
format: aaln/x, where x is the index number. For example, an endpoint with an index of 4 will by default
have the name aaln/4. The most common way of defining the index is to use the FXS port number,
because the index is automatically appended to aaln/ for the endpoint name.
Assigning an index is essential for creating an endpoint; however, endpoints can be renamed using the
name endpoint command. Refer to name <text> on page 4816 for more information.
Usage Examples
The following example creates an endpoint with an index of 1, and enters the endpoint’s configuration
mode:
(config)#voice mgcp-endpoint 1
(config-mgcp-1)#

voice modem-passthrough-mode auto-disable-call-wait

Use the voice modem-passthrough-mode auto-disable-call-wait command to disable call waiting on fax
and modem calls. Use the no form of this command to return to the default setting.
Syntax Description
No subcommands.
Default Values
By default, automatic disabling of call waiting for fax/modem calls is disabled.
Command History
Usage Examples
The following example disables call waiting on a fax call:
(config)#voice modem-passthrough-mode auto-disable-call-wait

voice music-on-hold mode

Use the voice music-on-hold mode command to configure the mode of the Music on Hold (MOH) feature.
Use the no form of this command to return to the default setting. Variations of this command include:
voice music-on-hold mode external

voice music-on-hold mode internal
Syntax Description
external Specifies that on-hold music will play from a file stored locally on the unit.
internal Specifies that on-hold music will play from an external device, such as an
MP3 player or other device, plugged into the unit’s MOH port.
Default Values
By default, this is set to external.
Command History
Usage Examples
The following example sets the MOH mode to internal:
(config)#voice music-on-hold mode internal

voice music-on-hold preferred-codec

Use the voice music-on-hold preferred-codec command to specify the coder-decoder (CODEC) format
to use for the music on hold files. Use the no form of this command to return to the default setting.
voice music-on-hold preferred-codec g711alaw

voice music-on-hold preferred-codec g711ulaw
voice music-on-hold preferred-codec g729
Syntax Description
g711alaw Assigns the G.711 A-law CODEC (64000 bps) as the preferred CODEC for
negotiation.
g711ulaw Assigns the G.711 U-law CODEC (64000 bps) as the preferred CODEC for
negotiation.
g729 Assigns the G.729 CODEC (8000 bps) as the preferred CODEC for
negotiation.
Default Values
By default, the preferred CODEC is set to g711ulaw.
Command History
Usage Examples
The following example sets the preferred CODEC to g711alaw:
(config)#voice music-on-hold preferred-codec g711alaw

voice notify forward

Use the voice notify forward command to enable immediate call forwarding for analog voice users. This
command causes the AOS device to play a certain stutter dial tone when the line is forwarded, alerting the
subscriber that this line feature is enabled. Use the no form of this command to disable the feature.
voice notify forward disable-uri <text>

voice notify forward enable-uri <text>
voice notify forward parameter <text>
Syntax Description
disable-uri <text> Specifies the Alert-Info uniform resource identifier (URI) that disables
immediate call forwarding and produces the normal dialtone. When the
disable URI is specified, the NOTIFY message is rejected and a 503
Service Unavailable response is generated. Specify the URI with a
maximum of 256 characters.
enable-uri <text> Specifies the Alert-Info URI that enables immediate call forwarding and
produces the call forwarding dialtone. When the enable URI is specified, the
NOTIFY message is accepted and a 200 OK response is generated.
Specify the URI with a maximum of 256 characters.
parameter <text> Specifies the Alert-Info parameter that indicates call forwarding is active.
Specify the parameter with a maximum of 256 case-sensitive characters.
Default Values
By default, immediate call forwarding is disabled. When the feature is enabled, by default the normal and
immediate call forwarding dial tones are set to an empty string, and the parameter value is set to an empty
string.
Command History
Functional Notes
The immediate call forwarding feature, when enabled, provides a specific dialtone which alerts the user
that the feature is enabled. The specified dialtone occurs when the Alert-URI is matched in a NOTIFY
message. For the feature to function, you must specify the Alert-URI that enables the feature and provides
the feature dialtone (enable-uri), and you must specify the Alert-URI that disables the feature and
provides the normal dialtone (disable-uri). If both parameters are not specified, the feature remains
disabled.
This feature is available on all AOS voice platforms, and uses a country-specific dialtone when enabled. In
all countries (excluding Mexico), the call forward indicator tone is equivalent to stutter-3. If both message
waiting and call forwarding indication are enabled, stutter-3 is used for both features in all countries
(excluding Mexico).

Usage Examples
The following example enables immediate call forwarding for analog users and specifies the normal and
forwarding dial tones:
(config)#voice notify forward enable-uri service:forward

(config)#voice notify forward disable-uri service:normal

voice number-complete disable

Use the voice number-complete disable command to globally disable the default number-complete
options. Use the no form of this command to return to the default setting. Variations of this command
include:
voice number-complete disable pound

voice number-complete disable star
Syntax Description
pound Disables using the pound (#) key to indicate that a number is complete.
star Disables using the star (*) key to indicate that a number is complete.
Default Values
By default, the pound (#) or star (*) key can be pressed to signify that the dialed number is complete.
Command History
Functional Notes
When a user is dialing a phone number, the AOS unit will wait a configured amount of time (specified by
the command voice timeouts on page 1957) after a digit is pressed before attempting to send the dialed
set of digits. If the user does not want to wait for this timeout interval to elapse, the user can, by default,
press either the pound (#) or star (*) key to indicate that the dialed number is complete.
Usage Examples
The following example disables using the pound (#) key to indicate that a number is complete:
(config)#voice num-complete disable pound

voice num-rings <value>

Use the voice num-rings command to globally specify the number of times a station will ring before
beginning the coverage path that attempts to deliver a call to an available party. This setting can be
overridden on a per-user basis using the num-rings command in the Voice User command set. Refer to
Voice User Account Command Set on page 4549 for more information. Use the no form of this command
Syntax Description
<value> Specifies the number of times a station can ring with no answer. Range is
0 to 9. Setting to 0 allows unlimited rings.
Default Values
The default for this command is 0 (unlimited rings).
Command History
Usage Examples
The following example sets a limit on the number of times a station can ring:
(config)#voice num-rings 8

voice operator-group
Use the voice operator-group command to access the Voice Operator Group command mode. Refer to
Voice Operator Group Command Set on page 4649 for more information. Use the no form of this
command to disable the setting.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enters the Operator Group configuration mode:
(config)#voice operator-group
Configuring Operator Group.
(config-operator-group)#

voice overhead-paging connected-timeout <value>

Use the voice overhead-paging connected-timeout command to specify the timeout interval before an
overhead paging call is terminated. Use the no form of this command to return to the default setting.
This setting does not affect calls placed into handset paging groups. It only affects calls to
the overhead paging port on the back of the AOS unit.
Syntax Description
<value> Specifies the timeout value in seconds. Set to 0 to disable the timeout.
Default Values
The default setting is 120 seconds.
Command History
Usage Examples
The following example configures a connected timeout of 30 seconds for overhead paging:
(config)#voice overhead-paging connected-timeout 30

voice overhead-paging extension <number>

Use the voice overhead-paging extension command to specify the extension used for overhead paging.
Use the no form of this command to disable the setting.
Syntax Description
<number> Specifies the extension to use for overhead paging.
Default Values
Command History
Usage Examples
The following example configures extension 3000 to be used for overhead paging:
(config)#voice overhead-paging extension 3000

voice paging-group <extension>

Use the voice paging-group command to create a new handset paging group and enter the paging group’s
configuration. Use the no form of this command to remove the paging group.
Syntax Description
<extension> Specifies the numeric extension for the paging group.
Default Values
By default, no paging groups exist.
Command History
Functional Notes
The voice paging-group command enters the configuration for a handset paging group. For more
information about handset paging, refer to the Handset Paging for the NetVanta 7000 Series quick
For more information about the commands used to configure handset paging, refer to the Voice Paging
Group Command Set on page 4665.
Usage Examples
The following example creates a paging group using extension 8956 and enters the group’s configuration
mode:
(config)#voice paging-group 8956

Configuring new paging group “8956”.
(config-8956)#

voice park-return <value>

Use the voice park-return command to configure the time until a parked call returns. Use the no form of
Syntax Description
<value> Specifies time in seconds until a call returns from park if not retrieved. Valid
Default Values
By default, the voice park-return time is set to 60 seconds.
Command History
Usage Examples
The following example sets the time a call returns from park to 30 seconds:
(config)#voice park-return 30

voice pickup-group <name>

Use the voice pickup-group command to create a new call pickup group and enter the group’s
configuration mode.
Syntax Description
<name> Specifies the name of the call pickup group.
Default Values
By default, no call pickup groups exist.
Command History
Functional Notes
There is a limit of 10 call pickup groups on an AOS unit.
For more information about call pickup group configuration commands, refer to the Voice Call Pickup
Group Command Set on page 4638.
For more information about configuring the call pickup feature, refer to the Configuring the Call Pickup
Feature on AOS Voice Products quick configuration guide available online at
Usage Examples
The following example creates the call pickup group Sales and enters the group’s configuration mode:
(config)#voice pickup-group Sales

Configuring New Pickup Group “Sales”
(config-Sales)#

voice prompt-language <language>

Use the voice prompt-language command to specify the language to use for voice prompts (such as
audios and voicemail menus) on the system. Use the no form of this command to disable the current
language setting.
Syntax Description
<language> Specifies the language to use for voice prompts. The available choices are
English (American English), FrenchCanadian, Irish (Irish English),
LatinAmSpanish (Latin American Spanish), and UKEnglish (United
Kingdom English).
Default Values
The default value for this command is English.
Command History
Release R10.2.0 The command was expanded to include the Irish language.
Usage Examples
The following example specifies the voice prompt language as Latin American Spanish:
(config)#voice prompt-language LatinAMSpanish

voice ring-group <number>

Use the voice ring-group command to create or modify ring group parameters. These additional
commands are covered in Voice Ring Group Command Set on page 4670. Use the no form of this
command to delete a configured ring group.
Syntax Description
<number> Specifies the ring group's four-digit extension.
Default Values
By default, no ring groups are configured.
Command History
Usage Examples
The following example creates a new ring group with extension 5678:
(config)#voice ring-group 5678

Configuring New Group “5678”.
(config-5678)#

voice ring-option <name>

Use the voice ring-option command to create a ring option or modify an existing ring option. Once the
ring option is configured, it can be applied to a shared line appearance (SLA) or shared call appearance
(SCA). Use the no form of this command to delete a configured ring option. Additional subcommands are
available once you have entered the Ring Option Configuration mode:
description <text>
ring-type delay-12-second
ring-type delay-24-second
ring-type immediate
ring-type silence
ring-type <system mode> delay-12-second
ring-type <system mode> delay-24-second
ring-type <system mode> immediate
ring-type <system mode> silence
Syntax Description
<name> Specifies the name of the ring option. Limited to 10 characters.
description <text> Optional. Provides a text description of the ring option. Limited to 40
characters.
ring-type <system mode> Configures the ring behavior for the specified system mode. Not specifying
a <system mode> implies changing the default system mode ring type.
Enter one of the following to specify the system mode: night, lunch,
weekend, custom1, custom2, custom3, or override. Enter a behavior to
assign a ring type to the system mode:
immediate Ring immediately.
silence Visual ringing notification only.
delay-12-second Ring after a 12 second delay.
delay-24-second Ring after a 24 second delay.
Default Values
By default, the ring type is immediate.
Command History
Usage Examples
The following example creates a new ring option named SALES and enters the Ring Option Configuration
mode:
(config)#voice ring-option SALES

Configuring New Group “SALES”.
(config-SALES)#

The following example sets the ring type for the weekend system mode to silence for the SALES ring
option:
(config-sales)#ring-type weekend silence

voice service map isdn-to-sip forward

Use the voice service map isdn-to-sip forward command to configure integrated services digital
networking (ISDN) to Session Initiation Protocol (SIP) mappings for the call forwarding voice feature on
the AOS unit. Variations of this command include:
voice service map isdn-to-sip forward busy disable-code <spre code>

voice service map isdn-to-sip forward busy enable-code <spre code>
voice service map isdn-to-sip forward no-response disable-code <spre code>
voice service map isdn-to-sip forward no-response enable-code <spre code>
voice service map isdn-to-sip forward unconditional disable-code <spre code>
voice service map isdn-to-sip forward unconditional enable-code <spre code>
Syntax Values
busy Specifies the call forwarding busy special prefix (SPRE) code is configured
and mapped.
no-response Specifies the call forwarding no response SPRE code is configured and
mapped.
unconditional Specifies the call forwarding unconditional SPRE code is configured and
mapped.
disable-code <spre code> Disables the call forwarding feature for the specified SPRE code. Refer to
Functional Notes for information about entering SPRE codes.
enable-code <spre code> Enables the call forwarding feature for the specified SPRE code. Refer to
Functional Notes for information about entering SPRE codes.
Default Values
By default, the call forwarding voice feature is not mapped between ISDN and SIP.
Command History
Functional Notes
The voice service map isdn-to-sip forward command does not have a no version. To disable mapping
of a specific call forwarding feature, enter the disable-code parameter at the end of the command.
SPRE codes for this command are entered in the <*NX> format, where N matches numbers from 2 to 9,
and X matches numbers from 0 to 9. For example, *25. Display the currently assigned voice SPRE codes,
using the show voice spre command.
Usage Examples
The following example enables ISDN to SIP mapping for the call forwarding busy feature on SPRE code
25:
(config)#voice service map isdn-to-sip forward busy enable-code *25

The following example disables ISDN to SIP mapping for the call forwarding no response feature on SPRE
code 30:
(config)#voice service map isdn-to-sip forward no-response disable-code *30

voice service-mode
Use the voice service-mode command to add a service mode transition. Variations of this command
include:
voice service-mode day <day> <time>

voice service-mode lunch <day> <time>
voice service-mode night <day> <time>
voice service-mode weekend <day> <time>
Syntax Description
day Specifies a transition to day mode.
lunch Specifies a transition to lunch mode.
night Specifies a transition to night mode.
weekend Specifies a transition to weekend mode.
<day> Specifies the day of week the transition occurs.
<time> Specifies the time for transition to occur (24-hour format - hours:minutes
(HH:MM)).
Default Values
By default, the voice service-mode is set to day.
Command History
Usage Examples
The following example sets the voice service mode to day with a transition day of Monday and a transition
time of 8:00 AM:
(config)#voice service-mode day monday 08:00

voice speed-dial <unique id> <number> <name>

Use the voice speed-dial command to create a list of IDs to be used as shortcuts to contact frequently
called numbers. Use the no form of this command to return to the default setting.
Syntax Description
<unique id> The speed-dial number that will be used to contact the <number> specified.
<number> Phone number associated with the speed-dial entry (digits only).
<name> Description of this speed-dial entry.
Default Values
Command History
Usage Examples
The following example sets a speed-dial number of 8 for extension 9654:
(config)#voice speed-dial 8 9654 3rdFloorLab

voice spre <pattern id> <pattern>

Use the voice spre command to add a global special prefix (SPRE) complete pattern. This command
allows users to enter a custom SPRE code. Use the no form of this command to delete a configured SPRE
pattern.
Syntax Description
<pattern id> Specifies the SPRE pattern ID. Valid range is 1 to 255.
<pattern> Specifies the SPRE pattern. Refer to Functional Notes below for more
information.
Default Values
Command History
Functional Notes
This command allows users to enter a SPRE code pattern. Patterns begin with * or #. If the pattern is
followed by an &, then the dial plan number-complete templates are used to determine when the unit has
enough digits to dial the number (for example, 67&). However, if a dial plan does not exist for a particular
code that is needed, then a SPRE code may be entered followed by an independent dial plan
number-complete template (for example, *67NXX-XXXX).
Valid characters for patterns are as follows:

0 - 9 Match the exact digit(s) only
& Allows the use of the dial-plan number complete pattern
The following are example pattern entries using wildcards:

EX1: *70&
EX2: #12NXXXXXX
EX3: *[1-3,9]0&

SPRE complete pattern rules:

1) The pattern must begin with * or #.
5) The & wildcard is only allowed at the end of the number.
Usage Examples
The following sets the complete pattern for SPRE 1:
(config)#voice spre 1 *67NXX-XXXX

voice spre-map
Use the voice spre-map command to change the default mapping of special prefix (SPRE) codes on the
AOS voice product. Functions and SPRE codes can be disabled by using the none keyword. Use the no
voice spre-map all none

voice spre-map auto-answer-dnd *<nx>
voice spre-map auto-answer-dnd none
voice spre-map billing-code *<nx>
voice spre-map billing-code none
voice spre-map block-callid-delivery *<nx>
voice spre-map block-callid-delivery none
voice spre-map call-forward-cancel *<nx>
voice spre-map call-forward-cancel none
voice spre-map call-forward-extension *<nx>
voice spre-map call-forward-extension none
voice spre-map call-forward-remote *<nx>
voice spre-map call-forward-remote none
voice spre-map call-held/park-retrieve *<nx>
voice spre-map call-held/park-retrieve none
voice spre-map call-park-zone *<nx>
voice spre-map call-park-zone none
voice spre-map call-return *<nx>
voice spre-map call-return none
voice spre-map call-user-speed-dial *<nx>
voice spre-map call-user-speed-dial none
voice spre-map camp-on *<nx>
voice spre-map camp-on none
voice spre-map cancel-camp-on *<nx>
voice spre-map cancel-camp-on none
voice spre-map clear-message-waiting *<nx>
voice spre-map clear-message-waiting none
voice spre-map conference *<nx>
voice spre-map conference none
voice spre-map cos-override *<nx>
voice spre-map cos-override none
voice spre-map disable-call-waiting *<nx>
voice spre-map disable-call-waiting none
voice spre-map dnd-enable-disable *<nx>
voice spre-map dnd-enable-disable none
voice spre-map door-phone *<nx>
voice spre-map door-phone none
voice spre-map door-unlock *<nx>
voice spre-map door-unlock none
voice spre-map fwd-notificatn-cancel *<nx>

voice spre-map fwd-notificatn-cancel none

voice spre-map group-login *<nx>
voice spre-map group-login none
voice spre-map group-logout *<nx>
voice spre-map group-logout none
voice spre-map hotel-login *<nx>
voice spre-map hotel-login none
voice spre-map hotel-logout *<nx>
voice spre-map hotel-logout none
voice spre-map maca-login *<nx>
voice spre-map maca-login none
voice spre-map maca-logout *<nx>
voice spre-map maca-logout none
voice spre-map page-overhead *<nx>
voice spre-map page-overhead none
voice spre-map permanent-hold *<nx>
voice spre-map permanent-hold none
voice spre-map program-speed-dial *<nx>
voice spre-map program-speed-dial none
voice spre-map redial *<nx>
voice spre-map redial none
voice spre-map remote-call-fwd-cancel *<nx>
voice spre-map remote-call-fwd-cancel none
voice spre-map send-to-vm *<nx>
voice spre-map send-to-vm none
voice spre-map set-account-password *<nx>
voice spre-map set-account-password none
voice spre-map set-message-waiting *<nx>
voice spre-map set-message-waiting none
voice spre-map system-mode *<nx>
voice spre-map system-mode none
voice spre-map system-speed-dial *<nx>
voice spre-map system-speed-dial none
voice spre-map transfer *<nx>
voice spre-map transfer none
voice spre-map user-station-lock *<nx>
voice spre-map user-station-lock none
voice spre-map user-station-unlock *<nx>
voice spre-map user-station-unlock none
Not all SPRE codes are supported by all AOS products. Type voice spre-map ? to view a
list of supported SPRE codes.

Syntax Description
all Makes the SPRE code assignment for all functions.
none Removes the SPRE code for the specified function.
*<nx> Specifies the SPRE code to assign to this function.
Valid range for n is 2 to 9. Valid range for x is 0 to 9.
auto-answer-dnd Specifies the automatic answer do-not-disturb (DND) function.
billing-code Specifies the billing code function.
block-callid-delivery Specifies the block caller-ID delivery function.
call-forward-cancel Specifies the call forward cancel function.
call-forward-extension Specifies the call forward + extension function.
call-forward-remote Specifies the call forward remote function.
call-held/park-retrieve Specifies the held call pickup and park retrieve function
call-park-zone Specifies the call park + zone function.
call-return Specifies the call return function.
call-user-speed-dial Specifies the call user speed dial function.
camp-on Specifies the camp-on function.
cancel-camp-on Specifies the cancel camp-on function.
clear-message-waiting Specifies the clear message waiting function.
conference Specifies the 3-way conferencing function.
cos-override Specifies the class of service (CoS) override function.
disable-call-waiting Specifies the disable call waiting on a per-call basis function.
dnd-enable-disable Specifies the DND enable/disable function.
door-phone Specifies the door phone function.
door-unlock Specifies the door unlock function.
fwd-notificatn-cancel Specifies the forward notification cancel function.
group-login Specifies the group login function.
group-logout Specifies the group logout function.
hotel-login Specifies the hotel login function.
hotel-logout Specifies the hotel logout function.
maca-login Specifies the multiple access with collision avoidance (MACA) login
function.
maca-logout Specifies the MACA logout function.
page-overhead Specifies the overhead paging function.
permanent-hold Specifies the permanent hold function.
program-speed-dial Specifies the program user speed dial function.
redial Specifies the call last dialed number function.
remote-call-fwd-cancel Specifies the remote call forward cancel function.
send-to-vm Specifies the send directly to voicemail function.
set-account-password Specifies the set account password function.

set-message-waiting Specifies the set message waiting function.

system-mode Specifies the system mode function.
system-speed-dial Specifies the system speed dial function.
transfer Specifies the transfer function.
user-station-lock Specifies the user station lock function.
user-station-unlock Specifies the user station unlock function.
Default Values
Default mappings between functions and SPRE codes are as indicated in the following table:
SPRE SPRE
Code Function Code Function
*21 Billing Code *55 Group Login
*67 Block Caller ID Delivery *56 Group Logout
*97 Auto-Answer Do-Not-Disturb *78 Held Call Pickup/Call Park Retrieve
*35 Call Forward Cancel *46 Hotel Login
*33 Call Forward + Extension *47 Hotel Logout
*34 Call Forward Remote *63 MACA Login
*77 Call Park + Zone *64 MACA Logout
*69 Call Return *30 Page Overhead
*62 Call User Speed Dial *44 Permanent Hold
*66 Camp-on *61 Program User Speed Dial
*65 Cancel Camp-on *72 Redial

*86 Clear Message Waiting *36 Remote Call Forward Cancel
*22 Conference 3-way *79 Set Account Password
*90 Class of Service Override *85 Set Message Waiting
*70 Disable Call Waiting Per Call Basis *20 System Mode
*39 Do Not Disturb Enable/Disable *25 System Speed Dial
*37 Door Phone *88 Transfer
*38 Door Unlock *57 User Station Lock
*32 Forward Notification Cancel *58 User Station Unlock
Command History

Release A5.01 Command was expanded to include the page-intercom parameter.

Release R10.2.0 Command was expanded to include the send-to-vm parameter.
Release R10.6.0 Command was expanded to include the call-held/park-retrieve parameter.
Release R11.5.0 Command was altered to remove the page-intercom parameter.
Functional Notes
SPRE codes are used to map a sequence of digits to a particular functionality. For example, in a typical
network, *67 is used to block caller ID. The codes and their functions are listed in the Default Values.
Functions and SPRE codes can be disabled by using the none keyword.
Usage Examples
The following example sets the SPRE code for call return to *79:
(config)#voice spre-map call-return *79

voice spre-mode
Use the voice spre-mode command to control whether special prefix (SPRE) codes will be interpreted by
the unit locally or forwarded to the network for interpretation. The override parameter indicates that the
specified SPRE code is to be overridden. Use the no form of this command to return to the default setting.
voice spre-mode local

voice spre-mode network
voice spre-mode override *<nx>
Syntax Description
local Specifies that SPRE codes are interpreted locally by the unit.
network Specifies the forwarding of SPRE codes to the network for handling.
override *<nx> Indicates the configured SPRE processing mode is overridden for the
specified SPRE code. Valid range for n is 2 to 9. Valid range for x is 0 to 9.
Default Values
By default, this command is set to forward SPRE codes to the network and no overrides are configured.
Command History
Release A2.03 Command was expanded to include the override option.
Functional Note
SPRE codes are used to map a sequence of digits to a particular functionality. For example, in a typical
network, *67 is used to block caller ID. When the AOS unit is configured to operate in network mode, the
digits are collected and sent to the network for appropriate handling. Using the override parameter allows
the unit to be configured so that certain SPRE codes are collected locally and the corresponding function is
initiated.
Usage Examples
The following example configures the unit to interpret SPRE codes:
(config)#voice spre-mode local
The following example configures the unit, which is configured to use the network mode, to instead
interpret the SPRE code *67 locally:
(config)#voice spre-mode network

(config)#voice spre-mode override *67

voice status-group
Use the voice status-group command to create or modify a voice status group and enter the Voice Status
Group Configuration mode. Use the no form of this command to delete a voice status group. Variations of
voice status-group <name>
The following additional subcommands are available once you have entered the Voice Status Group
Configuration mode:
park-zone <value>
user <number>
user <number> display-name <name>
user <number> dial-string <string>
user <number> display-name <name> dial-string <string>
use-spre-entities
Syntax Description
<name> Specifies the name of the voice status group to create, modify, or
delete.
park-zone <value> Specifies a new park zone number to add to this voice status
group. The valid range is 0 to 9.
user <number> Specifies the extension of a user to add to this voice status group.
display-name <name> Optional. Specifies an override name to appear as the user’s
name when displayed on the device (BLF). If the name includes
spaces, it must be surrounded by quotation marks as shown in
the Usage Examples.
dial-string <string> Optional. Specifies a specific number to dial. Valid entries can
include a combination of characters * and 0 through 9.
use-spre-entities Specifies that the system use special prefix (SPRE) codes for
extensible markup language (XML) entities in Notify messages
when applicable.
Default Values
By default, there are no voice status groups configured.
Unless the user explicitly enters a display-name or dial-string, these values will default to the user’s
extension number. The dial-string and display-name cannot be added or changed after a user is added
to a status group. The user must first be removed from the status group with the no user <number>
command, then re-added as a member with the appropriate display-name and/or dial-string. Refer to the
Usage Examples section for further details.
Command History

Release A2 Command was expanded to include the dial string entries.

Release A5.01 Command was expanded to include the use-spre-entities parameter.
Usage Examples
The following example creates a new voice status group with the name Engineering:
(config)#voice status-group Engineering

The following example adds park zone 4 to the Engineering status group directory:

(config-status-Engineering)#park-zone 4
The following example adds user 5555 to the Engineering status group directory, displaying the default
name 5555 with the default dial string of 5555:

(config-status-Engineering)#user 5555
The following example adds user 5555 to the Engineering status group directory, displaying the name
Test Lab with the default dial string of 5555:

(config-status-Engineering)#user 5555 display-name “Test Lab”
The following example adds user 5555 to the Engineering status group directory, displaying the default
name 5555 with a handsfree dial string of **5555:

(config-status-Engineering)#user 5555 dial-string **5555
The following example adds user 5555 to the Engineering status group directory, displaying the name
Test Lab with a handsfree dial string of **5555:

(config-status-Engineering)#user 5555 display-name “Test Lab” dial-string **5555

voice status-group expires

Use the voice status-group expires command to add a status group subscription time for status group
clients. Any subscription time requests that fall between the minimum and maximum values will be
instructed to use the default value instead. Variations of this command include:
voice status-group default-expires <value>

voice status-group max-expires <value>
voice status-group min-expires <value>
Syntax Description
default-expires <value> Specifies a default subscription time. The valid range is 120 to
86400 seconds.
max-expires <value> Specifies a maximum subscription time. The valid range is 120 to
86400 seconds.
min-expires <value> Specifies a minimum subscription time. The valid range is 120 to
86400 seconds.
Default Values
By default, the voice status group default-expires value is set to 120 seconds, max-expires value is set to
3600, and the min-expires is set to 86400.
Command History
Usage Examples
The following example sets the voice status group maximum subscription time to 2 hours:
(config)#voice status-group max-expires 7200

voice system-country <name>

Use the voice system-country command to specify the system country setting. Specifying the system
country with this command automatically changes several default settings to match the standards of the
specified country. Refer to the Functional Notes for details. Use the no form of this command to return to
Syntax Description
<name> Specifies the system country name. The available options are: Australia,
Belgium, Canada, China_Hong_Kong, Denmark, ETSI, Finland,
France, Germany, Ireland, Italy, Luxembourg, Mexico, Netherlands,
Norway, Puerto_Rico, Spain, Sweden, Switzerland,
United_Arab_Emirates, United_Kingdom, and United_States.
Default Values
The default system country code is United_States.
Command History
Release A4.05 Command was modified to accept the country name instead of numbers.
Functional Notes
The voice system-country command automatically sets the parameters for multiple settings on the AOS
device to match the standards of the specified country. For example, Web-based graphical user interface
(GUI) language, voice prompt language (if applicable), call progress tones, companding type, caller ID
type, and voice country code. The values for these parameters can be viewed using show system on page
1031.
The system country setting is not stored as part of the running configuration or startup configuration.
Erasing the startup configuration will not change the system country. If a particular feature or configuration
option is set to something other than the default, changing the system country will have no effect on that
feature or option. For a comprehensive list of the features affected by the system country setting, refer to
the International Configuration Guide available online at https://supportcommunity.adtran.com.
Usage Examples
The following example sets the system country to Canada:
(config)#voice system-country Canada

voice system-mode
Use the voice system-mode command to configure the system mode schedules. When triggered by the
system-clock, AOS units transition into a system mode based on the schedule. Use the no form of this
command to disable the setting. Variations of this command include the following:
voice system-mode custom1 <day> <time>

voice system-mode default <day> <time>
voice system-mode lunch <day> <time>
voice system-mode night <day> <time>
voice system-mode weekend <day> <time>
Syntax Description
<day> Specifies the day of the week. Choose from Sunday through Saturday.
<time> Specifies the time of the day in a 24-hour format hours:minutes (HH:MM).
custom1 - custom3 Indicates the custom mode (1 through 3) to configure.
default Indicates the default-time system mode to configure.
lunch Indicates the lunch-time system mode to configure.
night Indicates the night-time system mode to configure.
weekend Indicates the weekend system mode to configure.
Default Values
By default, no system mode commands are configured, the unit will operate in the default mode.
Command History
Usage Examples
The following example configures a typical 5-day business week:
(config)#voice system-mode default Monday 8:00

(config)#voice system-mode night Monday 17:00
(config)#voice system-mode default Tuesday 8:00
(config)#voice system-mode night Tuesday 17:00
(config)#voice system-mode default Wednesday 8:00
(config)#voice system-mode night Wednesday 17:00
(config)#voice system-mode default Thursday 8:00
(config)#voice system-mode night Thursday 17:00
(config)#voice system-mode default Friday 8:00
(config)#voice system-mode weekend Friday 17:00

voice timeouts
Use the voice timeouts command to configure the time limits for phases. Use the no form of this command
to return to the default setting or remove the named digit timeout (NDT) and its value.
When removing an NDT and its value, if the NDT is assigned to a dial plan entry, then the
deletion is not allowed. The dial plan must be removed first and added back into the system
without the NDT association.
voice timeouts alerting <value>

voice timeouts connected <value>
voice timeouts connecting <value>
voice timeouts emergency-callback <value>
voice timeouts interdigit <value>
voice timeouts named-digit-timeout <ndt name>
voice timeouts named-digit-timeout <ndt name> <value>
voice timeouts preconnected <value>
voice timeouts preconnecting <value>
Syntax Description
alerting <value> Specifies the maximum time a call is allowed to remain in the alerting
state. The shorter of this timeout or the configured maximum number of
rings will determine how long a call is allowed to ring. The valid range is 0
(unlimited) to 60 minutes.
connected <value> Specifies the maximum time a call is allowed to remain in the connected
state. The valid range is 0 (unlimited) to 1000 hours.
connecting <value> Specifies the maximum time a call is allowed to remain in the connecting
state. The valid range is 0 (unlimited) to 60 minutes.
emergency-callback <value> Specifies the maximum time to wait for an emergency callback. The valid
interdigit <value> Specifies the maximum time allowed between dialed digits. The valid
named-digit-timeout Creates a timeout with a name and a value to associate with a dial plan
template.
<ndt name> Specifies the name of the named-digit-timeout to be created.
<value> Optional. Indicates the timeout value in seconds to allow after the last
digit is dialed before routing the call. The valid range is 1 to 16 seconds.
preconnected <value> Specifies the maximum time a call is allowed to stay in a preconnected
preconnecting <value> Specifies the maximum time a call is allowed to stay in a preconnecting

Default Values
By default, the alerting timeout is 5 minutes, the connected timeout is 12 hours, and the interdigit
timeout is 4 seconds. If no value is indicated for the NDT, 0 seconds is applied.
Command History
Release A2 Command was expanded to include the named-digit-timeouts parameter.
Release R10.4.0 Command was expanded to include the connecting,
emergency-callback, preconnected, and preconnecting parameters.
Functional Notes
The named-digit-timeout parameter allows multiple interdigit timeouts within the system. It provides a
means for associating a specific amount of time to wait after a template match is made before routing a
call. This added functionality allows short numbers and long numbers to coexist in the same system
(for example, seven- and ten-digit patterns) without specifying additional characters (such as 1 or 9).
Usage Examples
The following example sets the alerting timeout to 30 seconds:
(config)#voice timeouts alerting 30
The following example creates a named-digit-timeout named short1 and sets the timeout value to
2 seconds:
(config)#voice timeouts named-digit-timeout short1 2

voice transfer
Use the voice transfer command to set the unattended transfer for the system only. Use the no form of this
voice transfer blind

voice transfer unattended
Syntax Description
blind Converts unattended transfer attempts to RFC 3891-compliant blind
transfers.
unattended Unattended transfer attempts are not modified.
Default Values
The default setting is unattended.
Command History
Usage Examples
The following example configures the voice transfer type to blind:
(config)#voice transfer blind

voice transfer-mode
Use the voice transfer-mode command to specify whether transferred calls will be controlled by the unit
locally, or if the network will control them. Use the no form of this command to return to the default
voice transfer-mode local

voice transfer-mode network
Syntax Description
local Specifies that call transferring is controlled locally by the unit.
network Specifies that call transferring is controlled by the network.
Default Values
By default, the network controls call transfers.
Command History
Usage Examples
The following example configures the unit to handle call transfers:
(config)#voice transfer-mode local

voice transfer-on-hangup
Use the voice transfer-on-hangup command to enable this feature. When transferring a call, hanging up
initiates the transfer to the destination party. Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables this feature:
(config)#voice transfer-on-hangup

voice trunk access-code

Use the voice trunk access-code command to modify the outbound trunk access code. Use the no form of
this command to remove the trunk access code and return to the default. Variations of this command
include:
voice trunk access-code <number>

voice trunk access-code none
Syntax Description
<number> Specifies the digit to use as the outbound trunk access code. Valid entries
are 0 through 9.
none Specifies that no trunk access code is required to place outbound calls.
Default Values
By default, the outbound trunk access code is 9.
Command History
Functional Notes
There are a number of considerations involved if the trunk access code is changed or omitted on a
previously installed system using the voice trunk access-code command. The following items should be
reviewed to confirm that the correct steering digit is configured in each of these areas of AOS:
• User account call forwarding

• External call coverage for user accounts, ring groups, operator groups, and globally
• User account FindMe-FollowMe refer actions
• SIP trunk account outbound match ANI Add/Replace Diversion/P-Asserted-Identity commands
• ISDN/SIP trunk account, outbound match ANI substitute commands
• ISDN/SIP/Analog trunk account, outbound match DNIS substitute/replace ani commands
• Shared line account, external call coverage
• Shared call appearance, external call coverage
• Voicemail session: returning a call to the sender of a message
• Auto attendant, transfers to external numbers
• Recording and playing audio prompts from an external number
• Auto attendant, dial-by-name directory entries
• Status group member, external dial strings
• Class of service, advanced permit/deny templates
• System dial plan templates
• Global inbound match ANI substitution

Usage Examples
The following example configures the outbound trunk access-code as 7:
(config)#voice trunk access-code 7

voice trunk-list <name>

Use the voice trunk-list command to create a permit/deny trunk list and to enter the trunk list
configuration mode. Use the no form of this command to remove the trunk list.
Additional subcommands are available once you have entered the trunk list configuration mode:
trunk <Txx>
Syntax Description
<name> Specifies the name of the trunk list.
trunk <Txx> Specifies the trunk to add to the trunk list. Trunks are specified by their
2-digit identifier. For example, T01.
Default Values
By default, no trunk lists are configured.
Command History
Functional Notes
The trunk lists are permit/deny lists that operate in the same manner as automatic number identification
(ANI) lists, and are used to specify trunks that will be permitted or denied access on specified voice trunk
groups.
There is no limit on the number of trunks that can be added to the trunk list, and there is no limit on the
number of trunk lists that can be applied to a voice trunk group. The trunk lists are applied to the trunk
group in the order they are listed.
Although there is no limit on the number of trunks allowed in a trunk list, or the number of
trunk lists applied to voice trunk groups, it is important to remember that the more lists
that are applied to a trunk group, the more the runtime performance of call routing will be
affected.
Usage Examples
The following example creates a trunk list called TEST2 and specifies the trunks to be included in the list:
(config)#voice trunk-list TEST2

(config-trunk-list-TEST2)#trunk T01
(config-trunk-list-TEST2)#trunk T03

voice trunk <trunk id> type

Use the voice trunk type command to define a new trunk for use with a Session Initiation Protocol (SIP)
or integrated services digital network (ISDN) interface. Executing this command activates the Voice Trunk
Configuration mode for the individual trunk. Refer to Voice ISDN Trunk Command Set on page 4994 for
information on the commands in that mode. Other trunk types are explained in voice trunk <trunk id> type
analog supervision on page 1966. Use the no form of this command to delete a configured voice trunk.
voice trunk <trunk id> type isdn

voice trunk <trunk id> type sip
Refer to the configuration guide Voice Traffic over SIP Trunks and Configuring the Total
Access 900 Series PRI Interface guide for more information on voice trunks. These
documents are available online at http://supportforums.adtran.com.
Syntax Description
<trunk id> Specifies the trunk's two-digit identifier in the format Txx (for example, T12).
isdn Configures the trunk for use with ISDN service.
sip Configures this trunk for use with SIP.
Default Values
Command History
Release 11.1 Command was expanded to include the analog and ISDN support.
Usage Examples
The following example creates the new trunk T12 for use with SIP and enters the Voice Trunk
Configuration mode:
(config)#voice trunk t12 type sip

(config-T12)#

voice trunk <trunk id> type analog supervision

Use the voice trunk type analog supervision command to define a new trunk for an analog interface.
Executing this command activates the Voice Trunk Analog Configuration mode for the individual trunk.
Use the no form of this command to delete a configured voice trunk. Refer to Voice Analog Trunk
Command Set on page 4945 for information on the commands in that mode. Variations of this command
voice trunk <trunk id> type analog supervision dpt

voice trunk <trunk id> type analog supervision ground-start
voice trunk <trunk id> type analog supervision loop-start
Syntax Description
<trunk id> Specifies the trunk’s two-digit identifier in the format Txx (for example, T01).
dpt Specifies dial pulse terminate (DPT) with an assumed user role.
ground-start Specifies ground start (GS) with an assumed user role.
loop-start Specifies loop start (LS) with an assumed user role.
Default Values
Command History
Usage Examples
The following example creates the new trunk T15 for use with an analog interface and enters the Voice
Trunk Analog DPT Configuration mode:
(config)#voice trunk t15 type analog supervision dpt

(config-T15)#

voice trunk <trunk id> type t1-rbs supervision

Use the voice trunk type t1-rbs supervision command to define a new trunk for a T1 interface. Executing
this command activates the Voice Trunk T1 Configuration mode for the individual trunk. Use the no form
of this command to delete a configured voice trunk. Refer to Voice T1 Trunk Command Set on page 5137
for information on the commands in that mode. Other trunk types are explained in voice trunk <trunk id>
type on page 1965. Variations of this command include the following:
voice trunk <trunk id>

voice trunk <trunk id> type t1-rbs supervision fgd role user
voice trunk <trunk id> type t1-rbs supervision ground-start role user
voice trunk <trunk id> type t1-rbs supervision immediate role network
voice trunk <trunk id> type t1-rbs supervision immediate role user
voice trunk <trunk id> type t1-rbs supervision loop-start role user
voice trunk <trunk id> type t1-rbs supervision tie-fgd
voice trunk <trunk id> type t1-rbs supervision wink role network
voice trunk <trunk id> type t1-rbs supervision wink role user
Syntax Description
<trunk id> Specifies the trunk's two-digit identifier in the format Txx (for example, T01).
fgd Specifies feature group D (FGD) with an assumed user role.
ground-start Specifies ground start (GS) with an assumed user role.
immediate Specifies E&M immediate with an assumed network or user role.
loop-start Specifies loop start (LS) with an assumed user role.
tie-fgd Specifies tie trunk with FGD.
wink Specifies wink with an assumed network or user role.
role network Specifies the network role for this trunk.
role user Specifies the user role for this trunk.
Default Values
Command History
Usage Examples
The following example creates the new trunk T15 for use with a T1 interface and enters the Voice Trunk T1
Wink Configuration mode:
(config)#voice trunk t15 type t1-rbs supervision wink role network

(config-T15)#

voice user <extension>

Use the voice user command to create a new user extension and to enter the Voice User command set. Use
the no form of this command to delete a configured extension or modify an existing extension’s
parameters. Refer to Voice User Account Command Set on page 4549 for details.
Syntax Description
<extension> Specifies user’s extension.
Default Values
By default, there are no configured voice users.
Command History
Usage Examples
The following example creates a new user with extension 9876:
(config)#voice user 9876

Configuring New User “9876”.
(config-9876)#

voip name-service host

Use the voip name-service host command to add a host to the Voice over Internet Protocol (VoIP) name
service (VNS) cache table. Using the no form of this command removes the host from the cache.
voip name-service host <hostname> mgcp

voip name-service host <hostname> mgcp tcp
voip name-service host <hostname> mgcp udp
voip name-service host <hostname> sip
voip name-service host <hostname> sip tcp
voip name-service host <hostname> sip tls
voip name-service host <hostname> sip tls srv <service-name-prefix>
voip name-service host <hostname> sip tls srv <service-name-prefix> <transport-name-prefix>
voip name-service host <hostname> sip udp
Syntax Description
<hostname> Specifies the fully qualified domain name (FQDN) of the added host.
mgcp Specifies that Media Gateway Control Protocol (MGCP) is the service type
for the VNS service request.
sip Specifies that Session Initiation Protocol (SIP) is the service type for the
VNS service request.
tcp Optional. Specifies that Transmission Control Protocol (TCP) is the protocol
used for the service request.
tls Optional. Specifies that Transport Layer Security (TLS) is the protocol used
for the service request.
srv Optional. Specifies that service records (SRV) parameters are enabled.
Available only when an FQDN has been specified.
<service-name-prefix> Optional. Specifies the service name prefix for the domain naming system
(DNS) service (SRV) request. Underscores are added automatically.
udp Optional. Specifies that User Datagram Protocol (UDP) is the protocol used
for the service request.
Default Values
By default, both MGCP and SIP VNS requests use UDP. By default, SIP TLS requests use SIPS as the
service name prefix and TCP as the transport name prefix.
Functional Notes
Voice and media signaling protocols (such as SIP) often rely on DNS

in order to ease configuration and administration of endpoints and also to implement redundancy
mechanisms provided by DNS service records. Because voice and media signaling protocols are often
directly coupled to a user experience, applications are often very sensitive to latency introduced by the
DNS mechanism.
AOS voice products rely on the ability to resolve names to one or more service or address records quickly
in order to place a call or register to an external voice server. The DNS server is often not local to the AOS
unit, and it is not guaranteed to be accessible, even when other mechanisms necessary for successful call
completion may be available. A DNS request for a particular host name results in local caching by the AOS
unit, after which the DNS information is quickly available without requiring additional requests. The cache
remains populated until the cached record expires.
The VNS system in the AOS product implements preemptive and persistent caching of DNS records for
voice signaling protocols. The VNS system maintains a table of DNS records in a cache for voice signaling
protocols like SIP and MGCP. For example, if a request is generated from a SIP client (such as a SIP trunk
or SIP proxy), for which there is a configured SIP server entity (such as a proxy address or SIP server
address), the request is always serviced from the local DNS cache (rather than from an external DNS
server). This ensures that SIP access to DNS is always available immediately, even during transient DNS
outages.
The VNS system in AOS can be configured manually by adding a host to the cache (using the command
voip name-service host on page 1969) and by specifying the number of attempts used by VNS to verify the
DNS cache changes (using the command voip name-service verification attempts <number> interval
<seconds> on page 1971). You can view the VNS cache by using the commands show voip name-service
cache on page 1103 and show voip name-service name-table on page 1104.
Configuring an FQDN using the voip name-service host command forces the FQDN resolution (using
DNS) to never timeout from the DNS name table. Each DNS record has a time to live (TTL) value that
specifies the amount of time to cache the record. After this time, the DNS table (by default) removes the
record from the cache. VNS issues DNS queries in an attempt to keep voice-related records cached in the
DNS name table, but if the DNS name servers are not available, the records can expire from the DNS
name table. The records associated with configured VNS host FQDNs are not flushed from the cache
regardless of the TTL or age of the record, but rather are permanently cached dynamic resolutions.
Command History
Release R11.5.0 Command was expanded to include the tls and srv configuration
parameters.
Usage Examples
The following example adds the SIP host example.user.net to the VNS/DNS cache, using TCP requests:
(config)#voip name-service host example.user.net sip tcp

The following example configures TLS as the transport protocol for a statically added VNS
host:(config)#voip name-service host example.user.net sip tls

voip name-service verification attempts <number> interval <seconds>

Use the voip name-service verification attempts interval command to configure the Voice over Internet
Protocol (VoIP) name service (VNS) to verify any domain naming system (DNS) changes to the VNS
table. Using the no form of this command disables verification.
Syntax Description
attempts <number> Specifies the number of consecutive DNS answers that validate a change to
the VNS table. Valid range is 1 to 10.
interval <seconds> Specifies the time interval (in seconds) to wait between verification
attempts. Valid range is 1 to 600 seconds.
Default Values
By default, the VNS system does not verify DNS changes.
Functional Notes
Voice and media signaling protocols (such as SIP) often rely on DNS in order to ease configuration and
administration of endpoints and also to implement redundancy mechanisms provided by DNS service
records. Because voice and media signaling protocols are often directly coupled to a user experience,
applications are often very sensitive to latency introduced by the DNS mechanism.
AOS voice products rely on the ability to resolve names to one or more service or address records quickly
in order to place a call or register to an external voice server. The DNS server is often not local to the AOS
unit, and it is not guaranteed to be accessible, even when other mechanisms necessary for successful call
completion may be available. A DNS request for a particular host name results in local caching by the AOS
unit, after which the DNS information is quickly available without requiring additional requests. The cache
remains populated until the cached record expires.
The VNS system in the AOS product implements preemptive and persistent caching of DNS records for
voice signaling protocols. The VNS system maintains a table of DNS records in a cache for voice signaling
protocols like Session Initiation Protocol (SIP) and Media Gateway Control Protocol (MGCP). For example,
if a request is generated from a SIP client (such as a SIP trunk or SIP proxy), for which there is a
configured SIP server entity (such as a proxy address or SIP server address), the request is always
serviced from the local DNS cache (rather than from an external DNS server). This ensures that SIP
access to DNS is always available immediately, even during transient DNS outages.
The VNS system in AOS can be configured manually by adding a host to the cache (using the command
voip name-service host on page 1969) and by specifying the number of attempts used by VNS to verify the
DNS cache changes (using the command voip name-service verification attempts <number> interval
<seconds> on page 1971). You can view the VNS cache by using the commands show voip name-service
cache on page 1103 and show voip name-service name-table on page 1104.
Command History

Usage Examples
In the following example, the VNS system is configured to use 3 attempts to validate a DNS change, with
30 seconds between each attempt:
(config)#voip name-service verification attempts 3 interval 30

vrf forwarding <name>

Use the vrf forwarding command to assign an interface to a specific virtual routing and forwarding (VRF)
instance. Use the no form of this command to remove the interface from the named VRF instance and
assign it to the unnamed default VRF.
Keep in mind that changing an interface’s VRF association will clear all IP-related
settings on that interface.
Syntax Description
<name> Specifies the name of the VRF to which to assign the interface.
Default Values
By default, interfaces are associated with the default VRF that is unnumbered.
Command History
Functional Notes
VRF instances must be created first before an interface can be assigned. An interface can only be
assigned to one VRF, but multiple interfaces can be assigned to the same VRF.
An interface will only forward IP traffic that matches its associated VRF.
Usage Examples
The following example assigns the frame-relay 1.16 interface to the VRF instance named RED:

(config-fr 1.16)#vrf forwarding RED

vrf <name> route-distinguisher

Use the vrf route-distinguisher command to create a nondefault virtual routing and forwarding (VRF)
instance and assign it a route distinguisher. Use the no vrf command to remove all VRF instances
configured on the system. Use the no vrf route-distinguisher command to destroy the VRF instance and
any commands configured on the VRF. Variations of this command include:
vrf <name> route-distinguisher as-2byte <ASN:nn>

vrf <name> route-distinguisher as-4byte <ASN:nn>
vrf <name> route-distinguisher ip <ipv4 address:nn>
vrf system-control route-distinguisher as-2byte 0:1
vrf system-management route-distinguisher as-2byte 0:2
Syntax Description
<name> Specifies the name of the VRF instance. Valid range is up to 79
alphanumeric characters.
as-2byte <ASN:nn> Specifies the autonomous system number (ASN)-relative route
distinguisher as a 16-bit AS number (ASN) and a 32-bit arbitrary number
(nn).
as-4byte <ASN:nn> Specifies the ASN-relative route distinguisher as a 32-bit AS number (ASN)
and a 16-bit arbitrary number (nn).
ip <ipv4 address:nn> Specifies an IPv4 address-relative route distinguisher, which consists of an
IPv4 address and a 16-bit arbitrary number (nn). IPv4 addresses should be
expressed in decimal dotted notation (for example, 10.10.10.1).
system-control Specifies the system control VRF instance.
system-management Specifies the system management VRF instance.
Default Values
Command History
in ADTRAN internetworking products. In addition, the as-2byte, as-4byte,
and ip <ipv4 address:nn> parameters were added.
in ADTRAN voice products. In addition, the as-2byte, as-4byte, and ip
<ipv4 address:nn> parameters were added.
Release R10.10.0 Command was expanded to include the system-control and
system-management options.

Functional Notes
The route distinguisher 0:0 or 0.0.0.0:0 is reserved for the default (unnamed) VRF instance and cannot be
reassigned. Additionally, the VRF names system-control and system-management use route
distinguishers 0:1 and 0:2 respectively, and cannot be reassigned. The system control and system
management VRF instances exist by default and cannot be removed. These VRFs exist for the system
control Ethernet virtual connection (EVC) and the system management EVC. Refer to System Control EVC
Command Set on page 3730 and System Management EVC Command Set on page 3828 for more
information.
Once a nondefault VRF is created, it must be assigned to the appropriate interfaces. Use the voip
name-service host on page 1969 to assign interfaces to the VRF. By default, interfaces are assigned to the
default unnamed VRF. An interface can only be assigned to one VRF, but multiple interfaces can be
assigned to the same VRF.
Usage Examples
The following example creates the VRF Red and assigns the 2-byte route distinguisher 2:2:
(config)#vrf RED route-distinguisher as-2byte 2:2

APPLICATION COMMAND SETS

• Network Sync Application Command Set on page 1977

• Y.1731 Application Command Set on page 1982

Command Reference Guide Network Sync Application Command Set
NETWORK SYNC APPLICATION COMMAND SET
Use the network synchronization (Network Sync) application command set to aid in troubleshooting
Network Sync configuration on the AOS unit. Network Sync application commands do not affect the
configuration of the AOS unit, and they do not persist between reboots. To access the Network Sync
application command set, enter the application command from the Enable mode prompt, and then enter
the appropriate Network Sync application command as follows (refer to the command application on page
98):
>enable
#application
(app)#
exit on page 83
Commands for this command set are described in this section in alphabetical order.
network-sync source-override on page 1978

network-sync transmit-ssm-override <input> on page 1979
network-sync wait-to-restore clear on page 1981

Network Sync Application Command Set Command Reference Guide
network-sync source-override
Use the network-sync source-override command to override the current clock source. When the clock
source override is activated, there is a line displayed in the command show network-sync that indicates
the override is active. Use the no form of this command to cancel the clock override. Variations of this
command include:
network-sync source-override cancel

network-sync source-override internal
network-sync source-override primary
network-sync source-override primary force
network-sync source-override secondary
network-sync source-override secondary force
Syntax Description
cancel Specifies that the source override is cancelled. This functions exactly the
same as using the no command.
internal Specifies that the internal oscillator is selected as the current clock source.
primary Specifies that the primary clock source is overridden.
secondary Specifies that the secondary clock source is overridden.
force Optional. Specifies that the primary or secondary clock source should be
selected as the current clock even if it is down.
Default Values
Command History
Usage Examples
The following example overrides the secondary clock source:
#application
(app)#network-sync source-override secondary

network-sync transmit-ssm-override <input>

Use the network-sync transmit-ssm-override command to create an unconditional override of the
synchronization status message (SSM) configuration for the clock. This command is used primarily for
testing purposes. Use the no form of this command to remove the override.
Syntax Description
<input> Specifies the SSM quality level override option. Refer to the Functional
Notes of this command for specifics.
Default Values
By default, SSM override options are those provided by Ethernet equipment clock (EEC) option 2.
Command History
Functional Notes
The various <input> parameters available for SSM override vary according to the EEC option selected in
the Network Sync configuration (refer to eec-option on page 4422). If you have not specified an EEC
option, option 2 is used by default. The following tables outline the <input> parameters for the
network-sync transmit-ssm-override command.
Table 1. SSM Override Parameters for EEC Option 1
SSM Override Parameter Description
q1-dnu Do Not Use for Synchronization (0xF)
q1-eec1 Synchronous digital hierarchy (SDH) Equipment

Clock (0xB)
q1-prc Primary Reference Clock (0x2)
q1-ssu-a Primary Level Synchronization Supply Unit (0x4)
q1-ssu-b Second Level Synchronization Supply Unit (0x8)
<input> Enter SSM as a decimal or hexadecimal value
Table 2. SSM Override Parameters for EEC Option 2
q1-dus Do Not Use for Synchronization (0xF)
q1-eec2 Stratum 3 Traceable (0xA)
q1-prov Provisioned by Network Operator (0xE)

Network Sync Application Command Set Command Reference Guide
Table 2. SSM Override Parameters for EEC Option 2 (Continued)
q1-prs Stratum 1 Traceable (0x1)
q1-smc SONET Minimum Clock Traceable (0xC)
q1-st2 Stratum 2 Traceable (0x7)
q1-st3e Stratum 3E Traceable (0xD)
q1-stu Synchronized Traceability Unknown (0x0)
q1-tnc Transit Node Clock Traceable (0x4)
Usage Examples
The following example creates an unconditional SSM override:
#application
(app)#network-sync transmit-ssm-override q1-dnu

network-sync wait-to-restore clear

Use the network-sync wait-to-restore clear command to clear the wait-to-restore timers. Variations of
network-sync wait-to-restore clear primary

network-sync wait-to-restore clear secondary
Syntax Description
primary Specifies the primary timers are cleared.
secondary Specifies the secondary timers are cleared.
Default Values
Command History
Usage Examples
The following example clears the primary wait-to-restore timers:
#application
(app)#network-sync wait-to-restore clear primary

Y.1731 Application Command Set Command Reference Guide
Y.1731 APPLICATION COMMAND SET
Use the Y.1731 application command set to configure and verify specifics of Y.1731 configuration on the
AOS unit. Y.1731 applications are used in one- and two-way frame delay performance monitoring
sessions, as well as frame loss monitoring sessions. To access the Y.1731 application command set, enter
the application command from the Enable mode prompt, and then enter the appropriate Y.1731
application command as follows (refer to the command application on page 98):
>enable
#application
(app)#ethernet y1731 meg char-string MEG 3 100
(app-y1731 MEG)#
In AOS Release 17.1, output modifiers were introduced for all show commands. These modifiers help
specify the information displayed in the show command output. The modifiers are appended to the end of
the show command, preceded by the pipe character (|), and followed by the <text> to exclude, include, or
with which to begin the display. The following output modifiers are common for all show commands:
| begin <text> Produces output that begins with lines, including the specified text and
every line thereafter.
| exclude <text> Produces output that excludes any lines containing the specified text.
| include <text> Produces output that only displays lines with the specified text.
exit on page 83
All other commands for this command set are described in this section in alphabetical order:
frame-delay one-way on page 1983

frame-delay two-way on page 1985
frame-loss single-ended on page 1987
frame-loss synthetic single-ended on page 1989
linktrace <mep id | target mac address> on page 1992
loopback on page 1993
show frame-delay one-way on page 1995
show frame-delay two-way on page 1997
show frame-loss single-ended on page 1999
show frame-loss synthetic single-ended on page 2001
show loopback multicast on page 2003

Command Reference Guide Y.1731 Application Command Set
frame-delay one-way
Use the frame-delay one-way command to configure a Y.1731 one-way frame delay performance
monitoring session between maintenance entity group (MEG) endpoints (MEPs). Use the no form of this
command to disable the frame delay monitoring session. Variations of this command include:
frame-delay one-way <mep id | target mac address | multicast>

frame-delay one-way <mep id | target mac address | multicast> priority <value>
frame-delay one-way <mep id | target mac address | multicast> priority <value> count <value>
interval <interval>
interval <interval> size <bytes>
interval <interval> size <bytes> data <data>
interval <interval> size <bytes> data <data> verbose
Syntax Description
<mep id> Specifies the MEP ID of the target MEP. Valid MEP ID range is 1 to
8191.
<target mac address> Specifies the medium access control (MAC) address of the target MEP.
Enter MAC addresses in hexadecimal format, for example:
xx:xx:xx:xx:xx:xx.
multicast Specifies the session is configured for multicast.
priority <value> Optional. Specifies the virtual local area network (VLAN) priority of the
target MEP. Valid range is 0 to 7.
count <value> Optional. Specifies the number of one-way delay measurement
message frames (1DM) sent to the target MEP. Valid range is 2 to
1024.
interval <interval> Optional. Specifies the time (in milliseconds) between 1DM
transmissions. Valid range is 100 to 900000 ms.
size <bytes> Optional. Specifies the size of the 1DM frame in bytes. If no size is
specified, 1DM fames are zero-padded up to 64 bytes. If the size is
specified, a data type-length value (TLV) is used to ensure the 1DM
frame is the correct length. Valid range is 0, or 64 to 2000 bytes.
data <data> Optional. Specifies a hex pattern used to fill the data TLV. Valid range is
0x0000 to 0xFFFF.
verbose Optional. Specifies details are given in the monitoring session.
Default Values
By default, no one-way frame delay monitoring sessions are configured. If a session is configured, it has
an interval of 1000 ms, a size of 0 bytes, and a data pattern of 0x0000 by default.

Command History
Release R11.10.0 Command was expanded to include the multicast parameter.
Usage Examples
The following example configures a one-way frame delay monitoring session for MEP 100 with a priority of
3, a count of 100, and the default interval, size, and data values:
#application
(app-y1731 MEG)#frame-delay one-way 100 priority 3 count 100

frame-delay two-way
Use the frame-delay two-way command to configure a Y.1731 two-way frame delay performance
monitoring session between maintenance entity group (MEG) endpoints (MEPs). Use the no form of this
command to disable the frame delay monitoring session. Variations of this command include:
frame-delay two-way <mep id | target mac address | multicast>

frame-delay two-way <mep id | target mac address | multicast> count <count>
frame-delay two-way <mep id | target mac address | multicast> data <data>
frame-delay two-way <mep id | target mac address | multicast> interval <interval>
frame-delay two-way <mep id | target mac address | multicast> measurement-interval <measurement
interval>
frame-delay two-way <mep id | target mac address | multicast> priority <priority>
frame-delay two-way <mep id | target mac address | multicast> repetition-time <repetition time>
frame-delay two-way <mep id | target mac address | multicast> size <size>
frame-delay two-way <mep id | target mac address | multicast> start-time [<start time> | immediate]
frame-delay two-way <mep id | target mac address | multicast> stop-time <stop time>
After specifying the MEP ID, MAC, or multicast address of the target MEP(s), the other
parameters can be entered in any order.
Syntax Description
8191.
<target mac address> Specifies the medium access control (MAC) address of the target MEP.
xx:xx:xx:xx:xx:xx.
count <count> Optional. Specifies the number of delay measurement messages
(DMMs) sent to the target MEP. Cannot be used in conjunction with the
stop-time parameter. Must be greater than or equal to the
measurement interval divided by the interval. Valid range is 2 to
1024.
data <data> Optional. Specifies a hex pattern used to fill the data TLV. Valid range is
0x0000 to 0xFFFF.
interval <interval> Optional. Specifies the number of milliseconds between DMM
measurement-interval Optional. Specifies the number of seconds over which frame delay
<measurement interval> statistics are generated. If used with the repetition-time parameter,
must be in minute intervals (multiples of 60) and less than the
repetition time. Valid range is 60 to 86400 seconds.
priority <priority> Optional. Specifies the virtual local area network (VLAN) priority of the
target MEP. Valid range is 0 to 7.

repetition-time <repetition time> Optional. Specifies the number of seconds between the start time of
measurement intervals. The repetition time must be at least as long as
the measurement interval and must be in minute intervals (multiples of
60). Valid range is 60 to 86400 seconds.
size <size> Optional. Specifies the size in bytes of the DMM frame. If no size is
specified, DMM fames are zero-padded up to 64 bytes. If the size is
specified, a data type-length value (TLV) is used to ensure the DMM
start-time Optional. Specifies the start time of the monitoring session.
<start time> Specifies the absolute time of day after the initiation of the session
that the measurement interval will begin. Specified in the format
HH:MM:SS. For example, midnight is 00:00:00.
immediate Specifies that the session will start immediately.
stop-time <stop-time> Optional. Specifies the duration in seconds of the frame delay
monitoring session. Cannot be used in conjunction with the count
parameter. Must be greater than or equal to the interval and must be
large enough for one packet to be transmitted. If stop-time is not
defined, then count will be used. Valid range is 0 to 15552000 seconds.
Default Values
By default, no two-way frame delay monitoring sessions are configured. If a session is configured, it has a
count of 60, an interval of 1000 ms, a measurement interval of 60 seconds, a size of 0 bytes, and a data
pattern of 0x0000 by default.
Command History
Release R11.6.0 Command was expanded to include the repetition-time, start-time
and stop-time parameters.
Usage Examples
The following example configures a two-way frame delay monitoring session for MEP 100 with a priority of
3, a start time of 02:00:00 (2:00 A.M.), a stop time of 3600 seconds (one hour), and the default interval,
measurement interval, repetition time, size, and data values:
#application
(app-y1731 MEG)#frame-delay two-way 100 priority 3 start-time 02:00:00 stop-time 3600

frame-loss single-ended
Use the frame-loss single-ended command to monitor single-ended frame loss across maintenance entity
group (MEG) endpoints (MEPs). This commands uses actual data traffic to measure frame loss. To
measure frame loss using synthetic frames, use the frame-loss synthetic single-ended on page 1989. Use
the no form of this command to disable the monitoring feature. Variations of this command include:
frame-loss single-ended <mep id | target mac address | multicast>

frame-loss single-ended <mep id | target mac address | multicast> count <count>
frame-loss single-ended <mep id | target mac address | multicast> data <data>
frame-loss single-ended <mep id | target mac address | multicast> interval <interval>
frame-loss single-ended <mep id | target mac address | multicast> measurement-interval
<measurement interval>
frame-loss single-ended <mep id | target mac address | multicast> priority <priority>
frame-loss single-ended <mep id | target mac address | multicast> repetition-time <repetition time>
frame-loss single-ended <mep id | target mac address | multicast> size <size>
frame-loss single-ended <mep id | target mac address | multicast> start-time [<start time> |
immediate]
frame-loss single-ended <mep id | target mac address | multicast> stop-time <stop time>
Syntax Description
8191.
<target mac address> Specifies medium access control (MAC) address of the target MEP.
xx:xx:xx:xx:xx:xx.
count <count> Optional. Specifies the number of loss measurement messages
(LMMs) sent to the target MEP. Cannot be used in conjunction with
the stop-time parameter. Must be greater than or equal to the
1024.
data <data> Optional. Specifies a hex pattern used to fill the data TLV. Valid range
is 0x0000 to 0xFFFF.
measurement-interval Optional. Specifies the number of seconds over which frame loss

priority <priority> Optional. Specifies the virtual local area network (VLAN) priority of
the target MEP. Valid range is 0 to 7.
measurement intervals. The repetition time must be at least as long
as the measurement interval and must be in minute intervals
(multiples of 60). Valid range is 60 to 86400 seconds.
defined, then count will be used. Valid range is 0 to 15552000
seconds.
Default Values
Command History
Usage Examples
The following example configures a frame-loss monitoring session for MEP 100 with a priority of 3, a start
time of 02:00:00 (2:00 A.M.), a stop time of 3600 seconds (one hour), and the default interval,
#application
(app-y1731 MEG)#frame-loss single-ended 100 priority 3 start-time 02:00:00 stop-time 3600

frame-loss synthetic single-ended

Use the frame-loss synthetic single-ended command to monitor frame loss across maintenance entity
group (MEG) endpoints (MEPs). This commands uses synthetic frames to measure frame loss. To measure
frame loss using actual data fames, use the frame-loss single-ended on page 1987.Use the no form of this
command to disable the monitoring feature. Variations of this command include:
frame-loss synthetic single-ended <mep id | target mac address | multicast>

frame-loss synthetic single-ended <mep id | target mac address | multicast> count <count>
frame-loss synthetic single-ended <mep id | target mac address | multicast> data <data>
frame-loss synthetic single-ended <mep id | target mac address | multicast> interval <interval>
frame-loss synthetic single-ended <mep id | target mac address | multicast> measurement-interval
<measurement interval>
frame-loss synthetic single-ended <mep id | target mac address | multicast> priority <priority>
frame-loss synthetic single-ended <mep id | target mac address | multicast> repetition-time
<repetition time>
frame-loss synthetic single-ended <mep id | target mac address | multicast> size <size>
frame-loss synthetic single-ended <mep id | target mac address | multicast> start-time [<start time> |
immediate]
frame-loss synthetic single-ended <mep id | target mac address | multicast> stop-time <stop time>
Syntax Description
8191.
<target mac address> Specifies the medium access control (MAC) address of the target
MEP. Enter MAC addresses in hexadecimal format, for example:
xx:xx:xx:xx:xx:xx.
count <count> Optional. Specifies the number of synthetic loss messages (SLMs)
sent to the target MEP. Cannot be used in conjunction with the
stop-time parameter. Must be greater than or equal to the
1024.
data <data> Optional. Specifies a hex pattern used to fill the data TLV. Valid range
is 0x0000 to 0xFFFF.
measurement-interval Optional. Specifies the number of seconds over which frame loss

priority <priority> Optional. Specifies the virtual local area network (VLAN) priority of
measurement intervals. The repetition time must be at least as long
as the measurement interval and must be in minute intervals
(multiples of 60). Valid range is 60 to 86400 seconds.
defined, then count will be used. Valid range is 0 to 15552000
seconds.
Default Values
Command History

Usage Examples
The following example configures a synthetic frame-loss monitoring session for MEP 100 with a priority of
3, a start time of 02:00:00 (2:00 A.M.), a stop time of 3600 seconds (one hour), and the default interval,
#application
(app-y1731 MEG)#frame-loss synthetic single-ended 100 priority 3 start-time 02:00:00 stop-time
3600

linktrace <mep id | target mac address>

Use the linktrace command to trace the link between Y.1731 maintenance entity group (MEG) endpoints
(MEPs). Use the no form of this command to disable the trace feature. Variations of this command include:
linktrace <mep id | target mac address>

linktrace <mep id | target mac address> sorted
linktrace <mep id | target mac address> ttl <value>
linktrace <mep id | target mac address> ttl <value> mac-fdb-only
linktrace <mep id | target mac address> ttl <value> mac-fdb-only sorted
linktrace <mep id | target mac address> ttl <value> verbose
Syntax Description
<mep id | target mac address> Specifies the MEP ID or medium access control (MAC) address of the
target MEP. Valid MEP ID range is 1 to 8191. Enter MAC addresses in
hexadecimal format, for example: xx:xx:xx:xx:xx:xx.
sorted Optional. Sorts the results of the trace by MEP ID or MAC address.
ttl <value> Optional. Specifies the number of mapped IP (MIP) address hops. Valid
range is 1 to 255.
mac-fdb-only Optional. Specifies that only MAC addresses in the forwarding
database (FDB) are traced.
verbose Optional. Specifies that trace results are shown in detail.
Default Values
By default, link trace tests are not performed.
Command History
Usage Example
The following example executes a trace of the link between MEP 100 and MEP 500:
#application
(app-y1731 MEG)#linktrace 500

loopback
Use the loopback command to send loopback messages (LBMs) between Y.1731 maintenance entity
group (MEG) endpoints (MEPs). The LBMs are used to verify bidirectional connectivity. Use the no form
of this command to disable this feature. Variations of this command include:
loopback multicast
loopback multicast priority <value>
loopback multicast priority <value> count <value>
loopback multicast priority <value> count <value> interval <interval>
loopback multicast priority <value> count <value> interval <interval> timeout <value>
loopback multicast <mep id | target mac address> priority <value> count <value> interval <interval>
timeout <value> size <value>
loopback multicast priority <value> count <value> interval <interval> timeout <value> size <value>
data [hex:4 | random]
data [hex:4 | random] validate
data [hex:4 | random] validate verbose
data [hex:4 | random] verbose
loopback unicast <mep id | target mac address>

loopback unicast <mep id | target mac address> priority <value>
loopback unicast <mep id | target mac address> priority <value> count <value>
loopback unicast <mep id | target mac address> priority <value> count <value> interval <interval>
timeout <value>
timeout <value> size <value>
timeout <value> size <value> data [hex:4 | random]
timeout <value> size <value> data [hex:4 | random] validate
timeout <value> size <value> data [hex:4 | random] validate verbose
timeout <value> size <value> data [hex:4 | random] verbose
Syntax Description
unicast Specifies the unicast MEP ID or medium access control (MAC)
<mep id | target mac address> address of the target MEP. Valid MEP ID range is 1 to 8191. Enter
MAC addresses in hexadecimal format, for example:
xx:xx:xx:xx:xx:xx.

priority <value> Optional. Specifies the virtual local area network (VLAN) priority of
count <value> Optional. Specifies the number of LBMs sent to the target MEP. Valid
range is 2 to 1024.
interval <interval> Optional. Specifies the time (in milliseconds) between LBM
timeout <value> Optional. Specifies the interval at which the loopback feature times
out if there is no response to an LBM. Valid range is 100 to
5000 milliseconds.
size <bytes> Optional. Specifies the size of the LBM frame in bytes. If no size is
specified, LBM fames are zero-padded up to 64 bytes. If the size is
specified, a data type-length value (TLV) is used to ensure the LBM
frame is the correct length. Valid range is 64 to 9242 bytes.
data Optional. Specifies a pattern used to fill the data TLV.
hex:4 Specifies any sequence of 4 hexadecimal digits.
random Specifies a pseudo randomly generated number pattern
validate Optional. Validates the connection between the MEPs.
verbose Optional. Specifies that details are included in loopback test results.
Default Values
By default, no loopback tests are configured. If a test is configured, it has an interval of 1000 ms, a timeout
of 100 seconds, a size of 0 bytes, and a data pattern of 0x0000 by default.
Command History
Release R11.1.0 Command was expanded to include the random parameter.
Release R11.7.0 The valid range of the size parameter was changed from 64 to 2000
bytes to 64 to 9242 bytes.
Functional Notes
When using the multicast loopback option, LBMs are sent a multicast MAC address. Up to 8 responding
(LBR) MEPs/MAC addresses are recorded and displayed in the output of the command show loopback
multicast on page 2003. The maximum count of LBMs supported for multicast is 60, and the maximum for
unicast is 1024.
Usage Examples
The following example creates a loopback test between MEP 100 and MEP 500:
#application
(app-y1731 MEG)#loopback unicast 500

show frame-delay one-way

Use the show frame-delay one-way command to display statistics and configuration of one-way frame
delay performance monitoring sessions. Variations of this command include:
show frame-delay one-way

show frame-delay one-way <session id>
show frame-delay one-way <session id> realtime
Syntax Description
<session id> Optional. Specifies that results for a specific frame delay monitoring session
are displayed. Valid range is 1 to n.
realtime Optional. Displays full-screen output in realtime. Information is continuously
updated on the console.
Default Values
Command History
Usage Examples
The following example displays the configuration of all one-way frame delay monitoring sessions:
#application
(app-y1731 MEG)#show frame-delay one-way
Session 1 is Active
Source MAC : 00:a0:c8:00:00:01
VLAN Priority :7
Receive Interval ms: 1000.12
Measurement Interval
Receive Count Previous Current
: 60 55

Delay
Mean ms: 0.08 0.09
Maximum ms: 0.10 0.21
Minimum ms: 0.07 0.07
Delay Variation Maximum
Inter-packet ms: 0.03 0.13
Reference-packet ms:0.03 0.14

show frame-delay two-way

Use the show frame-delay two-way command to display statistics and configuration of two-way frame
delay performance monitoring sessions. Variations of this command include:
show frame-delay two-way

show frame-delay two-way <session id>
show frame-delay two-way <session id> realtime
Syntax Description
Default Values
Command History
Release R11.6.0 Command output was expanded to include the Start-Time, Stop-Time,
Repetition-Time, and Suspect Flag fields.
Usage Examples
The following example displays the configuration of all two-way frame delay monitoring sessions:
#application
(app-y1731 MEG)#show frame-delay two-way
MEP 100 Two-way Delay Session Results
Session 1 is Active
Session Type : Proactive
Target MAC : 00:a0:c8:01:00:00
VLAN Priority :3
Start Time : 12:01:10 UTC Thu Jan 01 197
Stop Time : Forever
DMM Transmit Interval : 1000

DMM Measurement Interval : 60

Repetition Time : 60
DMM Size :0
DMM Payload Data : 0000
Measurement Interval Previous Current
DMMs Transmitted : 60 28
DMRs Received :0 0
Valid DMRs Received :0 0
Invalid DMRs Received :0 0
Out-of-order DMRs Received :0 0
Suspect Flag : No No
Round-trip Delay
Mean ms: 0.00 0.00
Round-trip Delay Variation Mean
Round-trip Delay Variation Maximum
Reference-packet ms: 0.00 0.00
Round-trip Delay Variation Minimum
Forward One-Way Delay
Mean ms: 0.00 0.00
Forward One-Way Delay Variation Mean
Forward One-Way Delay Variation Maximum
Forward One-Way Delay Variation Minimum
Backward One-Way Delay
Mean ms: 0.00 0.00
Backward One-Way Delay Variation Mean
Backward One-Way Delay Variation Maximum
Backward One-Way Delay Variation Minimum

show frame-loss single-ended

Use the show frame-loss single-ended command to display statistics of single-ended frame loss
monitoring sessions. Variations of this command include:
show frame-loss single-ended

show frame-loss single-ended <session id>
show frame-loss single-ended <session id> realtime
your unit.
Syntax Description
realtime Optional. Displays full-screen output in real time. Information is updated on
the console.
Default Values
Command History
Functional Notes
page 1125).

Usage Examples
The following example displays the statistics of frame loss monitoring for session 1:
#application
(app-y1731 MEG)#show frame-loss single-ended 1
MEP 1111 Single-Ended Frame Loss Results
Session 1 is Active
Target MAC : 00:a0:c8:01:00:00
VLAN Priority :4
Stop Time : Forever
LMM Transmit Interval : 1000
LMM Measurement Interval : 60
LMM Size :0
LMM Payload Data : 0000
LMMs Transmitted : 60 56
LMRs Received : 60 56
Valid LMRs Received : 60 56
Invalid LMRs Received :0 0
Out-of-order LMRs Received :0 0
Frame Loss Near End :0 0

Frame Loss Far End :0 0
Frame Loss Ratio Near End : 0.0000 0.0000
Frame Loss Ratio Far End : 0.0000 0.0000
Min Frame Loss Ratio Near End : 0.0000 0.0000
Min Frame Loss Ratio Far End : 0.0000 0.0000
Max Frame Loss Ratio Near End : 0.0000 0.0000
Max Frame Loss Ratio Far End : 0.0000 0.0000
Max Consecutive Frame Loss :0 0

show frame-loss synthetic single-ended

Use the show frame-loss synthetic single-ended command to display statistics of synthetic single-ended
frame loss monitoring sessions. Variations of this command include:
show frame-loss synthetic single-ended

show frame-loss synthetic single-ended <session id>
show frame-loss synthetic single-ended <session id> realtime
your unit.
Syntax Description
Default Values
Command History
Release R11.6.0 Command output was expanded to include the Start-Time, Stop-Time,
Repetition-Time, and Suspect Flag fields.
Usage Examples
The following example displays the statistics of synthetic frame loss monitoring for session 1:
#application
(app-y1731 MEG)#show frame-loss synthetic single-ended 1
MEP 1111 Synthetic Single-Ended Frame Loss Results

Session 1 is Active
Target MAC : 00:a0:c8:01:00:00
VLAN Priority :4
Stop Time : Forever
SLM Transmit Interval : 1000
SLM Measurement Interval : 60
SLM Size :0
SLM Payload Data : 0000
SLMs Transmitted : 60 56
SLRs Received : 60 56
Valid SLRs Received : 60 56
Invalid SLRs Received :0 0
Out-of-order SLRs Received :0 0
Frame Loss Near End :0 0

Frame Loss Far End :0 0
Frame Loss Ratio Near End : 0.0000 0.0000
Frame Loss Ratio Far End : 0.0000 0.0000
Min Frame Loss Ratio Near End : 0.0000 0.0000
Min Frame Loss Ratio Far End : 0.0000 0.0000
Max Frame Loss Ratio Near End : 0.0000 0.0000
Max Frame Loss Ratio Far End : 0.0000 0.0000
Max Consecutive Frame Loss :0 0

show loopback multicast

Use the show loopback multicast command to display a detailed report of all remote Y.1731 maintenance
entity group (MEG) endpoints (MEPs) that responded to the last issuance of the loopback multicast
command (refer to loopback on page 1993).
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
The output of this command is reset with every new issuance of the loopback multicast command (refer
to loopback on page 1993). Only eight responding remote devices are displayed in the output of the show
loopback multicast command, regardless of how many remote devices are configured or have learned
medium access control (MAC) addresses.
Usage Examples
The following example displays output from the show loopback multicast command:
#application
(app-y1731 MEG)#show loopback multicast
RMEP Out Of Data Timed
MacAddress ID Success Order Mismatch Out Incomplete
-----------------------------------------------------------------------
00:00:12:AB:12:12 416 60 0 0 0 0
00:A0:C8:01:ED:A5 3416 60 0 0 0 0

INTERFACE COMMAND SETS

The interface command sets are divided into the following sections:
• Line Interface Command Sets on page 2005

• Physical Interface Command Sets on page 2056
• Virtual Interface Command Sets on page 2482
• Wireless Interface Command Sets on page 3478

LINE INTERFACE COMMAND SETS

• Line (Console) Interface Command Set on page 2006

• Line (SSH) Interface Command Set on page 2023
• Line (Telnet) Interface Command Set on page 2039

Line (Console) Interface Command Set Command Reference Guide
LINE (CONSOLE) INTERFACE COMMAND SET
To activate the Line (Console) Interface Configuration mode, enter the line console 0 command at the
Global Configuration mode prompt. For example:
>enable
#configure terminal
(config-con 0)#
do on page 81
end on page 82
exit on page 83
access-attempts on page 2007

accounting commands begin on page 2008
authorization commands begin on page 2011
databits <value> on page 2013
flowcontrol on page 2014
line-timeout <value> on page 2015
login on page 2016
login authentication <listname> on page 2017
login local-userlist on page 2018
parity on page 2019
password <password> on page 2020
speed <rate> on page 2021
stopbits <value> on page 2022

Command Reference Guide Line (Console) Interface Command Set
access-attempts
Use the access-attempts command to specify the number of failed access attempts allowed on the line
console before the session is locked. Use the no form of this command to disable this feature. Variations of
access-attempts <number>
access-attempts <number> lock-period <number>
Syntax Description
<number> Specifies the number of failed access attempts allowed before the session
is locked. The session remains locked for the lock period. Valid range is 1 to
10 attempts; a value of 0 disables the feature.
lock-period <number> Optional. Specifies the lock period. Valid range is 1 to 30 seconds, with a
default value of 3 seconds.
Default Values
By default, this feature is disabled and multiple access attempts are allowed. When enabled, the default
lock period is 3 seconds.
Command History
Usage Examples
The following example specifies that 5 failed login attempts are allowed before the session is locked, and
that the session remains locked for 10 seconds:
(config-con 0)#access-attempts 5 lock-period 10

accounting commands <level> <listname>

Use the accounting commands command to assign authentication, authorization, and accounting (AAA)
command accounting method lists to line interfaces. You must first turn AAA on for this command to
become available (using the command aaa on on page 1179). Use the no form of this command to remove
the AAA command accounting method list from the interface. Variations of this command include:
accounting commands <level> default

Syntax Description
<level> Specifies whether the list applies to Level 1 (unprivileged) or Level 15
(privileged) commands.
default Applies the default AAA command accounting method list to the interface.
<listname> Applies the specified AAA command accounting method list to the interface.
Default Values
By default, no AAA command accounting method list is applied to the line interface.
Command History
Functional Notes
AAA command accounting method lists are used to specify the types of information recorded when users
access specified command levels. For more information about configuring command accounting lists, refer
to the command aaa accounting connection on page 1149.
For more information about configuring AAA on your network, refer to the configuration guide Configuring
AAA in AOS available online at https://supportcommunity.adtran.com.
Usage Examples
The following example specifies that AAA command accounting list Accounting1 is applied to all Level 15
commands on all console lines:
(config-con 0)#accounting commands 15 Accounting1

accounting connection <listname>

Use the accounting connection command to assign authentication, authorization, and accounting (AAA)
connection accounting method lists to line interfaces. You must first turn AAA on for this command to
the AAA connection accounting method list from the interface. Variations of this command include:
accounting connection default

Syntax Description
default Applies the default AAA connection accounting method list to the interface.
<listname> Applies the specified AAA connection accounting method list to the
interface.
Default Values
Command History
Functional Notes
AAA connection accounting method lists are used to specify the types of information recorded about
outbound connections made from the AOS unit. For more information about configuring connection
accounting lists, refer to the command aaa accounting connection on page 1149.
Usage Examples
The following example specifies that AAA connection accounting list AcctConn1 is applied to all console
lines:
(config-con 0)#accounting connection AcctConn1

accounting exec <listname>

Use the accounting exec command to assign authentication, authorization, and accounting (AAA)
executive accounting method lists to line interfaces. You must first turn AAA on for this command to
the AAA executive accounting method list from the interface. Variations of this command include:
accounting exec default

Syntax Description
interface.
Default Values
Command History
Functional Notes
AAA executive accounting method lists are used to specify the types of information recorded about
inbound connections made by connecting to the line interfaces and creating a terminal session. For more
information about configuring executive accounting lists, refer to the command aaa accounting exec on
page 1152.
Usage Examples
The following example specifies that AAA executive accounting list Inboundacct1 is applied to the
console line:
(config-con 0)#accounting exec Inboundacct1

authorization commands <level> <listname>

Use the authorization commands command to assign authentication, authorization, and accounting
(AAA) command authorization method lists to line interfaces. You must first turn AAA on for this
command to become available (using the command aaa on on page 1179). Use the no form of this
command to remove the AAA command authorization method list from the interface. Variations of this
command include:
authorization commands <level> default

Syntax Description
default Applies the default AAA command authorization method list to the interface.
<listname> Applies the specified AAA command authorization method list to the
interface.
Default Values
By default, no AAA command authorization method list is applied to the line interface.
Command History
Functional Notes
AAA command authorization method lists are used to allow or restrict the use of certain commands on a
per-user basis. For more information about configuring command authorization lists, refer to the command
aaa authorization commands <level> on page 1168.
Usage Examples
The following example specifies that AAA command authorization list Authorization1 is applied to the
Level 15 commands on all console line:
(config-con 0)#authorization commands 15 Authorization1

authorization exec <listname>

Use the authorization exec command to assign authentication, authorization, and accounting (AAA)
Enable mode authorization method lists to line interfaces. You must first turn AAA on for this command to
the AAA Enable mode authorization method list from the interface. Variations of this command include:
authorization exec default

Syntax Description
default Applies the default AAA Enable mode authorization method list to the
interface.
<listname> Applies the specified AAA Enable mode authorization method list to the
interface.
Default Values
By default, no AAA Enable mode authorization method list is applied to the line interface.
Command History
Functional Notes
AAA Enable mode authorization method lists are used to allow or restrict user access to the privileged
command line interface (CLI) mode (Enable mode). For more information about configuring Enable mode
authorization lists, refer to the command aaa authorization exec on page 1173.
Usage Examples
The following example specifies that AAA Enable mode authorization list ExecList1 is applied to the
console line:
(config-con 0)#authorization exec ExecList1

databits <value>
Use the databits command to set the number of databits per character for a terminal session. This value
must match the configuration of your VT100 terminal or terminal emulator software. Use the no form of
this command to return to the default value.
Syntax Description
<value> Specifies the data bits per character. Select from 7 or 8 databits per
character.
Default Values
By default, the databits are set to 8.
Command History
Functional Notes
Usage Examples
The following example configures 7 databits per character for the console terminal session:
(config-con 0)#databits 7

flowcontrol
Use the flowcontrol command to set flow control for the line console. Use the no form of this command to
return to the default setting. Variations of this command include:
flowcontrol none
flowcontrol software in
Syntax Description
none Specifies no flow control.
software in Configures AOS to derive flow control from the attached device.
Default Values
By default, flow control is set to none.
Command History
Functional Notes
Usage Examples
The following example configures no flow control for the line console:
(config-con 0)#flowcontrol none

line-timeout <value>
Use the line-timeout command to specify the number of minutes a line session may remain inactive before
AOS terminates the session. Use the no form of this command to return to the default value. Variations of
line-timeout <value> any-activity
Syntax Description
<value> Specifies the number of minutes a line session may remain inactive before
AOS terminates the session. Valid range: 0 to 35791. Entering a
line-timeout value of 0 disables the feature.
any-activity Optional. Specifies that the SSH session does not time out until the
specified value when the client is receiving or sending information with the
AOS device.
Default Values
By default, the line-timeout is set to 15 minutes.
Command History
Release R11.10.2 Command was expanded to include the any-activity parameter.
Functional Notes
The session timer is typically reset if data is sent from the client to the AOS device, but not if data is sent
from the AOS device to the client. The optional any-activity parameter of this command prevents the
session from timing out when the client is in a passive mode (only receiving data from the AOS device).
Usage Examples
The following example specifies a timeout of 2 minutes for all console sessions:
(config-con 0)#line-timeout 2

login
Use the login command to enable security login on the line session. Additionally, it is necessary to
configure the password using the command password <password> on page 2020. Use the no form of this
command to disable the login feature.
Syntax Description
No subcommands.
Default Values
By default, secure login is disabled.
Command History
Usage Examples
The following example enables the security login feature and specifies a password (mypassword) on the
available console session:
(config-console 0)#login
(config-con 0)#password mypassword

login authentication <listname>

Use the login authentication command to apply the named authentication, authorization, and accounting
(AAA) login method list to the line interface for authenticating users connecting to the interface. Use the
no form of this command to remove the authentication method list from the interface.
Syntax Description
<listname> Specifies the AAA login authentication method list to use for authentication.
Default Values
By default, no AAA login authentication method list is specified. If AAA is enabled (using the command aaa
on on page 1179), but no login authentication method list is specified, the default login authentication
method list is used. If the default list is used, but the default list has not been configured, console interfaces
will automatically grant access (to prevent a lockout situation).
Command History
Functional Notes
AAA login authentication method lists are used to verify user logins on the line interface. For more
information about configuring login authentication method lists, refer to the command aaa authentication
login on page 1161.
Usage Examples
The following example specifies that the AAA login authentication method list AuthList1 is applied to the
console line:
(config-con 0)#login authentication AuthList1

login local-userlist
Use the login local-userlist command to enable security login for the terminal session. It is required to
configure user names and passwords using the username/password command from the Global
Configuration mode (refer to username <username> password <password> on page 1872). Use the no
form of this command to disable the login local-userlist feature.
All user properties assigned using the username/password command are valid when using
the login local-userlist command.
Syntax Description
No subcommands.
Default Values
By default, there is no login password set to access the unit.
Command History
Usage Examples
The following example displays creating a local userlist and enabling the security login feature on the
CONSOLE port:
(config)#username my_user password my_password

(config-con 0)#login local-userlist
When connecting to the unit, the following prompts are displayed:
User Access Login

Username: ADTRAN
Password:
Router#

parity
Use the parity command to specify the type of parity used as error correction. This value must match the
configuration of your VT100 terminal or terminal emulator software. Use the no form of this command to
return to the default value. Variations of this command include:
parity even
parity mark
parity none
parity odd
parity space
Syntax Description
even Sets the parity bit to 0 if the number of 1 bits in the data sequence is odd, or
set to 1 if the number of 1 bits is even.
mark Always sets the parity bit to 1.
none No parity bit used.
odd Sets the parity bit to 1 if the number of 1 bits in the data sequence is even,
or set to 1 if the number is odd.
space Always sets the parity bit to 0.
Default Values
By default, the parity option is set to none.
Command History
Functional Notes
Parity is the process used to detect whether characters have been altered during the data transmission
process. Parity bits are appended to data frames to ensure that parity (whether it be odd or even) is
maintained.
Usage Examples
The following example specifies mark parity for the console terminal session:
(config-con 0)#parity mark

password <password>
Use the password command to configure the password (with optional encryption) required on the line
session when security login is enabled (using the command login on page 2016). Use the no form of this
command to remove a configured password. Variations of this command include:
password <password>
password md5 <password>
Syntax Description
<password> Specifies the password for the line session using an alphanumeric
character string (up to 16 characters).
md5 Specifies message digest 5 (MD5) as the encryption protocol to use when
displaying the enable password during show commands. If the MD5
keyword is not used, encryption is not used when displaying the enable
password during show commands.
Default Values
By default, there is no login password set for access to the unit.
Command History
Release 6.1 Encryption was added.
Usage Examples
The following example enables the security login feature and specifies a password on the CONSOLE port:
(config-con 0)#login
(config-con 0)#password mypassword
To provide extra security, AOS can encrypt the enable password when displaying the current
configuration. For example, the following is a show configuration printout (password portion) with an
unencrypted enable password (ADTRAN):
!
!
Alternately, the following is a show configuration printout (password portion) with an enable password of
ADTRAN using md5 encryption:
!
!

speed <rate>
Use the speed command to specify the data rate for the CONSOLE port. This setting must match your
VT100 terminal emulator or emulator software. Use the no form of this command to restore the default
value.
Syntax Description
<rate> Specifies rate of data transfer on the interface (2400; 4800; 9600; 19200;
38400; 57600; or 115200 bps).
Default Values
By default, the speed is set to 9600 bps.
Command History
Functional Notes
Usage Examples
The following example configures the CONSOLE port for 19200 bps:
(config-con 0)#speed 19200

stopbits <value>
Use the stopbits command to set the number of stopbits per character for a terminal session. This value
must match the configuration of your VT100 terminal or terminal emulator software. The default is
1 stopbit per character. Use the no form of this command to return to the default value.
Syntax Description
<value> Specifies the stopbits per character. Select from 1 or 2 stopbits per
character.
Default Values
By default, the stopbits are set to 1.
Command History
Functional Notes
Usage Examples
The following example configures 2 stopbits per character for the console terminal session:
(config-con 0)#stopbits 2

Command Reference Guide Line (SSH) Interface Command Set
LINE (SSH) INTERFACE COMMAND SET
To activate the Line Secure Shell (SSH) Interface Configuration mode, enter the line ssh command
specifying a SSH session(s) at the Global Configuration mode prompt. For example:
>enable
#configure terminal
(config-ssh0-4)#
You can select a single line by entering the line ssh command followed by the line number (0-4). For
example:
>enable
#configure terminal
(config)#line ssh 2
(config-ssh2)#
do on page 81
end on page 82
exit on page 83
shutdown on page 93

ip access-class <ipv4 acl name> in on page 2029
ip access-policy <ipv4 acp name> on page 2031
ipv6 access-class <ipv6 acl name> in on page 2033
login on page 2036

Line (SSH) Interface Command Set Command Reference Guide


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
commands on all secure shell (SSH) lines:
(config-ssh0-4)#accounting commands 15 Accounting1



Syntax Description
interface.
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies that AAA connection accounting list AcctConn1 is applied to all secure
shell (SSH) lines:
(config-ssh0-4)#accounting connection AcctConn1



Syntax Description
interface.
Default Values
Command History
Functional Notes
page 1152.
Usage Examples
The following example specifies that AAA executive accounting list Inboundacct1 is applied to all secure
shell (SSH) lines:
(config-ssh0-4)#accounting exec Inboundacct1


command include:

Syntax Description
interface.
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies that AAA command authorization list Authorization1 is applied to all
Level 15 commands on all secure shell (SSH) lines:
(config-ssh0-4)#authorization commands 15 Authorization1



Syntax Description
interface.
interface.
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies that AAA Enable mode authorization list ExecList1 is applied to all secure
shell (SSH) lines:
(config-ssh0-4)#authorization exec ExecList1

ip access-class <ipv4 acl name> in

Use the ip access-class in command to restrict Internet Protocol version 4 (IPv4) secure shell (SSH) access
using a configured access control list (ACL). Received IPv4 packets passed by the ACL will be allowed.
Use the ACL configuration to deny hosts or entire networks or to permit specified IPv4 addresses. Use the
no form of this command to disable this feature. Refer to ip access-list standard <ipv4 acl name> on
page 1338 and ip access-list extended <ipv4 acl name> on page 1336 for more information about
configuring ACLs. Variations of this command include:

ip access-class <ipv4 acl name> in any-vrf
ip access-class <ipv4 acl name> in vrf <name>
Syntax Description
<ipv4 acl name> Identifies the configured IPv4 ACL using an alphanumeric descriptor (all
ACL descriptors are case sensitive).
any-vrf Optional. Allows incoming connections from any virtual routing and
forwarding (VRF) instance based on the parameters set in the ACL. Without
this keyword, the ACL only applies to the default VRF and all SSH
connections on nondefault VRFs will be ignored.
vrf <name> Optional. Allows incoming connections from a specified VRF instance
based on the parameters set in the access class list.
Default Values
By default, there are no configured IPv4 ACLs associated with SSH sessions.
Command History
Release 16.1 Command was expanded to include the any-vrf parameter.
Release 18.2 Command was changed to include the ip parameter to accommodate
Internet Protocol version 6 (IPv6) support for ADTRAN internetworking
products only.
Release R10.1.0 Command was changed to include the ip parameter to accommodate
Internet Protocol version 6 (IPv6) support for ADTRAN voice products.
Functional Notes
When using the ip access-class in command to associate an ACL with an SSH session, remember to
duplicate the ip access-class in command for all configured SSH sessions 0 through 4. SSH access to
the unit using a specific SSH session is not possible. Users will be assigned the first available SSH
session.

Usage Examples
The following example associates the IPv4 ACL Trusted (to allow SSH sessions from the 192.22.56.0 /24
network) with all SSH sessions (0 through 4) on all VRF instances:
Create the IPv4 ACL:
(config)#ip access-list standard Trusted

(config)#permit 192.22.56.0 0.0.0.255
Enter the line (SSH):
Associate the ACL with the SSH session:
(config-ssh0-4)#ip access-class Trusted in any-vrf

ip access-policy <ipv4 acp name>

Use the ip access-policy command to assign a specified Internet Protocol version 4 (IPv4) access control
policy (ACP) to an interface. IPv4 ACPs are applied to IPv4 traffic entering an interface. Use the no form
of this command to remove an ACP association. For more information on using IPv4 ACPs, refer to ip
policy-class <ipv4 acp name> on page 1426.
Configured IPv4 ACPs will only be active if the ip firewall command has been entered at
the Global Configuration mode prompt to enable the AOS IPv4 security features. All
configuration parameters are valid, but no security data processing will be attempted
unless the security features are enabled.
Syntax Description
<ipv4 acp name> Identifies the configured IPv4 ACP by alphanumeric descriptor (all ACP
descriptors are case sensitive).
Default Values
By default, there are no configured IPv4 ACPs associated with an interface.
Command History
Release 5.1 Command was expanded to include the Ethernet subinterfaces.
Release 6.1 Command was expanded to include the virtual local area network (VLAN)
interfaces.
Release 15.1 Command was expanded to include the bridged virtual interfaces (BVIs).
products.
Functional Notes
To assign an IPv4 ACP to an interface, enter the interface configuration mode for the desired interface and
enter ip access-policy <ipv4 acp name>.
Usage Examples
The following example associates the IPv4 ACP PRIVATE (to allow inbound IPv4 traffic to the Web server)
to the Ethernet interface 0/1:
Enable the AOS security features:


Associate the ACP with the interface:
(config-ssh0-4)#ip access-policy PRIVATE

ipv6 access-class <ipv6 acl name> in

Use the ipv6 access-class in command to restrict Internet Protocol version 6 (IPv6) secure shell (SSH)
access using a configured access control list (ACL). Received IPv6 packets passed by the ACL will be
allowed. Use the ACL configuration to deny hosts or entire networks or to permit specified IPv4 addresses.
Use the no form of this command to disable this feature. Refer to ipv6 access-list standard <ipv6 acl
name> on page 1494 and ipv6 access-list extended <ipv6 acl name> on page 1492 for more information
about configuring ACLs. Variations of this command include:

ipv6 access-class <ipv6 acl name> in any-vrf
ipv6 access-class <ipv6 acl name> in vrf <name>
Syntax Description
this keyword, the ACL only applies to the default VRF and all SSH
Default Values
By default, there are no configured ACLs associated with SSH sessions.
Command History
Functional Notes
When using the ipv6 access-class in command to associate an ACL with an SSH session, remember to
duplicate the ipv6 access-class in command for all configured SSH sessions 0 through 4. SSH access to
the unit using a specific SSH session is not possible. Users will be assigned the first available SSH
session.

Usage Examples
The following example associates the IPv6 ACL Trustedv6 (to allow SSH sessions from the
2001:DB8:3F::/64 network) with all SSH sessions (0 through 4) on all VRF instances:
(config)#ipv6 access-list extended Trustedv6

(config-ext6-nacl)#permit ipv6 2001:DB8:3F::/64 any
Enter the line (SSH):
(config-ssh0-4)#ipv6 access-class Trustedv6 in any-vrf

Syntax Description
AOS device.
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies a timeout of 2 minutes for all secure shell (SSH) sessions:
(config-ssh0-4)#line-timeout 2

login
Use the login command to enable security login on the line session requiring the password configured
using the password command. Use the no form of this command to disable the login feature.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables the security login feature and specifies a password (mypassword) on all
the available secure shell (SSH) sessions (0 through 4):
(config-ssh0-4)#login
(config-ssh0-4)#password mypassword


Syntax Description
Default Values
method list is used. If the default list is used, but the default list has not been configured, secure shell
(SSH) interfaces use the local user database for authentication.
Command History
Functional Notes
login on page 1161.
Usage Examples
The following example specifies that the AAA login authentication method list AuthList1 is applied to all
SSH lines:
(config-ssh0-4)#login authentication AuthList1

Use the login local-userlist command to check the local list of user names and passwords configured using
the username/password Global Configuration command (refer to username <username> password
<password> on page 1872).
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example creates a local userlist and enables the security login feature:

(config)#line ssh 0
(config-ssh0)#login local-userlist
User Access Login

Username: my_user
Password:
#

Command Reference Guide Line (Telnet) Interface Command Set
LINE (TELNET) INTERFACE COMMAND SET
To activate the Line (Telnet) Interface Configuration mode, enter the line telnet command specifying a
Telnet session(s) at the Global Configuration mode prompt. For example:
>enable
#configure terminal
(config-telnet0-4)#
You can select a single line by entering the line telnet command followed by the line number (0-4). For
example:
>enable
#configure terminal
(config-telnet2)#
do on page 81
end on page 82
exit on page 83
shutdown on page 93

ip access-class <ipv4 acl name> in on page 2045
ip access-policy <ipv4 acp name> on page 2047
ipv6 access-class <ipv6 acl name> in on page 2049
login on page 2052
password <password> on page 2055

Line (Telnet) Interface Command Set Command Reference Guide


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
commands on all Telnet lines:
(config-telnet0-4)#accounting commands 15 Accounting1



Syntax Description
interface.
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies that AAA connection accounting list AcctConn1 is applied to all Telnet
lines:
(config-telnet0-4)#accounting connection AcctConn1



Syntax Description
interface.
Default Values
Command History
Functional Notes
page 1152.
Usage Examples
The following example specifies that AAA executive accounting list Inboundacct1 is applied to all Telnet
lines:
(config-telnet0-4)#accounting exec Inboundacct1


command include:

Syntax Description
interface.
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies that AAA command authorization list Authorization1 is applied to all
Level 15 commands on all Telnet lines:
(config-telnet0-4)#authorization commands 15 Authorization1



Syntax Description
interface.
interface.
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies that AAA Enable mode authorization list ExecList1 is applied to all Telnet
lines:
(config-telnet0-4)#authorization exec ExecList1


Use the ip access-class in command to restrict Internet Protocol version 4 (IPv4) telnet access using a
configured access control list (ACL). Received IPv4 packets passed by the ACL will be allowed. Use the
ACL configuration to deny hosts or entire networks or to permit specified IPv4 addresses. Use the no form
of this command to disable this feature. Refer to ip access-list standard <ipv4 acl name> on page 1338
and ip access-list extended <ipv4 acl name> on page 1336 for more information about configuring
ACLs. Variations of this command include:

ip access-class <ipv4 acl name> in any-vrf
ip access-class <ipv4 acl name> in vrf <name>
Syntax Description
this keyword, the ACL only applies to the default VRF and all telnet
Default Values
By default, there are no configured IPv4 ACLs associated with telnet sessions.
Command History
Release 16.1 Command was expanded to include the any-vrf parameter.
Release 18.2 Command was changed to include the ip parameter to accommodate
Internet Protocol version 6 (IPv6) support for ADTRAN internetworking
products only.
Release R10.1.0 Command was changed to include the ip parameter to accommodate
Internet Protocol version 6 (IPv6) support for ADTRAN voice products.
Functional Notes
When using the ip access-class in command to associate an ACL with a telnet session, remember to
duplicate the ip access-class in command for all configured telnet sessions 0 through 4. Telnet access to
the unit using a specific telnet session is not possible. Users will be assigned the first available telnet
session.

Usage Examples
The following example associates the IPv4 ACL Trusted (to allow telnet nsessions from the 192.22.56.0
/24 network) with all telnet sessions (0 through 4) on all VRF instances:
(config)#ip access-list standard Trusted

(config)#permit 192.22.56.0 0.0.0.255
Enter the line (Telnet):
(config-telnet0-4)#ip access-class Trusted in any-vrf


Syntax Description
Default Values
Command History
interfaces.
products.
Functional Notes
Usage Examples


(config-telnet0-4)#ip access-policy PRIVATE


Use the ipv6 access-class in command to restrict Internet Protocol version 6 (IPv6) telnet access using a
configured access control list (ACL). Received IPv6 packets passed by the ACL will be allowed. Use the
ACL configuration to deny hosts or entire networks or to permit specified IPv4 addresses. Use the no form
of this command to disable this feature. Refer to ipv6 access-list standard <ipv6 acl name> on page 1494
and ipv6 access-list extended <ipv6 acl name> on page 1492 for more information about configuring
ACLs. Variations of this command include:

ipv6 access-class <ipv6 acl name> in any-vrf
ipv6 access-class <ipv6 acl name> in vrf <name>
Syntax Description
this keyword, the ACL only applies to the default VRF and all telnet
Default Values
By default, there are no configured ACLs associated with telnet sessions.
Command History
Functional Notes
When using the ipv6 access-class in command to associate an ACL with a telnet session, remember to
duplicate the ipv6 access-class in command for all configured telnet sessions 0 through 4. Telnet access
to the unit using a specific SSH session is not possible. Users will be assigned the first available telnet
session.

Usage Examples
The following example associates the IPv6 ACL Trustedv6 (to allow telnet sessions from the
2001:DB8:3F::/64 network) with all telnet sessions (0 through 4) on all VRF instances:
(config)#ipv6 access-list extended Trustedv6

(config-ext6-nacl)#permit ipv6 2001:DB8:3F::/64 any
Enter the line (telnet):
Associate the ACL with the telnet session:
(config-telnet0-4)#ipv6 access-class Trustedv6 in any-vrf

Syntax Description
AOS device.
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies a timeout of 2 minutes for all telnet sessions:
(config-telnet0)#line-timeout 2

login
Use the login command to enable security login on the line session requiring the password configured
using the password command. Use the no form of this command to disable the login feature.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables the security login feature and specifies a password on all the available
Telnet sessions (0 through 4):
(config-telnet0-4)#login
(config-telnet0-4)#password mypassword


Syntax Description
Default Values
method list is used. If the default list is used, but the default list has not been configured, Telnet interfaces
use the local user database for authentication.
Command History
Functional Notes
login on page 1161.
Usage Examples
The following example specifies that the AAA login authentication method list AuthList1 is applied to all
Telnet lines:
(config-telnet0-4)#login authentication AuthList1

Use the login local-userlist command to enable security login for the terminal session requiring the user
names and passwords configured using the username/password Global Configuration command. Use the
no form of this command to disable the login local-userlist feature.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example displays creating a local userlist and enabling the security login feature:

(config-telnet0)#login local-userlist
User Access Login

Username: my_user
Password:
Router#

password <password>
Use the password command to configure the password (with optional encryption) required on the line
session when security login is enabled (using the login command). Use the no form of this command to
remove a configured password. Variations of this command include:
password <password>
password md5 <password>
Syntax Description
<password> Specifies the password for the line session using an alphanumeric
character string (up to 16 characters).
md5 Optional. Specifies message digest 5 (MD5) as the encryption protocol to use
when displaying the enable password during show commands. If the MD5
keyword is not used, encryption is not used when displaying the enable
password during show commands.
Default Values
Command History
Usage Examples
The following example enables the security login feature and specifies a password for the Telnet session
0:
(config-telnet0)#login
(config-telnet0)#password mypassword
To provide extra security, AOS can encrypt the enable password when displaying the current
configuration. For example, the following is a show configuration printout (password portion) with an
unencrypted enable password (ADTRAN):
!
!
Alternately, the following is a show configuration printout (password portion) with an enable password of
ADTRAN using md5 encryption:
!
!

PHYSICAL INTERFACE COMMAND SETS

• ADSL Interface Command Set on page 2057

• BRI Interface Command Set on page 2064
• Cellular Interface Command Set on page 2090
• DDS Interface Command Set on page 2106
• DSX-1 Interface Command Set on page 2114
• E1 Interface Command Set on page 2124
• Ethernet Interface Command Set on page 2141
• FDL Interface Command Set on page 2342
• FXO Interface Command Set on page 2349
• FXS Interface Command Set on page 2360
• G.703 Interface Command Set on page 2379
• HSSI Interface Command Set on page 2386
• Modem Interface Command Set on page 2390
• PRI Interface Command Set on page 2396
• Serial Interface Command Set on page 2417
• SHDSL Interface Command Set on page 2426
• T1 Interface Command Set on page 2448
• VDSL Interface Command Set on page 2480

Command Reference Guide ADSL Interface Command Set
ADSL INTERFACE COMMAND SET
To activate the ADSL Interface Configuration mode, enter the interface adsl command at the Global
Configuration mode prompt. For example:
>enable
#configure terminal
(config-adsl 0/1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93
interop-flag on page 2058

phy-flag on page 2059
retrain on page 2060
snr-margin on page 2061
training-mode on page 2062

ADSL Interface Command Set Command Reference Guide
interop-flag
This command is for future configuration and should not be modified.
Syntax Description
No subcommands.
Default Values
Command History

phy-flag
This command is for future configuration and should not be modified.
Syntax Description
No subcommands.
Default Values
Command History

retrain
Use the retrain command to force the modem to retrain.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example forces a modem retrain:

(config-adsl 0/1)#retrain

snr-margin
Use the snr-margin command to enable monitoring and set the minimum signal-to-noise ratio (SNR)
during training and showtime. Use the no form of this command to disable monitoring. Variations of this
command include:
snr-margin <margin>
snr-margin showtime monitor
snr-margin training monitor
Syntax Description
<margin> Sets the minimum SNR margin value in dB. The range is from 1 to 15 dB.
showtime monitor Enables margin monitoring to retrain the asymmetric digital subscriber line
(ADSL) interface if the specified minimum margin is violated during
showtime.
training monitor Enables margin monitoring to retrain the ADSL interface if the specified
minimum margin is violated during training.
Default Values
By default, SNR margin monitoring is disabled.
Command History
Usage Examples
The following example enables SNR margin monitoring during showtime with a minimum level of 7 dB:

(config-adsl 0/1)#snr-margin showtime monitor 7

training-mode
Use the training-mode command to configure the asymmetric digital subscriber line (ADSL) training
mode. Use the no form of this command to disable a specific training mode. Variations of this command
include:
training-mode ADSL2
training-mode ADSL2+
training-mode ADSL2+ANNEX-M
training-mode G.DMT
training-mode G.LITE
training-mode Multi-Mode
training-mode Multi-Mode-no-T1413
training-mode READSL2
training-mode T1.413
Syntax Description
ADSL2 Specifies International Telecommunication Union (ITU) G.992.3 mode.
ADSL2+ Specifies ITU G.992.5 mode.
ADSL2+ANNEX-M Specifies ITU G.992.5 Annex M mode.
G.DMT Specifies ANSI full-rate mode.
G.LITE Specifies ANSI splitterless mode.
Multi-Mode Specifies auto detect mode. When set to multi-mode, the ADSL interface
attempts to train to the DSLAM using each of the supported training modes
until a match is found.
Multi-Mode-no-T1413 Specifies auto detect mode without ANSI T1.413 capability.
READSL2 Specifies ITU G.992.3 Annex L mode.
T1.413 Specifies ANSI T1.413 mode.
Default Values
By default, the training mode is set to Multi-Mode.
Command History
Release 13.1 Command was expanded to include the ITU G.992.5 Annex M mode.
Release A4.05 Command was expanded to include the Multi-Mode-no-T1413 parameter.
Functional Notes
Some of the listed training modes (G.LITE, T1.413, ADSL2, ADSL2+, READSL2) are currently supported
for ADSL over plain old telephone service (POTS) (Annex A) and are not valid for ADSL over integrated
services digital network (ISDN) (Annex B) modules.

Usage Examples
The following example sets the training mode to T1.413:

(config-adsl 0/1)#training-mode T1.413

BRI Interface Command Set Command Reference Guide
BRI INTERFACE COMMAND SET
To activate the BRI Interface Configuration mode, enter the interface bri command at the Global
>enable
#configure terminal
(config-bri 1/2)#
The BRI number in the example above is shown as bri 1/2. This number is based on the
interface’s location (slot/port) and could vary depending on the unit’s configuration. Use
the do show interfaces command to determine the appropriate interface number.

do on page 81
end on page 82
exit on page 83
shutdown on page 93
caller-id-override on page 2066

calling-party on page 2067
clock source on page 2069
isdn activation-timer <value> on page 2070
isdn channel-flag on page 2071
isdn disconnect progress-tone on page 2072
isdn l2-disconnect <value> on page 2073
isdn ldn on page 2074
isdn line-termination on page 2075
isdn name-delivery on page 2076
isdn overlap-receive on page 2077
isdn setup enable on page 2078
isdn spid on page 2079
isdn static-tei <value> on page 2081

Command Reference Guide BRI Interface Command Set
isdn switch-type on page 2082

loopback local on page 2083
loopback network on page 2084
maintenance on page 2085
resource pool-member <name> on page 2086
role on page 2087
system-timing on page 2088
test-call on page 2089

caller-id-override
Use the caller-id-override command to configure the unit to replace caller ID information with a
user-specified number. Use the no form of this command to disable any caller ID overrides. Variations of
caller-id-override always <number>

caller-id-override if-no-cid <number>
Syntax Description
always <number> Always forces replacement of the incoming caller ID number with the
number given.
if-no-cid <number> Replaces the incoming caller ID number with the number given only if there
is no caller ID information available for the incoming call.
Default Values
Command History
Functional Notes
This command forces a replacement of the incoming caller ID number with the number given. The received
caller ID, if any, is discarded, and the given override number is used to connect the incoming call to a
circuit of the same number.
Usage Examples
The following example configures the unit to always provide the given number as the caller ID number:

(config-bri 1/2)#caller-id-override always 5551000

calling-party
Use the calling-party command to configure and control the basic rate interface (BRI) outgoing caller ID
information. Use the no form of this command to disable this feature. Variations of this command include:
calling-party name <name>

calling-party number <number>
calling-party override always
calling-party override if-no-CID
calling-party presentation allowed
calling-party presentation not-available
calling-party presentation restricted
calling-party screening auto
calling-party screening network-provided
Syntax Description
name <name> Configures the calling party name for the BRI.
number <number> Configures the calling party number for the BRI.
override always Enables the calling party to be replaced with the override number.
override if-no-CID Enables the calling party to be replaced if caller ID number is not
received.
presentation allowed Enables the presentation of caller ID to always be allowed.
presentation not-available Sets the calling party number to not available.
presentation restricted Restricts the delivery on the caller ID information.
screening auto Specifies that the calling party screening indicator is automatically
determined.
screening network-provided Specifies that the calling party screening indicator is provided by the
network.
Default Values
By default, the command is disabled and the calling party screening indicator is set to auto.
Command History
Release R10.5.0 Command was added to the BRI and the screening auto and
screening network-provided parameters were added.

Usage Examples
The following example configures the calling party outgoing information to always provide the given
number and name:

(config-bri 1/2)#calling-party override always
(config-bri 1/2)#calling-party presentation 555-8000
(config-bri 1/2)#calling-party name Company, Inc.

clock source
Use the clock source command to configure the source timing used for the interface. Use the no form of
this command to return to the default value. Variations of this command include:
clock source line

clock source system
Syntax Description
line Configures the unit to recover clocking from the basic rate interface (BRI)
circuit.
system Configures the unit to provide clocking using the system clock.
Default Values
By default, the clock source is set to system.
Command History
Usage Examples
The following example configures the unit to recover clocking from the circuit:

(config-bri 1/2)#clock source line

isdn activation-timer <value>

Use the isdn activation-timer command to set the integrated services digital network (ISDN) T3
activation timer setting for the basic rate interface (BRI). This value is based upon the International
Telecommunication Union Telecommunication Standardization Sector (ITU-T) recommendation 1.430.
Use the no form of this command to return the timer to the default value.
Syntax Description
<value> Specifies the ISDN activation timer in seconds. Valid range is 0 to 60
seconds. Using a value of 0 disables the timer.
Default Values
By default, the ISDN activation timer is set to 10 seconds.
Command History
Usage Examples
The following example sets the ISDN activation timer to 20 seconds for the BRI:

(config-bri 1/2)#isdn activation-timer 20

isdn channel-flag
Use the isdn channel-flag to specify the integrated services digital network (ISDN) channel selection
setting for the basic rate interface (BRI). Use the no form of this command to return to the default setting.
isdn channel-flag auto

isdn channel-flag exclusive
isdn channel-flag preferred
Syntax Description
auto Specifies that the ISDN channel ID is automatically set to preferred or
exclusive.
exclusive Specifies that the ISDN channel ID is always set to exclusive.
preferred Specifies that the ISDN channel ID is always set to preferred.
Default Values
By default, the ISDN channel ID is set to auto.
Command History
Usage Examples
The following example specifies the ISDN channel selection for the interface as exclusive:

(config-bri 1/2)#isdn channel-flag exclusive

isdn disconnect progress-tone

Use the isdn disconnect progress-tone command to specify that calls are disconnected with a progress
tone. Use the no form of this command to disable the feature.
Syntax Description
No subcommands.
Default Values
By default, call progress tones are not used.
Command History
Usage Example
The following example enables the use of progress tones when calls are disconnected on the BRI:

(config-bri 1/2)#isdn disconnect progress-tone

isdn l2-disconnect <value>

Use the isdn l2-disconnect command to specify the disconnect delay of integrated services digital network
(ISDN) Layer 2 functionality when there are no active calls. Use the no form of this command to disable
the feature.
Syntax Description
<value> Specifies the Layer 2 deactivation delay (in seconds). Valid range is 0 to
65535 seconds. Specifying a value of 0 disables the deactivation delay.
Default Values
By default, the Layer 2 disconnect feature is disabled.
Command History
Usage Examples
The following example configures the Layer 2 disconnect delay as 500 seconds:

(config-bri 1/2)#isdn l2-disconnect 500

isdn ldn
Use the isdn ldn command to specify the local directory numbers (LDNs) for the basic rate interface
(BRI). This information should be supplied by your service provider. Use the no form of this command to
remove a configured LDN. Variations of this command include:
isdn ldn1 <ldn number>

isdn ldn2 <ldn number>
The BRI module requires all incoming calls to be directed to the LDN associated with the
service profile identifier (SPID ) programmed using the isdn spid1 command. All calls to
the LDN associated with SPID 2 will be rejected (unless part of a bonding call).
Syntax Description
ldn1 Specifies the LDN associated with the SPID entered as spid1.
ldn2 Specifies the LDN associated with the SPID entered as spid2.
<ldn number> Specifies the LDN assigned to the circuit by the service provider. The LDN
is the number used by remote callers to dial into the integrated services
digital network (ISDN) circuit.
Default Values
By default, there are no configured LDNs.
Command History
Functional Notes
Inbound calls are not accepted on interfaces without programmed LDNs. LDNs can also be entered using
the isdn spid command. The isdn spid and isdn ldn commands overwrite the existing programmed LDN;
therefore, the latest LDN programmed takes precedence.
Usage Examples
The following example defines an LDN of 555-1111:

(config-bri 1/2)#isdn ldn1 5551111

isdn line-termination
Use the isdn line-termination command to enable the integrated services digital network (ISDN) line
termination resistor for the interface. Use the no form of this command to disable the feature.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables the ISDN termination resistor on the BRI:

(config-bri 1/2)#isdn line-termination

isdn name-delivery
Use the isdn name-delivery command to enable the delivery of the name associated with the basic rate
interface (BRI). Use the no form of this command to return to the default setting.
Syntax Description
No subcommands.
Default Values
By default, isdn name-delivery is disabled.
Command History
Usage Examples
The following example enables the delivery of calling party information on the BRI:

(config-bri 1/2)#isdn name-delivery

isdn overlap-receive
Use the isdn overlap-receive command to enable overlap receiving mode on the basic rate interface
(BRI). Use the no form of this command to return to the default setting. Variations of this command
include:
isdn overlap-receive timeout <value>

isdn overlap-receive digits-transferred <value>
Syntax Description
timeout <value> Specifies how long the interface will attempt to match direct inward dialing
(DID) digits received in INFO messages to entries in the voice dial-plan. If
no matching entry is found, the interface will deliver the message when the
timeout period expires. Valid range is 1 to 15 seconds.
digits-transferred <value> Specifies how many DID digits the interface will collect before delivering the
call. Valid range is 1 to 64 digits
Default Values
By default, isdn overlap-receive is disabled.
Command History
Functional Notes
When isdn overlap-receive is enabled, the interface will accept a SETUP message where the Called
Party Number (CPN) information element is either missing or does not have enough DID digits. When
more digits are received in subsequent INFO messages, the number is matched against entries in the
voice dial-plan to determine when there are enough digits to deliver the call.
If no matching voice dial-plan entry is found, the interface will deliver the call when configuration the isdn
overlap-receive timeout expires.
When isdn overlap-receive did-length is configured, no voice dial-plan look-up occurs. The interface will
deliver the call as soon as the specified number of DID digits has been collected.
If at any time an INFO message is received with CPN information element containing # or a Sending
Complete information element is received, the interface will deliver the call immediately.
Usage Examples
The following example enables overlap receiving with a timeout value of 7 seconds on the BRI:

(config-bri 1/2)#isdn overlap-receiving timeout 7

isdn setup enable

Use the isdn setup enable command to enable progress indicators in the integrated services digital
network (ISDN) setup message and redirecting numbers for ISDN calls on the basic rate interface (BRI).
The redirecting number is used to insert the caller’s number when a call is diverted by a blind transfer or
forward that both occurs on an ISDN trunk in local mode and proceeds out of an ISDN trunk. Use the no
isdn setup enable called

isdn setup enable calling
isdn setup enable pi-1
isdn setup enable redirecting-number
Syntax Description
called Enables the called number in ISDN setup messages.
calling Enables the calling number in ISDN setup messages.
pi-1 Enables progress indicator 1 for ISDN setup messages. Progress indicator
1 indicates that the call is not end-to-end ISDN and further call progress
information may be available in-band.
3 indicates that the origination address is non-ISDN.
redirecting-number Enables redirecting numbers for ISDN calls.
Default Values
By default, the called and calling numbers are included in ISDN setup messages.
Command History
Release A4.03 Command was expanded to include the redirecting-number parameter.
Release R10.5.0 Command was expanded to include the BRI and the called and calling
parameters.
Usage Examples
The following example enables redirecting numbers for ISDN calls on the BRI:

(config-bri 1/2)#isdn setup enable redirecting-number

isdn spid
Use the isdn spid command to specify the service profile identifiers (SPIDs) and the local directory
numbers (LDNs) for the basic rate interface (BRI). This information should be supplied by your service
provider. Use the no form of this command to remove a configured SPID. Variations of this command
include:
isdn spid1 <spid number> <ldn number>

isdn spid2 <spid number> <ldn number>
The BRI module requires all incoming calls to be directed to the LDN associated with the
SPID programmed using the isdn spid1 command. All calls to the LDN associated with
SPID 2 will be rejected (unless part of a bonding call).
Syntax Description
spid1 Specifies the primary SPID.
spid2 Specifies the secondary SPID.
<spid number> Specifies the 8- to 14-digit number identifying your BRI line in the central
office switch. A SPID is generally created using the area code and phone
number associated with the line and a four-digit suffix. For example, the
following SPIDs may be provided on a BRI line with phone numbers
555-1111 and 555-1112:
SPID 1: 701 555 1111 0101
SPID 2: 701 555 1112 0101
<ldn number> Optional. Specifies the LDN assigned to the circuit by the service provider.
An LDN programmed using the isdn spid1 command is automatically
associated with SPID 1. An LDN programmed using the isdn spid2
command is automatically associated with SPID 2. The LDN is the number
used by remote callers to dial into the integrated services digital network
(ISDN) circuit. Inbound calls are not accepted on interfaces without
programmed LDNs. LDNs can also be entered using the isdn ldn
command. The isdn spid and isdn ldn commands overwrite the existing
programmed LDN; therefore, the latest LDN programmed takes
precedence.
Default Values
By default, there are no configured SPIDs or LDNs.
Command History

Functional Notes
AOS does not support “SPID-less” 5ESS signaling. SPIDs are required for all configured BRI endpoints
using 5ESS signaling.
For European applications, a SPID is not necessary. Use the isdn ldn command to configure the LDN for
European applications.
Usage Examples
The following example defines a SPID of 704 555 1111 0101 with an LDN of 555 1111:

(config-bri 1/2)#isdn spid1 70455511110101 5551111

isdn static-tei <value>

Use the isdn static-tei command to configure a static integrated services digital network (ISDN) Layer 2
terminal endpoint identifier (TEI). Use the no form of this command to remove the TEI.
Syntax Description
<value> Specifies the TEI. Valid range is 0 to 63.
Default Values
By default, no static TEI exists.
Command History
Usage Examples
The following example creates a static ISDN TEI of 5:

(config-bri 1/2)#isdn static-tei 5

isdn switch-type
Use the isdn switch-type command to specify the integrated services digital network (ISDN) signaling
type configured on the basic rate interface (BRI). The type of ISDN signaling implemented on the BRI
does not always match the manufacturer of the central office switch. Use the no form of this command to
isdn switch-type basic-5ess

isdn switch-type basic-dms
isdn switch-type basic-net3
isdn switch-type basic-ni
Syntax Description
basic-5ess Specifies Lucent/AT&T 5ESS signaling.
basic-dms Specifies Nortel DMS-100 custom signaling.The basic-dms signaling type
is not compatible with proprietary SL-1 DMS signaling.
basic-net3 Specifies Net3 Euro-ISDN signaling.
basic-ni Specifies National ISDN-1 signaling.
Default Values
By default, the ISDN signaling is set to National ISDN-1 (basic-ni).
Command History
Functional Notes
The isdn switch-type command specifies the type of ISDN signaling implemented on the BRI, not the
manufacturer of the central office switch. It is quite possible to have a Lucent Central Office switch
providing National ISDN signaling on the BRI.
Usage Examples
The following example configures a BRI for a circuit with Lucent 5ESS (custom) signaling:

(config-bri 1/2)#isdn switch-type basic-5ess

loopback local
Use the loopback local command to enable a local loopback of the interface (towards the router). Use the
no form of this command to disable the loopback. Variations of this command include:
loopback local all

loopback local b1
loopback local b2
loopback local both
Syntax Description
all Loops the entire interface back towards the router (including the
D-channel). With an active loopback active all, the established D-channel
between the integrated services digital network (ISDN) module and the
central office switch drops.
b1 Loops the data on B1 back towards the router. A B1 loopback does not
disrupt D-channel signaling.
b2 Loops the data on B2 back towards the router. A B2 loopback does not
both Loops the data on B1 and B2 back towards the router, but does not disrupt
D-channel signaling.
Default Values
Command History
Usage Examples
The following example enables a B2 loopback of the basic rate interface (BRI) 1/2 interface:

(config-bri 1/2)#loopback local b2

loopback network
Use the loopback network command to enable a loopback of the interface (towards the network). Use the
no form of this command to disable the loopback. Variations of this command include:
loopback network b1
loopback network b2
loopback network both
Syntax Description
b1 Loops the data on B1 back towards the network. A B1 loopback does not
b2 Loops the data on B2 back towards the network. A B2 loopback does not
both Loops the data on B1 and B2 back towards the network, but does not
Default Values
Command History
Usage Examples
The following example enables a B2 loopback of the basic rate interface (BRI) 1/2 interface:

(config-bri 1/2)#loopback network b2

maintenance
Use the maintenance command to force a reset of the interface (initiating the SABME/UA process) or to
reset the D-channel (by sending a RESTART message). Variations of this command include:
maintenance reset
maintenance restart-d
The maintenance command disrupts data flow on the integrated services digital network
(ISDN) interface. All active calls will drop when the reset or restart process begins.
Syntax Description
reset Forces a complete reset of the interface by initiating the SABME/UA
process.
restart-d Resets the D-channel by sending a Q.931 RESTART message to the
central office switch.
Default Values
Command History
Usage Examples
The following example resets the basic rate interface (BRI) 1/2 interface:

(config-bri 1/2)#maintenance reset

resource pool-member <name>

Use the resource pool-member command to assign the interface to a resource pool, making it a demand
routing resource. Use the no form of this command to return to the default value. Variations of this
command include:

resource pool-member <name> <priority>
Syntax Description
<name> Specifies the name of the resource pool to which this interface is assigned.
<priority> Optional. Specifies the priority value of using this interface versus other
interfaces contained in the specified resource pool using a number 1 to 255.
Lower numbers indicate higher priority. Interfaces with the same priority are
selected in alphabetical order by interface name.
Default Values
By default, the interface is not assigned to any resource pool.
Command History
Usage Examples
The following example configures a basic rate interface (BRI) as a member of resource pool MyPool:

(config-bri 1/2)#resource pool-member MyPool

role
Use the role command to configure the interface protocol to use on the basic rate interface (BRI). This
setting controls the functional mode of the interface. Use the no form of this command to return to the
role network
role user
Syntax Description
network Sets the port to operate in network termination (NT) mode.
user Sets the port to operate in terminal equipment (TE) mode.
Default Values
By default, the role is set to network.
Command History
Release R10.5.0 Command was expanded to include the BRI.
Usage Examples
The following example configures the interface protocol as user on the BRI:

(config-bri 1/2)#role user

system-timing
Use the system-timing command to configure the Rx clock as the primary or secondary timing source for
the system. Use the no form of this command to disable this feature.Variations of this command include:
system-timing primary
system-timing secondary
Syntax Description
primary Specifies the Rx clock as the primary timing source.
secondary Specifies the Rx clock as the secondary timing source.
Default Values
Command History
Release R10.5.0 Command was expanded to include the basic rate interface (BRI).
Usage Examples
The following example configures the BRI interface to provide its Rx clock as the primary timing source for
the system:

(config-bri 1/2)#system timing primary

test-call
Use the test-call command to initiate a test call on the basic rate interface (BRI) to test integrated services
digital network (ISDN) connectivity without disrupting the primary interface for which the BRI interface is
a backup. Use the no form of this command to disable this feature. Variations of this command include:
test-call answer
test-call dial <number>
test-call dial <number> speed [56 | 64]
test-call hangup
test-call hangup channels <number>
Syntax Description
answer Places the unit in answer mode for test calls.
dial <number> Specifies a test number to dial. No special characters are allowed. For
example, 12125551212 is accepted, but 1-212-555-1212 and 1 (212)
555-1212 are not accepted.
speed [56 | 64] Optional. Specifies the channel speed (in kilobytes per second) of the call.
Valid speeds are 56 and 64.
hangup Terminates all test calls on all channels.
channels <number> Optional. Specifies a single channel on which to terminate a test call. For a
list of available channels, enter test-call hangup channels ? at the prompt.
Default Values
Command History
Functional Notes
To successfully place a test call, a remote unit must be configured to answer the test call using the
test-call answer command, and a separate local unit must be used to dial the test call number using the
test-call dial <number> command.
Usage Examples
The following example places a test call over bri 1/1 to 5555300:
(config-bri 1/1)#test-call dial 5555300
2011.02.11 14:58:10 ISDN.INTERFACE BRI 1/1 Entering test-call mode.

2011.02.11 14:58:10 ISDN.INTERFACE BRI 1/1 Placing test-call to 5555300

Cellular Interface Command Set Command Reference Guide
CELLULAR INTERFACE COMMAND SET
To create a cellular interface and activate the Cellular Interface Configuration mode, enter the interface
cellular command at the Global Configuration mode prompt. For example:
>enable
#configure terminal

exit on page 83
shutdown on page 93
All other commands for this command set are described in this section in alphabetical order:
apn <name> on page 2091

cdma activate oma-dm on page 2092
cdma activate otasp on page 2093
cdma msl <number> on page 2094
custom-profile ha-shared-secret on page 2095
custom-profile home-address <ip address> on page 2096
custom-profile primary-ha-address <ip address> on page 2097
custom-profile secondary-ha-address <ip address> on page 2098
custom-profile username <username> on page 2099
match ani <template> substitute <template> on page 2100
reset on page 2102
resource pool-member <name> on page 2103
retry-throttling on page 2104
usb-id <value> on page 2105

Command Reference Guide Cellular Interface Command Set
apn <name>
Use the apn command to change the name of the access point associated with your universal serial bus
(USB) cellular modem. Use the no version of this command to remove the name.
Syntax Description
<name> Specifies the modem’s access point name (APN) that is supplied by your
service provider.
Default Values
By default, the APN is set to the name provided by the cellular service provider.
Command History
Functional Notes
If you purchased your USB cellular modem in the Unites States, your APN is automatically set correctly.
ADTRAN recommends that you do not change this setting. In countries other than the United States,
where modems and cellular service are sold separately, the APN may not be defined. If the APN is not
defined or incorrect, contact your service provider.
Usage Examples
In the following example, the APN is specified as isp.cingular:

(config-cellular 1/1)#apn isp.cingular

cdma activate oma-dm

Use the cdma activate oma-dm command to activate the cellular interface for connection to the Sprint
wireless network.
Syntax Description
No subcommands.
Default Values
By default, the cellular interface is deactivated.
Command History
Usage Examples
The following example activates cellular interface 1/1:

(config-cellular-1/1)#cdma activate oma-dm

cdma activate otasp

Use the cdma activate otasp command to activate the cellular interface for connection to the Verizon
wireless network.
Syntax Description
No subcommands.
Default Values
By default, the cellular interface is disabled.
Command History
Usage Examples
The following example activates cellular interface 1/1:

(config-cellular 1/1)#cdma activate otasp

cdma msl <number>

Use the cdma msl command to enter the 6-digit Sprint Master Subsidy Lock (MSL) code. Use the no form
of this command to remove the code.
Syntax Description
<number> Specifies the 6-digit Sprint MSL code.
Default Values
By default, no MSL code is activated.
Command History
Usage Examples
The following example enters MSL code 526510 on cellular interface 1/1:

(config-cellular-1/1)#cdma msl 526510

custom-profile ha-shared-secret
Use the custom-profile ha-shared-secret command to specify the home agent shared secret for the
cellular custom profile. Use the no form of this command to remove the shared secret from the custom
profile configuration. Variations of this command include:
custom-profile ha-shared-secret ascii <shared secret>

custom-profile ha-shared-secret hexadecimal <shared secret>
Syntax Description
ascii <shared secret> Specifies a plain text secret. Secret can be up to 16 characters in length.
hexadecimal <shared secret> Specifies a hexadecimal secret. Secret can be up to 32 characters in
length.
Default Values
By default, no custom profile is configured.
Command History
Functional Notes
Cellular custom profile settings are useful for services that require manual activation or for services that
allow remote access to private networks over the 3G network. For more information about custom profile
settings, refer to the 3G CDMA NIM and the Cellular Interface configuration guide available online at
Usage Examples
The following example creates a plain text home agent shared secret (sharedsecret) for the custom
profile:

(config-cellular 1/1)#custom-profile ha-shared-secret ascii sharedsecret

custom-profile home-address <ip address>

Use the custom-profile home-address command to specify the home address for the cellular custom
profile. Use the no form of this command to remove the home address from the custom profile settings.
Syntax Description
<ip address> Specifies the IP address of the home address. Enter IP addresses in dotted
decimal notation (XX.XX.XX.XX).
Default Values
Command History
Functional Notes
Usage Examples
The following example creates the home address for the custom profile:

(config-cellular 1/1)#custom-profile home-address 192.168.1.1

custom-profile primary-ha-address <ip address>

Use the custom-profile primary-ha-address command to specify the primary home agent IP address for
the cellular custom profile. Use the no form of this command to remove the primary home agent IP address
from the custom profile settings.
Syntax Description
<ip address> Specifies the IP address of the primary home agent. Enter IP addresses in
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies the primary home agent IP address for the custom profile:

(config-cellular 1/1)#custom-profile primary-ha-address 192.168.1.5

custom-profile secondary-ha-address <ip address>

Use the custom-profile secondary-ha-address command to specify the secondary home agent IP address
for the cellular custom profile. Use the no form of this command to remove the secondary home agent IP
address from the custom profile settings.
Syntax Description
<ip address> Specifies the IP address of the secondary home agent. Enter IP addresses
in dotted decimal notation (XX.XX.XX.XX).
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies the secondary home agent IP address for the custom profile:

(config-cellular 1/1)#custom-profile secondary-ha-address 192.168.1.6

custom-profile username <username>

Use the custom-profile username command to specify the username and password for the cellular custom
profile. Use the no form of this command to remove the username and password from the custom profile
settings. Variations of this command include:
custom-profile username <username>

custom-profile username <username> password ascii <password>
custom-profile username <username> password hexadecimal <password>
Syntax Description
username <username> Specifies the user name for the custom profile. The user
name is equivalent to network address identifier (NAI) user
identification. User names can be up to 72 characters in
length.
password ascii <password> Specifies the plain text password. Passwords are equivalent
to authentication, authorization, and accounting (AAA)
shared secrets. Passwords can be up to 16 characters in
length.
password hexadecimal <password> Specifies the hexadecimal password. Passwords are
equivalent to AAA shared secrets. Passwords can be up to
32 characters in length.
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies the user name and plain text password for the custom profile:

(config-cellular 1/1)#custom-profile username USERNAME password ascii PASSWORD

match ani <template> substitute <template>

Use the match ani substitute command to configure automatic number identification (ANI) substitution
for outbound voice trunks. Use the no form of this command to remove the substitution. Variations of this
command include:
match ani <template> substitute <template>

match ani <template> substitute <template> name <name>
Syntax Description
ani <template> Specifies the ANI information to be substituted. This information is entered
using wildcards and numerical digits. Refer to the Functional Notes of this
command for available wildcards and proper data entry.
substitute <template> Specifies the ANI information that is substituted for the original ANI
information. This information is entered using wildcards and numerical
digits. When using wildcards in the match and substitute template, both
must be of the same type and position in the number template or AOS will
not allow the substitution. Refer to the Functional Notes of this command for
available wildcards and proper data entry.
name <name> Optional. Specifies the name associated with the ANI information. This
option is only available on trunks that support ANI name information
(integrated services digital network (ISDN) trunks, Session Initiation
Protocol (SIP) trunks, T1 loop start (LS) network trunks, and T1 ground start
(GS) network trunks).
Default Values
By default, no ANI substitution is configured.
Command History
Functional Notes
The convention for ANI templates is very similar to dial plan entries. Valid characters for templates are as
follows:



Usage Examples
The following example specifies that the ANI information from numbers 555-8111 to 555-8115 will be
substituted by 555-8110 for outbound calls on interface 1/1:

(config-cellular 1/1)#match ani 555-811[125] substitute 555-8110

reset
Use the reset command to reboot the cellular network interface module (NIM).
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example reboots the NIM associated with cellular interface 1/1:

(config-cellular 1/1)#reset


Use the resource pool-member command to configure the cellular interface as a resource pool member
for the demand interface to draw upon when connecting to the cellular network. Use the no form of this
command to remove the interface from the resource pool. Variations of this command include:

resource pool-member <name> <priority>
Syntax Description
<name> Specifies the resource pool to which the cellular interface is assigned.
<priority> Optional. Specifies the priority this interface is given over other interfaces in
the same pool. Range is 1 to 255.
Default Values
By default, the cellular interface is not associated with any resource pools.
Command History
Functional Notes
Lower priority values indicate a higher priority. Interfaces within the same resource pool with the same
priority are selected as resources in alphabetical order by interface name.
Usage Examples
The following example configures interface cellular 1/1 as a member of the cellular resource pool:

(config-cellular 1/1)#resource pool-member cellular

retry-throttling
Use the retry-throttling command to enable retry throttling. Use the no form of this command to disable
retry throttling.
Syntax Description
No subcommands.
Default Values
In the Verizon cellular network, the retry throttle is enabled and cannot be disabled.
In the Sprint cellular network, the retry throttle is disabled by default but can be enabled by using this
command.
Command History
Functional Notes
When the retry throttle is enabled, it will disable the cellular interface for 15 minutes if a data call fails.
Usage Examples
The following example enables retry throttling:

(config-cellular 1/1)#retry-throttling

usb-id <value>
Use the usb-id command to specify which universal serial bus (USB) device the network interface module
(NIM) will use. The USB ID is a combination of the vendor and product IDs. These values are displayed in
the show usb attached-devices on page 1056.
Syntax Description
<value> Specifies the identifying information for the USB device in the format
<vendor ID> : <product id>. Each ID value is a 16-bit hexadecimal value, for
example, 1234:ABCD.
Default Values
Command History
Functional Notes
The USB ID is a combination of the vendor and product ID. To view these values, enter the show usb
attached-devices command as follows:
>enable
Device inserted in slot 1 on bus 0
Device Address: 1
Association: USB Cellular Interface /
Vendor: 0x1410 (Novatel Wireless Inc.)
Product: 0x6000 (Novatel Wireless CDMA)
Device Class: 0x00 (NULL (PER INTERFACE))
The vendor ID (0x1410) and the product ID (0x6000) create the USB ID of 1410:6000. This value is then
entered as the USB ID using the usb-id command.
Usage Examples
The following example creates a USB ID of 1410:6000 on the cellular interface:

(config-cellular 1/1)#usb-id 1410:6000

DDS Interface Command Set Command Reference Guide
DDS INTERFACE COMMAND SET
To activate the DDS Interface Configuration mode, enter the interface dds command at the Global
>enable
#configure terminal
(config-dds 1/1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93
clock rate on page 2107

data-coding scrambled on page 2109
remote-loopback on page 2111
snmp trap on page 2112
snmp trap link-status on page 2113

Command Reference Guide DDS Interface Command Set
clock rate
Use the clock rate command to configure the data rate used as the operating speed for the interface. This
rate should match the rate required by the digital data service (DDS) service provider. Use the no form of
clock rate auto

clock rate bps56k
clock rate bps64k
Syntax Description
auto Automatically detects the clock rate and sets to match.
bps56k Sets the clock rate to 56 kbps.
bps64k Sets the clock rate to 64 kbps.
Default Values
By default, the rate is set to auto.
Command History
Functional Notes
When operating at 64 kbps (clear channel operation), the data terminal equipment (DTE) data sequences
may mimic network loop maintenance functions and erroneously cause other network elements to activate
loopbacks. Use the data-coding scrambled command to prevent such occurrences. Refer to data-coding
scrambled on page 2109 for related information.
Usage Examples
The following example configures the clock rate for 56 kbps operation:

(config-dds 1/1)#clock rate bps56k

clock source
Use the clock source command to configure the source timing used for the interface. The clock specified
using the clock source command is also the system master clock. Use the no form of this command to
clock source internal

clock source line
Syntax Description
internal Configures the unit to provide clocking using the internal oscillator.
line Configures the unit to recover clocking from the digital data service (DDS)
circuit.
Default Values
By default, the clock source is set to line.
Command History
Functional Notes
When operating on a DDS network, the clock source should be line. On a point-to-point private network,
one unit must be line and the other internal.
Usage Examples

(config-dds 1/1)#clock source line

data-coding scrambled
Use the data-coding scrambled command to enable the digital data service (DDS) OS scrambler to
combine user data with pattern data to ensure user data does not mirror standard DDS loop codes. The
scrambler may only be used on 64 kbps circuits without Frame Relay signaling (clear channel). Use the no
Syntax Description
No subcommands.
Default Values
By default, the scrambler is disabled.
Command History
Functional Notes
When operating at 64 kbps (clear channel operation), there is a possibility the data terminal equipment
(DTE) data sequences may mimic network loop maintenance functions and erroneously cause other
network elements to activate loopbacks. Use the data-coding scrambled command to prevent such
occurrences. Do not use this command if using Frame Relay or if using Point-to-Point Protocol (PPP) to
another device other than an AOS product also running scrambled.
Usage Examples
The following example enables the DDS OS scrambler:

(config-dds 1/1)#data-coding scrambled

loopback
Use the loopback command to initiate a specified loopback on the interface. Use the no form of this
command to deactivate the loop. Variations of this command include:
loopback dte
loopback line
loopback remote
Syntax Description
dte Initiates a loop to connect the transmit and receive path through the unit.
line Initiates a loop of the digital data service (DDS) circuit toward the network
by connecting the transmit path to the receive path.
remote Transmits a DDS loop code over the circuit to the remote unit. In response,
the remote unit should initiate a line loopback.
Default Values
Command History
Usage Examples
The following example activates a line loopback on the DDS interface:

(config-dds 1/1)#loopback line

remote-loopback
Use the remote-loopback command to configure the interface to respond to loopbacks initiated by a
remote unit (or the service provider). Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
By default, all interfaces respond to remote loopbacks.
Command History
Usage Examples
The following example enables remote loopbacks on the digital data service (DDS) interface:

(config-dds 1/1)#remote-loopback

snmp trap
Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP)
traps on the interface. Use the no form of this command to disable this trap.
Syntax Description
No subcommands.
Default Values
By default, all interfaces (except virtual Frame Relay interfaces and subinterfaces) have SNMP traps
enabled.
Command History
Release 5.1 Command was expanded to include the Ethernet subinterfaces and Gigabit
Ethernet interfaces.
Release 6.1 Command was expanded to include the port channel and virtual local area
network (VLAN) interfaces.
Release 8.1 Command was expanded to the asynchronous transfer mode (ATM)
interface.
Release 16.1 Command was expanded to the tunnel interface.
Usage Examples
The following example enables SNMP capability on the digital data service (DDS) interface:

(config-dds 1/1)#snmp trap

snmp trap link-status

Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP)
variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps
when there is an interface status change. Use the no form of this command to disable this trap.
Syntax Description
No subcommands.
Default Values
By default, the ifLinkUpDownTrapEnable object identifier (OID) is enabled for all supported interfaces
except virtual Frame Relay interfaces.
Command History
Release 6.1 Command was expanded to include the E1, port channel, T3, and virtual
local area network (VLAN) interfaces.
Release 7.1 Command was expanded to the high speed serial interface (HSSI).
interface.
Release 9.1 Command was expanded to the high level data link control (HDLC)
interface.
Release 11.1 Command was expanded to the demand interface.
Functional Notes
The snmp trap link-status command is used to control the RFC 2863 ifLinkUpDownTrapEnable OID (OID
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on the digital data service (DDS) interface:

(config-dds 1/1)#no snmp trap link-status

DSX-1 Interface Command Set Command Reference Guide
DSX-1 INTERFACE COMMAND SET
To activate the DSX-1 Interface Configuration mode, enter the interface t1 command (and specify the
DSX-1 port) at the Global Configuration mode prompt. For example:
>enable
#configure terminal
(config-t1 1/2)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93
coding on page 2115

framing on page 2116
line-length <value> on page 2117
loopback remote line inband on page 2119
signaling-mode on page 2121
test-pattern on page 2123

Command Reference Guide DSX-1 Interface Command Set
coding
Use the coding command to configure the line coding for a DSX-1 physical interface. This setting must
match the line coding supplied on the circuit by the PBX. Use the no form of this command to return to the
coding ami
coding b8zs
Syntax Description
ami Configures the line coding for alternate mark inversion (AMI).
b8zs Configures the line coding for bipolar eight zero substitution (B8ZS).
Default Values
By default, all DSX-1 interfaces are configured with b8zs line coding.
Command History
Functional Notes
The line coding configured in the unit must match the line coding of the DSX-1 circuit. A mismatch will
result in line errors (e.g., bipolar violations (BPVs)).
Usage Examples
The following example configures the DSX-1 interface for ami line coding:
(config-t1 1/2)#coding ami

framing
Use the framing command to configure the framing format for the DSX-1 interface. This parameter
should match the framing format set on the external device. Use the no form of this command to return to
the default value. Variations of this command include:
framing d4
framing esf
Syntax Description
d4 Specifies D4 superframe (SF) format.
esf Specifies extended superframe (ESF) format.
Default Values
By default, the framing format is set to esf.
Command History
Functional Notes
A frame is comprised of a single byte from each of the T1’s timeslots; there are 24 timeslots on a single T1
circuit. Framing bits are used to separate the frames and indicate the order of information arriving at the
receiving equipment. D4 and ESF are two methods of collecting and organizing frames over the circuit.
Usage Examples
The following example configures the DSX-1 interface for d4 framing:
(config-t1 1/2)#framing d4

line-length <value>
Use the line-length command to set the line build out (LBO) (in feet or dB) for the DSX-1 interface. Use
Syntax Description
<value> Configures the LBO for the DSX-1 interface. Valid options include: -7.5 dB
or 0 to 655 feet. Use the -7.5 dB option for maximum attenuation.
Default Values
By default, the LBO is set to 0 feet.
Command History
Functional Notes
The line-length value represents the physical distance between DSX equipment (measured in cable
length). Based on this setting, the AOS device increases signal strength to compensate for the distance
the signal must travel. Valid distance ranges are listed below:
• 0 to 133 feet
• 134 to 265 feet
• 266 to 399 feet
• 400 to 533 feet
• 534 to 655 feet
Usage Examples
The following example configures the DSX-1 interface line-length for 300 feet:
(config-t1 1/2)#line-length 300

loopback network
Use the loopback network command to initiate a loopback on the interface toward the network. Use the
no form of this command to deactivate the loopback. Variations of this command include:
loopback network line

loopback network payload
Syntax Description
line Initiates a metallic loopback of the physical DSX-1 network interface.
payload Initiates a loopback of the T1 framer (CSU portion) of the DSX-1 network
interface.
Default Values
Command History
Functional Notes
The following diagram depicts the difference between a line and payload loopback.
T1 Network Interface
NI CSU
DS1
Payload Loopback
Line Loopback
Usage Examples
The following example initiates a payload loopback of the DSX-1 interface:
(config-t1 1/2)#loopback network payload

loopback remote line inband

Use the loopback remote line inband command to send a loopback code to the remote unit to initiate a
line loopback. Use the no form of this command to send a loopdown code to the remote unit to deactivate
the loopback.
Syntax Description
inband Uses the inband channel to initiate a full 1.544 Mbps physical (metallic)
loopback of the signal received by the remote unit from the network.
Default Values
Command History
Functional Notes
A remote loopback can only be issued if a cross connect does not exist on the interface and if the signaling
mode is set to none. The following diagram depicts the difference between a line and payload loopback.
NI CSU
DS1
Line Loopback
Usage Examples
The following example initiates a remote line loopback using the inband channel:
(config-t1 1/2)#loopback remote line inband

remote-loopback
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables remote loopbacks on the DSX-1 interface:
(config-t1 1/2)#remote-loopback

signaling-mode
Use the signaling-mode command to configure the signaling type (robbed-bit for voice or clear channel
for data) for the level zero digital signals (DS0s) mapped to the DSX-1 port. Use the no form of this
signaling-mode message-oriented
signaling-mode none
signaling-mode robbed-bit
Syntax Description
message-oriented Specifies clear channel signaling on Channel 24 only. Use this signaling
type with QSIG installations.
none Specifies clear channel signaling on all 24 DS0s. Use this signaling type
with data-only or primary rate interface (PRI) DSX-1 installations.
robbed-bit Specifies robbed bit signaling on all DS0s. Use this signaling type for
voice-only DSX-1 applications.
Default Values
By default, the signaling mode is set to robbed-bit.
Command History
Usage Examples
The following example configures the DSX-1 port for PRI compatibility:
(config-t1 1/2)#signaling-mode none


Syntax Description
No subcommands.
Default Values
By default, the ifLinkUpDownTrapEnable object identifier (OID) is enabled for all interfaces except virtual
Frame Relay interfaces.
Command History
interface.
interface.
Functional Notes
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on the DSX-1 interface:
(config-t1 1/2)#no snmp trap link-status

test-pattern
Use the test-pattern command to activate the built-in pattern generator and begin sending the specified
test pattern. This pattern generation can be used to verify a data path when used in conjunction with an
active loopback. Use the no form of this command to cease pattern generation. Variations of this command
include:
test-pattern ones
test-pattern zeros
Syntax Description
ones Generates a test pattern of continuous ones.
zeros Generates a test pattern of continuous zeros.
Default Values
Command History
Usage Examples
The following example activates the pattern generator for a stream of continuous ones:
(config-t1 1/2)#test-pattern ones

E1 Interface Command Set Command Reference Guide
E1 INTERFACE COMMAND SET
To activate the E1 Interface Configuration mode, enter the interface e1 command (and specify the E1
port) at the Global Configuration mode prompt. For example:
>enable
#configure terminal
(config)#interface e1 1/1
(config-e1 1/1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93

coding on page 2126
framing crc4 on page 2127
loop-alarm-detect on page 2128
loopback remote v54 on page 2130
sa4tx-bit <value> on page 2132
snmp trap line-status on page 2133
snmp trap threshold-reached on page 2135
tdm-group <number> on page 2137
timing-domain <domain> on page 2139
ts16 on page 2140

Command Reference Guide E1 Interface Command Set
clock source

clock source line
clock source system
clock source through
Syntax Description
line Configures the unit to recover clocking from the E1 circuit.
system Configures the unit to provide clocking from the chassis selection.
through Configures the unit to recover clocking from the circuit connected to the
G.703 interface.
Default Values
By default, the unit is configured to recover clocking from the primary circuit.
Command History
Release A2 Command was expanded to include the system parameter.
Functional Notes
When operating on a circuit that is providing timing, setting the clock source to line can avoid errors, such
as clock slip seconds (CSS).
Usage Examples
The following example configures the unit to recover clocking from the primary circuit:
(config-e1 1/1)#clock source line

coding
Use the coding command to configure the line coding for the E1 physical interface. This setting must
match the line coding supplied on the circuit by the service provider. Use the no form of this command to
coding ami
coding hdb3
Syntax Description
hdb3 Configures the line coding for high-density bipolar 3 (HDB3).
Default Values
By default, all E1 interfaces are configured with hdb3 line coding.
Command History
Functional Notes
The line coding configured in the unit must match the line coding of the E1 circuit. A mismatch will result in
line errors (e.g., bipolar violations (BPVs)).
Usage Examples
The following example configures the E1 interface for ami line coding:
(config-e1 1/1)#coding ami

framing crc4
Use the framing crc4 command to configure the framing format for the E1 interface. This parameter
should match the framing format provided by the service provider or external device. Use the no form of
Syntax Description
crc4 Enables CRC4 bits to be transmitted in the outgoing data stream. Also, the
received signal is checked for CRC4 errors.
Default Values
By default, CRC4 is disabled.
Command History
Functional Notes
The framing value must match the configuration of the E1 circuit. A mismatch will result in a loss of frame
alarm.
Usage Examples
The following example configures the E1 interface for CRC4 framing:
(config-e1 1/1)#framing crc4

loop-alarm-detect
The loop-alarm-detect command enables detection of a loop alarm on the E1 interface. Use the no form
of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
This command enables the detection of a loopback alarm. This alarm works in conjunction with the
sa4tx-bit command setting. The loopback condition is detected by comparing the transmitted sa4tx-bit
value to the received Sa4 bit value. If the bits match, a loopback is assumed. This detection method only
works with a network in which the far end is transmitting the opposite value for Sa4.
Usage Examples
The following example enables detection of a loop alarm on the E1 interface:
(config-e1 1/1)#loop-alarm-detect

loopback network

Syntax Description
line Initiates a metallic loopback of the physical E1 network interface.
payload Initiates a loopback of the E1 framer (CSU) portion of the E1 network
interface.
Default Values
Command History
Functional Notes
The following diagram depicts a line loopback.
E1 Network Interface
NI CSU
NTWK E1
Line Loopback
Usage Examples
The following example initiates a line loopback of the E1 interface:
(config-e1 1/1)#loopback network line

loopback remote v54

The loopback remote v54 command initiates an E1 remote loopback test (with a V.54 loopback pattern).
Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
This command causes a V.54 inband loop code to be sent in the payload towards the far end.
Usage Examples
The following example sends a V.54 inband loop code to the far end:
(config-e1 1/1)#loopback remote v54

remote-loopback
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
This controls the acceptance of any remote loopback requests. When enabled, remote loopbacks are
detected and cause a loopback to be applied. When disabled, remote loopbacks are ignored.
Usage Examples
The following example enables remote loopbacks on the E1 interface:
(config-e1 1/1)#remote-loopback

sa4tx-bit <value>
The sa4tx-bit command selects the Tx value of Sa4 in this E1 interface. Use the no form of this command
to return to the default value.
Syntax Description
<value> Specifies a 0 or a 1 for the transmit value of the SA4 bit on the E1.
Default Values
Command History
Functional Notes
This command assigns a value to the Tx spare bit in position 4. The odd-numbered frames of TS0 are not
used for frame alignment. Bits in position 4 through 8 are called spare bits. Values of 0 or 1 are accepted.
TS0 odd frame
Bit position 1 2 3 4 5 6 7 8
Bit use 0 1 RAI = 1 S S S S S
Usage Examples
The following example sets the Tx value of Sa4 to 0:
(config-e1 1/1)#sa4tx-bit 0

snmp trap line-status

Use the snmp trap line-status command to control the Simple Network Management Protocol (SNMP)
variable dsx1LineStatusChangeTrapEnable (RFC 2495) to enable (or disable) the interface to send SNMP
traps when there is an interface status change. Use the no form of this command to disable this trap.
Syntax Description
No subcommands.
Default Values
By default, the dsx1LineStatusChangeTrapEnable object identifier (OID) is set to enabled for all interfaces
Command History
Functional Notes
The snmp trap line-status command is used to control the RFC 2495 dsx1LineStatusChangeTrapEnable
OID (OID number 1.3.6.1.2.1.10.18.6.1.17.0).
Usage Examples
The following example disables the line-status trap on the T1 interface:
(config-t1 1/1)#no snmp trap line-status


Syntax Description
No subcommands.
Default Values
Command History
interface.
interface.
Functional Notes
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on the E1 interface:
(config-e1 1/1)#no snmp trap link-status

snmp trap threshold-reached

Use the snmp trap threshold-reached command to control the Simple Network Management Protocol
(SNMP) variable adGenAOSDs1ThresholdReached (adGenAOSDs1-Ext MIB) to enable the interface to
send SNMP traps when a DS1 performance counter threshold is reached. Use the no form of this command
to disable this trap.
Syntax Description
No subcommands.
Default Values
By default, the adGenAOSDs1ThresholdReached object identifier (OID) is disabled for all interfaces.
Command History
Usage Examples
The following example disables SNMP threshold reached trap on the E1 interface:
(config-e1 1/1)#no snmp trap threshold-reached

system-timing
Use the system-timing command to configure the system timing to use the E1 interface as the system
clock source. Use the no form of this command to return to the default value. Variations of this command
include:
Syntax Description
primary Configures the unit to use the E1 interface as the source of the primary
system clock.
secondary Configures the unit to use the E1 interface as the source of the secondary
system clock.
Default Values
By default, the unit is configured to recover clocking from the primary circuit.
Command History
Usage Examples
The following example configures the unit to use the E1 interface as the primary system timing source:
(config-e1 1/1)#system-timing primary

tdm-group <number>
Use the tdm-group command to create a group of contiguous channels on this interface to be used during
the cross-connect process. Use the no form of this command to remove configured time division
multiplexing (TDM) groups. Refer to cross-connect on page 76 for related information. Variations of this
command include:
tdm-group <number> timeslots <value>

tdm-group <number> timeslots <value> speed [56 | 64]
Changing tdm-group settings could result in service interruption.
Syntax Description
<number> Identifies the created TDM group. Valid range is 1 to 255.
timeslots <value> Specifies the channels to be used in the TDM group. Valid range is 1 to 31.
The timeslot value can be entered as a single number representing one of
the 31 E1 channel timeslots or as a contiguous group of channels. (For
example, 1-10 specifies the first 10 channels of the E1.)
speed [56 | 64] Optional. Specifies the individual channel rate on the E1 interface to be
56 or 64 kbps. The default speed is 64 kbps. 56 kbps operation is not
available on all E1 interfaces. Refer to the quick start guide provided with
your E1 module to determine whether 56 kbps is valid.
Default Values
By default, there are no configured TDM groups.
Command History
Usage Examples
The following example creates a TDM group (labeled 5) of 10 channels at 64 kbps each:
(config-e1 1/1)#tdm-group 5 timeslots 1-10 speed 64

test-pattern
include:
test-pattern clear
test-pattern errors
test-pattern insert
test-pattern ones
test-pattern p215
test-pattern p220
test-pattern p511
test-pattern qrss
test-pattern zeros
Syntax Description
clear Clears the test pattern error count.
errors Displays the test pattern error count.
insert Inserts an error into the currently active test pattern.
ones Generates test pattern of continuous ones.
p215 Generates a pseudorandom test pattern sequence based on a 15-bit shift
register.
register.
p511 Generates a test pattern of repeating ones and zeros.
qrss Generates a test pattern of random ones and zeros.
zeros Generates test pattern of continuous zeros.
Default Values
Command History
Usage Examples
(config-e1 1/1)#test-pattern ones

timing-domain <domain>
Use the timing-domain command to assign the interface to a system-wide voice timing domain. Use the
no form of this command to return to the default.
Syntax Description
<domain> Assigns the interface to a system-wide timing domain. Valid domains are 1
and 2.
Default Values
By default, interfaces are assigned to timing domain 1.
Command History
Usage Examples
The following example assigns the interface to timing domain 2:
(config-e1 1/1)#timing-domain 2

ts16
Use the ts16 command to enable timeslot 16 multiframe to be checked on the receive signal. Use the no
form of this command to disable timeslot 16.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
If timeslot 16 is used on the incoming E1, do not map timeslot 16 using the tdm-group command. By
default, all timeslots not physically mapped using the tdm-group command are passed through to the
G.703 interface. Leaving timeslot 16 unmapped makes it available for multiframe signaling by the
connected E1 device.
Usage Examples
The following example enables timeslot 16 multiframing:
(config-e1 1/1)#ts16

Command Reference Guide Ethernet Interface Command Set
ETHERNET INTERFACE COMMAND SET
There are multiple types of Ethernet interfaces associated with AOS:
• Basic Ethernet interfaces (e.g., eth 0/1)

• Gigabit Ethernet interfaces (e.g., giga-eth 0/3)
• Gigabit Ethernet subinterfaces associated with Layer 3 services (eg., giga-eth 0/1.1)
• Ethernet subinterfaces associated with a virtual local area network (VLAN) (e.g., eth 0/1.1)
• Ethernet subinterfaces associated with Layer 3 services (eg., eth 0/1.1)
• Switchport interfaces which are only available on specific platforms (e.g., swx 0/1)
• Gigabit switchport interfaces which are only available on specific platforms (e.g., giga-swx 0/1)
• 10 gigabit switchport interfaces which are only available on specific platforms
(e.g., xgiga-swx 1/1)
Not all platforms have Ethernet subinterfaces, Gigabit Ethernet, switchport, or gigabit
switchport interfaces available. To see if your unit has this capability, type show interfaces
at the enable prompt.
To activate the basic Ethernet Interface Configuration mode, enter the interface ethernet command at the
>enable
#configure terminal
(config-eth 0/1)#
To activate the Ethernet Subinterface Configuration mode, enter the interface ethernet command at the
>enable
#configure terminal
(config)#interface ethernet 0/1.1
(config-eth 0/1.1)#
To activate the Ethernet Subinterface Configuration mode for Layer 3 services, enter the interface
ethernet command at the Global Configuration mode prompt. For example:
>enable
#configure terminal
(config-eth 0/1.1)#

Ethernet Interface Command Set Command Reference Guide
To activate the Gigabit Ethernet Interface Configuration mode, enter the interface gigabit-ethernet
command at the Global Configuration mode prompt. For example:
>enable
#configure terminal
To activate the Gigabit Ethernet Subinterface Configuration mode, enter the interface gigabit-ethernet
>enable
#configure terminal
(config)#interface gigabit-ethernet 0/3.1
(config-giga-eth 0/3.1)#
To activate the Gigabit Switchport Interface Configuration mode, enter the interface gigabit-switchport
>enable
#configure terminal
(config-giga-swx 0/3)#
To activate the Switchport Interface Configuration mode, enter the interface switchport command at the
>enable
#configure terminal
(config-swx 0/1)#
To activate the Ethernet Configuration mode for a range of Ethernet interfaces, enter the interface range
>enable
#configure terminal
(config)#interface range ethernet 0/1, 0/8
(config-eth 0/1, 0/8)#
To activate the 10 Gigabit Switchport Interface Configuration mode, enter the interface
xgigabit-switchport command at the Global Configuration mode prompt. For example:
>enable
#configure terminal

Not all Ethernet commands apply to all Ethernet types. Use the ? command to display a list
of valid commands. For example:
>enable
Password:xxxxx
#config term
(config-eth 0/1)#?
alias - A text name assigned by an SNMP NMS
arp - Set ARP commands
awcp - Enables Adtran Wireless Control Protocol on this interface
bandwidth - Set bandwidth parameter
etc.

do on page 81
end on page 82
exit on page 83
shutdown on page 93
arp arpa on page 2146

awcp on page 2147
bandwidth <value> on page 2148
bridge-group <number> on page 2150
bridge-group <number> vlan-transparent on page 2151
ce-vlan-id <vlan id> on page 2152
channel-group <number> mode on on page 2153
connect evc <name> on page 2154
dynamic-dns on page 2155
egress-queue on page 2157
encapsulation 802.1q on page 2158
ethernet-cfm down on page 2159
ethernet-cfm mep on page 2160

ethernet lmi on page 2161

ethernet lmi interface <interface> bandwidth-threshold on page 2162
ethernet lmi forwarding on page 2164
ethernet oam commands begin on page 2164
flowcontrol receive on page 2168
full-duplex on page 2169
half-duplex on page 2170
lldp receive on page 2250
lldp send on page 2251
mac access-group <mac acl name> on page 2253
mac-address <mac address> on page 2254
mac aging-time <value> on page 2255
mac limit <value> on page 2256
max-reserved-bandwidth <value> on page 2257
media-gateway ip on page 2258
media-gateway ipv6 on page 2260
men-c-tag <value> on page 2262
men-c-tag-pri on page 2263
men-pri on page 2264
men-queue on page 2265
mtu <size> include-l2-header on page 2266
no shutdown track <name> on page 2267
ospfv3 commands begin on page 2268
performance-statistics on page 2282
port-auth auth-mode on page 2283
port-auth control-direction on page 2284
port-auth guest-vlan <vlan id> on page 2285
port-auth multiple-hosts on page 2286
port-auth port-control on page 2287
power inline on page 2288
qos on page 2290
qos-policy on page 2291
rtp quality-monitoring on page 2293
s-tag-dei on page 2294


speed on page 2306
storm-control action shutdown on page 2308
storm-control level on page 2309
storm-control rate on page 2311
subtended-host mode on page 2313
switchport commands begin on page 2314
traffic-shape rate <value> on page 2333
vlan-id <vlan id> on page 2334
vrrp <number> on page 2336
vrrpv3 <vrid> address-family on page 2339
vxlan tunnel <interface id> vni <number> on page 2341

arp arpa
Use the arp arpa command to set ARPA as the standard Address Resolution Protocol (ARP) on this
interface. Use the no form of this command to return to the default setting.
Syntax Description
No subcommands.
Default Values
The default for this command is arpa.
Command History
Ethernet Interface.
Usage Examples
The following example enables standard ARP for the Ethernet interface:

(config-eth 0/1)#arp arpa

awcp
Use the awcp command to enable ADTRAN Wireless Control Protocol (AWCP) on this interface. The
AWCP is an ADTRAN proprietary protocol used by an access controller (AC) to communicate with an
access point (AP). Use the no form of this command to disable AWCP for this interface.
Syntax Description
No subcommands.
Default Values
By default, AWCP is enabled on the interface.
Command History
Ethernet Interface.
Functional Notes
When the global-level command dot11ap access-point-controller (refer to dot11ap access-point-control
on page 1260 for more information) is enabled, the AWCP function can be disabled on a specific interface
by using the no form of this command from the desired interface. When the global-level command
dot11ap access-point-controller is disabled, it overrides the awcp command setting for the interface.
Usage Examples
The following example disables AWCP on Ethernet interface 0/1:

(config-eth 0/1)#no awcp

bandwidth <value>
Use the bandwidth command to provide the bandwidth value of an interface to the higher level protocols.
This value is used in cost calculations. Use the no form of this command to restore the default value.
Syntax Description
<value> Specifies bandwidth in kbps. Range is 1 to 4294967295 kbps.
Default Values
To view default value, use the show interfaces command.
Command History
Ethernet Interface.
Functional Notes
The bandwidth command is an informational value that is communicated to the higher level protocols to
be used in cost calculations. While this is a routing parameter that does not affect the physical interface, it
does affect the amount of bandwidth available for use in Quality of Service (QoS) configurations.
It is important to note that there is an order of precedence in determining the interface bandwidth reported
by the router for QoS. Under normal circumstances, the Layer 1 bandwidth is reported based on the
interface type. For example, a T1 interface will report the available bandwidth as 1.536 Mbps. This can be
misleading in QoS configurations if the bandwidth command has been applied to the IP interface for
routing purposes because the command overrides the reported available bandwidth that can be utilized for
QoS. Using the bandwidth command can severely disrupt the configuration of QoS on the interface,
therefore, use the max-reserved-bandwidth command (page 2257) to adjust the bandwidth appropriately
for QoS configurations.
When configuring QoS for an Ethernet or VLAN interface, the interface traffic-shape rate command can
be used to configure traffic shaping without applying a QoS map. If traffic shaping is applied to the same
interface that will also have a QoS map applied to it, the amount of bandwidth available for the QoS policy
is reduced to the value set with the traffic-shape rate command (page 2333). This value should be set to
match the upload speed of the circuit. For example, under normal circumstances, an Ethernet interface
can negotiate to 100 Mbps. However, the throughput of the upstream equipment is usually significantly
less than the negotiated rate. The traffic-shape rate command is used to define the limit of when QoS
policies containing the commands bandwidth on page 4451 or priority on page 4466 should be enforced
according to the upload speed of the circuit. If the bandwidth <value> command is also entered on the
same IP interface as the traffic-shape rate command, it will overwrite the value of the traffic-shape rate
command for QoS purposes. It is not recommended to use the bandwidth <value> command for QoS.
Instead, use the max-reserved-bandwidth command (page 2257) to adjust the bandwidth appropriately
because the traffic-shape rate command is required for QoS to function properly on VLAN and Ethernet
WAN IP interfaces.

Usage Examples
The following example sets bandwidth of the Ethernet 0/1 interface to 10 Mbps:

(config-eth 0/1)#bandwidth 10000

bridge-group <number>
Use the bridge-group command to assign an interface to the specified bridge group. Use the no form of
this command to remove the interface from the bridge group.
Syntax Description
<number> Specifies the bridge group (by number) to which to assign this interface.
Range is 1 to 255.
Default Values
By default, there are no configured bridge groups.
Command History
Functional Notes
A bridged network can provide excellent traffic management to reduce collisions and limit the amount of
bandwidth wasted with unnecessary transmissions when routing is not necessary. Any two interfaces can
be bridged (e.g., Ethernet to T1 bridge, Ethernet to Frame Relay subinterface).
Usage Examples
The following example assigns the Ethernet interface to bridge-group 17:

(config-eth 0/1)#bridge-group 17

bridge-group <number> vlan-transparent

Use the bridge-group vlan-transparent command to prevent an interface from removing the virtual local
area network (VLAN) tag. Use the no form of this command to allow the interface to remove the VLAN
tag from the packet.
The bridge-group vlan-transparent command is not a global command. The command

must be applied on all interfaces of the bridge group.
Syntax Description
<number> Specifies the bridge group number. Valid range is 1 to 255.
Default Values
By default, VLAN tags are removed from the data.
Command History
interface and Frame Relay subinterface.
Usage Examples
The following example removes the VLAN tags from the packets on the Ethernet interface 0/1:

(config-eth 0/1)#bridge-group 1 vlan-transparent

ce-vlan-id <vlan id>

Use the ce-vlan-id command to set a customer-edge (CE) virtual local area network (VLAN) ID for
Layer 3 service subinterfaces used as the Metro Ethernet network (MEN) port. Use the no form of this
command to remove the CE VLAN ID configuration from the subinterface. Variations of this command
include:
ce-vlan-id <vlan id>

ce-vlan-id <vlan id> untagged
Syntax Description
<vlan id> Specifies a valid CE VLAN interface ID number. Range is 1 to 4095.
untagged Optional. Specifies that all untagged packets are identified with this
subinterface.
Default Values
By default, all Layer 3 service subinterface traffic is unspecified, which prevents the subinterface from
becoming active.
Command History
Usage Examples
The following example configures a CE VLAN of 100 for the Gigabit Ethernet subinterface 0/1.1:

(config-giga-eth 0/1.1)#ce-vlan-id 100

channel-group <number> mode on

Use the channel-group mode on command to statically add the interface to a channel group. To remove
an interface from a channel group, use the no form of this command.
Syntax Description
<number> Specifies the channel-group number. Range is 1 to 6.
Default Values
By default, the interface is not part of a channel group.
Command History
Functional Notes
There can be up to six channel groups with 2 to 8 interfaces per group. Dynamic protocols are not yet
supported (only static). A physical interface can be a member of only one channel group.
Usage Examples
The following example adds the Ethernet 0/1 interface to channel group 1:

(config-eth 0/1)#channel-group 1 mode on
(config-eth 0/1)#

connect evc <name>

Use the connect evc command to associate the Ethernet virtual connection (EVC) with the subinterface for
Layer 3 Metro Ethernet network (MEN) to CPU communication. Use the no form of this command to
remove the connection.
Syntax Description
<name> Specifies the EVC to which the matching traffic is mapped.
Default Values
By default, no EVC components are connected to the subinterface.
Command History
Functional Notes
The EVC’s connected MEN port must match the parent interface of the Layer 3 subinterface for the
subinterface to be active. This command is required if the parent interface is a network-to-network
interface (NNI) and will not function if the parent interface is a user network interface (UNI).
Usage Examples
The following example specifies that EVC CustomerSVC is associated with Gigabit Ethernet subinterface
1/1.1:

(config-giga-eth-1/1.1)#connect evc CustomerSVC

dynamic-dns
Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network
Services, Inc. (www.dyndns.org). Use the no form of this command to disable this feature. Variations of
dynamic-dns custom <hostname> <minutes>

dynamic-dns dyndns <hostname> <username> <password>
dynamic-dns dyndns-custom <hostname> <username> <password>
dynamic-dns dyndns-static <hostname> <username> <password>
Syntax Description
<hostname> Specifies the host name for the server that updates the dynamic domain
naming system (DNS).
<minutes> Specifies the intervals in minutes to update the server with information
(updates also occur when the interface’s IP address changes regardless of
the update intervals).
<username> Specifies the user name.
<password> Specifies the password.
Refer to Functional Notes below for additional argument descriptions.
Default Values
Command History
Ethernet Interface.
Functional Notes
custom - Constanttime.com’s Custom Dynamic DNSSM service allows you complete access and
management control over your domain name regardless of where you purchased/registered it. This allows
you to manage IP address mappings (A records), domain aliases (CNAME records), and mail servers (mail
exchange (MX) records).
dyndns - The Dynamic DNSSM offered by Dynamic Network Services, Inc. (DynDNS.org) allows you to
alias a dynamic IP address to a static host name in various domains. This allows your unit to be more
easily accessed from various locations on the Internet. This service is provided for up to five host names.
dyndns-custom - DynDNS.org's Custom DNSSM service provides a full DNS solution, giving you
complete control over an entire domain name. A Web-based interface provides two levels of control over
your domain, catering to average or advanced users. Five globally redundant DNS servers ensure that
your domain will always resolve.

A choice of two interfaces is available. The basic interface is designed for most users. It comes
preconfigured for most common configurations and allows for easy creation of most common record types.
The advanced interface is designed for system administrators with a solid DNS background, and provides
layout and functionality similar to a BIND zone file allowing for the creation of nearly any record type.
Custom DNSSM can be used with both static and dynamic IPs, and has the same automatic update
capability through Custom DNS-aware clients as Dynamic DNS.
dyndns-static - The Static DNS service is similar to DynDNS.org’s Dynamic DNSSM service in that it
allows a host name, such as yourname.dyndns.org, to point to your IP address. Unlike a Dynamic DNS
host, a Static DNS host does not expire after 35 days without updates, but updates take longer to
propagate through the DNS system. This service is provided for up to five host names.
If your IP address does not change often or at all, but you still want an easy name to remember it by
(without having to purchase your own domain name), Static DNS service is ideal for you.
If you would like to use your own domain name (such as yourname.com), you need Custom DNS service
that also provides full dynamic and static IP address support.
Usage Examples
The following example sets the Dynamic DNS to dyndns-custom with host name host, user’s name user,
and password pass:

(config-eth 0/1)#dynamic-dns dyndns-custom host user pass

egress-queue
Use the egress-queue command to specify the output queue used by the Ethernet virtual connection (EVC)
for traffic egressing this Layer 3 interface towards the user network interface (UNI). Use the no form of
egress-queue inherit
egress-queue <value>
Syntax Description
inherit Specifies that traffic egressing the subinterface is mapped to the UNI queue
based on the packet’s outer tag value.
<value> Specifies the queue to which the traffic is mapped. Valid range is 0 to 7.
Default Values
By default, egressing traffic inherits the queue information.
Command History
Usage Examples
The following example specifies that egress traffic from the Layer 3 Ethernet subinterface 1/1.1 is mapped
to egress queue 5:

(config-eth-1/1.1)#egress queue 5

encapsulation 802.1q
Use the encapsulation 802.1q command to put the interface into 802.1q virtual local area network
(VLAN) mode.
Syntax Description
No subcommands.
Default Values
Command History
Ethernet Interface.
Usage Examples
The following example puts Ethernet interface 0/1 in 802.1q mode and configures a subinterface for VLAN
usage:

(config-eth 0/1)#encapsulation 802.1q
(config-eth 0/1)#interface ethernet 0/1.1
(config-eth 0/1.1)#vlan-id 3

ethernet-cfm down
Use the ethernet-cfm down command to enable Ethernet operations, administration, and maintenance
(OAM) connectivity fault management (CFM) on the Ethernet interface. Use the no form of this command
to disable Ethernet OAM CFM on this interface.
Syntax Description
No subcommands.
Default Values
By default, Ethernet OAM CFM is disabled.
Command History
Ethernet Interface.
Functional Notes
For more information regarding specific Ethernet OAM CFM configuration commands on the Ethernet
interface, refer to the Ethernet OAM CFM Command Set on page 4390.
Usage Examples
The following example enables Ethernet OAM CFM on Ethernet interface 0/1:

(config-eth 0/1)#ethernet-cfm down

ethernet-cfm mep
Use the ethernet-cfm mep command to create an Ethernet operations, administration, and maintenance
(OAM) connectivity fault management (CFM) maintenance endpoint (MEP) on the Ethernet interface. Use
the no form of this command to remove the MEP from the interface. Variations of this command include:
ethernet-cfm mep <name> <name> <mep id> down

ethernet-cfm mep none <name> <mep id> down
Syntax Description
<name> Specifies the MEP’s maintenance domain.
<name> Specifies the MEP’s maintenance association.
<mep id> Specifies the unique numerical ID for this MEP. Range is 1 to 8191.
none Optional. Specifies no domain name is used.
down Specifies the direction of the MEP.
Default Values
By default, no MEPs exist on the interface.
Command History
Ethernet Interface.
Functional Notes
For more information about specific MEP configuration commands, refer to the Ethernet OAM CFM
Usage Examples
The following example creates an MEP, with the MEP ID 100, on Ethernet interface eth 0/1. The MEP is
associated with maintenance domain Domain1 and association association1:

(config-eth 0/1)#ethernet-cfm mep Domain1 association1 100 down
(config-eth 0/1-mep)

ethernet lmi
Use the ethernet lmi command to enable Ethernet local management interface (E-LMI) on the Gigabit
Ethernet interface. Use the no form of this command to disable the feature.
Syntax Description
No subcommands.
Default Values
By default, this feature is disabled. When enabled, the interface is in the provider edge (PE) mode.
Command History
Release R11.6.0 Support for monitoring Y.1731 alarms and conditions was added.
Functional Notes
E-LMI is a feature used by AOS to provide user network interface (UNI) and Ethernet virtual connection
(EVC) status information to the customer edge (CE) device. Status information is gathered from E-LMI
messages exchanged between the PE and CE devices, and is stored in the AOS device.
The no form of this command disables E-LMI on the interface and also automatically removes the
configured E-LMI bandwidth threshold for the interface, if configured. Refer to the command ethernet lmi
interface <interface> bandwidth-threshold on page 2162.
Usage Examples
The following example enables the E-LMI feature:

(config-giga-eth 0/2)#ethernet lmi

ethernet lmi interface <interface> bandwidth-threshold

Use the ethernet lmi interface <interface> bandwidth-threshold command to monitor the bandwidth of
an interface to determine the status of the Ethernet virtual connection (EVC). If the bandwidth of the
interface drops below the specified amount, Ethernet local management interface (E-LMI) will indicate
that the EVC status is NOT ACTIVE. Use the no form of this command to disable the feature. Variations
ethernet lmi interface <interface> bandwidth-threshold downspeed <value>

ethernet lmi interface <interface> bandwidth-threshold upspeed <value>
ethernet lmi interface <interface> bandwidth-threshold downspeed <value> upspeed <value>
Syntax Description
<interface> Specifies the Layer 2 interface to monitor for reduced bandwidth.
downspeed <value> Specifies the bandwidth threshold for traffic moving from the Metro Ethernet
network (MEN) to the UNI. If the interface’s bandwidth in this direction drops
below the specified value, E-LMI will indicate that the EVC is down. Valid
range is 0 to 4294967295 kbps. Specifying a value of 0 disables the
bandwidth monitoring.
upspeed <value> Specifies the bandwidth threshold for traffic moving from the UNI to the
MEN. If the interface’s bandwidth in this direction drops below the specified
value, E-LMI will indicate that the EVC is down. Valid range is 0 to
4294967295 kbps. Specifying a value of 0 disables the bandwidth
monitoring.
Default Values
Command History
Functional Notes
E-LMI is a feature used by AOS to provide UNI and EVC status information to the customer edge (CE)
device. Status information is gathered from E-LMI messages exchanged between the provider edge (PE)
and CE devices, and is stored in the AOS device.
If the actual bandwidth for the specified interface drops below the specified bandwidth, E-LMI indicates
that the EVC is active. If the actual bandwidth is greater than or equal to the specified bandwidth, E-LMI
indicates that the EVC is active. If both downspeed and upspeed are specified, and if the bandwidth in
either direction falls below the specified threshold, E-LMI indicates that the EVC is inactive.
Only one interface can be specified using this command. Entering a different interface over-writes the
existing configuration.
Using the no version of the command ethernet lmi on page 2161 also removes the configured E-LMI
bandwidth threshold on the interface.

Usage Examples
The following example monitors the downspeed bandwidth for the interface:

(config-giga-eth 0/2)#ethernet lmi interface efm-group 1/1 bandwidth-threshold downspeed 400000

ethernet lmi forwarding

Use the ethernet lmi forwarding command to enable transparent forwarding of E-LMI messages from
UNI to NNI. Use the no form of this command to disable transparent forwarding of E-LMI messages.
Syntax Description
No subcommands.
Default Values
By default, this feature is disabled. When enabled, the interface transparently forwards E-LMI messages.
Command History
Usage Examples
The following example enables Gigabit Ethernet interface 0/2 to transparently forward E-LMI messages:

(config-giga-eth 0/2)#ethernet lmi forwarding
ethernet oam enable
Use the ethernet oam enable command to enable Ethernet Link operations, administration, and
management (OAM) on the interface. Use the no form of this command to disable Ethernet Link OAM on
this interface.
Syntax Description
No subcommands.
Default Values
By default, Ethernet Link OAM is disabled when an interface is created. However, some products have
Ethernet OAM enabled in their factory default configuration (for example, the NetVanta 4660).
Command History
Usage Examples
The following example enables Ethernet Link OAM on Gigabit Ethernet interface 0/1:

(config-giga-eth 0/1)#ethernet oam enable

ethernet oam mode passive

Use the ethernet oam mode passive command to specify the Ethernet Link operations, administration,
and management (OAM) mode on the interface. Use the no form of this command to return to the default
setting.
Syntax Description
No subcommands.
Default Values
By default, Ethernet Link OAM operates in active mode.
Command History
Functional Notes
When Ethernet Link OAM is in active mode (default setting), the interface attempts to initiate the OAM
discovery process once Ethernet Link OAM is enabled. When Ethernet Link OAM is operating in passive
mode, the interface waits for an active peer to initiate OAM discovery, as outlined in IEEE 802.3ah.
Usage Examples
The following example places Ethernet Link OAM in passive mode on Gigabit Ethernet interface 0/1:

(config-giga-eth 0/1)#ethernet oam mode passive

ethernet oam link-monitor

Use the ethernet oam link monitor command to allow the interface to receive Ethernet Link operations,
administration, and maintenance (OAM) Protocol Data Unit (PDU) Event Notifications on the interface.
Use the no form of this command to disable OAM PDU Event Notifications on this interface.
Syntax Description
No subcommands.
Default Values
By default, Ethernet Link OAM PDU support is enabled on the interface.
Command History
Functional Notes
By default, support for OAM PDUs is advertised during OAM discovery. When OAM is enabled, the
interface can receive OAM PDU Event Notifications, OAM PDUs with the Critical Link Event flags set, and
Link Event time, length, value (TLV) notifications.
When link events are received by the interface, it keeps a record of the last two unique events on a
per-event type basis. This includes critical link events, such as critical events, dying gasps, and link fault
notifications, as well as regular link events, such as Errored Symbol Period, Errored Frames, Errored
Frame Period, and Errored Frame Seconds Summary TLVs. You can view the recorded local and remote
OAM link events using the show ethernet oam statistics command as described on page 631. You can
clear the recorded events using the clear ethernet oam statistics command, as described on page 136.
Usage Examples
The following example disables support for receiving Ethernet Link OAM PDUs on Gigabit Ethernet
interface 0/1:

(config-giga-eth 0/1)#no ethernet oam link-monitor

ethernet oam mib-retrieval

Use the ethernet oam mib-retrieval command to enable Ethernet Link operations, administration, and
management (OAM) Protocol Data Unit (PDU) Variable Responses and Variable Requests on the
interface. Us the no form of this command to disable Variable Response and Request support for this
interface.
Syntax Description
No subcommands.
Default Values
By default, Ethernet Link OAM PDU Variable Request and Response support is enabled on the interface.
Command History
Functional Notes
By default, support for OAM PDUs is advertised during OAM discovery. When OAM is enabled, the
interface can receive OAM PDU Event Notifications, OAM PDUs with the Critical Link Event flags set, and
Link Event time, length, value (TLV) notifications.
When link events are received by the interface, it keeps a record of the last two unique events on a
per-event type basis. This includes critical link events, such as critical events, dying gasps, and link fault
notifications, as well as regular link events, such as Errored Symbol Period, Errored Frames, Errored
Frame Period, and Errored Frame Seconds Summary TLVs. You can view the recorded local and remote
OAM link events using the show ethernet oam statistics as described on page 631. You can clear the
recorded events using the clear ethernet oam statistics command, as described on page 136.
Usage Examples
The following example disables support for receiving Ethernet Link OAM PDUs on Gigabit Ethernet
interface 0/1:

(config-giga-eth 0/1)#no ethernet oam link-monitor

flowcontrol receive
Use the flowcontrol receive command to enable incoming flow control for the Ethernet interface. If
flowcontrol receive is enabled, the unit will honor received pause frames. Use the no form of this
command to disable flow control.
Syntax Description
No subcommands.
Default Values
By default, flow control is disabled.
Command History
Usage Examples
The following example specifies that Ethernet interface giga-eth 0/1 honors received pause frames:

(config-giga-eth 0/1)#flowcontrol receive

full-duplex
Use the full-duplex command to configure the Ethernet interface for full-duplex operation. This allows the
interface to send and receive simultaneously. Use the no form of this command to return to the default
half-duplex operation.
Syntax Description
No subcommands.
Default Values
By default, all Ethernet interfaces are configured for half-duplex operation.
Command History
Release R12.1.0 Command was made unavailable for Ethernet interfaces on virtual AOS
(vAOS) instances.
Functional Notes
Full-duplex Ethernet is a variety of Ethernet technology currently being standardized by the IEEE. Because
there is no official standard, vendors are free to implement their independent versions of full-duplex
operation. Therefore, it is not safe to assume that one vendor’s equipment will work with another.
Devices at each end of a full-duplex link have the ability to send and receive data simultaneously over the
link. Theoretically, this simultaneous action can provide twice the bandwidth of normal (half-duplex)
Ethernet. To deploy full-duplex Ethernet, each end of the link must only connect to a single device (a
workstation or a switched hub port). With only two devices on a full-duplex link, there is no need to use the
medium access control mechanism (to share the signal channel with multiple stations) and listen for other
transmissions or collisions before sending data.
Some Ethernet equipment (though rare) is unable to negotiate duplex if speed is manually
determined. To avoid incompatibilities, manually set the duplex if the speed is manually set.
Refer to speed on page 2306 for more information.
The 10Base-T, 100Base-TX, and 100Base-FX signaling systems support full-duplex operation (because
they have transmit and receive signal paths that can be simultaneously active).
This command is not available for Ethernet interfaces on vAOS instances.
Usage Examples
The following example configures the Ethernet interface for full-duplex operation:

(config-eth 0/1)#full-duplex

half-duplex
Use the half-duplex command to configure the Ethernet interface for half-duplex operation. This setting
allows the Ethernet interface to either send or receive at any given moment, but not simultaneously. Use
the no form of this command to disable half-duplex operation.
Syntax Description
No subcommands.
Default Values
By default, all Ethernet interfaces are configured for half-duplex operation.
Command History
(vAOS) instances.
Functional Notes
Half-duplex Ethernet is the traditional form of Ethernet that employs the carrier sense multiple
access/collision detect (CSMA/CD) protocol to allow two or more hosts to share a common transmission
medium while providing mechanisms to avoid collisions. A host on a half-duplex link must “listen” on the
link and only transmit when there is an idle period. Packets transmitted on the link are broadcast (so it will
be “heard” by all hosts on the network). In the event of a collision (two hosts transmitting at once), a
message is sent to inform all hosts of the collision and a backoff algorithm is implemented. The backoff
algorithm requires the station to remain silent for a random period of time before attempting another
transmission. This sequence is repeated until a successful data transmission occurs.
Some Ethernet equipment (though rare) is unable to negotiate duplex if speed is

manually determined. To avoid incompatibilities, manually set the duplex if the speed
is manually set. Refer to speed on page 2306 for more information.
Usage Examples
The following example configures the Ethernet interface for half-duplex operation:

(config-eth 0/1)#half-duplex

ip access-group <ipv4 acl name>

Use the ip access-group command to apply an Internet Protocol version 4 (IPv4) access control list (ACL)
to be used for IPv4 packets transmitted on or received from the specified interface. Use the no form of this
command to disable this type of control. Variations of this command include:
ip access-group <ipv4 acl name> in

ip access-group <ipv4 acl name> out
Syntax Description
<ipv4 acl name> Applies the named IPv4 ACL to the interface.
in Enables access control on IPv4 packets received on the specified interface.
out Enables access control on IPv4 packets transmitted on the specified
interface.
Default Values
By default, these commands are disabled.
Command History
Ethernet Interface.
Functional Notes
When this command is enabled, the IPv4 destination address of each packet must be validated before
being passed through. If the packet is not acceptable per these settings, it is dropped.
Usage Examples
The following example configures the router to only allow IPv4 Telnet traffic (as defined in the
user-configured TelnetOnly ACL) into the Ethernet interface:
(config)#ip access-list extended TelnetOnly

(config-ext-nacl)#permit tcp any any eq telnet
(config-ext-nacl)#interface ethernet 0/1
(config-eth 0/1)#ip access-group TelnetOnly in


Syntax Description
Default Values
Command History
interfaces.
products.
Functional Notes
Usage Examples


Associate the ACP with the Ethernet interface 0/1:

(config-eth 0/1)#ip access-policy PRIVATE

ip address dhcp
Use the ip address dhcp command to use Dynamic Host Configuration Protocol (DHCP) to obtain an
address on the interface. Use the no form of this command to remove a configured IP address (using
DHCP) and disable DHCP operation on the interface. Variables that may be used with this command to
further define the DHCP configuration include:
ip address dhcp class-id [ascii <string> | hex <value>] [client-id [<interface> | <identifier>]] [hostname
<“string”>] [track <name>] [<administrative distance>]
ip address dhcp client-id [<interface> | <identifier>] [hostname <“string”>] [track <name>]
[<administrative distance>]
ip address dhcp hostname “<string>” [no-default-route | no-domain-name | no-nameservers]
[track <name>] [<administrative distance>]
ip address dhcp [no-default-route | no-domain-name | no-nameservers] [track <name>]
ip address dhcp track <name> [<administrative distance>]
Syntax Description
<administrative distance> Optional. Specifies the administrative distance to use when adding the
DHCP gateway into the route table. It is used to determine the best route
when multiple routes to the same destination exist. The lower the
administrative distance, the more reliable the route. Range is 1 to 255.
class-id Optional. Specifies the vendor class identifier for the interface.
ascii <string> Specifies the vendor class identifier in an ASCII string of up to 255 bytes.
hex <value> Specfies the vendor class identifier in hexadecimal format. Valid range is up
to 510 hexadecimal numbers. An even number of digits is required.
client-id Optional. Specifies the client identifier used when obtaining an IP address
from a DHCP server.
<interface> Specifies an interface, thus defining the client identifier as the hexadecimal
medium access control (MAC) address of the specified interface (including
a hexadecimal number added to the front of the MAC address to identify the
media type).
For example, specifying the client-id ethernet 0/1 (where the Ethernet
interface has a MAC address of d217.0491.1150) defines the client
identifier as 01:d2:17:04:91:11:50 (where 01 defines the media type as
Ethernet). Refer to hardware-address on page 4329 for a detailed listing of
media types.
<identifier> Specifies a custom client-identifier using a text string (that is converted to a
hexadecimal equivalent) or 7 to 28 hexadecimal numbers (with colon
delimiters).
For example, a custom client identifier of 0f:ff:ff:ff:ff:51:04:99:a1 may be
entered using the <identifier> option.
hostname <“string”> Optional. Specifies a text string (to override the global router name) to use
as the name in the DHCP option 12 field. The string is enclosed in quotation
marks and can consist of up to 35 characters.

no-default-route Optional. Specifies that no default route is obtained via DHCP.

no-domain-name Optional. Specifies that no domain name is obtained via DHCP.
no-nameservers Optional. Specifies that no domain naming system (DNS) servers are
obtained via DHCP.
track <name> Optional. Attaches a network monitoring track to the DHCP client. The
DHCP gateway route for this client will only reside in the route table while
the track is in the pass state. For more information on configuring track
objects, refer to track <name> on page 1871.
Default Values
<administrative distance> By default, the administrative distance value is 1.
class-id Optional. By default, no vendor class identifier is configured.
client-id Optional. By default, the client identifier is populated using the following
formula:
TYPE: INTERFACE SPECIFIC INFO : MAC ADDRESS
Where TYPE specifies the media type in the form of one hexadecimal byte
(refer to hardware-address on page 4329 for a detailed listing of media
types), and the MAC ADDRESS is the medium access control (MAC)
address assigned to the first Ethernet interface in the unit in the form of six
hexadecimal bytes. (For units with a single Ethernet interface, the MAC
ADDRESS assigned to Ethernet 0/1 is used in this field.)
INTERFACE SPECIFIC INFO is only used for Frame Relay interfaces and
can be determined using the following:
FR_PORT#: Q.922 ADDRESS
Where the FR_PORT# specifies the label assigned to the virtual Frame
Relay interface using four hexadecimal bytes. For example, a virtual Frame
Relay interface labeled 1 would have a FR_PORT# of 00:00:00:01.
The Q.922 ADDRESS field is populated using the following:
8 7 6 5 4 3 2 1
DLCI (high order) C/R EA
DLCI (lower) FECN BECN DE EA
Where the FECN, BECN, C/R, DE, and high order extended address (EA)
bits are assumed to be 0 and the lower order EA bit is set to 1.
The following list provides a few example DLCIs and associated Q.922
address:
DLCI (decimal) / Q.922 address (hex)

16 / 0x0401
50 / 0x0C21
60 / 0x0CC1
70 / 0x1061
80 / 0x1401
hostname “<string>” By default, the host name is the name configured using the Global
Configuration hostname command.
Command History
subinterface.
Release 13.1 Command was expanded to include the track and administrative distance.
Ethernet Interface.
Release R10.10.0 Command was expanded to include the class-id parameter in support of
DHCP Option 60.
Functional Notes
DHCP allows interfaces to acquire a dynamically assigned IP address from a configured DHCP server on
the network. Many service providers require the use of DHCP when connecting to their services. Using
DHCP reduces the number of dedicated IP addresses the ISP must obtain. Consult your ISP to determine
the proper values for the client-id and hostname fields.
The vendor class identifier is sent to the DHCP server in DHCP discover and request messages via
DHCP Option 60. This option gives the DHCP server details regarding DHCP client configuration and also
allows the server to send any vendor-specific information to the client in DHCP offer messages via
Option 43.
Usage Examples
The following example enables DHCP operation on the Ethernet interface 0/1:

(config-eth 0/1)#ip address dhcp
The following example enables DHCP operation on the Ethernet interface 0/1 utilizing host name adtran
and does not allow obtaining a default route, domain name, or name servers. It also sets the administrative
distance as 5:

(config-eth 0/1)#ip address dhcp hostname “adtran” no-default-route no-domain-name
no-nameservers 5

ip address <ipv4 address> <subnet mask>

Use the ip address command to define an Internet Protocol version 4 (IPv4) address on the specified
interface (only one primary address is allowed). Use the optional secondary keyword to define a
secondary IPv4 address. Use the no form of this command to remove a configured IPv4 address.

ip address <ipv4 address> <subnet mask> secondary
Syntax Description
<ipv4 address> Specifies a valid IPv4 address. IPv4 addresses should be expressed in
example, /24).
secondary Optional. Configures a secondary IPv4 address for the specified interface.
Default Values
By default, there are no assigned IPv4 addresses.
Command History
Ethernet Interface.
Functional Notes
Use secondary IPv4 addresses to allow dual subnets on a single interface (when you need more IP
addresses than the primary subnet can provide). When using secondary IPv4 addresses, avoid routing
loops by verifying that all devices on the network segment are configured with secondary IPv4 addresses
on the secondary subnet.
Usage Examples
The following example configures a secondary IPv4 address of 192.22.72.101 /30:

(config-eth 0/1)#ip address 192.22.72.101 /30 secondary

ip address range <start ip address> <end ip address> <subnet mask>

secondary
Use the ip address range secondary command to specify a range of secondary Internet Protocol version 4
(IPv4) addresses on the specified interface. Use the no form of this command to remove the range of
configured IPv4 addresses.
Syntax Description
<start ipv4 address> Specifies the first IPv4 address in the range.
<end ipv4 address> Specifies the last IPv4 address in the range.
example, 10.10.10.1).
example, /24).
Default Values
By default, no IPv4 address range is defined.
Command History
Release R10.1.0 Command was added to the facility data link (FDL) interface.
Functional Notes
Use secondary IPv4 addresses to allow dual subnets on a single interface (when you need more IPv4
Usage Examples
The following example configures a range of secondary IPv4 addresses from 192.22.72.1 to 192.22.72.10
on subnet 255.255.255.252:

(config-eth 0/1)#ip address range 192.22.72.1 192.22.72.10 255.255.255.252 secondary

ip crypto map <name>

Use the ip crypto map command to associate Internet Protocol version 4 (IPv4) crypto maps with the
interface. Use the no form of this command to remove a crypto map from an interface.
When you apply a map to an interface, you are applying all crypto maps with the given
map name. This allows you to apply multiple crypto maps if you have created maps that
share the same name, but have different map index numbers.
Syntax Description
<name> Specifies the IPv4 crypto map name that you wish to assign to the interface.
Default Values
By default, no crypto maps are assigned to an interface.
Command History
subinterface.
Release 9.1 Command was expanded to include the High-Level Data Link Control
(HDLC) interface.
Release 11.1 Command was expanded to include the demand interface.
Ethernet Interface.
Functional Notes
When configuring a system to use both the stateful inspection firewall and Internet key exchange (IKE)
negotiation for VPN, keep the following notes in mind.
When defining the IPv4 policy class and associated access control lists (ACLs) that describe the behavior
of the IPv4 firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated
by the system. The firewall should be set up with respect to the unencrypted traffic that is destined to be
sent or received over the VPN tunnel. The following diagram represents typical AOS data-flow logic.

Interfaces (Ethernet, Frame Relay, PPP, local)
Static Filter Static Filter

(in) (out)
IPSec IPSec
Decrypt/Discard Encrypt
NAT/ACP/
Firewall
Router
As shown in the diagram above, data coming into the product is first processed by the static filter
associated with the interface on which the data is received. This access group is a true static filter and is
available for use regardless of whether the IPv4 firewall is enabled or disabled. Next (if the data is
encrypted), it is sent to the IPSec engine for decryption. The decrypted data is then processed by the
stateful inspection firewall. Therefore, given a terminating VPN tunnel, only unencrypted data is processed
by the firewall.
The IPv4 ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an
interface. When specifying the ACLs for a crypto map, the source information is the private local side,
unencrypted source of the data. The destination information will be the far-end, unencrypted destination of
the data. However, ACLs for a policy class work in reverse. The source information for the ACL in a policy
class is the far end. The destination information is the local side.
Usage Examples
The following example applies all IPv4 crypto maps with the name MyMap to the Ethernet interface:
(config)#ethernet 0/1
(config-eth 0/1)#ip crypto map MyMap

ip dhcp
Use the ip dhcp command to release or renew the Dynamic Host Configuration Protocol (DHCP) Internet
Protocol version 4 (IPv4) address. This command is only applicable when using DHCP for IP address
assignment. Variations of this command include:
ip dhcp release
ip dhcp renew
Syntax Description
release Releases the DHCP IPv4 address.
renew Renews the DHCP IPv4 address.
Default Values
Command History
Release 8.1 Command was added to the asynchronous transfer mode (ATM)
subinterface.
Ethernet interface.
Release R10.1.0 Command was added to the bridged virtual interface (BVI).
Usage Examples
The following example releases the IPv4 address assigned (by DHCP) on the Ethernet interface 0/1:

(config-eth 0/1)#ip dhcp release

ip dhcp relay destination <ipv4 address>

Use the ip dhcp relay destination command to enable Dynamic Host Control Protocol (DHCP) for
Internet Protocol version 4 (IPv4) and to specify the IPv4 address for the DHCPv4 messages. Using the no
form of this command disables the relay functionality for the specified destination. When all destinations
are removed, DHCPv4 relay functionality is disabled on the interface.
Syntax Description
<ipv4 address> Specifies the IPv4 address for the DHCPv4 messages. IPv4 addresses
Default Values
By default, no DHCP relay agent destinations are configured and the relay agent mode is disabled.
Command History
Usage Examples
The following example enables DHCPv4 relay agent functionality and specifies the destination address as
192.33.4.251:

(config-eth 0/1)#ip dhcp relay destination 192.33.4.251

ip directed-broadcast
Use the ip directed-broadcast command to allow reception/forwarding of directed broadcasts. Use the no
ip directed-broadcast <name>
Syntax Description
<name> Optional. Specifies an IP access control list (ACL) to filter traffic.
Default Values
Command History
Ethernet Interface.
Functional Notes
A directed broadcast is a packet intended for all nodes on a nonlocal network. For example, the broadcast
address 255.255.255.255 reaches all nodes on a network; the directed broadcast address 128.1.255.255
is intended for all nodes whose network address is 128.1.0.0. A router not directly attached to 128.1.0.0
simply forwards the directed broadcast packet to the next hop. A router on network 128.1.0.0 that has ip
directed-broadcast enabled, accepts and forwards the packet to all nodes whose network address is
128.1.0.0. Routers connecting subnets of 128.1.0.0 also accept and forward the packet to the nodes on
their respective subnets. When a directed broadcast packet reaches a router that is directly connected to
its destination subnet, that packet is distributed as a broadcast on the destination subnet. The packet is
then sent as a link-layer broadcast.
The ip directed-broadcast command controls the distribution of directed broadcasts when they reach
their target subnets. Only the final transmission of the directed broadcast on its ultimate destination subnet
is affected. It does not affect the transit unicast routing of IP directed broadcasts.
If ip directed-broadcast is enabled for this interface, incoming IP packets whose addresses identify them
as directed broadcasts intended for the subnet to which this interface is attached will be forwarded as
broadcasts on that subnet. Forwarding of the packets can be limited by specifying an ACL with this
command. In this case, only directed broadcasts that are permitted by the specified ACL will be forwarded,
and all other directed broadcasts directed to this interface subnet will be dropped.
Disabling the ip directed-broadcast command will cause directed broadcasts destined for the subnet to
which this interface is attached to be dropped.
This option is a requirement for routers as described in RFC 1812, section 4.2.2.11. Furthermore, it is
disabled by default (RFC 2644), with the intended goal of reducing the efficacy of certain types of denial of
service (DoS) attacks.

Usage Examples
The following example enables forwarding of directed broadcasts on the interface ethernet 0/1:

(config-eth 0/1)#ip directed-broadcast

ip ffe
Use the ip ffe command to enable the RapidRoute fast forwarding engine (FFE) on this Internet Protocol
version 4 (IPv4) interface with the default number of entries. Use the no form of this command to disable
ip ffe
Issuing this command will cause all RapidRoute entries to be cleared from this IPv4
interface.
Syntax Description
max-entries <value> Optional. Specifies the maximum number of entries stored in the flow table.
Valid range is from 1 to 500000.
Default Values
By default, the RapidRoute Engine is enabled. The default number of max-entries is 4096.
Command History
Ethernet Interface.
Release R10.4.0 Maximum number of stored entries was expanded to 500000 and
RapidRoute is now enabled by default.
Functional Notes
RapidRoute can be used to help reduce routing overhead, and thus reduce overall routing times. Routing
times are reduced by the creation of a flow table on the ingress interface. The maximum number of entries
that can be stored in the flow table at any one time may be specified by using the max-entries parameters.
Usage Examples
The following example disables RapidRoute on the IPv4 interface:

(config-eth 0/1)#no ip ffe

Technology Review
The RapidRoute system goal is to increase IP packet throughput by moving as much of the packet
processing into the engine as possible. Packets are classified into flows based upon the IP protocol
(Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet Control Message Protocol
(ICMP), etc.), the source and destination IP addresses, IP type of service (ToS), and the protocol-specific
information, such as the source and destination port numbers. Flows are defined as the unidirectional
representation of a conversation between two IP hosts. Each ingress interface keeps its own flow table, a
collection of flow entries.
The first packet in a flow that is forwarded through the unit will build a flow entry. When a flow entry is
looked up but no entry is found, a RapidRouteBuilder object is allocated and attached to the packet. As the
packet passes through the various processing layers, each subsystem will add processing to the
RapidRouteBuilder. When packet is about to be forwarded out of the egress interface, the
RapidRouteBuilder will be finalized. That is, the flow entry being built will be checked for completeness and
committed to the flow table on the ingress interface. Subsequent flow matches can then bypass the normal
processing layers.

ip flow
Use the ip flow command to enable integrated traffic monitoring (ITM) for all traffic received or
forwarded on an interface. Use the no form of this command to disable traffic monitoring. Variations of
ip flow egress
ip flow egress <name>
ip flow ingress
ip flow ingress <name>
Syntax Description
egress Specifies that all outgoing traffic be monitored.
ingress Specifies that all incoming traffic be monitored.
<name> Optional. Specifies the name of an access control list (ACL) to use for
filtering traffic.
Default Values
By default, no traffic monitoring is enabled.
Command History
Ethernet Interface.
Usage Examples
The following example enables traffic monitoring on an Ethernet interface to monitor incoming traffic
through an ACL called myacl:

(config-eth 0/1)#ip flow ingress myacl

ip helper-address <ip address>

Use the ip helper-address command to configure AOS to forward User Datagram Protocol (UDP)
broadcast packets received on the interface. Use the no form of this command to disable forwarding
packets.
The ip helper-address command must be used in conjunction with the ip forward-protocol

command to configure AOS to forward UDP broadcast packets.
Syntax Description
<ip address> Specifies the destination IP address for the forwarded UDP packets. IP
10.10.10.1).
Default Values
By default, broadcast UDP packets are not forwarded.
Command History
Ethernet Interface.
Functional Notes
When used in conjunction with the ip forward-protocol command, the ip helper-address feature allows
you to customize which broadcast packets are forwarded.
To implement the helper address feature, assign helper address(es) (specifying the device that needs to
receive the broadcast traffic) to the interface closest to the host that transmits the broadcast packets.
When broadcast packets (of the specified type forwarded using the ip forward-protocol command) are
received on the interface, they will be forwarded to the device that needs the information.
Only packets meeting the following criteria are considered eligible by the ip helper-address feature:
1. The packet IP protocol is UDP.
2. Any UDP port specified using the ip forward-protocol command.
3. The medium access control (MAC) address of the frame is an all-ones broadcast address (ffff.ffff.ffff).
4. The destination IP address is broadcast defined by all ones (255.255.255.255) or a subnet broadcast
(for example, 192.33.4.251 for the 192.33.4.248 /30 subnet).

Usage Examples
IP address 192.33.5.99:

(config-eth 0/1)#ip helper-address 192.33.5.99

ip igmp
Use the ip igmp command to configure multicasting related functions for the interface. Variations of this
command include:
ip igmp immediate-leave
ip igmp last-member-query-interval <milliseconds>
ip igmp querier-timeout <seconds>
ip igmp query-interval <seconds>
ip igmp query-max-response-time <seconds>
ip igmp static-group <address>
ip igmp version [1 | 2]
Syntax Description
immediate-leave Specifies that if only one host (or Internet Group Management Protocol
(IGMP) snooping switch) is connected to the interface, when a leave is
received, multicast of that group is immediately terminated as opposed
to sending a group query and timing out the group if no device responds.
Works in conjunction with ip igmp last-member-query-interval.
Applies to all groups when configured. Use the no form of this command
to disable the immediate-leave feature.
last-member-query-interval Controls the timeout (in milliseconds) used to detect whether any group
<milliseconds> receivers remain on an interface after a receiver leaves a group. If a
receiver sends a leave-group message (IGMP Version 2), the router
sends a group-specific query on that interface. After twice the time
specified by this command plus as much as one second longer, if no
receiver responds, the router removes that interface from the group and
stops sending that group's multicast packets to the interface. Range is
100 to 65535 ms. Use the no form of this command to return to the
default setting.
querier-timeout <seconds> Specifies the interval (in seconds) that the router waits after the current
querier’s last query before it takes over as querier (IGMP V2). Range is
60 to 300 seconds. Use the no form of this command to return to the
default setting.
query-interval <seconds> Specifies the interval (in seconds) at which IGMP queries are sent on an
interface. Host query messages are addressed to the all-hosts multicast
group with an IP time to live (TTL) of 1. The router uses queries to detect
whether multicast group members are on the interface and to select an
IGMP designated router (DR) for the attached segment (if more than
one multicast router exists). Only the DR for the segment sends queries.
For IGMP V2, the DR is the router with the lowest IP address on the
segment. Range is 0 to 65535 seconds. Use the no form of this
query-max-response-time Specifies the maximum response time (in seconds) advertised by this
<seconds> interface in queries when using IGMP V2. Hosts are allowed a random
time within this period to respond, reducing response bursts. Use the no

Syntax Description
static-group <address> Configures the router's interface to be a statically connected member of
the specified group. Packets received on the correct reverse path
forwarding (RPF) interface are forwarded to this interface regardless of
whether any receivers have joined the specified group using IGMP. Use
the no form of this command to remove a configured static group.
version [1 | 2] Sets the interface’s IGMP version. Use the no form of this command to
Default Values
The defaults for this command are:
last-member-query-interval 1000 milliseconds
querier-timeout 2x the query-interval value
query-interval 60 seconds
query-max-response-time 10 seconds
version Version 1
There are no default values for immediate-leave and static-group.
Command History
Ethernet Interface.
Usage Examples
The following example sets the query message interval on the interface to 200 milliseconds:

(config-eth 0/1)#ip igmp last-member-query-interval 200

ip mcast-stub downstream
Use the ip mcast-stub downstream command to enable multicast forwarding and Internet Group
Management Protocol (IGMP) (router mode) on an interface, and to place it in multicast stub downstream
mode. Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
Command History
Ethernet Interface.
Functional Notes
This command is used in IP multicast stub applications in conjunction with the ip mcast-stub
helper-address and ip mcast-stub upstream commands. Downstream interfaces connect to segments
with multicast hosts. Multiple interfaces may be configured in downstream mode; however, interfaces
connecting to the multicast network (upstream) should not be configured in downstream mode. Interfaces
configured as downstream should have the lowest IP address of all IGMP-capable routers on the
connected segment in order to be selected as the designated router (DR) and ensure proper forwarding.
Refer to ip mcast-stub helper-address <ip address> on page 1410 and ip mcast-stub upstream on page
Usage Examples
The following example enables multicast forwarding and IGMP on the interface:

(config-eth 0/1)#ip mcast-stub downstream

ip mcast-stub fixed
Use the ip mcast-stub fixed command to allow forwarding of multicast traffic on a selected interface after
enabling multicast routing. Use the no form of this command to disable this mode.
Syntax Description
No subcommands.
Default Values
Command History
Ethernet Interface.
Functional Notes
Multicast routing must be enabled prior to setting ip mcast-stub fixed on the selected interface. Also, use
the ip igmp static-group <ip address> command to receive multicast traffic without host-initiated Internet
Group Management Protocol (IGMP) activity on the selected interface. Otherwise, all host-initiated IGMP
transactions will enter multicast routes on the router’s interface involved with IGMP activities.
Usage Examples
The following example enables multicast traffic forwarding and IGMP on the interface:

(config-eth 0/1)#ip mcast-stub fixed

ip mcast-stub helper-enable
Use the ip mcast-stub helper-enable command to assign the ip mcast-stub helper-address as the
Internet Group Management Protocol (IGMP) proxy. Use the no form of this command to disable this
feature.
Syntax Description
No subcommands.
Default Values
Command History
Ethernet Interface.
Functional Notes
helper-address, ip mcast-stub upstream, and ip mcast-stub downstream commands. When enabled,
the interface becomes a helper forwarding interface. The IGMP host function is dynamically enabled and
the interface becomes the active upstream interface, enabling the unit to perform as an IGMP proxy. Refer
to ip mcast-stub helper-address <ip address> on page 1410, ip mcast-stub downstream on page 2192,
and ip mcast-stub upstream on page 2195 for more information.
Usage Examples
The following example sets the helper address as the IGMP proxy:

(config-eth 0/1)#ip mcast-stub helper-enable

ip mcast-stub upstream
Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in
multicast stub upstream mode. Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
Command History
Ethernet Interface.
Functional Notes
helper-address and ip mcast-stub downstream commands. When enabled, the interface becomes a
candidate to be a helper forwarding interface. If chosen as the best path toward the helper address by the
router's unicast route table, the Internet Group Management Protocol (IGMP) host function is dynamically
enabled and the interface becomes the active upstream interface, enabling the router to perform as an
IGMP proxy. Though multiple interfaces may be candidates, no more than one interface will actively serve
as the helper forwarding interface. Refer to ip mcast-stub helper-address <ip address> on page 1410 and
ip mcast-stub downstream on page 2192 for more information.
Usage Examples
The following example enables multicast forwarding on the interface:

(config-eth 0/1)#ip mcast-stub upstream

ip mtu <size>
Use the ip mtu command to configure the Internet Protocol version 4 (IPv4) maximum transmission unit
(MTU) size for the active interface. Use the no form of this command to return to the default value.
Syntax Description
<size> Configures the window size for transmitted IPv4 packets. The valid ranges
for the various interfaces are listed below:
ATM subinterfaces 64 to 1520
BVIs 64 to 2100
Demand interfaces 64 to 1520
Ethernet interfaces (all types) 64 to 1500
FDL interfaces 64 to 256
Frame Relay subinterfaces 64 to 1520
HDLC interfaces (NetVanta 5305) 64 to 4600
HDLC interfaces (all other NetVanta products) 64 to 2100
Loopback interfaces 64 to 1500
PPP interfaces (NetVanta 5305) 64 to 4600
PPP interfaces (all other NetVanta products) 64 to 2100
Tunnel interfaces 64 to 18190
Default Values
<size> The default values for the various interfaces are listed below:
ATM subinterfaces 1500
BVIs 1500
Demand interfaces 1500
Ethernet interfaces (all types) 1500
FDL interfaces 256
Frame Relay subinterfaces 1500
HDLC interfaces 1500
Loopback interfaces 1500
PPP interfaces 1500
Tunnel interfaces 1476
Command History
products.

Functional Notes
OSPFv2 will not become adjacent on links where the MTU sizes do not match. If router A and router B are
exchanging hello packets but their MTU sizes do not match, they will never reach adjacency. This is by
design and required by the RFC.
Usage Examples
The following example specifies an IPv4 MTU of 1200 on the Ethernet interface 0/1:

(config-eth 0/1)#ip mtu 1200

ip ospf
Use the ip ospf command to customize Open Shortest Path First version 2 (OSPFv2) settings (if needed).
ip ospf <process id> area <area id>

ip ospf <process id> authentication-key <password>
ip ospf <process id> cost <value>
ip ospf <process id> dead-interval <seconds>
ip ospf <process id> hello-interval <seconds>
ip ospf <process id> message-digest-key [1 | 2] md5 <key>
ip ospf <process id> priority <value>
ip ospf <process id> retransmit-interval <seconds>
ip ospf <process id> shutdown
ip ospf <process id> transmit-delay <seconds>
Syntax Description
<process id> Specifies the OSPFv2 routing process this interface is to join.
The process ID is locally significant to the device, and must be
unique among all OSPFv2 processes on the device. Valid
area <area id> Specifies the ID of the area to which this interface is assigned
for the specified OSPFv2 process. Valid range is 0 to
4294967295.
authentication-key <password> Assigns a simple-text authentication password to be used by
other routers using the OSPF simple password authentication.
cost <value> Specifies the OSPF cost of sending a packet on the interface.
This value overrides any computed cost value. Range is
1 to 65535.
dead-interval <seconds> Sets the maximum interval (in seconds) allowed between hello
packets. If the maximum is exceeded, neighboring devices will
determine that the device is down. Range is 0 to 32767
seconds.
hello-interval <seconds> Specifies the interval (in seconds) between hello packets sent
on the interface. Range is 0 to 32767 seconds.
message-digest-key [1 | 2] md5 <key> Configures OSPF message digest 5 (MD5) authentication
(16 byte maximum) keys.
priority <value> Sets the OSPF priority. The value set in this field helps
determine the designated router (DR) for this network. Range is
0 to 255.
retransmit-interval <seconds> Specifies the interval (in seconds) between link state
advertisements (LSAs). Range is 0 to 32767 seconds.

shutdown Disables the OSPFv2 process on the interface. When this

keyword is used, the OSPFv2 settings remain in place, but
logically it appears to the interface as though the process has
been removed from the configuration. This parameter can be
useful in troubleshooting.
transmit-delay <seconds> Sets the estimated time (in seconds) required to send a link
state advertisement (LSA) on the interface. Range is 0 to
32767 seconds.
Default Values
dead-interval <seconds> 40 seconds
hello-interval <seconds> 10 seconds: Ethernet, Frame Relay, and Point-to-Point
Protocol (PPP)
priority <value> 1
retransmit-interval <seconds> 5 seconds
transmit-delay <seconds> 1 second
Command History
Release 5.1 Command was expanded to include the Ethernet
subinterfaces.
(MEF) Ethernet Interface.
Release R11.3.0 Command was expanded to include the <process id>, area
<area id>, and shutdown parameters.
Usage Examples
The following example specifies an OSPFv2 priority of 120 on the Ethernet interface:

(config-eth 0/1)#ip ospf 1 priority 120

ip ospf <process id> authentication

Use the ip ospf authentication command to authenticate an interface that is performing open shortest path
first (OSPF) authentication. Use the no form of this command to return to the default setting. Variations of

ip ospf <process id> authentication message-digest
ip ospf <process id> authentication null
Syntax Description
<process id> Specifies the OSPFv2 routing process this interface is to join. The process
ID is locally significant to the device, and must be unique among all
OSPFv2 processes on the device. Valid range is 1 to 65535.
message-digest Optional. Selects message digest authentication type.
null Optional. Specifies that no authentication be used.
Default Values
By default, ip ospf authentication is set to null (meaning no authentication is used).
Command History
Ethernet Interface.
Usage Examples
The following example specifies that no authentication will be used on the Ethernet interface:

(config-eth 0/1)#ip ospf 1 authentication null

ip ospf <process id> network

Use the ip ospf network command to specify the type of network on this interface. Use the no form of this
ip ospf <process id> network broadcast

ip ospf <process id> network point-to-point
Syntax Description
broadcast Sets the network type for broadcast.
point-to-point Sets the network type for point-to-point.
Default Values
By default, Ethernet defaults to broadcast. Point-to-Point Protocol (PPP) and Frame Relay default to
point-to-point.
Command History
Ethernet Interface.
Functional Notes
A point-to-point network will not elect designated routers.
Usage Examples
The following example designates a broadcast network type:

(config-eth 0/1)#ip ospf 1 network broadcast

ip pim sparse-mode
Use the ip pim sparse-mode command to enable protocol-independent multicast (PIM) sparse mode for
this interface. Use the no form of this command to disable PIM sparse mode.
Syntax Description
No subcommands.
Default Values
By default, PIM sparse mode for this interface is disabled.
Command History
Ethernet Interface.
Functional Notes
PIM sparse mode is a multicast routing protocol that makes use of the unicast forwarding table. It builds
unidirectional shared trees rooted at a rendezvous point (RP) for a multicast group or a shortest path tree
rooted at a specific source for a multicast group.
Usage Examples
The following example enables PIM sparse mode on the interface:

(config-eth 0/1)#ip pim sparse-mode

ip pim-sparse dr-priority <value>

Use the ip pim-sparse dr-priority command to specify the priority for the designated router (DR). This
command modifies the router’s priority in the DR election process. Use the no form of this command to
Syntax Description
<value> Specifies the priority of this interface (to be used when determining the DR).
Default Values
By default, the priority of all protocol-independent multicast (PIM) interfaces is 1.
Command History
Ethernet Interface.
Functional Notes
Interfaces advertise their configured priority values in the hello messages transmitted on the interface.
Routers use the priority values to determine the appropriate DR. The router on the network segment with
the highest priority is selected as the DR. If a hello message is received on the interface from a router on
the network segment and it does not contain a priority, the entire network segment defaults to DR selection
based on IP addresses instead of priority. In this instance, the DR is selected as the router on the network
segment that has the highest IP address. AOS will always include a priority in all transmitted hello
messages. If no priority is specifically designated by the user, the priority is set as the default of 1.
Usage Examples
The following example specifies a priority of 100 on the Ethernet 0/1 interface:

(config-eth 0/1)#ip pim-sparse dr-priority 100

ip pim-sparse hello-timer <value>

Use the ip pim-sparse hello-timer command to specify protocol-independent multicast (PIM) sparse hello
timer period. This is the time interval at which periodic hellos are sent out on all interfaces of a
PIM-capable router. Use the no form of this command to return to the default value.
Syntax Description
<value> Specifies the interval (in seconds) at which periodic hellos are sent out of
the interface. Valid range is 10 to 3600 seconds.
Default Values
By default, the hellos are transmitted on PIM interfaces every 60 seconds.
Command History
Ethernet Interface.
Functional Notes
Hello messages are used to inform neighbors of a router’s presence. Hello messages normally generate a
small amount of traffic on an interface. Setting the hello-timer to a small interval increases the number of
hellos sent (thus increasing the amount of traffic). Set the hello-timer to a reasonable value, taking into
consideration the bandwidth available on the interface.
Usage Examples
The following example specifies hellos be sent on the Ethernet 0/1 interface every 3600 seconds:

(config-eth 0/1)#ip pim-sparse hello-timer 3600

ip pim-sparse nbr-timeout <value>

Use the ip pim-sparse nbr-timeout command to specify protocol-independent multicast (PIM) sparse
neighbor timeout. This is the time interval after which a PIM-capable router will consider a neighbor not
present. Use the no form of this command to return to the default value.
Syntax Description
<value> Specifies the time interval in seconds after which a neighbor is considered
not present. Valid range is 30 to 10800 seconds.
Default Values
By default, the nbr-timeout is set to 105 seconds.
Command History
Ethernet Interface.
Usage Examples
The following example sets the neighbor timeout to 300 seconds:

(config-eth 0/1)#ip pim-sparse nbr-timeout 300

ip pim-sparse override-interval <value>

Use the ip pim-sparse override-interval command to specify the protocol-independent multicast (PIM)
sparse join/prune override interval. This delay interval is the period after a join/prune that another router on
the local area network (LAN) may override a join/prune. Use the no form of this command to return to the
default value.
Syntax Description
<value> Specifies the delay time in milliseconds. Valid range is 0 to
65535 milliseconds.
Default Values
By default, the override interval is set to 2500 milliseconds.
Command History
Ethernet Interface.
Usage Examples
The following example sets the override interval to 3000 milliseconds:

(config-eth 0/1)#ip pim-sparse override-interval 3000

ip pim-sparse propagation-delay <value>

Use the ip pim-sparse propagation-delay command to specify the expected propagation delay for
join/prune messages. Set the propagation delay (in milliseconds) to estimate the amount of delay found in
the local link. Use the no form of this command to return to the default value.
Syntax Description
<value> Specifies the expected propagation delay in the local link in milliseconds.
Default Values
By default, the propagation delay is set to 500 milliseconds.
Command History
Ethernet Interface.
Usage Examples
The following example sets the propagation delay to 300 milliseconds:

(config-eth 0/1)#ip pim-sparse propagation-delay 300

ip policy route-map <name>

Use the ip policy route-map command to assign a policy route-map to this interface. Use the no form of
this command to remove the route-map policy.
Syntax Description
<name> Specifies the name of the policy route map to assign to this interface.
Default Values
By default, no policy route map is assigned to this interface.
Command History
Ethernet Interface.
Usage Examples
The following example assigns the policy route map policy1 to the interface:

(config-eth 0/1)#ip policy route-map policy1

ip proxy-arp
Use the ip proxy-arp command to enable proxy Address Resolution Protocol (ARP) on the interface. Use
Syntax Description
No subcommands.
Default Values
By default, proxy ARP is enabled.
Command History
Ethernet Interface.
Functional Notes
In general, the principle of proxy ARP allows a router to insert its IP address in the source IP address field
of a packet (if the packet is from a host on one of its subnetworks). This allows hosts to reach devices on
other subnetworks without implementing routing or specifying a default gateway.
If proxy ARP is enabled, AOS will respond to all ARP requests with its specified medium access control
(MAC) address and forward packets accordingly.
Enabling proxy ARP on an interface may introduce unnecessary ARP traffic on the network.
Usage Examples
The following example enables proxy ARP on the Ethernet interface:

(config-eth 0/1)#ip proxy-arp

ip rip receive version

Use the ip rip receive version command to configure the Routing Information Protocol (RIP) version the
unit accepts in all RIP packets received on the interface. Variations of this command include:
ip rip receive version 1

Syntax Description
1 Accepts only RIP version 1 packets received on the interface.
2 Accepts only RIP version 2 packets received on the interface.
Default Values
By default, all interfaces implement RIP version 1 (the default value for the version command).
Command History
Ethernet Interface.
Functional Notes
Use the ip rip receive version command to specify a RIP version that overrides the version (in the
Router RIP) configuration. Refer to version on page 4205 for more information.
AOS only accepts one version (either 1 or 2) on a given interface.
Usage Examples
The following example configures the Ethernet interface to accept only RIP version 2 packets:

(config-eth 0/1)#ip rip receive version 2

ip rip send version

Use the ip rip send version command to configure the Routing Information Protocol (RIP) version the
unit sends in all RIP packets transmitted on the interface. Variations of this command include:
ip rip send version 1

Syntax Description
1 Transmits only RIP version 1 packets on the interface.
Default Values
By default, all interfaces transmit RIP version 1 (the default value for the version command).
Command History
Ethernet Interface.
Functional Notes
Use the ip rip send version command to specify a RIP version that overrides the version (in the Router
RIP) configuration. Refer to version on page 4205 for more information.
AOS only transmits one version (either 1 or 2) on a given interface.
Usage Examples
The following example configures the Ethernet interface to transmit only RIP version 2 packets:

(config-eth 0/1)#ip rip send version 2

ip rip summary-address <ip address> <subnet mask>

Use the ip rip summary-address command to manually summarize the routes Routing Information
Protocol (RIP) will advertise and send out a specified interface. Use the no form of this command to
disable this mode.
Syntax Description
<ip address> Specifies the summarized network IP address. IP addresses should be
<subnet mask> Specifies the subnet mask that corresponds to the range of IP addresses
Default Values
By default, no manual summarization is applied by RIP.
Command History
Ethernet Interface.
Functional Notes
Unlike the automatic summarization on classful network boundaries, only specific network advertisements
are made by RIP using the ip rip summary-address command. This command is only effective if RIP
version 2 is configured.
Usage Examples
The following example enables manual summarization on the specified IP address:

(config-eth 0/1)#ip rip summary-address 10.10.123.0 255.255.255.0

ip route-cache
Use the ip route-cache command to enable Internet Protocol version 4 (IPv4) fast-cache switching on the
interface. Use the no form of this command to disable fast-cache switching and return to process switching
mode.
Using network address translation (NAT) or the AOS firewall capabilities on an interface
requires process switching mode (using the no ip route-cache command).
Syntax Description
No subcommands.
Default Values
By default, fast-cache switching is enabled on all Ethernet and virtual Frame Relay subinterfaces. IP route
cache is enabled for all virtual Point-to-Point Protocol (PPP) interfaces.
Command History
Ethernet Interface.
Functional Notes
Fast switching allows an IPv4 interface to provide optimum performance when processing IPv4 traffic.
Usage Examples
The following example enables IPv4 fast switching on the Ethernet interface:

(config-eth 0/1)#ip route-cache

ip unnumbered <interface>
Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP
processing on the active interface. Use the no form of this command to remove the unnumbered
configuration.
Syntax Description
<interface> Specifies the interface that contains the IP address to use as the source
address for all packets transmitted on this interface. Specify an interface in
wireless virtual access point, use dot11ap 1/1.1. Type ip unnumbered ?
for a list of valid interfaces.
Default Values
By default, all interfaces are configured to use a specified IP address (using the ip address command).
Command History
interfaces.
Release 11.1 Command was expanded to include the demand interfaces.
Functional Notes
If ip unnumbered is enabled on an interface, all IP traffic from the interface will use a source IP address
taken from the specified interface. For example, specifying ip unnumbered ppp 1 while in the Ethernet
Interface Configuration mode configures the Ethernet interface to use the IP address assigned to the
Point-to-Point Protocol (PPP) interface for all IP processing. In addition, AOS uses the specified interface
information when sending route updates over the unnumbered interface.
Usage Examples
The following example configures the Ethernet interface 0/1 to use the IP address assigned to the PPP
interface (ppp 1):

(config-eth 0/1)#ip unnumbered ppp 1

ip urlfilter <name>
Use the ip urlfilter command to apply a universal resource locator (URL) filter to the interface for all
inbound or outbound traffic. Use the no form of this command to remove the URL filter from an interface.
ip urlfilter <name> in
ip urlfilter <name> out
Syntax Description
<name> Specifies the URL filter name to use on the interface.
in Applies the filter to the inbound traffic.
out Applies the filter to the outbound traffic.
Default Values
By default, there are no URL filters applied to any interfaces.
Command History
interfaces.
Ethernet Interface.
Functional Notes
must be created by using the ip urlfilter <filtername> http command before applying it to the interface.
Refer to ip urlfilter allowmode on page 1485 for more information on using this command.
Usage Examples
The following example performs URL filtering on all traffic entering through the Ethernet interface and
matches the URL filter named MyFilter:

(config-eth 0/1)#ip urlfilter MyFilter in

ipv6
Use the ipv6 command to enable Internet Protocol version 6 (IPv6) processing and create a link-local
address on an interface. Use the no form of this command to disable IPv6 processing and remove all IPv6
configuration on the interface.
Syntax Description
No subcommands.
Default Values
By default, IPv6 is not enabled on the interface.
Command History
Functional Notes
Because AOS uses the dual-stack for IPv6 implementation, IPv6 features must be enabled for the
supported IPv6 features to be used. Enabling IPv6 in AOS is completed by using an IPv6 address or using
the ipv6 keyword with specific commands. For example, to enable IPv6 on an interface and cause the
interface to join the link scoped all-nodes and all-routers multicast group, enter an IPv6 address on the
interface.
Use the ipv6 command to enable IPv6 processing and create a link-local address on an interface when
other unicast IPv6 addresses are not needed on the interface. This command is not necessary nor
effectual when any other form of an IPv6 address command is also present on the interface.
Usage Examples
The following example enables IPv6 and creates a link-local IPv6 address on the interface:

(config-eth 0/1)#ipv6

ipv6 access-group <ipv6 acl name>

Use the ipv6 access-group command to apply an Internet Protocol version 6 (IPv6) access control list
(ACL) to be used for IPv6 packets transmitted on or received from the specified interface. Use the no form
of this command to disable this type of control. Variations of this command include:
ipv6 access-group <ipv6 acl name> in

ipv6 access-group <ipv6 acl name> out
Syntax Description
interface.
Default Values
Command History
Functional Notes
Only one IPv6 ACL can be applied in each traffic direction.
Unlike in IPv4, IPv6 traffic filters include an implicit permit for neighbor solicitation and advertisement
packets in an ACL before the traditional implicit deny at the end of the ACL. This prevents blocking of
address resolution and unreachability detection, although this can be overridden by entering explicit deny
commands in the IPv6 ACL.
Usage Examples
The following example applies the IPv6 ACL Privatev6 to incoming IPv6 traffic on the interface:

(config-eth 0/1)#ipv6 access-group Privatev6 in

ipv6 access-policy <ipv6 acp>

Use the ipv6 access-policy command to assign a specified Internet Protocol version 6 (IPv6) access
control policy (ACP) to an interface. IPv6 ACPs are applied to IPv6 traffic entering an interface. Use the
no form of this command to remove an ACP association.
Syntax Description
<ipv6 acp> Identifies the configured IPv6 ACP by alphanumeric descriptor (all ACP
Default Values
Command History
Usage Examples
The following example applies the IPv6 ACP PRIVATEv6 to the interface:

Associate the ACP with the Ethernet interface 0/1:

(config-eth 0/1)#ipv6 access-policy PRIVATEv6

ipv6 address autoconfig

Use the ipv6 address autoconfig command to enable Internet Protocol version 6 (IPv6) processing on the
interface, create a local-link IPv6 address for the interface, and allow the interface to automatically
configure itself based on advertisements from other routers on the link. Use the no form of this command
to remove all autoconfigured addresses, prefixes, and any resulting routes from the interface and also
causes the interface to cease processing received router advertisements (RAs).Variations of this command
include:

ipv6 address autoconfig default
ipv6 address autoconfig default metric <value>
Syntax Description
default Optional. Specifies that the interface maintain a list of advertising routers
that are willing to be IPv6 default routers.
metric <value> Optional. Specifies the administrative distance for a default router
maintained in the default router list. Range is 1 to 255. Routes with lower
administrative distance are favored.
Default Values
By default, no IPv6 addresses are configured for the interface and IPv6 processing is not enabled. When
an IPv6 address is configured automatically, the administrative distance for default routers is 2 by default.
Command History
Functional Notes
When autoconfiguration is enabled, the interface listens for RA messages that tell the interface how it
should be configured. The interface then creates addresses for advertised 64-bit prefixes with the A flag in
the IPv6 address set using stateless address autoconfiguration (SLAAC). The addresses use the EUI-64
interface ID in the lower 64 bits of the address. A route type of Connected is added to the route table if the
L flag on the prefix advertisement (on-link flag) is also set.
Usage Examples
The following example enables IPv6 processing on the interface, creates a link-local IPv6 address for the
interface, and allows the interface to automatically configure itself for IPv6:

(config-eth 0/1)#ipv6 address autoconfig

ipv6 address <ipv6 address/prefix-length>

Use the ipv6 address command to assign a unicast Internet Protocol version 6 (IPv6) address to the
interface and enable IPv6 processing on the interface. Use the no form of this command to remove the
IPv6 address from the interface.
Syntax Description
<ipv6 address/prefix-length> Specifies the IPv6 unicast address to add to the interface. IPv6 prefixes
should be expressed in colon hexadecimal format (X:X::X/<Z>). For
example, 2001:DB8:3F::/64. The prefix length (<Z>) is an integer with a
value between 0 and 128.
Default Values
By default, no IPv6 address is configured on the interface and IPv6 processing is not enabled on the
interface.
Command History
Functional Notes
The IPv6 unicast address can be a global unicast address or a unique local address, but it cannot be a
link-local IPv6 address (FE80::). Link-local addresses are created on the interface using the command
ipv6 address <ipv6 link-local address> link-local on page 2222.
The address created by this command is a manually configured IPv6 address, which must have all parts
(prefix and host bits) specified.
Using the no form of this command with a specified IPv6 address removes only that IPv6 address from the
interface. Using the no form of this command without a specified IPv6 address removes all manually
configured IPv6 addresses from the interface.
Usage Examples
The following example adds a unicast IPv6 address to the interface and enables IPv6 processing on the
interface:

(config-eth 0/1)#ipv6 address 2001:DB8::/32

ipv6 address <ipv6 prefix/prefix-length> eui-64

Use the ipv6 address eui-64 command to assign a unicast Internet Protocol version 6 (IPv6) address and
enable IPv6 processing on the interface. Use the no form of this command to remove the IPv6 address
from the interface.
Syntax Description
<ipv6 prefix/prefix-length> Specifies the IPv6 prefix. IPv6 prefixes should be expressed in colon
hexadecimal format (X:X::X/<Z>). For example, 2001:DB8:3F::/64. The
prefix length (<Z>) is an integer with a value between 0 and 128.
eui-64 Specifies that the IPv6 address is constructed using the specified prefix in
the high-order bits and followed by the EUI-64 Interface ID in the lower
64 bits.
Default Values
interface.
Command History
Functional Notes
The address created by this command is an EUI-64 unicast address. For this type of address, the EUI-64
interface ID is automatically placed in the IPv6 address. Any manually configured bits beyond the
address’s prefix length are set to 0; however, any manually configured bits within the prefix length that
extend into the lower 64 bits take precedence over the Interface ID bits.
Usage Examples
The following example adds a unicast IPv6 address with an EUI-64 Interface ID to the interface and
enables IPv6 processing on the interface:

(config-eth 0/1)#ipv6 address 2001:DB8:3F::/48 eui-64

ipv6 address <ipv6 link-local address> link-local

Use the ipv6 address link-local command to manually assign a link-local Internet Protocol version 6
(IPv6) address to the interface and enable IPv6 processing on the interface. Use the no form of this
command to remove the IPv6 address from the interface.
Syntax Description
<ipv6 link-local address> Specifies the link-local IPv6 address. Link-local addresses are specified in
colon hexadecimal notation, and begin with FE80::<bits>. The <bits> are
the lower 64 bits of the link-local IPv6 address, and since link-local
addresses have no prefix, the bits entered form the entire IPv6 address.
link-local Specifies this is a manually configured link-local address. Manually
configured link-local addresses replace automatically configured link-local
addresses on the interface.
Default Values
By default, no IPv6 address is configured for the interface and IPv6 processing is not enabled.
Command History
Functional Notes
A single link-local address can be manually configured on an interface. The lower 64 bits of the specified
address become the Interface ID for the interface, overriding the default interface ID. Any other address
that uses the EUI-64 parameter to automatically place the interface ID in the lower 64 bits of the IPv6
address use the new value for the interface ID.
The <ipv6 address> for a link-local IPv6 address is specified in the format FE80::<bits>. The <bits> are the
lower 64 bits of the link-local IPv6 address, and since this form of address has no prefix, the bits entered
form the entire IPv6 address. These bits also become the new interface ID for the interface and can be
derived from the interface’s medium access control (MAC) address.
The link-local parameter specifies this is a manually configured link-local address. Any manually
configured link-local address will replace an automatically configured link-local address for the interface.
Using the no form of this command with a specified IPv6 address removes that IPv6 address from the
Usage Examples
The following example manually creates a link-local IPv6 address on the interface and enables IPv6
processing:

(config-eth 0/1)#ipv6 address FE80::220:8FF:FE54:F9D8 link-local

ipv6 crypto map <name>

Use the ipv6 crypto map command to associate Internet Protocol version 6 (IPv6) crypto maps with the
Syntax Description
Default Values
Command History
Functional Notes
Only one IPv6 crypto map can be specified per interface, and the crypto map is applied within the virtual
routing and forwarding (VRF) instance to which the interface belongs. To apply the IPv6 crypto map, the
interface must have IPv6 enabled. In addition, the interface must have an IPv6 address of appropriate
scope to allow connectivity to peer’s addresses as specified in the crypto map’s entries.
Usage Examples
The following example applies all IPv6 crypto maps with the name MyMap to the Ethernet interface:

(config-eth 0/1)#ipv6 crypto map MyMap
ipv6 address dhcp
Use the ipv6 address dhcp command to enable Dynamic Host Control Protocol for Internet Protocol
version 6 (DHCPv6) on the interface, place the interface in DHCPv6 client mode, and configure the
address parameters of the DHCPv6 client. Use the no form of this command to disable the DHCPv6 client
on the interface. Variations of this command include:
ipv6 address dhcp

ipv6 address dhcp hostname <partial fqdn>
ipv6 address dhcp hostname fqdn <fqdn>
ipv6 address dhcp no-domain-name
ipv6 address dhcp no-nameservers
ipv6 address dhcp no-ntp
ipv6 address dhcp no-sntp-server
ipv6 address dhcp rapid-commit

Syntax Description
hostname <partial fqdn> Optional. Specifies the name to be sent to the DHCPv6 server as the host
portion of its fully qualified domain name (FQDN). FQDNs are expressed in
ASCII text of up to 254 characters. The string can be enclosed in quotation
marks.
fqdn <fqdn> Optional. Specifies a name to be sent to the DHCPv6 server as the
system’s FQDN. FQDNs are expressed in ASCII text of up to 254
characters. The string can be enclosed in quotation marks.
no-domain-name Optional. Specifies that no domain names are obtained using this DHCPv6
client.
no-nameservers Optional. Specifies that no domain naming server (DNS) addresses are
obtained through DHCPv6.
no-ntp Optional. Specifies that no Network Time Protocol (NTP) server values are
obtained through this DHCPv6 client.
no-sntp-server Optional. Specifies that no Simple Network Time Protocol (SNTP) server
values are obtained through this DHCPv6 client.
rapid-commit Optional. Allows the client to request the use of a two message DHCPv6
address exchange instead of the normal four message exchange. This
option should not be used if more than one DHCPv6 server is available to
clients on the network being served.
Default Values
By default, DHCPv6 client mode is not enabled on the interface.
Command History
Release R11.1.0 Command was expanded to include the rapid-commit parameter.
Functional Notes
To enable an interface as a DHCPv6 client, you must first enable IPv6 on the interface using the command
ipv6 on page 2216.
Enabling the interface as a DHCPv6 client using the ipv6 address dhcp command places the interface
into DHCPv6 client mode. DHCPv6 modes (client, server, relay) are mutually exclusive at the interface.
Any existing mode must be removed before a different mode can be applied. For example, if the interface
is configured as a DHCPv6 relay agent, you must first disable the relay mode before you can specify the
interface is in client mode.
Usage Examples
The following example enables the interface as a DHCPv6 client and specifies the client’s host name:

(config-eth 0/1)#ipv6 address 2001:DB8:1::1/64
(config-eth 0/1)#ipv6 address dhcp fqdn client@company.com

ipv6 dhcp client pd <prefix name>

Use the ipv6 dhcp client pd command to enable the Dynamic Control Host Protocol for Internet Protocol
version 6 (DHCPv6) client on the interface and specify that the interface acquires an IPv6 prefix for the
DHCPv6 client. Use the no form of this command to disable this feature. Variations of this command
include:

ipv6 dhcp client pd <prefix name> no-aggregate-route
ipv6 dhcp client pd <prefix name> distance <distance>
ipv6 dhcp client pd <prefix name> distance <distance> tag <value>
ipv6 dhcp client pd <prefix name> rapid-commit
Syntax Description
<prefix name> Specifies the variable of the prefix stored on the AOS system. Variables are
expressed in ASCII text of up to 80 characters.
no-aggregate-route Optional. Specifies that a route to the null 0 interface is not injected into the
route table for the prefixes assigned.
distance <distance> Optional. Specifies the administrative distance to assign to the injected
route. Valid range is 1 to 255 with a default distance of 1.
tag <value> Optional. Specifies a number to use as a tag for labeling and filtering
routers. Valid range is 1 to 65535.
Default Values
By default, the DHCPv6 client mode is not enabled on the interface.
Command History
Usage Examples
The following example enables the DHCPv6 client on the interface and assigns the prefix PREFIX1:

(config-eth 0/1)#ipv6 dhcp client pd PREFIX1

ipv6 dhcp relay destination <ipv6 address>

Use the ipv6 dhcp relay destination command to enable Dynamic Host Control Protocol (DHCP) for
Internet Protocol version 6 (IPv6) and to specify the IPv6 address or Ethernet virtual circuit (EVC) for the
DHCPv6 messages. Using the no form of this command disables the relay functionality for the specified
destination. When all destinations are removed, DHCPv6 relay functionality is disabled on the interface.

ipv6 dhcp relay destination <ipv6 address> <interface>
ipv6 dhcp relay destination <ipv6 address> mef-ethernet <slot/port>
ipv6 dhcp relay destination <ipv6 address> system-control-evc
ipv6 dhcp relay destination <ipv6 address> system-management-evc
Syntax Description
should be specified in colon hexadecimal format (X:X:X:X::X), for example,
2001:DB8:1::1.
<interface> Optional. Specifies an output interface to use when sending messages to
the DHCPv6 server. If no interface is specified, the interface is selected by
the routing table. This parameter is only required when the IPv6 address is
a link-scoped address. Interfaces are specified in the <interface type>
<slot/port | interface id> format. For example, for an Ethernet interface, use
eth 0/1. Type ipv6 dhcp relay destination <ipv6 address> ? to display a
list of valid interfaces.
system-control-evc Optional. Specifies the DHCPv6 messages are sent to the IPv6 address on
the system control EVC.
system-management-evc Optional. Specifies the DHCPv6 messages are sent to the IPv6 address on
the system management EVC.
Default Values
Command History
system-management-evc for the Layer 3 Ethernet and Gigabit Ethernet
subinterfaces.
Release R13.7.0 Command was expanded to include the VLAN interface.

Functional Notes
To configure an interface to function as a DHCPv6 relay agent, you must first enable IPv6 on the interface
using the command ipv6 on page 2216.
Usage Examples
The following example enables DHCPv6 relay agent functionality and specifies the destination IPv6
address as 2001:DB8:2::1:

(config-eth 0/1)#ipv6 dhcp relay destination 2001:DB8:2::1
Technology Review
DHCPv6, like DHCP in IPv4, is used in IP networks to supply hosts with IP addresses and other
networking information. DHCPv6, however, functions slightly differently than DHCPv4 by providing relay
agents with the ability to send relay-forward and relay-reply messages. In addition, in DHCPv4, when
DHCP messages are sent to a DHCP server whose address is not known, the IPv4 client uses the
broadcast address. In DHCPv6, the IPv6 client sends messages using the link-scoped multicast address.
This address is the All DHCP Relay Agents and Servers link, designated as FF02::1:2.
In AOS, DHCPv6 relay agents are used when the DHCP server is not on the same link as the DHCP client.
The relay is typically a router on the same link as the client, which acts as an intermediary to help the
client’s DHCP messages reach the DHCP server. DHCPv6 relay agents operate transparently to the
DHCP client, and can be configured in chains, meaning that information about each agent encountered is
encapsulated into the relay message. Relay agents add fields to the DHCP message as they send these
messages to the server, thus providing a method to properly manage the DHCP client.
For more information about DHCPv6 functionality in AOS, refer to the configuration guide Configuring IPv6
in AOS, available online at https://supportcommunity.adtran.com.

ipv6 dhcp server

Use the ipv6 dhcp server command to enable Internet Protocol version 6 (IPv6) Dynamic Host Control
Protocol (DHCP) on the interface and specify that the interface is functioning as a DHCPv6 server. This
command not only enables the DHCPv6 server on the interface, it also configures specific parameters of
the DHCPv6 server. Hence, the parameters of this command can be entered multiple times and in any
order. Use the no form of this command to disable DHCPv6 on the interface. Variations of this command
include:
ipv6 dhcp server automatic

ipv6 dhcp server automatic allow-hint
ipv6 dhcp server automatic preference <number>
ipv6 dhcp server automatic rapid-commit
ipv6 dhcp server <pool name>
ipv6 dhcp server <pool name> allow-hint
ipv6 dhcp server <pool name> preference <number>
ipv6 dhcp server <pool name> rapid-commit
Syntax Description
automatic Enables automatic selection of the DHCPv6 server pool based on
information extracted from the DHCPv6 client’s request. You must specify
the pool selection method before configuring other options for this
command.
<pool name> Specifies the DHCPv6 server pool that services this interface. All DHCPV^
requests received on this interface are serviced from this pool. If a pool
name is not specified, the server pool is selected automatically. You must
specify the pool selection method before configuring the other options for
this command.
allow-hint Optional. Specifies that the DHCPv6 server attempts to honor the DHCPv6
client’s request for specific values as hinted in the client’s request (if they
are valid and not already assigned). If this option is not specified, any hints
from the DHCPv6 client are ignored.
preference <number> Optional. Specifies the preference value advertised by the server. This
option is sent by the server to a DHCPv6 client to influence the selection of
a server when there are multiple servers from which to choose. Valid range
is 0 to 255, with a default value of 0. When the preference value is set to a
non-zero value, the server includes a preference option containing the
value. If the preference value is not set, or is set to 0, the option is omitted
and the client assumes the value is 0.

Default Values
By default, DHCPv6 server mode is not enabled on the interface.
Command History
Functional Notes
Enabling the interface as a DHCPv6 server using this command places the interface into DHCPv6 server
mode. DHCPv6 modes (server or relay) are mutually exclusive at the interface. Any existing mode will be
removed if a different mode is specified, and a message will be shown indicating the change in DHCPv6
mode.
Usage Examples
The following example enables the interface as a DHCPv6 server, and specifies that the DHCPv6 server
pool POOL1 is associated with the interface:

(config-eth 0/1)#ipv6 address 2001:DB8:1::1/64
(config-eth 0/1)#ipv6 dhcp server POOL1

ipv6 ffe
Use the ipv6 ffe command to enable the RapidRoute fast forwarding engine (FFE) on this Internet Protocol
ipv6 ffe
interface.
Syntax Description
Default Values
By default, the RapidRoute Engine is enabled on IPv6-enabled interfaces (using the command ipv6 on
page 2216). The default number of max-entries is 4096.
Command History
Functional Notes
Usage Examples

(config-eth 0/1)#no ipv6 ffe
Technology Review

processing layers.

ipv6 mode host unicast

Use the ipv6 mode host unicast command to place the interface in host mode using an Internet Protocol
version 6 (IPv6) unicast address. Use the no form of this command to disable host mode on the interface.
Syntax Description
No subcommands.
Default Values
By default, host mode is disabled.
Command History
Command History
When this command is configured on an interface, the MTU value is learned from received router
advertisements. Link MTU value is learned in host mode from the following locations (in decreasing order
of priority): the provisioned MTU value in the interface configuration, the router advertisements received on
the interface, and the default MTU value (1500).
Usage Examples
The following example places the interface in host mode:

(config-eth 0/1)#ipv6 mode host unicast

ipv6 mtu <size>

Use the ipv6 mtu command to specify the maximum transmission unit (MTU) for Internet Protocol
version 6 (IPv6) packets on the interface. Use the no form of this command to return to the default value.
Syntax Description
<size> Specifies the MTU value. Valid range is 1280 to 1500 bytes.
Default Values
By default, the MTU of the interface is set to 1280 bytes.
Command History
Functional Notes
In IPv6, the minimum MTU is 1280 octets. Any link that has an MTU less than 1280 octets must use link
fragmentation and reassembly that is transparent to IPv6 (for example, the Fragmentation Header).
Sources in the IPv6 network are expected to perform path maximum transmission unit (PMTU) discovery
to send packets larger than 1280 octets. PMTU works in the following manner: First, the sending node
assumes the link MTU of the interface from which the traffic is being forwarded and then sends the IPv6
packet at the link MTU size. If a router on the path is unable to forward the packet, it sends an ICMP
Packet Too Big message back to the sending node containing the link MTU of the link on which the packet
forwarding failed. The sending node then rests the PMTU to the value of the MTU field in the Internet
Control Message Protocol version 6 (ICMPv6) Packet Too Big message, and the packet is resent.
The MTU for IPv6 packets can be set on a per-interface basis. There are two methods for setting MTUs for
interfaces if required: one for Layer 3 interfaces, and one for the underlying Layer 1 and Layer 2 interfaces.
For all interface types, use the ipv6 mtu <size> command to specify the IPv6 MTU in bytes from the
interface’s configuration mode. The minimum MTU setting for IPv6 is 1280 bytes, and the maximum is
1500 bytes. The IPv6 MTU value is independent of the IPv4 MTU setting (set with the command ip mtu
<size> on page 2196).
When the interface is forwarding the IPv6 packet as a router, if the packet size exceeds the IPv6 MTU of
the egress interface, the packet is dropped and ICMPv6 Packet Too Big message is sent to the source.
When originating an IPv6 packet from the local IPv6 stack, and the packet is larger than the IPv6 MTU of
the egress interface, the packet is fragmented and sent.
Usage Examples
The following example specifies the IPv6 MTU value for the interface:

(config-eth 0/1)#ipv6 mtu 1350

ipv6 nd advertisement-interval
Use the ipv6 nd advertisement-interval command to specify that the Advertisement Interval Option is
sent in Internet Protocol version 6 (IPv6) router advertisement (RA) messages from the router. This
command is effectual only when the interface is in router mode. Use the no form of this command to return
to the default interval.
Syntax Description
No subcommands.
Default Values
By default, Advertisement Interval Options are not sent in RA messages.
Command History
Functional Notes
Sending the Advertisement Interval Option should be enabled when the router is functioning in a mobile IP
environment to aid movement detection by mobile nodes. This option contains the current value of the
maximum router advertisement interval configured using the command ipv6 nd ra interval on page 2244.
Usage Examples
The following example specifies that the interface include Advertisement Interval Options in RA messages
sent from the router:

(config-eth 0/1)#ipv6 nd advertisement-interval

ipv6 nd cache max-incomplete <number>

Use the ipv6 nd cache max-incomplete command to specify the maximum number of incomplete entries
the Neighbor Discovery (ND) cache retains. Use the no form of this command to return to the default
value.
Syntax Description
<number> Specifies the number of incomplete ND entries to retain in the cache. Valid
range is 1 to 321.
Default Values
By default, the incomplete ND entries can take at maximum one-third of the possible ND cache entries
(varies by product).
Command History
Usage Examples
The following example specifies that the interface stores 150 incomplete entries in the ND cache:

(config-eth 0/1)#ipv6 nd cache max-incomplete 150

ipv6 nd dad attempts <number>

Use the ipv6 nd dad attempts command to specify the number of neighbor solicitation (NS) messages
sent by the interface when performing Internet Protocol version 6 (IPv6) duplicate address detection
(DAD). This command is effectual when the interface is in either host or router mode. Use the no form of
Syntax Description
<number> Specifies the number of NS messages that will be sent. Range is 0 to 10
messages. A value of 0 disables DAD on the interface.
Default Values
By default, the interface sends 1 NS message.
Command History
Functional Notes
DAD is used by devices to determine if IPv6 addresses are unique before they are applied to interfaces.
DAD is used in NS messages to detect duplicate unicast addresses. The Target Address fields in the NS
messages are set to the IPv6 address for which duplication is being detected. Destination IPv6 addresses
for DAD in NS messages are the solicited-node multicast version of the address being tested. Source IPv6
addresses for DAD are set to the IPv6 unspecified address (::). Once the IPv6 address is determined by
DAD to be unique, it can be applied to the IPv6 interface on the node.
DAD in AOS is performed when an interface transitions state from DOWN to UP or when manually
configuring an address. When performing DAD because of an interface transition, DAD will happen
immediately after the interface transition and again 40 seconds later to cooperate with the port being
connected to an Ethernet switch.
Usage Examples
The following example specifies that 3 NS messages are sent by the interface when performing DAD:

(config-eth 0/1)#ipv6 nd dad attempts 3

ipv6 nd managed-config-flag
Use the ipv6 nd managed-config-flag command to specify the M flag in Internet Protocol version 6
(IPv6) router advertisement (RA) messages. The M flag instructs hosts receiving the RA that they can use
stateful Dynamic Host Configuration Protocol version 6 (DHCPv6) to configure addresses and other
information. Use the no form of this command to disable the setting of the M flag.
Syntax Description
No subcommands.
Default Values
By default, the M flag is not set in RAs.
Command History
Functional Notes
If you specify that the M flag is set in RA messages, you do not need to set the 0 flag (it becomes
redundant).
Usage Examples
The following example sets the M flag for RA messages sent by the interface:

(config-eth 0/1)#ipv6 nd managed-config-flag

ipv6 nd ns-interval <value>

Use the ipv6 nd ns-interval command to specify the interval between transmission of certain Internet
Protocol version 6 (IPv6) Neighbor Discovery (ND) messages and to control what ND value is advertised
in router advertisement (RA) messages. This command is effectual whether the interface is in host or
router mode. Use the no form of this command to return the interval to the default value.
Syntax Description
<value> Specifies the time (in milliseconds) between neighbor message
Default Values
By default, the interval is set to 1000 ms for internal use by the router and 0 (unspecified) is sent in RA
messages.
Command History
Functional Notes
This command controls the spacing of neighbor solicitation (NS) messages for functions such as address
resolution, reachability detection, and duplicate address detection (DAD). For DAD it also serves as the
amount of time after the last transmission before the detection phase of autoconfiguration terminates. In
addition, the command controls the interval between unsolicited neighbor advertisement (NA) messages.
Usage Examples
The following example changes the interval between RA messages sent from the interface to 2000 ms:

(config-eth 0/1)#ipv6 nd ns-interval 2000

ipv6 nd other-config-flag
Use the ipv6 nd other-config-flag command to specify the O flag in Internet Protocol version 6 (IPv6)
router advertisement (RA) messages. This command is only effectual when the interface is in router mode.
When the O flag is set, hosts receiving the RA messages are instructed that they may use stateless Dynamic
Host Configuration Protocol version 6 (DHCPv6) to receive information that is not IPv6 addressing
information, and to use some other method (whether through manual configuration, stateless address
autoconfiguration (SLAAC), etc.) for addressing information. Use the no form of this command to disable
the O flag setting.
Syntax Description
No subcommands.
Default Values
By default, the O flag is not set in RA messages.
Command History
Functional Notes
If the M flag is set for RA messages, you do not need to set the O flag.
Usage Examples
The following example sets the O flag in RA messages from the interface:

(config-eth 0/1)#ipv6 nd other-config-flag

ipv6 nd prefix
Use the ipv6 nd prefix command to specify the Internet Protocol version 6 (IPv6) address prefixes used in
router advertisement (RA) messages sent from the interface. Use the no form of this command to remove
the specified prefix configuration from the interface. Variations of this command include:
ipv6 nd prefix [named-prefix <prefix name>] [<ipv6 prefix/prefix-length> | default]

ipv6 nd prefix [named-prefix <prefix name>] [<ipv6 prefix/prefix-length> | default] [no-advertise]
ipv6 nd prefix [named-prefix <prefix name>] [<ipv6 prefix/prefix-length> | default] [<valid lifetime> |
infinite] [<preferred lifetime> | infinite]
ipv6 nd prefix [named-prefix <prefix name>] [<ipv6 prefix/prefix-length> | default] [no-advertise] [<valid
lifetime> | infinite] <preferred lifetime | infinite>
infinite] [<preferred lifetime> | infinite] [no-advertise] [no-autoconfig] [no-rtr-address] [no-onlink]
[off-link]
Syntax Description
named-prefix <prefix name> Optional. Specifies that a named prefix is used in RA messages. When a
named prefix is used, the default prefix cannot be used.
<ipv6 prefix/prefix-length> Specifies the IPv6 prefix and length to be advertised. Pv6 prefixes should
between 0 and 128.
default Specifies the default values for the IPv6 prefix parameters. Refer to the
<valid lifetime> Optional. Specifies the valid lifetime to advertise for this route in each RA
message. Range is 0 to 4294967295 seconds.
<preferred lifetime> Optional. Specifies the preferred lifetime to advertise for this route in each
RA message. Range is 0 to 4294967295 seconds.
infinite Optional. Specifies that the valid and preferred lifetimes of the prefix do not
expire.
no-advertise Optional. Specifies that the prefix is excluded from the RA message.
no-autoconfig Optional. Sets the A flag in the RA message to 0, indicating that hosts may
not create an address for this prefix using stateless address
autoconfiguration (SLAAC). This parameter only affects hosts receiving the
RA message, it does not affect the operation of the local router.
no-rtr-address Optional. Sets the R flag in the RA message to 0 and specifies the full
router IPv6 address is not included in the RA message.
no-onlink Optional. Specifies that the IPv6 prefix in the RA message is not to be used
for on-link determination.
off-link Optional. Sets the L flag value to 0 in RA messages, which indicates the RA
makes no statement about the on-link or off-link properties of the IPv6
prefix.

Default Values
By default, all prefixes derived from the interface’s configured IPv6 addresses are advertised using the
system default values.
By default, the valid lifetime advertised for a prefix is 2592000 seconds and the preferred lifetime
advertised is 604800 seconds.
By default, the L flag is set to 1, the R flag is set to 1, and the A flag is set to 1.
Command History
Release R10.9.0 Command was expanded to include the named-prefix and <prefix name>
options.
Functional Notes
This command works for both routers and hosts, but in host implementations it is used to manually add
on-link prefixes that do not have an IPv6 address or to make off-link a prefix generated by an IPv6 address
command. Hosts do not send RA messages, so the command only adds prefixes to RA messages when
the interface is in router mode. This command can also be used to change the defaults used on configured
prefixes when all options are not specified.
Changing the prefix defaults will affect prefixes derived from configured IPv6
addresses, as well as prefixes configured using the ipv6 nd prefix command.
Prefixes advertised can be a subset or a superset of the prefixes derived from the IPv6 addresses
configured on the interface. Prefixes for IPv6 addresses configured on a router interface are automatically
eligible to be advertised on that interface using system or configured default values without having to enter
a prefix command. To impose additional controls on those prefixes, an entry must be made using this
command with the desired settings.
The default parameter is used to change the default settings for the IPv6 prefix parameters. Changing
these settings can be useful when multiple prefixes are implemented that will use the same set of
parameters. When configuring IPv6 prefixes, the prefix default values are only used if no other parameters
are specified after specifying the IPv6 prefix and length (for example, ipv6 nd prefix 2001:DB8::/64). If
additional parameters are specified, any unspecified parameters use the system default values rather than
the configured default values. When the default values are changed, any prefix that uses them will also
change. Using this command to change prefix default values also affects prefixes derived from configured
IPv6 addresses on the interface.
The optional <valid lifetime> parameter specifies the valid lifetime to advertise for this route in each
advertisement. Hosts will reset the lifetime to this value each time the route is advertised, and they will
keep this prefix until the valid lifetime expires.

The optional <preferred lifetime> parameter specifies the preferred lifetime to advertise for this route in
each advertisement. Hosts will reset the lifetime to this value each time the route is advertised, and they
will keep the prefix in the preferred state during this time period. After the preferred time period expires, the
prefix transitions to the deprecated state where it remains until the valid lifetime expires and the route is
removed. The <preferred lifetime> value must be set to be shorter than the <valid lifetime> value.
The optional off-link parameter sets the L flag (on-link flag) value to 0 in RA messages. When the L flag is
set to 0, the advertisement makes no statement about on-link or off-link properties of the prefix. When the
L flag is set, the prefix is considered on-link and locally reachable by hosts on the link (meaning a router is
not needed). Hosts attached to the link will add on-link prefixes to their prefix list or route table. When
off-link is not specified, a connected route is added to the route table of this router for this prefix. When
off-link is specified, no route is added to the route table. By default, prefixes are advertised as on-link with
the L flag set to 1.
The optional no-rtr-address parameter sets the R flag (router flag) of the RA to 0 and does not include the
full router address in the advertisement. The router address is typically included in the RA to assist in
Mobile IP environments. By default, the R flag is set to 1 and the router address is sent in RA messages.
The optional no-autoconfig parameter sets the A flag of the RA to 0, indicating that hosts may not create
an address for this prefix using SLAAC. If the A flag is set to 1 (the default setting), hosts perform SLAAC
to generate an address based on the prefix. This parameter only affects hosts receiving the RA, it does not
effect the operation of the local router.
The optional no-advertise parameter specifies that the prefix is excluded from RA messages. By default,
the prefix is included in RA messages. The no-onlink parameter informs the router that the prefix is not to
be used for on-link determination.
Usage Examples
The following example specifies that the IPv6 prefix 2001:DB8:3F::/48 has an infinite valid and preferred
lifetime advertised in RA messages sent from the interface:

(config-eth 0/1)#ipv6 nd prefix 2001:DB8:3F::/48 infinite infinite
The following example changes the default values and behaviors of prefixes included in RA messages to
infinite valid and preferred lifetimes, and specifies that the on- or off-link state of the prefix is not included in
the RA and that hosts receiving the RA may not use the prefix for creating an IPv6 address:

(config-eth 0/1)#ipv6 nd prefix default infinite infinite off-link no-autoconfig

ipv6 nd purge-timer <value>

Use the ipv6 nd purge-timer command to specify the maximum amount of time an unused Internet
Protocol version 6 (IPv6) neighbor entry remains in the neighbor cache. This command applies to
interfaces in either host or router mode. Use the no form of this command to return the purging interval to
the default value.
Syntax Description
<value> Specifies the neighbor cache entry storage time in minutes. Valid range is
10 to 1440 minutes.
Default Values
By default, idle (STALE) neighbor cache entries are cleared after 1440 minutes (24 hours).
Command History
Functional Notes
This command applies to interfaces in either router or host mode. A neighbor entry is typically purged
when neighbor unreachability detection (NUD) is invoked and the neighbor is determined to no longer be
reachable. However, NUD is not performed on idle (STALE) neighbor entries, so this command provides a
method for purging unused entries after a specified amount of time.
Usage Examples
The following example specifies that idle neighbor entries in the neighbor cache are removed after
800 minutes:

(config-eth 0/1)#ipv6 nd purge-timer 800

ipv6 nd ra interval
Use the ipv6 nd ra interval command to specify the interval between transmission of Internet Protocol
version 6 (IPv6) router advertisement (RA) messages. This command is only effectual when the interface
is in router mode. Use the no form of this command to return to the default value. Variations of this
command include:
ipv6 nd ra interval <max time>

ipv6 nd ra interval <max time> <min time>
ipv6 nd ra interval msec <max time>
ipv6 nd ra interval msec <max time> <min time>
Syntax Description
<max time> Specifies the maximum interval between RA message transmission. Time
can be specified in seconds or milliseconds. Range is 4 to 1800 seconds
and 70 to 1800000 ms.
<min time> Optional. Specifies the minimum interval between RA message
transmission. Time can be specified in seconds or milliseconds. Range is
3 seconds to 75 percent of the configured maximum time value in seconds,
or 30 ms to 75 percent of the configured maximum time value in ms.
msec Optional. Specifies that the time values are in milliseconds.
Default Values
By default, the interval is set in seconds and has a maximum interval time of 200 seconds and a minimum
interval time of 75 percent of the maximum seconds value, but not less than 3 seconds.
Command History
Functional Notes
If this router is used as a default router, the interval between RA messages should not be set to a larger
value than the RA lifetime set by the command ipv6 nd ra lifetime <value> on page 2245, which has a
Usage Examples
The following example specifies that the maximum interval in seconds between RA message
transmissions is 300:

(config-eth 0/1)#ipv6 nd ra interval 300

ipv6 nd ra lifetime <value>

Use the ipv6 nd ra lifetime command to specify the router lifetime advertised in Internet Protocol version
6 (IPv6) router advertisement (RA) messages. This command is effectual when the interface is in router
mode. Use the no form of this command to return to the default setting. Variations of this command
include:

ipv6 nd ra lifetime default-route
Syntax Description
<value> Specifies the router lifetime in seconds. Range is 0 to 9000 seconds. A
value of 0 indicates this is not a default router. A value other than 0
indicates to other nodes that this router can be used as a default router.
default-route Specifies that the RA lifetime is 0 if no default route exists on any IPv6
interface.
Default Values
By default, the router lifetime is set to 1800 seconds.
Command History
Release R11.5.0 Command was expanded to include the default-route parameter.
Functional Notes
A value other than 0 for a router lifetime should be larger than the router advertisement interval specified in
the command ipv6 nd ra interval on page 2244.
Usage Examples
In the following example, the router lifetime advertised in RA messages is 3000 seconds:

(config-eth 0/1)#ipv6 nd ra lifetime 3000

ipv6 nd ra reachable-time <value>

Use the ipv6 nd ra reachable-time command to specify the value advertised for reachable time in Internet
Protocol version 6 (IPv6) router advertisement (RA) messages. This command also specifies the internal
base reachable time used by the router. This command is effectual for interfaces in either host or router
mode. Use the no form of this command to return the reachability value to the default setting.
Syntax Description
<value> Specifies the reachability time in milliseconds. Range is 0 to 3600000 ms. A
value of 0 indicates the reachable time is unspecified.
Default Values
By default, the router advertises a reachability time of 0 ms and uses an internal value of 30000 ms.
Command History
Functional Notes
This command is effectual for interfaces in either router or host mode. For hosts, this value sets the
internal reachable time used by the host if no RAs are received specifying a different value. For routers,
the value indicates the amount of time a device is considered reachable after having received a
reachability confirmation in neighbor unreachabililty detection (NUD).
Usage Examples
The following example specifies that a reachability time of 50000 ms is advertised in RA messages:

(config-eth 0/1)#ipv6 nd ra reachable-time 50000

ipv6 nd ra suppress
Use the ipv6 nd ra suppress command to specify whether Internet Protocol version 6 (IPv6) router
advertisement (RA) messages will be suppressed. This command only applies to interfaces in router mode.
Use the no form of this command to begin sending RA messages.
Syntax Description
No subcommands.
Default Values
By default, RA messages are not suppressed. When IPv6 routing is not enabled on the router, or when
implemented in a host-only mode, the default setting is to suppress advertisements on all interface types.
Command History
Usage Examples
The following example suppresses RA messages on the interface:

(config-eth 0/1)#ipv6 nd ra suppress

ipv6 nd router-preference
Use the ipv6 nd router-preference command to specify the default router preference value set in Internet
Protocol version 6 (IPv6) router advertisement (RA) messages. Setting this preference helps the receivers
of RA messages to determine the preference of one router over another as a default router in environments
with multiple routers. Use the no form of this command to return the preference to the default setting.
ipv6 nd router-preference high

ipv6 nd router-preference low
ipv6 nd router-preference medium
Syntax Description
high Specifies the preference value is high.
low Specifies the preference value is low.
medium Specifies the preference value is medium.
Default Values
By default, the router preference is set to medium.
Command History
Usage Examples
The following example specifies that the advertised default router preference is high:

(config-eth 0/1)#ipv6 nd router-preference high

ipv6 route-cache
Use the ipv6 route-cache command to enable Internet Protocol version 6 (IPv6) fast-cache switching on
the interface. Use the no form of this command to disable fast-cache switching and return to process
switching mode.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
The following example enables IPv6 fast switching on the Ethernet interface:

(config-eth 0/1)#ipv6 route-cache

lldp receive
Use the lldp receive command to allow Link Layer Discovery Protocol (LLDP) packets to be received on
this interface. Use the no form of this command to prevent LLDP packets from being received on the
interface.
Syntax Description
No subcommands.
Default Values
By default, all interfaces are configured to send and receive LLDP packets.
Command History
Ethernet Interface.
Usage Examples
The following example configures Ethernet interface 0/1 to receive LLDP packets:

(config-eth 0/1)#lldp receive

lldp send
Use the lldp send command to configure this interface to transmit Link Layer Discovery Protocol (LLDP)
packets or to control the types of information contained in the LLDP packets transmitted by this interface.
Use the no form of this command to prevent certain information from being transmitted by the interface.
lldp send 802.3-info mac-phy-config

lldp send management-address
lldp send med-info network-policy
lldp send port-description
lldp send system-capabilities
lldp send system-description
lldp send system-name
lldp send-and-receive
Syntax Description
802.3-info mac-phy-config Enables transmission of the capability and settings of the duplex and speed
on this interface.
management-address Enables transmission of management address information on this interface.
med-info network-policy Enables transmission of LLDP-Media Endpoint Discovery (LLDP-MED)
network policy information on the interface.
port-description Enables transmission of port description information on this interface.
system-capabilities Enables transmission of this device’s system capabilities on this interface.
system-description Enables transmission of this device’s system description on this interface.
system-name Enables transmission of this device’s system name on this interface.
and-receive Configures this interface to both transmit and receive LLDP packets. This is
Default Values
By default, all interfaces that support LLDP except routed Ethernet are configured to transmit and receive
LLDP packets. LLDP is disabled by default on routed Ethernet interfaces.
The 802.3 MAC/PHY status configuration and LLDP-MED network policy time length
values (TLVs) are only supported on switchport interfaces and NetVanta 1524ST Gigabit
Command History
Release 17.2 Command was expanded to include the 802.3 and LLDP-MED information.
Ethernet Interface.

Functional Notes
Individual LLDP information can be enabled or disabled using the various forms of the lldp send
command. For example, use the lldp send-and-receive command to enable transmit and receive of all
LLDP information. Then use the no lldp send port-description command to prevent LLDP from
transmitting port description information.
Usage Examples
The following example configures Ethernet interface 0/1 to transmit LLDP packets containing all enabled
information types:

(config-eth 0/1)#lldp send
The following example configures Ethernet interface 0/1 to transmit and receive LLDP packets containing
all enabled information types:

(config-eth 0/1)#lldp send-and-receive

mac access-group <mac acl name>

Use the mac access-group command to associate a media access control (MAC) access control list (ACL)
with the interface. When applied, these ACLs provide source MAC address filtering on the interface. Use
the no form of this command to remove the ACL from the interface.
Syntax Description
<mac acl name> Specifies the name of the previously created MAC ACL to associate with
the interface.
Default Values
By default, no MAC ACLs are configured.
Command History
Usage Examples
The following example associates the MAC ACL MACACL1 with the Gigabit Ethernet interface:

(config-giga-eth 0/2)#mac access-group MACACL1

mac-address <mac address>

Use the mac-address command to specify the medium access control (MAC) address of the unit. Only the
last three values of the MAC address can be modified. The first three values contain the ADTRAN
reserved number (00:0A:C8) by default. Use the no form of this command to return to the default MAC
address programmed by ADTRAN.
Syntax Description
Default Values
A unique default MAC address is programmed in each unit shipped by ADTRAN.
Command History
Release 5.1 Command was expanded to include the Gigabit Ethernet interfaces.
Ethernet Interface.
Usage Examples
The following example configures a MAC address of 00:0A:C8:5F:00:D2:

(config-eth 0/1)#mac-address 00:0A:C8:5F:00:D2

mac aging-time <value>

Use the mac aging-time command to specify the time that a media access control (MAC) address is
considered valid on the interface. Use the no form of this command to return the aging time to the default
value.
Syntax Description
<value> Specifies the time, in seconds, that a MAC address is considered valid.
Valid range is 0 to 3600 seconds. A value of 0 forces learn and lock
behavior.
Default Values
By default, a MAC address is considered valid for 300 seconds.
Command History
Usage Examples
The following example sets the MAC address aging time to 1000 seconds:

(config-giga-eth 0/2)#mac aging-time 1000

mac limit <value>

Use the mac limit command to specify the maximum number of media access control (MAC) addresses to
be learned on the interface. This limit pulls from a global pool of 1024 learnable MAC addresses. In
addition, when MAC limits are enabled on an interface with a MAC access control list (ACL) applied,
addresses are learned that match the ACL up to the specified limit. Use the no form of this command to
Syntax Description
<value> Specifies the number of MAC addresses to be learned on the interface.
Default Values
By default, no MAC address limits are enforced on the interface.
Command History
Usage Examples
The following example specifies a limit of 500 MAC addresses can be learned on the interface:

(config-giga-eth 0/2)#mac limit 500

max-reserved-bandwidth <value>
Use the max-reserved-bandwidth command to specify the percentage of interface bandwidth reserved for
use in user-defined (priority or class-based) queues. The remainder of the interface bandwidth is reserved
for system-critical traffic and is not available to user-defined queues. Use the no form of this command to
restore the default value.
Reserving a portion of the interface bandwidth for system-critical traffic is necessary for
proper operation. Specifying the entire interface bandwidth for use in user-defined queues
can cause undesirable operation.
Syntax Description
<value> Specifies the maximum percentage of bandwidth to reserve for quality of
service (QoS). This setting is configured as a percentage of the total
interface speed. Range is 1 to 100 percent.
Default Values
By default, max-reserved-bandwidth is set to 75 percent, which reserves 25 percent of the interface
bandwidth for system-critical traffic.
Command History
Ethernet subinterface.
Usage Examples
The following example specifies 85 percent of the bandwidth on the Ethernet interface 0/1 be available for
use in user-defined queues:

(config-eth 0/1)#max-reserved-bandwidth 85

media-gateway ip
Use the media-gateway ip command to associate an Internet Protocol version 4 (IPv4) address source to
use for Realtime Transport Protocol (RTP) traffic. When configuring Voice over Internet Protocol (VoIP),
RTP traffic must have an IPv4 address associated with it. However, some interfaces allow dynamic
configuration of IPv4 addresses, causing this value to change periodically. Use the no form of this
command to disable this function. Variations of this command include:
media-gateway ip loopback <interface id>

media-gateway ip primary
media-gateway ip primary vrrp <number>
media-gateway ip primary vrrpv3 <number>
media-gateway ip secondary <ipv4 address>
media-gateway ip secondary vrrp <number>
media-gateway ip secondary vrrp <number> <ipv4 address>
media-gateway ip secondary vrrpv3 <number>
media-gateway ip secondary vrrpv3 <number> <ipv4 address>
Syntax Description
loopback <interface id> Specifies an IPv4 address statically defined to a loopback interface for RTP
traffic. This is helpful when using a single IPv4 address across multiple wide
area network (WAN) interfaces for RTP traffic. The valid range for loopback
interface identifiers is 1 to 1024. The interface ID is used to uniquely identify
a loopback interface. The entered value cannot be in use by another
loopback interface.
primary Specifies using this interface’s configured primary IPv4 address for RTP
traffic. Applies to static, Dynamic Host Configuration Protocol (DHCP), or
negotiated addresses.
secondary <ipv4 address> Specifies using this interface’s statically defined secondary IPv4 address for
RTP traffic. IPv4 addresses should be expressed in dotted decimal notation
(for example, 10.10.10.1).
vrrp <number> Specifies that the IPv4 address of the Virtual Router Redundancy Protocol
version 2 (VRRP) router group’s virtual router ID (VRID) is used as the
media gateway address on the interface. Valid VRID range is 1 to 255.
vrrpv3 <number> Specifies that the IPv4 address of the VRRP version 3 (VRRPv3) VRID is
used as the media gateway address on the interface. Valid VRID range is 1
to 255.
<ipv4 address> Optional. Specifies a secondary IPv4 address of the VRRP or VRRPv3
VRID is used as the media gateway address on the interface. IPv4
10.10.10.1).
Default Values
By default, media-gateway ip is disabled.

Command History
Release 17.3 Command was updated with the loopback interface identification option.
Release A4.01 Command was expanded to include the Metro Ethernet forum (MEF)
Ethernet interface.
Release R12.2.0 Command was expanded to include the vrrp and vrrpv3 parameters.
Functional Notes
To use VRRP or VRRPv3 addresses as the media gateway on the interface, you must first have
configured VRRP or VRRPv3.
Usage Examples
The following example configures the unit to use the primary IPv4 address for RTP traffic:

(config-eth 0/1)#media-gateway ip primary

media-gateway ipv6
Use the media-gateway ipv6 command to associate an Internet Protocol version 6 (IPv6) address source to
media-gateway ipv6
media-gateway ipv6 <ipv6 address>
media-gateway ipv6 loopback <interface id>
media-gateway ipv6 vrrpv3 <number>
media-gateway ipv6 vrrpv3 <number> <ipv6 address>
Syntax Description
<ipv6 address> Specifies an IPv6 address to use for the media gateway. Specify an IPv6
address in colon hexadecimal format (X:X:X:X::X), for example,
2001:DB8:1::1.
loopback interface.
vrrpv3 <number> Specifies that all the secondary IPv6 addresses of the Virtual Routing
Redundancy Protocol version 3 (VRRPv3) virtual router ID (VRID) are used
as media gateway addresses on the interface. Valid VRID range is 1 to 255.
<ipv6 address> Optional. Specifies a single IPv6 address of the VRRPv3 VRID is used as
the media gateway address on the interface. Specify an IPv6 address in
colon hexadecimal format (X:X:X:X::X), for example, 2001:DB8:1::1.
Default Values
By default, media-gateway ipv6 is disabled.
Command History
Release R12.2.0 Command was expanded to include the vrrpv3 parameters.
Functional Notes
To use VRRPv3 addresses as the media gateway on the interface, you must first have configured
VRRPv3.

Usage Examples
The following example configures the unit to use the IPv6 address for RTP traffic:

(config-eth 0/1)#media-gateway ipv6

men-c-tag <value>
Use the men-c-tag command to specify the C-tag used to identify traffic on the Layer 3 subinterface within
an Ethernet virtual connection (EVC). Use the no form of this command to remove the C-tag value.
Syntax Description
<value> Specifies the value for the C-tag. Valid range is 1 to 4094.
Default Values
By default, the C-tag is not specified.
Command History
Usage Examples
The following example specifies a C-tag value of 100 for the traffic associated with the Layer 3 Gigabit
Ethernet subinterface 1/1.1:

(config-giga-eth-1/1.1)#men-c-tag 100

men-c-tag-pri
Use the men-c-tag-pri command to specify the default priority used by the C-tag. The C-tag is used to
identify traffic on the Layer 3 subinterface within an Ethernet virtual connection (EVC). Use the no form
of this command to return to the default value. Variations of this command include:
men-c-tag-pri inherit
men-c-tag-pri <value>
Syntax Description
inherit Specifies that the C-tag inherits the priority of the S-tag.
<value> Specifies the C-tag default priority. Valid range is 0 to 7.
Default Values
By default, the C-tag priority is set to inherit.
Command History
Usage Examples
The following example specifies the C-tag priority as 6 on the Layer 3 Gigabit Ethernet subinterface 1/1.1:

(config-giga-eth-1/1.1)#men-c-tag-pri 6

men-pri
Use the men-pri command to specify the default value of the S-tag used in Ethernet virtual connection
(EVC) communication. Use the no form of this command to return to the default setting. Variations of this
command include:
men-pri inherit
men-pri <value>
Syntax Description
inherit Specifies that the S-tag priority value is inherited from the customer
equipment (CE) virtual local area network (VLAN).
<value> Specifies a priority value for the S-tag. Valid range is 0 to 7.
Default Values
By default, the S-tag is set to inherit.
Command History
Usage Examples
The following example specifies that the S-tag has a priority of 5 on the Layer 3 Gigabit Ethernet
subinterface 1/1.1:

(config-giga-eth-1/1.1)#men-pri 5

men-queue
Use the men-queue command to specify the output queue used by the Ethernet virtual connection (EVC)
for traffic egressing this Layer 3 subinterface. Use the no form of this command to return to the default
men-queue inherit
men-queue <value>
Syntax Description
inherit Specifies that traffic egressing the subinterface is mapped to the Metro
Ethernet network (MEN) queue based on the packet’s outer tag value.
<value> Specifies the queue to which the traffic is mapped. Valid range is 0 to 7.
Default Values
By default, egressing traffic inherits the queue information.
Command History
Usage Examples
The following example specifies that egress traffic from the Layer 3 Gigabit Ethernet subinterface 1/1.1
inherits the queue mapping information:

(config-giga-eth-1/1.1)#men-queue inherit

mtu <size> include-l2-header

Use the mtu <size> include-l2-header command to specify the maximum transmission unit (MTU) for
the Layer 2 user network interface (UNI). Use the no form of this command to return to the default value.
Syntax Description
<size> Specifies the MTU size in bytes. Valid range is 60 to 9242 bytes.
include-l2-header Specifies that the Layer 2 header, any tags, and the Layer 2 payload are
included in the MTU size.
Default Values
By default, the MTU on Layer 2 interfaces is set to 9242 bytes.
Command History
Functional Notes
This command specifies the MTU for Layer 2 interfaces only. This MTU size includes the Layer 2 header,
any associated tags, and the Layer 2 payload, but not the frame check sequence (FCS). If the Layer 2
MTU is configured to be below the MTU for the Layer 3 interface, a misconfiguration occurs and as a
result, traffic can be lost. To avoid a misconfiguration, a warning is displayed whenever the Layer 2 MTU is
configured below 1526 bytes.
Usage Examples
The following example configures the MTU for the Layer 2 Gigabit Ethernet interface:

(config-giga-eth 0/1)#mtu 4400 include-l2-header

no shutdown track <name>

Use the no shutdown track command to restore the gigabit switchport interface when the specified track
passes. For more information about tracks, refer to track <name> on page 1871 and the Network Monitor
Track Command Set on page 4083.
Syntax Description
<name> Specifies the name of the track to associate with the activation of the
interface.
Default Values
By default, this command is not configured.
Command History
Usage Examples
The following example enables the interface based on the specified track:

(config-giga-swx 0/1)#no shutdown track work-hours

ospfv3 <process id> area <area id>

Use the ospfv3 area command to add an interface to an Open Shortest Path First version 3 (OSPFv3)
process, and to configure the OSPFv3 process on the interface. This command places the interface in the
specified area for the specified Internet Protocol version 6 (IPv6) OSPFv3 address family, and optionally
defines the instance ID that is used to represent this OSPFv3 process in messages on the interface’s link.
Use the no form of this command to remove the OSPFv3 process from the interface. Variations of this
command include:
ospfv3 <process id> area <area id> ipv6

ospfv3 <process id> area <area id> ipv6 instance <instance id>
Syntax Description
<process id> Specifies the OSPFv3 routing process this interface is to join, for the
specified address family. The process ID is locally significant to the device,
and must be unique among all OSPFv3 processes on the device. Valid
<area id> Specifies the ID of the area to which this interface is assigned for the given
OSPFv3 process. Valid range is 0 to 4294967295.
ipv6 Identifies the OSPFv3 address family as IPv6.
instance <instance id> Optional. Specifies the value to use in the instance ID field of messages
sent or received by this OSPFv3 process on the interface’s link. Valid range
is 0 to 31.
Default Values
By default, an OSPFv3 process is not configured on an interface. By default, process IDs, area IDs, and
instance IDs are not defined.
Command History
Functional Notes
When using this command to enable an OSPFv3 process on an interface, keep the following rules in mind:
• The interface must have the address family enabled on the interface. If the address family is not enabled
on the interface, the command is rejected and an error is displayed.
• Only interfaces on the default virtual routing and forwarding (VRF) instance support this command.
Interfaces on a nondefault VRF will display an error when you attempt to configure OSPFv3 settings.
• The interface and the specified OSPFv3 process (if defined in the global configuration) must be in the
same VRF or the command will fail.
• The address family must match that specified for the OSPFv3 process if the process has been defined
in the global configuration or the command will fail.
• If the OSPFv3 process identified by the process ID does not exist in the global configuration, it is
automatically created, along with the specified address family, and it is assigned to the VRF of which
the interface is a member.

• If the specified OSPFv3 process is already at its maximum limit of processes or address families, the
command fails.
• If the specified OSPFv3 process already exists in the global configuration, but its configuration does not
include an address family, the specified address family is added to the OSPFv3 router configuration.
• A given OSPFv3 process can only have one address family.
• Multiple OSPFv3 instances per address family, per VRF, can be created and can be assigned to a given
interface.
• If the interface’s VRF changes, all OSPFv3 assignments are removed.
• To change an OSPFv3 process’s VRF, the process must first be removed and then recreated.
Removing the process removes all OSPFv3 assignments for that process form all interfaces.
For more information about configuring OSPFv3, refer to the configuration guide Configuring IPv6 in AOS,
Usage Examples
To add an interface to the OSPFv3 process 5, in area 10, with an instance ID of 10, enter the command as
follows:

(config-eth 0/1)#ospfv3 5 area 10 ipv6 instance 10

ospfv3 authentication
Use the ospfv3 authentication command to authenticate an interface that is performing Internet Protocol
version 6 (IPv6) Open Shortest Path First version 3 (OSPFv3) authentication. Use the no form of this
ospfv3 authentication ipsec spi <spi> md5 <key>

ospfv3 authentication ipsec spi <spi> sha1 <key>
ospfv3 authentication null
Syntax Description
ipsec Specifies that IP security (IPsec) authentication is used.
spi <spi> Specifies the security parameter index (SPI). Valid range is 256 to 4294967295.
md5 <key> Specifies that MD5 authentication is used. Keys are specified in
32 hexadecimal characters.
sha1 <key> Specifies that SHA-1 authentication is used. Keys are specified in
null Specifies that no OSPFv3 authentication is used.
Default Values
By default, this is set to null (meaning no authentication is used).
Command History
Usage Examples
The following example specifies that no OSPFv3 authentication will be used on the interface:

(config-eth 0/1)#ospfv3 authentication null

ospfv3 <process id> cost <cost>

Use the ospfv3 cost command to specify a value that represents the cost of sending an Open Shortest Path
First version 3 (OSPFv3) packet over the interface. Use the no form of this command to return the cost to
the default value.
Syntax Description
<process id> Specifies the OSPFv3 routing process this interface is to join. Valid process
ID range is 1 to 65535. If the process ID has not already been created
(using the command ospfv3 <process id> area <area id> on page 2268),
entering this command will not create the ID. Only one OSPFv3 process
can be configured at a time; if another OSPFv3 process exists, an error is
reported.
cost <cost> Specifies the OSPFv3 cost of the interface. This value overrides any
automatically computed cost value (default value). Valid range is 1 to
65535.
Default Values
By default, the OSPFv3 cost of the interface is automatically computed. The automatic cost computation is
the reference bandwidth divided by the interface bandwidth. The reference bandwidth is set by the
command auto-cost reference-bandwidth <value> on page 4135, and defaults to 100 Mbps.
Command History
Functional Notes
Usage Examples
The following example specifies the OSPFv3 cost of the interface as 10:

(config-eth 0/1)#ospfv3 5 cost 10

ospfv3 <process id> dead-interval <value>

Use the ospfv3 dead-interval command to specify the maximum interval allowed between Open Shortest
Path First version 3 (OSPFv3) Hello packets on the interface. If the maximum interval is exceeded,
neighboring devices will assume that the device is down. This value must be the same across all interfaces
on a link. Use the no form of this command to return the dead interval to the default value.
Syntax Description
reported.
dead-interval <value> Specifies the maximum number of seconds allowed between OSPFv3 Hello
packets. It is recommended that this value be 4 times the Hello packet
interval (set with the command ospfv3 <process id> hello-interval <value>
on page 2275). Valid range is 1 to 65535 seconds.
Default Values
By default, the maximum interval allowed between OSPFv3 Hello packets is set to 40 seconds.
Command History
Functional Notes
Usage Examples
To specify the dead interval between OSPFv3 Hello packets on the interface, enter the command as
follows:

(config-eth 0/1)#ospfv3 5 dead-interval 100

ospfv3 encryption
Use the ospfv3 encryption command to specify a symmetrical, bidirectional Open Shortest Path First
version 3 (OSPFv3) security association (SA) that uses encapsulating security payload (ESP) for
encryption and authentication of all OSPFv3 messages that are sent or received on the interface. This
command allows you to specify OSPFv3 security at the interface level. Use the no form of this command
to remove IP security (IPsec) protection of OSPFv3 messages on the interface. Variations of this command
include:
ospfv3 encryption ipsec spi <spi> esp <encryption type> <encryption key> <authentication type>
<authentication key>
ospfv3 encryption ipsec spi <spi> esp null <authentication type> <authentication key>
ospfv3 encryption null
Syntax Description
ipsec Specifies that IPsec encryption is used on the interface for OSPFv3 SAs.
spi <spi> Specifies the security parameter index (SPI) for the SA. The value specified
must not be in used by any other IPsec function on the system, or an error
message is generated. If the same SPI is already in use in the same
OSPFv3 area, entering this command with the same value will overwrite the
current configuration. Valid SPI range is 256 to 4294967295.
esp Specifies that ESP is used.
null Specifies that OSPFv3 messages on this interface are not encrypted when
used in the ospfv3 encryption null format (even when encryption is
specified by the OSPFv3 area configuration). When used in the ospfv3
encryption ipsec spi <spi> esp null format, null indicates that messages
on the interface will not be encrypted, but will be authenticated.
<encryption type> Specifies the type of algorithm used to encrypt OSPFv3 messages. Valid
values for encryption are:
3des uses triple data encryption standard (DES).
aes-cbc uses advanced encryption standard (AES) with cipher block
chaining (CBC). Select from aes-cbc 128, aes-cbc 192, or aes-cbc
256.
des uses DES.
<encryption key> Specifies the hexadecimal encryption key. The size of the encryption key is
determined by the respective encryption algorithm, as follows:
3des uses a 48 character key size.
aes-cbc 128 uses a 32 character key size.
des uses a 16 character key size.
<authentication type> Specifies the algorithm used for authenticating OSPFv3 messages. Valid
authentication methods are Message-Digest 5 (md5) and Secure-Hash 1
(sha1) algorithms.

<authentication key> Specifies the hexadecimal authentication key. The size of the authentication
key is determined by the respective authentication algorithm, as follows:
md5 uses a 32 character key size.
sha1 uses a 40 character key size.
Default Values
By default, there is no security for OSPFv3 messages on an interface.
Command History
Functional Notes
This commands specifies OSPFv3 security at the interface level. Protection specified with this command
overrides any area-level OSPFv3 protection that might apply to the interface.
Usage Examples
The following example configures OSPFv3 messages with an SPI of 120, no encryption, and md5 as the

(config-eth 0/1)#ospfv3 encryption ipsec spi 120 esp null md5
NeWtStpsswdLoonGpsswDhtThmnWoKEY

ospfv3 <process id> hello-interval <value>

Use the ospfv3 hello-interval command to specify the interval between Open Shortest Path First version 3
(OSPFv3) Hello packets sent on the interface. This value must be the same across all interfaces on the link.
Use the no form of this command to return the Hello packet interval to the default value.
Syntax Description
reported.
hello-interval <value> Specifies the number of seconds allowed between OSPFv3 Hello packets.
Default Values
By default, the Hello packet interval for OSPFv3 is 10 seconds.
Command History
Functional Notes
Usage Examples
The following example specifies that the interval between OSPFv3 Hello packets on the interface is 20
seconds:

(config-eth 0/1)#ospfv3 5 hello-interval 20

ospfv3 <process id> network

Use the ospfv3 network command to specify the network type for Open Shortest Path First version 3
(OSPFv3) enabled interfaces. Use the no form of this command to return the interface’s network type to
ospfv3 <process id> network broadcast

ospfv3 <process id> network point-to-point
Syntax Description
reported.
broadcast Specifies that the OSPFv3 network type for the interface is set to broadcast.
point-to-point Specifies that the OSPFv3 network type for the interface is set to
point-to-point.
Default Values
By default, Ethernet interfaces are set to network type broadcast, and point-to-point (PPP), Frame Relay,
and loopback interfaces are set to network type point-to-point.
Command History
Functional Notes
Usage Examples
The following example specifies the network interface as point-to-point:

(config-eth 0/1)#ospfv3 5 network point-to-point

ospfv3 <process id> priority <value>

Use the ospfv3 priority command to specify the Open Shortest Path First version 3 (OSPFv3) priority for
the interface. Use the no form of this command to return the interface’s priority to the default value.
Syntax Description
reported.
priority <value> Specifies the OSPFv3 priority for the interface. Valid range is 0 to 255.
Default Values
By default, the OSPFv3 priority of an interface is set to 1.
Command History
Functional Notes
Priority is used in the election of the designated router and backup designated router on multi-access
networks. Interfaces connected to multi-access networks (such as Ethernet interfaces) perform an election
for a designated and backup designated router. The router interface with the highest OSPFv3 priority on
the link becomes the designated router for that link. The interface with the next highest priority becomes
the designated backup router. In the event there is a tie, the router interface with the highest router ID
takes precedence. A priority value of 0 indicates the router is ineligible to become either the designated or
backup designated router.
Usage Examples
The following example changes the interface’s OSPFv3 priority value to 6:

(config-eth 0/1)#ospfv3 5 priority 6

ospfv3 <process id> retransmit-interval <value>

Use the ospfv3 retransmit-interval command to specify the interval between Open Shortest Path First
version 3 (OSPFv3) link-state advertisements (LSAs) sent on the interface. Use the no form of this
command to return the OSPFv3 LSA interval to the default value.
Syntax Description
reported.
retransmit-interval <value> Specifies the number of seconds between OSPFv3 LSAs sent on the
interface. Valid range is 1 to 65535 seconds.
Default Values
By default, the LSA retransmit interval is set to 5 seconds.
Command History
Functional Notes
Usage Examples
The following example specifies the LSA retransmit interval is 10 seconds:

(config-eth 0/1)#ospfv3 5 retransmit-interval 10

ospfv3 <process id> shutdown

Use the ospfv3 shutdown command to disable an Open Shortest Path First version 3 (OSPFv3) process on
the interface. When this command is used, the OSPFv3 commands remain in place, but logically it appears
to the interface as though the OSPFv3 process has been removed from the configuration. This command
can be useful in troubleshooting. Use the no form of this command to reinstate the OSPFv3 process.
Syntax Description
reported.
Default Values
Command History
Functional Notes
Usage Examples
The following example disables OSPFv3 process 5 on the interface:

(config-eth 0/1)#ospfv3 5 shutdown

ospfv3 <process id> transmit-delay <value>

Use the ospfv3 transmit-delay command to specify the estimated time that is required to propagate an
Open Shortest Path First version 3 (OSPFv3) link-state advertisement (LSA) on the interface. Use the no
form of this command to return the transmit delay to the default value.
Syntax Description
reported.
transmit-delay <value> Specifies the number of seconds required to send LSAs from the interface.
Default Values
By default, the LSA transmit delay is set to 1 second.
Command History
Functional Notes
Usage Examples
The following example changes the interface’s LSA transmit delay to 2 seconds:

(config-eth 0/1)#ospfv3 5 transmit-delay 2

Use the packet-capture command to apply a previously configured packet capture instance to the
interface. Use the no form of this command to remove the packet capture instance.
Syntax Description
<name> Specifies the name of the packet capture instance to apply to the interface.
Default Values
By default, no packet capture instances are configured or applied to the interface.
Command History
Functional Notes
they traverse the network. For more information about packet capturing, its uses, and its implementation in
AOS, refer to the configuration guide Configuring Packet Capture in AOS, available online at
Usage Examples
The following example applies the previously configured packet capture 1CAPTURE to the interface:

(config-eth 0/1)#packet-capture 1CAPTURE

performance-statistics
Use the performance-statistics command to enable gathering performance monitoring statistics on the
subinterface. Use the no form of this command to disable the performance monitoring feature.
Syntax Description
No subcommands.
Default Values
By default, performance monitoring is enabled.
Command History
Usage Examples
The following example enables performance monitoring on the Ethernet subinterface eth 0/1.1:
(config)#interface eth 0/1.1

(config-eth 0/1.1)#performance-statistics

port-auth auth-mode
Use the port-auth auth-mode command to configure the authentication mode. Use the no form of this
port-auth auth-mode mac-based

port-auth auth-mode port-based
port-auth auth-mode port-based mac-auth-bypass
port-auth auth-mode voice-based
port-auth auth-mode voice-based mac-auth-bypass
Syntax Description
mac-based Specifies a medium access control (MAC)-based authentication mode.
Each host must authenticate separately.
port-based Specifies a port-based authentication mode. Only a single host can
participate in the authentication process.
voice-based Specifies a voice-based authentication mode. Two hosts can participate in
the authentication process: one in a voice virtual local area network (VLAN),
and one in a data VLAN. A voice VLAN must be configured on the port for
voice-based port authentication.
mac-auth-bypass Optional. Specifies that if 802.1x authentication times out, the port will
authenticate with a RADIUS server using the source MAC address. If the
device connected to the port responds to 802.1x, MAC bypass will not be
attempted.
Default Values
By default, the authentication mode is port based.
Command History
Release 11.5.0 Command was expanded to include the mac-auth-bypass parameter.
Release R11.13.0 Command was expanded to include the voice-based parameter.
Usage Examples
The following example configures the unit for MAC-based authentication mode:

(config-eth 0/1)#port-auth auth-mode mac-based
The following example configures the unit for voice-based authentication mode:

(config-eth 0/1)#port-auth auth-mode voice-based

port-auth control-direction
Use the port-auth control-direction command to configure the direction in which traffic is blocked. This
command is only applicable when authentication is port based. Use the no form of this command to return
port-auth control-direction both

port-auth control-direction in
Syntax Description
both Blocks traffic in both directions when the port becomes unauthorized.
in Blocks only incoming traffic when the port becomes unauthorized.
Default Values
By default, traffic is blocked in both directions.
Command History
Usage Examples
The following example causes traffic to be blocked in both directions when the port becomes unauthorized:

(config-eth 0/1)#port-auth control-direction both

port-auth guest-vlan <vlan id>

Use the port-auth guest-vlan command to configure guest virtual local area network (VLAN) for an
interface. Use the no form of this command to return to the default setting.
Syntax Description
<vlan id> Specifies a valid VLAN interface ID. Range is 1 to 4094. If the specified
VLAN does not exist, this command will create the VLAN.
Default Values
By default, no guest VLAN is configured.
Command History
Functional Notes
Guest VLAN allows devices that fail authentication to be assigned to a predefined guest VLAN. For
example, if a printer is plugged into a port and there is no RADIUS server to authenticate the new device or
if RADIUS is not responding, the printer will be assigned to the guest VLAN and have network access
granted to that VLAN.
Usage Examples
The following example configures the Ethernet interface 0/1 for guest VLAN 20:

(config-eth 0/1)#port-auth guest-vlan 20

port-auth multiple-hosts
Use the port-auth multiple-hosts command to allow multiple hosts to access an authorized port without
going through the authentication process. This command is only applicable when authentication is port
based. Use the no form of this command to return to the default setting.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables multiple hosts to access an authorized port:

(config-eth 0/1)#port-auth multiple-hosts

port-auth port-control
Use the port-auth port-control command to configure the port-authorization state. Use the no form of
port-auth port-control auto

port-auth port-control force-authorized
port-auth port-control force-unauthorized
Syntax Description
auto Enables the port-authentication process.
force-authorized Forces the port into an authorized state.
force-unauthorized Forces the port into an unauthorized state.
Default Values
By default, all ports are forced to an authorized state.
Command History
Usage Examples
The following example forces Ethernet port 0/1 into an unauthorized state:

(config-eth 0/1)#port-auth port-control force-unauthorized

power inline
Use the power inline command to detect attached powered devices (PDs) and deliver 48 VDC, compliant
with the IEEE 802.3af Power over Ethernet (PoE) standard, to the PD via existing CAT 5 cabling. To
disable power detection and supply, use the power inline never command. Variations of this command
include:
power inline auto

power inline legacy
power inline limit <value>
power inline never
power inline 2-point
power inline 4-point
Syntax Description
auto Enables power detection and supply to PDs.
legacy Enables power detection and supply of legacy non-IEEE 802.3af-compliant
PDs.
limit <value> Specifies the maximum amount of power that can be allocated to a PD
connected to a specific port interface.
never Disables power detection and supply to PDs.
2-point Enables power detection and supply using the 2-point detection method
necessary for some PDs.
4-point Enables power detection and supply using the 4-point detection method
necessary for some PDs. This method works consistently with LinkRunner
1000/200 devices when other detection methods fail.
Default Values
By default, PWR switches discover and provide power to IEEE-compliant PDs.
Command History
Release A4.01 Command was expanded to include the 2-point parameter.
Release R11.2.0 Command was expanded to include the limit parameter.
Release R12.2.0 Command was expanded to include the 4-point parameter.
Functional Notes
The power inline limit <value> command specifies the maximum amount of power available for allocation
on a particular port. When you set the limit using this command, the switch will use this value instead of the
PD Classification to determine the amount of power that must be available before delivering power to a
newly connected PD. If the total power available is greater than this setting, power will be delivered to the
PD. In addition, if the PD ever tries to draw more power than this setting, power to the PD will be shut off.

The power inline limit <value> command is available only in AOS firmware version R11.2.0 and later, but
the command is hidden and therefore does not provide any help text.
Usage Examples
The following example configures the Ethernet interface to detect and supply power to PDs:

(config-eth 0/3)#power inline auto
The following example sets the maximum amount of power allocated to a PD on a Gigabit switchport
interface to 12:

(config-giga-swx 0/1)#power inline limit 12

qos
Use the qos (quality of service) command to set the interface to the trusted state and to set the default cost
of service (CoS) value. To return to defaults, use the no form of this command. Variations of this
command include:
qos default-cos <value>

qos trust cos
Syntax Description
default-cos <value> Sets the default CoS value for untrusted ports and all untagged packets.
Range is 0 through 7.
trust cos Sets the interface to the trusted state.
Default Values
By default, the interface is untrusted with a default CoS of 0.
Command History
Functional Notes
Set the interface to trust cos if received 802.1P. CoS values are considered valid (i.e., no need to
reclassify) and do not need to be tagged with the default value. When set to untrusted, the default-cos
value for the interface is used.
Usage Examples
The following example sets Ethernet interface 0/1 as a trusted interface and assigns untagged packets a
CoS value of 1:

(config-eth 0/1)#qos trust cos
(config-eth 0/1)#qos default-cos 1

qos-policy
Use the qos-policy command to apply a previously configured quality of service (QoS) map to incoming
or outgoing packets on an interface. Use the no form of this command to remove the map from the
qos-policy in <name>
qos-policy out <name>
Syntax Description
<name> Specifies the name of a previously created QoS map (refer to qos map
<name> <number> on page 1665 for more information).
in Assigns a QoS map to this interface's input.
out Assigns a QoS map to this interface's output.
Default Values
Command History
Release 15.1 Command was expanded to include the in parameter.
Ethernet Interface.
Functional Notes
When a QoS policy is applied to an interface, it may be disabled if the interface bandwidth is not adequate
to support the requested bandwidth on the map set. Once the bandwidth problem is resolved, the map will
work again. The bandwidth will be rechecked on any of the following changes:
1. A priority or class-based entry is added to, deleted from, or changed in a QoS map set.
2. The interface bandwidth is changed by the bandwidth command on the interface.
3. A QoS policy is applied to an interface.
4. A cross connect is created that includes an interface with a QoS policy.
5. The interface queuing method is changed to fair queue to use weighted fair queuing.
6. The interface operational status changes.
7. The interface bandwidth changes for other reasons (e.g., when asymmetric digital subscriber line
(ADSL) finishes training).

In order to prevent the map from being disabled in cases of temporary inadequate bandwidth (e.g., a single
link goes down in a dual T1 multilink configuration where the map requests more than one T1's worth of
bandwidth), the QoS map uses the maximum theoretical bandwidth on an interface, not the actual
bandwidth at that time. This actually helps QoS keep higher priority class-based traffic working better than
best-effort traffic when the bandwidth drops.
Usage Examples
The following example applies the QoS map VOICEMAP to the Ethernet interface:

(config-eth 0/1)#qos-policy out VOICEMAP

rtp quality-monitoring
Use the rtp quality-monitoring command to enable voice quality monitoring (VQM) of the Realtime
Transport Protocol (RTP) voice stream packets on this interface. If the global command (ip rtp
quality-monitoring) is disabled when this command is issued, the system will return the following
warning: “Applied but not used, you must globally enable ip rtp quality-monitoring to use VQM.” Use
Syntax Description
No subcommands.
Default Values
By default, VQM is enabled on all wide area network (WAN) and local area network (LAN) interfaces.
Command History
Ethernet Interface.
Usage Examples
The following example enables RTP quality monitoring on the Ethernet 0/2 interface:

(config-eth 0/2)#rtp quality-monitoring

s-tag-dei
Use the s-tag-dei command to configure traffic egressing the interface to reflect the packet color, either
green or yellow. Packets are colored by setting the Canonical Format Indicator/Discard Eligibility
Indicator (CFI/DEI) bit in the S-TAG VLAN header. Green packets are set to 0, while yellow packets are
set to 1. Use the no form of the command to disable this feature.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example configures the egressing traffic on the Ethernet 0/2 interface to reflect the packet
color in the S-TAG VLAN header:

(config-eth 0/2)#s-tag-dei

snmp trap
traps on the interface. Us the no form of this command to disable this trap.
Syntax Description
No subcommands.
Default Values
enabled.
Command History
interface.
Ethernet Interface.
Usage Examples
The following example enables SNMP capability on the Ethernet interface:

(config-eth 0/1)#snmp trap


Syntax Description
No subcommands.
Default Values
Command History
interface.
interface.
Ethernet Interface.
Functional Notes
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on the interface:

(config-eth 0/1)#no snmp trap link-status

spanning-tree bpdufilter
Use the spanning-tree bpdufilter command to enable or disable the bridge protocol data unit (BPDU)
filter on a specific interface. This setting overrides the related global setting (refer to spanning-tree
edgeport bpdufilter default on page 1827). Use the no form of this command to return to the default
spanning-tree bpdufilter disable

spanning-tree bpdufilter enable
Syntax Description
disable Disables BPDU filter for this interface.
enable Enables BPDU filter for this interface.
Default Values
Command History
Functional Notes
The bpdufilter blocks any BPDUs from being transmitted and received on an interface.
Usage Examples
The following example enables the BPDU filter on the Ethernet interface 0/3:

(config-eth 0/3)#spanning-tree bpdufilter enable
The BPDU filter can be disabled on the Ethernet interface 0/3 by issuing the following commands:

(config-eth 0/3)#spanning-tree bpdufilter disable

spanning-tree bpduguard
Use the spanning-tree bpduguard command to enable or disable the bridge protocol data unit (BPDU)
guard on a specific interface. This setting overrides the related global setting (refer to spanning-tree
forward-time <value> on page 1831). Use the no form of this command to return to the default setting.
spanning-tree bpduguard disable

spanning-tree bpduguard enable
Syntax Description
disable Disables BPDU guard for this interface.
enable Enables BPDU guard for this interface.
Default Values
Command History
Functional Notes
The bpduguard blocks any BPDUs from being received on an interface.
Usage Examples
The following example enables the BPDU guard on the interface Ethernet interface 0/3:

(config-eth 0/3)#spanning-tree bpduguard enable
The BPDU guard can be disabled on the Ethernet interface 0/3 by issuing the following commands:

(config-eth 0/3)#spanning-tree bpduguard disable

spanning-tree cost <value>

Use the spanning-tree cost command to assign a cost to the interface. The cost value is used when
computing the spanning-tree root path. Use the no form of this command to return to the default setting.
Syntax Description
<value> Specifies a cost value of 1 to 200000000.
Default Values
By default, the cost value is set to 1000 Mbps.
Command History
Usage Examples
The following example sets the interface to a path cost of 1200:

(config-eth 0/3)#spanning-tree cost 1200

Use the spanning-tree edgeport command to enable or disable the interface as an edgeport. This
command overrides the related global setting (refer to spanning-tree edgeport default on page 1829).
spanning-tree edgeport disable

spanning-tree edgeport enable
Syntax Description
disable Specifies that the interface is not an edgeport.
enable Specifies that the interface is an edgeport.
Default Values
Command History
Release 8.1 Command was added to the ATM subinterface command set.
Release R10.1.0 Command was expanded to include the disable and enable keywords.
Functional Notes
When an interface is designated as an edgeport, the interface will immediately go into a forwarding state
when the link becomes active. When an interface is not designated as an edgeport, the interface must
progress through the listening and learning states before going to the forwarding state.
Usage Examples
The following example specifies that the interface is an edgeport:

(config-eth 0/1)#spanning-tree edgeport enable
The following example disables the interface as an edgeport:

(config-eth 0/1)#spanning-tree edgeport disable

spanning-tree link-type
Use the spanning-tree link-type command to configure the spanning tree protocol link type for each
interface. Use the no form of this command to return to the default setting. Variations of this command
include:
spanning-tree link-type auto

spanning-tree link-type point-to-point
spanning-tree link-type shared
Syntax Description
auto Determines link type by the port’s duplex settings.
point-to-point Manually sets link type to point-to-point regardless of duplex settings.
shared Manually sets link type to shared regardless of duplex settings.
Default Values
By default, the interface is set to auto.
Command History
Functional Notes
This command overrides the default link type setting determined by the duplex of the individual port. By
default, a port configured for half-duplex is set to shared link type, and a port configured for full-duplex is
set to point-to-point link type. Setting the link type manually overrides the default and forces the port to
use the specified link type. Use the link-type auto command to restore the convention of determining link
type based on duplex settings.
Usage Examples
The following example forces the link type to point-to-point, even if the port is configured to be
half-duplex:

(config-eth 0/3)#spanning-tree link-type point-to-point
Technology Review
Rapid transitions are possible in Rapid Spanning Tree Protocol (RSTP) by taking advantage of
point-to-point links (a port is connected to exactly one other bridge) and edge-port connections (a port is
not connected to any additional bridges). Setting the link type to auto allows the spanning tree to
automatically configure the link type based on the duplex of the link. Setting the link type to point-to-point
allows a half-duplex link to act as if it were a point-to-point link.

spanning-tree path-cost <value>

Use the spanning-tree path-cost command to assign a cost to a bridge group that is used when computing
the spanning-tree root path. To return to the default path-cost value, use the no form of this command.
Syntax Description
<value> Assigns a number to the bridge interface to be used as the path cost in
spanning calculations. Valid range is 0 to 65535.
Default Values
By default, the path-cost value is set to 19.
Command History
Release R10.1.0 Command was added to the Ethernet interface command set.
Functional Notes
The specified value is inversely proportional to the likelihood the bridge interface will be chosen as the root
path. Set the path-cost value lower to increase the chance the interface will be the root. To obtain the most
accurate spanning-tree calculations, develop a system for determining path costs for links and apply it to
all bridged interfaces.
Usage Examples
The following example assigns a path cost of 100 on an Ethernet interface:

(config-eth 0/1)#spanning-tree path-cost 100
Technology Review
Spanning-tree protocol provides a way to prevent loopback or parallel paths in bridged networks. Using the
priority values and path costs assigned to each bridging interface, the spanning-tree protocol determines
the root path and identifies whether to block or allow other paths.

spanning-tree pathcost method

Use the spanning-tree pathcost method command to select a short or long method used by the
spanning-tree protocol. Variations of this command include:
spanning-tree pathcost method long

spanning-tree pathcost method short
Syntax Description
long Specifies 32-bit values when calculating pathcosts.
short Specifies 16-bit values when calculating pathcosts.
Default Values
By default, spanning-tree pathcost method is set to short.
Command History
Usage Examples
The following example specifies that the spanning tree protocol use a long pathcost method:

(config-eth 0/3)#spanning-tree pathcost method long

spanning-tree port-priority <value>

Use the spanning-tree port-priority command to select the priority level of this interface. To return to the
default setting, use the no form of this command.
Syntax Description
<value> Specifies a priority-level value from 0 to 240 (this value must be in
increments of 16).
Default Values
By default, this set to 128.
Command History
Functional Notes
The only time that this priority level is used is when two interfaces with a path to the root have equal cost.
At that point, the level set in this command will determine which port the spanning tree will use. Set the
priority value lower to increase the chance the interface will be used.
Usage Examples
The following example sets the interface to a priority of 100:

(config-eth 0/3)#spanning-tree port-priority 100

spanning-tree rootguard
Use the spanning-tree rootguard command to enable or disable the root guard on a specific interface.
This setting overrides the related global setting (refer to spanning-tree edgeport rootguard default on page
1830). Use the no form of this command to return to the default setting. Variations of this command
include:
spanning-tree rootguard disable

spanning-tree rootguard enable
Syntax Description
disable Disables root guard for this interface.
enable Enables root guard for this interface.
Default Values
Command History
Functional Notes
Root guard blocks an interface from being elected to the root port role. If information about a superior root
bridge is received, the interface will no longer forward traffic until superior root bridge proposals stop. If an
interface has bridge protocol data unit (BPDU) filter or BPDU guard configured, configuring root guard will
have no effect on the operation of the interface. The root guard setting can be overridden on an individual
port basis.
Usage Examples
The following example enables the root guard on the gigabit switchport interface 0/3:

(config-giga-swx 0/3)#spanning-tree rootguard enable
The following example disables the root guard on the gigabit switchport interface 0/3:

(config-giga-swx 0/3)#spanning-tree rootguard disable

speed
Use the speed command to configure the speed of an Ethernet interface. Use the no form of this command
to return to the default value. Variations of this command include:
speed 10
speed 100
speed 1000
speed 1000 nonegotiate
speed 2500
speed 10000
speed auto
Syntax Description
10 Specifies 10 Mbps Ethernet.
100 Specifies 100 Mbps Ethernet.
1000 Specifies 1 Gbps Ethernet. This only applies to Gigabit Ethernet interfaces.
2500 Specifies 2.5 Gbps Ethernet. This only applies to Gigabit Ethernet
interfaces.
10000 Specifies 10 Gbps Ethernet. This only applies to 10 Gigabit Ethernet
interfaces.
nonegotiate Optional. Specifies that auto-negotiation is disabled on Gigabit Ethernet
interfaces that use a fiber medium.
auto Automatically detects 10 or 100 Mbps Ethernet and negotiates the duplex
setting.
Some Ethernet equipment (though rare) is unable to negotiate duplex if speed is manually
determined. To avoid incompatibilities, manually set the duplex if the speed is manually
set. Refer to ethernet-cfm mep on page 2160 and half-duplex on page 2170.
Default Values
By default, speed is set to auto.
Command History
Release 17.5 Command was expanded to include the 2500 Mbps parameter.
Release R10.10.0 Command was expanded to include the 10000 Mbps parameter.
(vAOS) instances.
Functional Notes

Usage Examples
The following example configures the Ethernet port for 100 Mbps operation:

(config-eth 0/1)#speed 100

storm-control action shutdown

Use the storm-control action shutdown command to shut down the interface when a storm occurs. Use
Syntax Description
No subcommands.
Default Values
By default, this command is disabled; the interface will only filter traffic.
Command History
Functional Notes
Enabling this option shuts down the interface if a multicast, unicast, or broadcast storm occurs.
Usage Examples
The following example shuts down Ethernet interface 0/1 if a storm is detected:

(config-eth 0/1)#storm-control action shutdown

storm-control level
Use the storm-control level command to configure limits on the rates of broadcast, multicast, and unicast
traffic on a port. Use the no form of this command to disable this feature. Variations of this command
include:
storm-control broadcast level <rising level>

storm-control broadcast level <rising level> <falling level>
storm-control multicast level <rising level>
storm-control multicast level <rising level> <falling level>
storm-control multicast-broadcast level <rising level>
storm-control unicast level <rising level>
storm-control unicast level <rising level> <falling level>
Syntax Description
broadcast level Sets levels for broadcast traffic.
multicast level Sets levels for multicast traffic.
multicast-broadcast level Sets levels for multicast and broadcast traffic.
unicast level Sets levels for unicast traffic.
<rising level> Specifies a rising level, which determines the percentage of total bandwidth
the port accepts before it begins blocking packets. Range is 1 to
100 percent.
<falling level> Optional. Specifies a falling level, which determines when the storm is
considered over, causing AOS to no longer block packets. This level must be
less than the rising level. Range is 1 to 100 percent.
Default Values
By default, storm-control is disabled.
Command History
Functional Notes
This setting configures the rising and falling suppression values. When the selected rising level (which is a
percentage of total bandwidth) is reached, the port begins blocking packets of the specified type (i.e.,
broadcast, multicast, or unicast). AOS uses the rising level as its falling level if no falling level is specified.
Availability of this command and its variations will differ across AOS platforms.
Usage Examples
The following example sets the rising suppression level to 85 percent for multicast packets:

(config-eth 0/1)#storm-control multicast level 85

The following example sets the rising suppression level to 80 percent for broadcast packets, with a falling
level of 50 percent:

(config-eth 0/1)#storm-control broadcast level 80 50

storm-control rate
Use the storm-control rate command to configure maximum ingress data rates for broadcast, unknown
multicast, and unknown unicast traffic on a switch port. Use the no form of this command to disable the
feature. Variations of this command include:
storm-control broadcast rate <rate>

storm-control broadcast rate <rate> burst <size>
storm-control multicast-unknown rate <rate>
storm-control multicast-unknown rate <rate> burst <size>
storm-control unicast-unknown rate <rate>
storm-control unicast-unknown rate <rate> burst <size>
Syntax Description
broadcast Specifies the maximum data rate for all ingress broadcast traffic.
multicast-unknown Specifies the maximum data rate for ingress unknown multicast traffic.
unicast-unknown Specifies the maximum data rate for ingress unknown unicast traffic.
rate <rate> Specifies the maximum ingress data rate in Kilobytes per second. Valid
range is 64 to 33554368 Kbps.
burst <size> Optional. Specifies the maximum traffic burst (in bytes) of the specified
traffic type that can ingress the port. Valid selections are 4K, 16K, 64K,
256K, 1M, 4M, 8M, and 16M bytes.
Default Values
By default, storm control is disabled. When enabled, the burst size is set to 64K bytes by default.
Command History
Functional Notes
Storm control is used to lessen the impacts of traffic flooding on certain ports.
Address Resolution Protocol (ARP), Dynamic Host Control Protocol (DHCP), and other protocols
commonly use broadcasts, so setting the broadcast storm control rate too low can adversely impact these
protocols in an otherwise healthy network.
The configured multicast storm control rate applies only to multicast traffic with addresses not learned by
Internet Group Management Protocol (IGMP) snooping.

Unknown unicast traffic usually exist only for initial traffic to a client or traffic sent to a client that was
unlearned or that timed out. Setting the unicast storm control rate too low can impact traffic to clients that
actually exist but are temporarily unknown to the switch. Spanning tree topology change notifications
(TCNs) clear the known unicast addresses on some ports of the switch and cause all unicast traffic from
these clients to be unknown until the addresses are relearned. This behavior can cause the temporary rate
of unknown unicast frames to spike. Switching networks that have relatively static topologies should use
the spanning tree edge-port setting to limit spanning tree TCNs so that a lower storm control unicast rate
can be set. If the network topology changes frequently, a larger unicast storm control rate should be set so
that traffic is not adversely impacted after a spanning tree TCN.
All traffic is received on switchports at full line rate, meaning that the momentary rate of received traffic will
almost always exceed any storm control rate configured lower than the port’s linked rate. The configured
burst size determines how many bytes can burst over the configured rate before storm control makes a
decision to begin dropping traffic for a configured traffic type. A smaller storm control burst size causes the
rate to be imposed on received frames earlier in the storm of undesired frames. Setting a higher burst rate
is less likely to drop frames in case of many back-to-back frames, but also exposes the network to more of
the initial frames of a storm of undesired frames. Once a burst is exhausted, it takes an interval of time to
refill completely. This interval, in seconds, is defined as the (burst rate * 8)/rate.
When a switchport is part of a port channel, storm control settings are not allowed on the switchport.
Rather, storm control rate and burst settings are only allowed on the port channel of which the switchport is
a member.
Usage Examples
The following example configures broadcast traffic storm control with a rate of 1000 Kbps and the default
burst size:

(config-xgiga-swx 1/1)#storm-control broadcast rate 1000

subtended-host mode
Use the subtended-host mode command to enable or disable subtended host listening on the interface.
This command allows the interface to receive pre-provisioning information from another AOS unit.
subtended-host mode listener

subtended-host mode disabled
Syntax Description
listener Enables the interface to receive pre-provisioning information from another
unit.
disabled Disables the interface from receiving any pre-provisioning information from
another unit.
Default Values
By default, the first configured MEF Ethernet interface has pre-provisioning listening enabled. In addition,
the Gigabit Ethernet interface 0/1 and EFM group 1/1 interfaces have pre-provisioning listening enabled by
default. Any additional interfaces have pre-provisioning listening disabled.
Command History
Release R11.1.0 Command was expanded to include the Gigabit Ethernet and EFM group
interfaces.
Functional Notes
Only one interface at a time can have the subtended-host mode set to listener. If all interfaces have a
subtended-host mode of disabled, then all pre-provisioning information is discarded.
Usage Examples
The following example enables the Ethernet interface 0/1 to receive subtended-host provisioning:

(config-ethernet 0/1)#subtended-host mode listener

switchport access vlan <vlan id>

Use the switchport access vlan command to set the port to be a member of the virtual local area network
(VLAN) when in access mode. To reset the port to be a member of the default VLAN, use the no form of
this command.
Syntax Description
Default Values
By default, this is set to VLAN 1 (the default VLAN).
Command History
Functional Notes
If the port is in the trunk mode, this command will not alter the switchport mode to access. Instead it will
save the value to be applied when the port does switch to access mode. Refer to switchport mode on page
Usage Examples
The following example sets the switchport mode to static access and makes the Ethernet interface 0/1 port
a member of VLAN 2:

(config-eth 0/1)#switchport mode access
(config-eth 0/1)#switchport access vlan 2

switchport gvrp
Use the switchport gvrp command to enable or disable GARP VLAN Registration Protocol (GVRP) on
an interface. Use the no form of this command to return to the default value.
Syntax Description
No subcommands.
Default Values
By default, GVRP is disabled on all ports.
Command History
Functional Notes
Enabling GVRP on any interface enables GVRP globally.
Usage Examples
The following example enables GVRP on Ethernet interface 0/24:

(config-eth 0/24)#switchport gvrp

switchport mode
Use the switchport mode command to configure the virtual local area network (VLAN) membership
mode. Use the no form of this command to reset membership mode to the default value. Variations of this
command include:
switchport mode access

switchport mode activchassis
switchport mode stack
Syntax Description
access Sets port to be a single (nontrunked) port that transmits and receives no
tagged packets.
activchassis Sets the port to allow it to communicate with other ActivChassis devices.
stack Sets the port to allow it to communicate with a switch stack.
trunk Sets port to transmit and receive packets on all VLANs included in its VLAN
allowed list.
Default Values
By default, on non-ActivChassis devices, the switchport mode is set to access. By default, on
ActivChassis-enabled devices, the switchport mode is set to activchassis.
Command History
Release AC1.0 Command was expanded to include the activchassis parameter.
Functional Notes
Configuring the interface for stack mode (using the switchport mode stack command) enables the switch
to communicate with other switches that are capable of stacking.
• f the switch is configured as the stack master (using the (config)#stack master command), it will
begin advertising itself as a stack master.
• f the switch is configured as the stack member (using the (config)#stack member command), it
will begin advertising other stack masters that it knows about.
Stack mode also allows the port to transmit and receive packets on all VLANs that are included in the
VLAN allowed list.
In ActivChassis mode, the switchport becomes part of the ActivChassis backplane, and it is not available
to connect to devices outside of the ActivChassis. The port must be directly connected to other devices
with the same capability and settings. In addition, if the port is part of the ActivChassis backplane, and it
currently has an active link, the port mode cannot be changed from activchassis mode. For more
information about configuring ActivChassis, refer to the configuration guide Configuring ActivChassis in
AOS, available online at https://supportcommunity.adtran.com.

Usage Examples
The following example sets the port to be a trunk port:

(config-eth 0/1)#switchport mode trunk
The following example changes the port function on a device with ActivChassis enabled:

(config-xgiga-swx 1/1)#switchport mode activchassis

switchport port-security
Use the switchport port-security command to enable port security functionality on the interface. Use the
no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
This command is disabled by default.
Command History
Functional Notes
You cannot enable port security on a port that is already configured as the following:
• Monitor session destination

• Member of a port channel interface
• Dynamic or trunk port (i.e., the port must be configured as static access)
Usage Examples
The following example enables port security on the Ethernet interface 0/1 interface:

(config-eth 0/1)#switchport port-security

switchport port-security aging

Use the switchport port-security aging command to enable and configure secure medium access control
(MAC) address aging on a particular interface. Use the no form of this command to disable this feature.
switchport port-security aging static

switchport port-security aging time <value>
switchport port-security aging type absolute
Syntax Description
static Configures the interface to age static, as well as dynamic entries in the
secure MAC address table.
time <value> Enables port security aging for dynamic entries in the secure MAC address
table by configuring a time (in minutes). Disable aging by setting the time
to 0.
type absolute Configures the address to be removed after the specified time regardless of
activity.
Default Values
By default, dynamic and static aging are disabled.
Command History
Usage Examples
The following example sets the aging time of secure MAC addresses to 10 minutes:

(config-eth 0/1)#switchport port-security aging time 10

switchport port-security expire

Use the switchport port-security expire command to disable an interface after a specified amount of
time. Use the no form of this command to return to the default setting. Variations of this command include:
switchport port-security expire time <value>

switchport port-security expire type absolute
Syntax Description
time <value> Enables port expiration by configuring a time (in minutes). Disable by
setting time to 0.
type absolute Configures the interface to shut down after the specified time regardless of
activity.
Default Values
By default, this command is disabled and set to type absolute.
Command History
Usage Examples
The following example disables Ethernet interface 0/1 after 10 minutes:

(config-eth 0/1)#switchport port-security expire time 10

switchport port-security mac-address

Use the switchport port-security mac-address command to add a static secure medium access control
(MAC) address or sticky secure MAC address associated with the interface and to enable sticky address
learning. Use the no form of this command to remove a MAC address associated with this port. Variations
switchport port-security mac-address <mac address>

switchport port-security mac-address <mac address> vlan <vlan id>
switchport port-security mac-address sticky
switchport port-security mac-address sticky-volatile
switchport port-security mac-address sticky <mac address>
switchport port-security mac-address sticky <mac address> vlan <vlan id>
Syntax Description
sticky Optional. Enables sticky address learning if no MAC address is specified.
The learned addresses persist across a reboot.
sticky-volatile Optional. Enables sticky address learning for the immediate session only.
The learned addresses do not appear in the configuration and do not persist
across a reboot.
<mac address> Optional. Adds a MAC address associated with this interface. MAC
addresses should be expressed in the following format xx:xx:xx:xx:xx:xx
(for example, 00:A0:C8:00:00:01).
vlan <vlan id> Optional. Associates the MAC address with the specified VLAN. VLAN ID
range is 1 to 4094.
Default Values
By default, sticky learning is disabled and there are no configured MAC addresses.
Command History
Release 17.4 Command was expanded to include the sticky-volatile parameter.
Release 17.9 Command was expanded to include the vlan parameter.
Functional Notes
For more information about port security configuration, refer to the configuration guide Configuring Port
Access Control in AOS, available online at https://supportcommunity.adtran.com.

Usage Examples
The following example adds a single static address and enables sticky address learning on interface
Ethernet interface 0/1:

(config-eth 0/1)#switchport port-security mac-address 00:A0:C8:02:D0:30
(config-eth 0/1)#switchport port-security mac-address sticky

switchport port-security maximum <value>

Use the switchport port-security maximum command to configure the maximum number of secure
medium access control (MAC) addresses associated with the interface. Use the no form of this command
Syntax Description
<value> Specifies the maximum number of secure MAC addresses to be associated
with the interface. Range is 1 to 132.
Default Values
Command History
Usage Examples
The following example sets the maximum supported MAC addresses for Ethernet interface 0/1 to 2:

(config-eth 0/1)#switchport port-security maximum 2

switchport port-security violation

Use the switchport port-security violation command to configure the action to be taken once a security
violation is encountered. Use the no form of this command to return to the default setting. Variations of
switchport port-security violation protect

switchport port-security violation restrict
switchport port-security violation shutdown
Syntax Description
protect Determines that the unit will not learn any new secure addresses (nor allow
these new sources to pass traffic) until the number of currently active
secure addresses drops below the maximum setting.
restrict Determines that the security violation counter increments and an Simple
Network Management Protocol (SNMP) trap is sent once a violation is
detected. The new address is not learned and data from that address is not
allowed to pass.
shutdown Determines that the interface is disabled once a violation is detected. A no
shutdown command is required to re-enable the interface.
Default Values
The default for this command is shutdown.
Command History
Usage Examples
The following example configures the interface to react to security violations by not learning the addresses
and not accepting data from the violation source:

(config-eth 0/1)#switchport port-security violation restrict

switchport protected
Use the switchport protected command to prevent the port from transmitting traffic to all other protected
ports. A protected port can only send traffic to unprotected ports. Use the no form of this command to
Syntax Description
No subcommands.
Default Values
This command is disabled by default.
Command History
Usage Examples
In the example below, all three of the ports are on virtual local area network (VLAN) 3, and Ethernet 0/1
and Ethernet 0/2 are designated as protected ports. Ethernet 0/3 is unprotected. Ethernet 0/1 and Ethernet
0/2 will be allowed to send traffic to Ethernet 0/3, but traffic traveling between Ethernet 0/1 and Ethernet
0/2 will be blocked.

(config-eth 0/1)#switchport protected

(config-eth 0/2)#switchport protected


switchport trunk allowed vlan

Use the switchport trunk allowed vlan command to allow certain virtual local area networks (VLANs) to
transmit and receive traffic on this port when the interface is in trunking mode. To return to defaults, use
the no form of this command. Variations of this command include:
switchport trunk allowed vlan <list>

switchport trunk allowed vlan add <list>
switchport trunk allowed vlan all
switchport trunk allowed vlan except <list>
switchport trunk allowed vlan none
switchport trunk allowed vlan remove <list>
Syntax Description
<list> Specifies a list of valid VLAN interface IDs. Refer to Functional Notes below.
add Adds the specified VLAN IDs to the VLAN trunking allowed list.
all Adds all configured VLAN IDs to the VLAN trunking allowed list.
except Adds all configured VLAN IDs to the VLAN trunking allowed list except
those specified in the <vlan id list>.
none Adds no VLAN IDs to the VLAN trunking allowed list.
remove Removes VLAN IDs from the VLAN trunking allowed list.
Default Values
By default, all valid VLANs are allowed.
Command History
Functional Notes
A VLAN list is a set of VLAN IDs delimited by commas. A valid VLAN ID value must be from 1 through
4094. A range of IDs may be expressed as a single element by using a hyphen between endpoints. For
example, the VLAN ID range 1,2,3,4,6,7,8,9,500 may be more easily expressed as 1-4,6-9,500. No spaces
are allowed in a valid ID range.
Usage Examples
The following example adds VLANs to the previously existing list of VLANs allowed to transmit and receive
on this port:

(config-eth 0/1)#switchport trunk allowed vlan add 1-4,6-9,500

switchport trunk fixed vlan

Use the switchport trunk fixed vlan command to change the configured list of virtual local area networks
(VLANs) that remain fixed in use only when GARP VLAN Registration Protocol (GVRP) is enabled on
the interface. Of these VLANs, VLANs statically created will be available for use on the interface. Use the
no form of this command to disable this feature. Variations of this command include:
switchport trunk fixed vlan add <list>

switchport trunk fixed vlan all
switchport trunk fixed vlan except <list>
switchport trunk fixed vlan none
switchport trunk fixed vlan remove <list>
Syntax Description
<list> Specifies a list of valid VLAN interface IDs. Refer to Functional Notes below.
add Adds VLANs to the VLAN GVRP trunking fixed list.
all Adds all VLANs to the VLAN GVRP trunking fixed list.
except Adds all VLAN IDs to the VLAN trunking fixed list except those in the
command line VLAN ID list.
none Removes all VLANs from the VLAN GVRP trunking fixed list.
remove Removes VLAN from the VLAN trunking fixed list.
Default Values
By default, no VLANs are in the VLAN GVRP trunking fixed list (switchport trunk fixed vlan none).
A VLAN list is a set of VLAN IDs delimited by commas. A valid VLAN ID value must be from 1 through
4094. A range of IDs may be expressed as a single element by using a hyphen between endpoints. For
example, the VLAN ID range 1,2,3,4,6,7,8,9,500 may be more easily expressed as 1-4,6-9,500. No spaces
are allowed in a valid ID range.
Command History
Functional Notes
This command has no effect on VLAN membership configuration unless GVRP is enabled on the interface.
Usage Examples
The following example changes the configured list of fixed VLANs by adding VLAN 50 to the list.
(config-eth 0/20)#switchport trunk fixed vlan add 1-15,25-30,40

(config-eth 0/20)#switchport trunk fixed vlan add 50

The following example changes the configured list of fixed VLANs by removing VLANs 10 to 100 from the
list:
(config-eth 0/20)#switchport trunk fixed vlan remove 10-100
The following example changes the configured list of fixed VLANs to include only VLANs 1 to 1000:
(config-eth 0/20)#switchport trunk fixed vlan 1-1000
The following example changes the configured list of fixed VLANs to include no VLANs (except those
VLANs that are native):
(config-eth 0/20)#switchport trunk fixed vlan none

switchport trunk native vlan <vlan id>

Use the switchport trunk native vlan command to set the virtual local area network (VLAN) native to the
interface when the interface is in trunking mode. To return to defaults, use the no form of this command.
Syntax Description
Default Values
By default, this is set to VLAN 1.
Command History
Functional Notes
Configure which VLAN the interface uses as its native VLAN during trunking. Packets from this VLAN
leaving the interface will not be tagged with the VLAN number. Any untagged packets received by the
interface are considered a part of the native VLAN ID.
Usage Examples
The following example sets the native VLAN on Ethernet interface 0/1 to VLAN 2:

(config-eth 0/1)#switchport trunk native vlan 2

switchport vlan
Use the switchport vlan command to create a Link Layer Discovery Protocol-Media Endpoint Discovery
(LLDP-MED) network policy that specifies a virtual local area network (VLAN) for voice, guest-voice,
softphone, or voice-signalling applications. Use the optional cos and dscp keywords to define class of
service (CoS) and differentiated services code point (DSCP) values associated with the application. Use
the no form of this command to remove an existing network policy. Variations of this command include:
switchport guest-voice vlan <vlan id>

switchport guest-voice vlan <vlan id> [cos <value> | dscp <value> | cos <value> dscp <value>]
switchport softphone vlan <vlan id>
switchport softphone vlan <vlan id> [cos <value> | dscp <value> | cos <value> dscp <value>]
switchport voice vlan <vlan id>
switchport voice vlan <vlan id> [cos <value> | dscp <value> | cos <value> dscp <value>]
switchport voice-signalling vlan <vlan id>
switchport voice-signalling vlan <vlan id> [cos <value> | dscp <value> | cos <value> dscp <value>]
Syntax Description
guest-voice Specifies a guest voice application, which is used to define a policy for
guest users with a limited feature set voice service.
softphone Specifies a softphone application, which is used to define a policy for
softphone applications that operate on devices, such as PCs or laptop
computers.
voice Specifies a voice application, which is used to define a policy for dedicated
IP phone handsets and other similar devices supporting interactive voice
services.
voice-signalling Specifies a voice signaling application, which is used to define a policy for
the command and control signaling that supports voice and guest voice
applications.
<vlan id> Specifies the voice VLAN ID. Range is 1 to 4094.
cos <value> Optional. Specifies the CoS value assigned to the application. Range is
0 to 7.
dscp <value> Optional. Specifies the DSCP value assigned to the application. Range is
0 to 63.
Default Values
By default, no LLDP-MED network policies are configured.
If an application and VLAN are specified without the optional CoS or DSCP parameters, then default CoS
and DSCP values are assigned.
Default CoS values are: voice (5); voice-signalling (3); guest-voice (0); softphone (0).
Default DSCP values are: voice (46); voice-signalling (26); guest-voice (0); softphone (0).

Command History
Release 16.1 The command switchport voice vlan <vlan id> was introduced.
Release 17.2 Command was expanded to include the additional applications:
guest-voice, softphone, and voice-signalling. The optional cos and
dscp parameters were added.
Functional Notes
The switchport command allows a configured interface to function as an access point (AP) for a VLAN
while adding the specified VLAN to the port’s allowed VLAN list. This command automatically sets the port
to spanning tree edgeport mode, but this mode is not automatically reset when the voice, guest voice,
softphone, or signaling VLAN is removed.
If the VLAN specified in this command does not yet exist, it will be created in ADTRAN
Operating System (AOS) when the command is issued.
A network policy is typically configured on switchport interfaces in AOS devices that support LLDP-MED.
An exception is the NetVanta 1524ST, where network policies are configured on Gigabit Ethernet
interfaces.
At least one network policy should be configured on a switchport interface that is connected to an
LLDP-MED capable endpoint. Depending on the type and use of Voice over Internet Protocol (VoIP)
equipment attached to the switchport interface, multiple network policies may need to be configured on the
same interface.
Some endpoints prefer to use untagged VLANs for their application. To achieve this in AOS, configure the
application to be on the same VLAN of which the port is a member. By default, this is VLAN 1.
For more information about allowed VLAN lists, refer to switchport trunk allowed vlan on
page 2326. For more information about spanning-tree edgeport mode, refer to
spanning-tree edgeport on page 2300. For more information about switchport mode, refer
to switchport mode on page 2316.
Usage Examples
The following example establishes a voice network policy that uses VLAN 200.

(config-swx 0/1)#switchport voice vlan 200
Since CoS and DSCP values are not specified in the above network policy, the default
values for voice applications will be used: CoS (5); DSCP (46).

The following example establishes a voice network policy that uses VLAN 200 with CoS priority set to 4
and DSCP priority set to 36.

(config-swx 0/1)#switchport voice vlan 200 cos 4 dscp 36

traffic-shape rate <value>

Use the traffic-shape rate command to specify and enforce an output bandwidth for Ethernet and virtual
local area network (VLAN) interfaces. Variations of this command include:

traffic-shape rate <value> count-eth-overhead
traffic-shape rate <value> <burst>
traffic-shape rate <value> <burst> count-eth-overhead
Syntax Description
<value> Specifies the rate (in bits per second) at which the interface should be shaped.
<burst> Optional. Specifies the allowed burst in bytes. By default, the burst is
specified as the rate divided by 5 and represents the number of bytes that
would flow within 200 ms.
count-eth-overhead Optional. Indicates to include the Ethernet header overhead bytes when
determining packet size.
Default Values
By default, traffic-shaping rate is disabled.
Command History
Ethernet Interface.
Release R11.1.0 Command was expanded to include the count-eth-overhead parameter,
system management Ethernet virtual connection (EVC) and the system
control EVC.
Functional Notes
Traffic shaping can be used to limit an Ethernet segment to a particular rate or to specify use of quality of
service (QoS) on Ethernet or VLAN interfaces.
Usage Examples
The following example sets the outbound rate of Ethernet interface 0/1 to 128 kbps and applies a QoS
policy that gives all Realtime Transport Protocol (RTP) traffic priority over all other traffic:
(config)#qos map voip 1

(config-qos-map)#match ip rtp 10000 10500 all
(config-qos-map)#priority unlimited
(config-qos-map)#interface ethernet 0/1
(config-eth 0/1)#traffic-shape rate 128000
(config-eth 0/1)#qos-policy out voip

vlan-id <vlan id>

Use the vlan-id command to set a virtual local area network (VLAN) ID for the Ethernet interface. Use the
no form of this command to remove an entry. Variations of this command include:
vlan-id <vlan id>

vlan-id <vlan id> native
Syntax Description
<vlan id> Specifies a valid VLAN interface ID number. Range is 1 to 4095.
native Optional. Specifies that data for that VLAN ID goes out untagged. If native is
not specified, data for that VLAN ID goes out tagged.
Default Values
By default, no VLAN ID is set.
Command History
Usage Examples
The following example configures a native VLAN of 5 for the Ethernet interface 0/1:

(config-eth 0/1)#vlan-id 5 native


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example assigns the Ethernet interface 0/1 to the VRF instance named RED:

(config-eth 0/1)#vrf forwarding RED

vrrp <number>
Use the vrrp command to configure Internet Protocol version 4 (IPv4) Virtual Router Redundancy
Protocol version 2 (VRRPv2) routers within a router group. Use the no form of this command to remove
the VRRP router’s configurations. Variations of this command include:
vrrp <number> description <text>

vrrp <number> ip <ipv4 address>
vrrp <number> ip <ipv4 address> secondary
vrrp <number> preempt
vrrp <number> preempt delay minimum <time>
vrrp <number> priority <level>
vrrp <number> shutdown
vrrp <number> startup-delay <delay>
vrrp <number> timers advertise <interval>
vrrp <number> timers learn
vrrp <number> track <name>
vrrp <number> track <name> decrement <value>
Syntax Description
<number> Specifies the VRRP router group’s virtual router ID (VRID) number. Range
is 1 to 255.
description <text> Specifies the textual description of the VRRP router within the group.
ip <ipv4 address> Specifies the IPv4 address to be used by the VRRP router. IPv4 addresses
secondary Optional. Specifies the entry of an additional VRRP router supported IPv4
address.
preempt Allows a VRRP router to preempt the current master router if its priority level
is higher than the current master’s.
delay minimum <time> Optional. Specifies a delay (in seconds) before the specified router will
attempt to preempt the current master router. Range is 0 to 255 seconds.
priority <level> Specifies the configured priority level of the VRRP router. Range is 1 to 254.
shutdown Disables the VRRP router.
startup-delay <delay> Specifies a time delay (in seconds) before a VRRP router becomes active.
timers Specifies the configuration of the VRRP timers.
advertise <interval> Specifies the time (in seconds) between advertisements sent by the master
router. Range is 1 to 255 seconds.
learn Specifies that the backup VRRP router learns the advertisement interval of
the master router.
track <name> Specifies a change in priority level of the VRRP router based upon the
specified track.
decrement <value> Optional. Specifies the numerical amount to decrement the VRRP’s priority
level if the track transitions to a FAIL state. Range is 1 to 254.

Default Values
By default, VRRP is enabled.
By default, a VRRP router will preempt with no additional delay.
The default configured priority for a VRRP router that is either a backup router or not the IP address owner
is 100. The default actual priority of a VRRP router that is the IP address owner is 255.
By default, startup-delay is enabled with a default value of 35 seconds.
By default, the advertisement interval is 1 second.
By default, the default decrement value is 10.
Command History
Functional Notes
A VRRP router may be part of more than one virtual router group. Although VRRP group VRIDs can be
numbered between 1 and 255, only two VRRP routers per interface are supported.
ADTRAN recommends that the timers advertise setting is kept at the default value. If it is necessary to
change this setting, ensure that all VRRP routers are configured with the new value, as all VRRP routers in
the virtual group must have the same advertisement interval value. It is also recommended that if the
timers learn function is enabled on one router in a virtual router group, then the timers learn function
should be enabled on all routers in the group.
When the virtual router’s specified IPv4 address is independent of the IPv4 addresses assigned to real
interfaces on the VRRP routers, there is no IPv4 address owner. This addressing method is preferred if
object tracking will be used to monitor the network connection. The IPv4 address used for the virtual router
must be on the same subnet as either the primary or secondary IPv4 addresses assigned to the VRRP
router’s real interface.
A track must be created before the vrrp track command can be issued. Refer to the Network Monitor
Track Command Set on page 4083 for more information on creating tracks. If a VRRP router owns the
virtual router IP address, then the VRRP router’s priority level cannot be decremented as a result of the
track command. If object tracking will be used, it is important that no VRRP router own the virtual router IP
address.
Usage Examples
The following example describes a VRRP router within virtual router group 1 as the Default Master
Router:

(config-eth 0/1)#vrrp 1 description Default Master Router

The following example specifies an IPv4 address of 10.0.0.1 for a VRRP router within virtual router
group 1:

(config-eth 0/1)#vrrp 1 ip 10.0.0.1
The following example specifies that the VRRP router within virtual router group 1 preempts the current
master router after a 30 second delay:

(config-eth 0/1)#vrrp 1 preempt delay minimum 30
The following example specifies the configured priority for the VRRP router within virtual router group 1
is 254:

(config-eth 0/1)#vrrp 1 priority 254
The following example disables the VRRP router within virtual router group 1:

(config-eth 0/1)#vrrp 1 shutdown
The following example configures a VRRP router on group 1 to delay 45 seconds before becoming active:

(config-eth 0/1)#vrrp 1 startup-delay 45

vrrpv3 <vrid> address-family

Use the vrrpv3 address-family command to configure Virtual Router Redundancy Protocol version 3
(VRRPv3) routers on the interface. This command enables VRRPv3, creates a virtual router ID (VRID),
and specifies whether you are using Internet Protocol version 4 (IPv4) or IP version 6 (IPv6) VRRPv3. Use
the no form of this command to remove the VRRPv3 router configuration. Variations of this command
include:
vrrpv3 <vrid> address-family ipv4

vrrpv3 <vrid> address-family ipv6
Syntax Description
<vrid> Specifies the VRID for the virtual router instance. This value is advertised
by VRRPv3 and is used to generate the virtual router medium access
control (MAC) address. Valid range is 1 to 255.
ipv4 Specifies that IPv4 is used with VRRPv3, and enters the virtual router
instance’s configuration mode.
ipv6 Specifies that IPv6 is used with VRRPv3, and enters the virtual router
instance’s configuration mode.
Default Values
By default, VRRPv3 is not configured.
Command History
Release R10.11.0 Command was introduced. This command replaces vrrpv3 <vrid> on the
interface.
Functional Notes
VRID values must be the same on all routers that are part of the virtual router group. VRID numbering is
independent between VRRPv3 IPv4 and IPv6 address families. Once the VRRPv3 VRID is created and
the address family is specified, the virtual router instance’s configuration mode is entered. Only two VRIDs
per interface per IP version are supported. For more information about configuring the VRRPv3 instance,
refer to VRRPv3 Command Set on page 4206.
Usage Examples
The following example enables IPv4 VRRPv3, creates a VRID of 15 for the instance, and enters the virtual
router instance’s configuration mode:


The following example enables IPv6 VRRPv3, creates a VRID of 6 for the instance, and enters the virtual
router instance’s configuration mode:


vxlan tunnel <interface id> vni <number>

Use the vxlan tunnel <interface id> vni <number> command to associate the interface with a virtual
extensible local area network (VxLAN) tunnel interface and VxLAN network ID (VNI). Use the no form
Syntax Description
<interface id> Specifies the VxLAN interface ID number. Valid range is 1 to 1024.
<number> Specifies the VNI number to which this interface is mapped. Valid range is 1
to 677215.
Default Values
By default, an Ethernet interface is not associated with a VxLAN tunnel interface or a VNI.
Command History
Functional Notes
Two Ethernet interfaces cannot be associated with the same VxLAN tunnel interface or VNI. If the
VxLAN tunnel needs to be protected with virtual private network (VPN), an IP security (IPSec) profile
must be applied to the tunnel using the command tunnel protection ipsec profile <name> on page 3334.
When 802.1q encapsulation is enabled, VxLAN can only be configured on Ethernet subinterfaces.
Usage Examples
The following example associates Ethernet interface 0/1 with VxLAN tunnel interface 3 and VNI 2:

(config-eth-0/1)#vxlan tunnel 3 vni 2

FDL Interface Command Set Command Reference Guide
FDL INTERFACE COMMAND SET
FDL Interface Configuration mode is used for establishing a Telnet session over the FDL (facility data
link). To activate, enter the interface fdl command and specify the associated slot/port number (of the T1
interface used) at the Global Configuration mode prompt. For example:
>enable
#configure terminal
(config-fdl 1/1)#
do on page 81
end on page 82
exit on page 83
ip address <ipv4 address> <subnet mask> on page 2343

ip address range <start ipv4 address> <end ipv4 address> <subnet mask> secondary on page
2344
ip learn-address on page 2345
ip mtu <size> on page 2346
peer default ip address <ipv4 address> on page 2348

Command Reference Guide FDL Interface Command Set

interface. Use the no form of this command to remove a configured IPv4 address. Variations of this
command include:

Syntax Description
example, /24).
Default Values
Command History
Release 7.1 Command was introduced for the facility data link (FDL) interface.
Release R10.1.0 Command was expanded to include the secondary keyword.
Usage Examples
The following example configures an IPv4 address of 192.22.72.101 /30:

(config-fdl 1/1)#ip address 192.22.72.101 /30

ip address range <start ipv4 address> <end ipv4 address> <subnet mask>
secondary
Syntax Description
example, 10.10.10.1).
example, /24).
Default Values
Command History
Functional Notes
Usage Examples
on subnet 255.255.255.252:

(config-fdl 1/1)#ip address range 192.22.72.1 192.22.72.10 255.255.255.252 secondary

ip learn-address
Use the ip learn-address command to automatically learn the IP address of the remote unit. Use the no
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables the facility data link (FDL) to automatically learn the remote unit’s IP
address:

(config-fdl 1/1)#ip learn-address

ip mtu <size>
Syntax Description
BVIs 64 to 2100
Default Values
BVIs 1500
Ethernet interfaces (all types)1500
FDL interfaces 256
PPP interfaces 1500
Command History
products.

Functional Notes
Open shortest path first (OSPF) will not become adjacent on links where the MTU sizes do not match. If
router A and router B are exchanging hello packets but their MTU sizes do not match, they will never reach
adjacency. This is by design and required by the RFC.
Usage Examples
The following example specifies an IPv4 MTU of 1200 on the interface:

(config-fdl 1/1)#ip mtu 1200

peer default ip address <ipv4 address>

Use the peer default ip address command to specify the default Internet Protocol version 4 (IPv4) address
of the remote end of this interface. Use the no form of this command to remove a default IP address.
Syntax Description
<ipv4 address> Specifies the default IPv4 address for the remote end. IPv4 addresses
Default Values
By default, there is no assigned peer default IPv4 address.
Command History
Release 7.1 Command was expanded to include the facility data link (FDL).
Functional Notes
This command is useful if the peer’s FDL interface is on a different subnet than the local unit’s FDL
interface IPv4 address. This is common if the FDL interface is unnumbered to another interface’s IPv4
address.
Usage Examples
The following example sets the default peer IPv4 address to 192.22.71.50:

(config-fdl 1/1)#peer default ip address 192.22.71.50

Command Reference Guide FXO Interface Command Set
FXO INTERFACE COMMAND SET
To activate the Foreign Exchange Office (FXO) Interface Configuration mode, enter the interface fxo
command and specify the FXO port at the Global Configuration mode prompt. For example:
>enable
#configure terminal
(config-fxo 0/1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93
impedance on page 2350

rx-gain <value> on page 2352
test erl on page 2353
test loop on page 2355
test ring-ground on page 2356
test tip-ground on page 2357
test tone on page 2358
tx-gain <value> on page 2359

FXO Interface Command Set Command Reference Guide
impedance
Use the impedance command to configure the alternating current (AC) impedance of the 2-wire interface.
impedance [600c | 900r]

impedance [900c | 600r]
impedance [z1| z2 | z3 | z4 | z5 | z6 | z7]
Syntax Description
600c Specifies an impedance of 600  + 2.16 F.
600r Specifies an impedance of 600  real.
900c Specifies an impedance of 900 + 2.16 F.
900r Specifies an impedance of 900 real.
z1 Specifies an impedance of Rs 220 W, Rp 820 W, Cp 115 nF.
z3 Specifies an impedance of Rs 270 W, Rp 750 W, Cp 150 nF, Zin 600r.
z7 Specifies an impedance of Rp 800 W, Rs 100 W, Cs 50 nF.
Default Values
By default, the impedance is set to 600c.
Command History
Release A1 Command was expanded to include the settings z1 through z7.
Usage Examples
The following example sets the impedance to 600  + 2.16 F:

(config-fxo 0/1)#impedance 600c

loopback
Use the loopback command to activate a loopback on the foreign exchange office (FXO) module. Use the
loopback analog
loopback digital
Syntax Description
analog Initiates a loopback toward the T1 network side of the connection after
passing through analog filters in the voice CODEC.
digital Initiates the same loopback before passing through analog filters in the
voice coder-decoder (CODEC).
Default Values
Command History
Usage Examples
The following example activates a loopback toward the T1 network side of the connection after passing
through analog filters in the voice CODEC:

(config-fxo 0/1)#loopback analog

rx-gain <value>
Use the rx-gain command to define the receive gain characteristics on the foreign exchange office (FXO)
interface. Receive gain determines the amplification of the received signal before transmitting it out the
FXO interface. Use the no form of this command to return to the default value.
Syntax Description
<value> Defines the receive gain characteristics for the interface in 0.1 decibel
increments. Range is -6.0 to 10.0 dB.
Default Values
By default, this command is set to 0 dB.
Command History
Functional Notes
When increasing this value, the signal being received on this port sounds louder. When decreasing this
value, the signal being received on this port sounds softer.
Usage Examples
The following example defines the receive gain as -5.4 dB:

(config-fxo 0/1)#rx-gain -5.4

test erl
Use the test erl command to automatically determine the correct impedance value for analog lines
connected to the foreign exchange office (FXO) port. This is helpful when troubleshooting problems with
FXO equipment and assists in adjusting the correct audio levels. Use the no form of the test erl all and test
erl current command to disable these features. Variations of this command include:
test erl all

test erl all auto-set
test erl clear-results
test erl current
test erl display-results
This feature is available only on units with digital signal processor (DSP) hardware
version Freescale MSC7119, and AOS version A2.02 or above. To determine the DSP
hardware version, issue the show version command and look for the DSP hardware
version.
Syntax Description
all Specifies running the test repeatedly, testing all available impedance
settings for the interface.
auto-set Optional. Sets automatically the best measured impedance for the
interface.
clear-results Clears the results from the echo return loss (erl) test.
current Specifies running the test once, using the current impedance setting.
display-results Displays a snapshot of the current test status.
Default Values
Command History
Functional Notes
Before using this feature, an analog line from the service provider must be connected to the FXO interface
and the line must be idle (no call in progress). The FXO interface must be connected to a voice trunk in
order to make the tool available for use.
During the test, the tool sets the FXO transmit gain and receive gain levels to 0 dB to make the proper
measurements. These settings are returned to the configured values when the test is complete. The
rx-gain value adjusts the level being transmitted from the FXO to the line. The tx-gain value adjusts the
level being transmitted from the FXO to the dsp.

Common low ERL values are between 5 and 8 dB. Acceptable ERL values begin around 12 dB. The
higher the ERL value, the more gain adjustment can be made without introducing echo. The commonly
recommended configuration is a receive gain of 0 dB and a transmit gain of +6 dB.
The following is an error that could result by attempting to measure ERL when a measurement sequence is
already active:
% could not run erl test
During test execution, a warning is issued when a test sequence terminates abnormally. Reasons for early
termination include:
• Was not able to seize the line

• Line disconnected during test
• DSP timeout (i.e., when the DSP hardware version does not support this feature)
• Test runs for more than 20 seconds per impedance value (for example, 80 seconds with a 4 impedance
setting)
Usage Examples
The following example tests the FXO interface 0/1 to automatically find the best measured impedance
settings:

(config-fxo 0/1)#test erl all auto-set
The following example displays the ERL test status (the output is shown after the command):

(config-fxo 0/1)#test erl display-results
Port Impedance Status Measured ERL

--------------------------------------------------------------------------------------------------------
fxo 0/1 600 c 10 dB
fxo 0/1 900 r 8 dB
fxo 0/1 900 c 9 dB
fxo 0/1 z1 13 dB
fxo 0/1 z2 11 dB
fxo 0/1 z3 14 dB
fxo 0/1 z4 12 dB
fxo 0/1 z5 test calling

test loop
Use the test loop command to manually control the foreign exchange office (FXO) interface’s hook
switch. This is helpful when troubleshooting problems with the FXO equipment. Use the no form of this
command to disable this feature. Variations of this command include:
test loop closed

test loop open
Syntax Description
closed Closes the hook switch, allowing DC current to flow through the interface.
open Opens the hook switch, preventing DC current from flowing through the
interface.
Default Values
Command History
Usage Examples
The following example opens the interface’s hook switch:

(config-fxo 0/1)#test loop open

test ring-ground
Use the test ring-ground command to force the ring conductor to ground potential and provides battery on
tip for detection of tip ground. This is helpful when troubleshooting problems with ground start (GS)
circuits. Use the no form of this command to return to the default value.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example forces a ring-ground test of the foreign exchange office (FXO) interface:

(config-fxo 0/1)#test ring-ground

test tip-ground
Use the test tip-ground command to detect the removal of the ring ground and check for the loop
condition on an active foreign exchange office (FXO) interface. This is helpful when troubleshooting
problems with ground start (GS) circuits. Use the no form of this command to return to the default value.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example forces a tip-ground test of the FXO interface:

(config-fxo 0/1)#test tip-ground

test tone
Use the test tone command to activate the 1 kHz test tone. Use the no form of this command to deactivate
the test tone. Variations of this command include:
test tone far

test tone near
Syntax Description
far Sends the test tone out the T1 network interface to the remote end.
near Sends the test tone toward the foreign exchange office (FXO) interface.
Default Values
Command History
Usage Examples
The following example sends the test tone toward the FXO interface:

(config-fxo 0/1)#test tone near

tx-gain <value>
Use the tx-gain command to define the transmit gain characteristics on the foreign exchange office (FXO)
interface. Transmit gain determines the amplification of the transmitted signal before transmitting from the
FXO interface toward the network. Use the no form of this command to return to the default value.
Syntax Description
<value> Defines the transmit gain characteristics in 0.1 decibel increments. Range is
-6.0 to 10.0 dB.
Default Values
By default, transmit gain is set to 0 dB.
Command History
Functional Notes
When increasing this value, the signal being transmitted to the far end sounds louder. When decreasing
this value, the signal being transmitted to the far end sounds softer.
Usage Examples
The following example defines the transmit gain as -5.4 dB on the FXO interface:

(config-fxo 0/1)#tx-gain -5.4

FXS Interface Command Set Command Reference Guide
FXS INTERFACE COMMAND SET
To activate the Foreign Exchange Station (FXS) Interface Configuration mode, enter the interface fxs
command and specify the FXS port at the Global Configuration mode prompt. For example:
>enable
#configure terminal
(config-fxs 2/1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93
battery-mode on page 2361

caller-id on page 2362
holdover <value> on page 2363
impedance on page 2364
onhook-transmission on page 2367
ring-frequency <value> on page 2368
ring-voltage <value> on page 2369
rx-gain <value> on page 2370
signal on page 2371
test commands begin on page 2372
tx-gain <value> on page 2378

Command Reference Guide FXS Interface Command Set
battery-mode
Use the battery-mode command to configure the battery that feeds the foreign exchange station (FXS)
loop. Use the no form of this command to return to the default setting. Variations of this command include:
battery-mode auto
battery-mode high
battery-mode low
Syntax Description
auto Configures the interface to automatically switch between high and low
battery.
high Configures the interface to only use the high battery.
low Configures the interface to only use the low battery.
Default Values
By default, the battery mode is set to auto.
Command History
Usage Examples
The following example configures the battery mode for high:

(config-fxs 2/1)#battery-mode high

caller-id
Use the caller-id command to configure caller identification (ID). Use the no form of this command to
cancel the setting. Variations of this command include:
caller-id delay <value>

caller-id format mdmf
caller-id format sdmf
Syntax Description
delay <value> Specifies the delay between ring-off and caller ID frequency-shift keying
(FSK). Valid range is 500 to 2000 ms. Common values are 500, 750, and
1000.
format Specifies the format for caller ID as mdmf or sdmf.
mdmf Indicates the caller ID format as multiple data message format (mdmf).
sdmf Indicates the caller ID format as single data message format (sdmf).
Default Values
By default, caller ID is disabled.
Command History
Usage Examples
The following example configures the caller ID delay to 500 ms:

(config-fxs 2/1)#caller-id delay 500

holdover <value>
Use the holdover command to configure the amount of time (in seconds) to sustain battery power at the
foreign exchange station (FXS) port even if a call could not be connected. Once the holdover period has
expired, the power is removed from the FXS port. A value of 0 will result in the battery being maintained
at the FXS indefinitely. Use the no form of this command to return to the default setting.
Syntax Description
<value> Specifies the time (in seconds) to apply power from the battery to the FXS
port. Valid range is 0 to 65535 seconds.
Default Values
The default value for this command is 60 seconds.
Command History
Usage Examples
The following example configures the holdover to 25 seconds:

(config-fxs 2/1)#holdover 25

impedance
Use the impedance command to configure the alternating current (AC) impedance of the 2-wire interface.
impedance 600c
impedance 600r
impedance 900b
impedance 900c
impedance 900r
impedance z1
impedance z2
impedance z3
impedance z4
impedance z5
impedance z6
impedance z7
Syntax Description
600c Specifies an impedance of 600  + 2.16 F.
600r Specifies an impedance of 600  real.
900b Use only when directed by ADTRAN and only with part number 1203602L1.
900c Specifies an impedance of 900 + 2.16 F.
900r Specifies an impedance of 900 real.
z7 Specifies an impedance of Rp 800 W, Rs 100 W, Cs 50 nF.
Default Values
The default value for this command is 600r.
Command History
Release A1 Command was expanded to include the 900b impedance setting.
Release A2 Command was expanded to include the z1 impedance setting.
Release A4.03 Command was expanded to include the z2, z3, z4, z5, z6, and z7
impedance settings.

Usage Examples
The following example sets the impedance to 600  + 2.16 F:

(config-fxs 2/1)#impedance 600c

loopback
Use the loopback command to activate a loopback toward the T1 network side on the foreign exchange
station (FXS) module. Use the no form of this command to deactivate the loopback. Variations of this
command include:
loopback analog
loopback digital
Syntax Description
analog Initiates a loopback toward the T1 network side of the connection after
passing through analog filters in the voice coder-decoder (CODEC).
digital Initiates the same loopback before passing through analog filters in the
voice CODEC.
Default Values
Command History
Usage Examples
The following example activates a loopback toward the T1 network side of the connection after passing
through analog filters in the voice CODEC:

(config-fxs 2/1)#loopback analog

onhook-transmission
Use the onhook-transmission command to configure the on-hook transmission of voice band audio on the
foreign exchange station (FXS) interface. Use the no form of this command to return to the default value.
onhook-transmission always
onhook-transmission auto
Syntax Description
always Enables on-hook transmission of voice band audio.
auto Enables on-hook transmission of voice band audio when it is possible. This
option lowers the power consumption of the unit; however, it should not be
used if voice message waiting indication is enabled on the port.
Default Values
By default, on-hook transmission is set to always.
Command History
Usage Examples
The following example sets the on-hook transmission to auto:

(config-fxs 2/1)#onhook-transmission auto

ring-frequency <value>
Use the ring-frequency command to change the ring frequency of a single foreign exchange service (FXS)
port from the default system country value. Use the no form of this command to return to the default value.
Syntax Description
<value> Specifies the FXS port ring frequency. Valid values are 20, 25, and 50 Hz.
Default Values
By default, the command voice system-country <name> on page 1955 automatically configures the
appropriate FXS port ring frequency for the specified country. Below is a list of the default ring frequencies
(in Hertz) for fully-supported countries:
Australia 25 Hz Mexico 25 Hz
Belgium 25 Hz Puerto Rico 20 Hz
Canada 20 Hz United Arab Emirates 25 Hz
ETSI 25 Hz United Kingdom 25 Hz
Ireland 25 Hz United States 20 Hz
Command History
Usage Examples
The following example configures the ring frequency for FXS port 2/1 as 25 Hz.

(config-fxs 2/1)#ring-frequency 25

ring-voltage <value>
The ring-voltage command sets the ring voltage for the foreign exchange station (FXS) interface.
Increasing the ring voltage, sends a stronger ring signal to the phones connected to this interface. Use the
no form of this command to return to the default value.
Syntax Description
<value> Specifies a ring voltage. Select from 50, 60 or 70 Vrms.
Default Values
By default, ring voltage is set to 50 Vrms.
Command History
Usage Examples
The following example sets the ring voltage to 60 Vrms:

(config-fxs 2/1)#ring-voltage 60

rx-gain <value>
Use the rx-gain command to define the receive gain characteristics on the foreign exchange station (FXS)
interface. Receive gain determines the amplification of the received signal before transmitting out the FXS
interface. Use the no form of this command to return to the default value.
Syntax Description
<value> Defines the receive gain characteristics for the interface in 0.1 decibel
Default Values
By default, this command is set to -3.0 dB.
Command History
Functional Notes
When increasing this value, the signal being received on this port sounds louder. When decreasing this
value, the signal being received on this port sounds softer.
Usage Examples
The following example defines the receive gain as -6.4 dB:

(config-fxs 2/1)#rx-gain -6.4

signal
The signal command configures the signaling mode for the foreign exchange station (FXS) interface. Use
the no form of this command to return to the default value. Variations of this command include:
signal ground-start
signal loop-start
Syntax Description
ground-start Applies resistance to the tip conductor of the circuit to indicate an off-hook
condition.
loop-start Bridges the tip and ring to indicate an off-hook (seizing the line) condition.
Default Values
By default, this command is set to loop-start.
Command History
Functional Notes
This signaling mode must match the configuration of the network.
Usage Examples
The following example sets the signaling mode to loop-start:

(config-fxs 2/1)#signal loop-start

test battery
Use the test battery command to provide battery on the 2-wire foreign exchange station (FXS) interface.
This is helpful when troubleshooting wiring problems with the FXS equipment. Use the no form of this
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example provides battery on the 2-wire FXS interface:

(config-fxs 2/1)#test battery

test line
The test line command performs GR-909 line tests including the Hazardous Potential Test, the Foreign
ElectroMotive Force Test, the Resistive Faults Test, the Receiver-Off-Hook Test, and the Ringers Test on
the foreign exchange station (FXS) interface.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example runs GR-909 line tests on the FXS interface:

(config-fxs 2/1)#test line

test reverse-battery
Use the test reverse-battery command to provide reverse battery polarity on the foreign exchange station
(FXS) interface. This is helpful when troubleshooting wiring problems with the FXS equipment. Use the
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example provides reverse battery polarity on the FXS interface:

(config-fxs 2/1)#test reverse-battery

test ringing
Use the test ringing command to activate ringing voltage on the 2-wire foreign exchange station (FXS)
interface (using a 2-seconds-on/4-seconds-off cadence). The no form of this command removes the ringing
voltage from the interface.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example activates ringing voltage on the 2-wire FXS interface:

(config-fxs 2/1)#test ringing

test tip-open
Use the test tip-open command to provide battery on ring and a high impedance on tip. This is helpful
when troubleshooting problems with ground start (GS) interfaces. Use the no form of this command to
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example provides battery on ring and a high impedance on tip on the foreign exchange
station (FXS) interface:

(config-fxs 2/1)#test tip-open

test tone
Use the test tone command to activate the 1 kHz test tone. Use the no form of this command to deactivate
the test tone. Variations of this command include:
test tone near

test tone far
Syntax Description
near Sends the test tone toward the foreign exchange station (FXS) interface.
far Sends the test tone out the T1 network interface to the remote end.
Default Values
Command History
Usage Examples
The following example sends the test tone toward the FXS interface:

(config-fxs 2/1)#test tone near

tx-gain <value>
Use the tx-gain command to define the transmit gain characteristics (configured in 0.1 dB increments) on
the foreign exchange station (FXS) interface. Transmit gain determines the amplification of the received
signal before transmitting from the FXS interface toward the network. Use the no form of this command to
Syntax Description
<value> Defines the transmit gain characteristics for the interface in 0.1 decibel
Default Values
By default, this command is set to -6.0 dB.
Command History
Functional Notes
When increasing this value, the signal being transmitted to the far end will sound louder. When decreasing
this value, the signal being transmitted to the far end sounds softer.
Usage Examples
The following example defines the transmit gain as -6.4 dB on the FXS interface:

(config-fxs 2/1)#tx-gain -6.4

Command Reference Guide G.703 Interface Command Set
G.703 INTERFACE COMMAND SET
To activate the G.703 Interface Configuration mode, enter the interface e1 command (and specify the
G.703 port) at the Global Configuration mode prompt. For example:
>enable
#configure terminal
(config-e1 1/2)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93
coding on page 2380

framing crc4 on page 2381
ts16 on page 2385

G.703 Interface Command Set Command Reference Guide
coding
Use the coding command to configure the line coding for the G.703 physical interface. This setting must
match the line coding supplied on the circuit by the private branch exchange (PBX). Use the no form of
coding ami
coding hdb3
Syntax Description
hdb3 Configures the line coding for high-density bipolar 3 (HDB3).
Default Values
By default, all E1 interfaces are configured with HDB3 line coding.
Command History
Functional Notes
The line coding configured in the unit must match the line coding of the E1 circuit. A mismatch will result in
Usage Examples
The following example configures the G.703 interface for AMI line coding:
(config-e1 1/2)#coding ami

framing crc4
Use the framing crc4 command to configure the framing format for the G.703 interface. This parameter
should match the framing format set on the external device. Use the no form of this command to return to
the default value.
Syntax Description
crc4 Enables CRC4 bits to be transmitted in the outgoing data stream. Also, the
received signal is checked for CRC4 errors.
Default Values
By default, CRC4 is enabled.
Command History
Functional Notes
The framing value must match the configuration of the E1 circuit. A mismatch will result in a loss of frame
alarm.
Usage Examples
The following example configures the G.703 interface for CRC4 framing:
(config-e1 1/2)#framing crc4

loopback network

Syntax Description
line Initiates a metallic loopback of the physical E1 network interface.
payload Initiates a loopback of the E1 framer (CSU portion) of the E1 network
interface.
Default Values
Command History
Functional Notes
The following diagram depicts a line loopback.
E1 Network Interface
NI CSU
NTWK E1
Line Loopback
Usage Examples
The following example initiates a line loopback of the G.703 interface:
(config-e1 1/2)#loopback network line


Syntax Description
No subcommands.
Default Values
Command History
interface.
interface.
Functional Notes
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on the G.703 interface:
(config-e1 1/2)#no snmp trap link-status

test-pattern
include:
test-pattern ones
test-pattern zeros
Syntax Description
Default Values
Command History
Release 6.1 Command was expanded to include the E1 and G.703 interfaces.
Usage Examples
(config-e1 1/2)#test-pattern ones

ts16
Use the ts16 command to enable timeslot 16 multiframe to be checked on the receive signal. Use the no
form of this command to disable timeslot 16.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables timeslot 16 multiframing:
(config-e1 1/2)#ts16

HSSI Interface Command Set Command Reference Guide
HSSI INTERFACE COMMAND SET
To activate the High Speed Serial Interface (HSSI) Interface Configuration mode, enter the interface hssi
>enable
#configure terminal
(config-hssi 1/1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93
external-loopback-request on page 2387


Command Reference Guide HSSI Interface Command Set
external-loopback-request
Use the external-loopback-request command to enable LC (loopback circuit C) input to control
loopbacks toward the network. Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables the unit to accept external loopback requests:

(config-hssi 1/1)#external-loopback-request

HSSI Interface Command Set Command Reference Guide
loopback
Use the loopback command to initiate or remove a loopback. Use the no loopback command to disable all
loopbacks. Variations of this command include:
loopback dce
loopback dte
loopback line
loopback remote
loopback none
Syntax Description
dce Initiates a loopback on the data communication equipment (DCE).
dte Initiates a loopback on the data terminal equipment (DTE).
line Initiates a local line loopback.
remote Initiates a remote line loopback.
none Removes an active loopback.
Default Values
By default, no loopbacks are active.
Command History
Usage Examples
The following example initiates a local line loopback on the high speed serial interface (HSSI):

(config-hssi 1/1)#loopback line

Command Reference Guide HSSI Interface Command Set

Syntax Description
No subcommands.
Default Values
Command History
interface.
interface.
Functional Notes
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on the interface:

(config-hssi 1/1)#no snmp trap link-status

Modem Interface Command Set Command Reference Guide
MODEM INTERFACE COMMAND SET
To activate the Modem Interface Configuration mode, enter the interface modem command at the Global
>enable
#configure terminal
(config-modem 1/2)#
The modem interface number in the example above is shown as modem 1/2. This number is
based on the interface’s location (slot/port) and could vary depending on the unit’s
configuration. Use the do show interfaces command to determine the appropriate
interface number.

do on page 81
end on page 82
exit on page 83
shutdown on page 93
caller-id override on page 2391

dialin on page 2392
ignore-ring on page 2393
init-string <string> on page 2394
resource pool-member on page 2395

Command Reference Guide Modem Interface Command Set
caller-id override
Use the caller-id override command to configure the unit to replace caller ID information with a
user-specified number. Use the no form of this command to disable any caller ID overrides. Variations of
caller-id override always <number>

caller-id override if-no-cid <number>
Syntax Description
always <number> Always forces replacement of the incoming caller ID number with the
number given.
if-no-cid <number> Replaces the incoming caller ID number with the number given only if there
is no caller ID information available for the incoming call.
Default Values
Command History
Functional Notes
This command forces a replacement of the incoming caller ID number with the number given. The received
caller ID, if any, is discarded, and the given override number is used to connect the incoming call to a
circuit of the same number.
Usage Examples
The following example configures the unit to always provide the given number as the caller ID number:

(config-modem 1/2)#caller-id override always 5555555

dialin
Use the dialin command to enable the modem for remote console dial in, disabling the use of the modem
for dial backup. Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
By default, dialin is disabled.
Command History
Usage Examples
The following example enables remote console dial in:

(config-modem 1/2)#dialin

ignore-ring
Use the ignore-ring command to ignore incoming call ring events for the modem. Use the no form of this
Syntax Description
No subcommands.
Default Values
By default, ignore-ring is disabled.
Command History
Usage Examples
The following example configures the modem to ignore incoming call ring events:

(config-modem 1/2)#ignore-ring

init-string <string>
Use the init-string command to specify an initialization string for the modem using standard AT
commands. Use the no form of this command to return to the default initialization string.
Syntax Description
<string> Specifies an initialization string using standard AT commands. This string
must start with AT and cannot contain spaces.
Default Values
<string> ate0q0v1x4\n0
at All initialization strings must begin with AT.
e0 Disables command echo.
q0 Response messages on.
v1 Formats result codes in long word form.
x4 Specifies extended response set, dial tone, and busy signal
detection for result codes following modem operations.
\n0 Selects standard buffered connection only.
Command History
Usage Examples
The following example configures the modem to perform a hang-up at each initialization (to verify that the
line is free) and maintains the default initialization:

(config-modem 1/2)#init-string ate0q0v1x4\n0

resource pool-member
Use the resource pool-member command to assign the interface to a resource pool, making it a demand
routing resource. Use the no form of this command to return to the default value. Variations of this
command include:

resource pool-member <name> <cost>
Syntax Description
<name> Specifies the name of the resource pool to which this interface is assigned.
<cost> Optional. Specifies the cost of using this resource interface within the
specified pool. In the event of a tie, a resource with a lower cost will be
selected first. Interfaces with the same cost will be selected in alphabetical
order by interface name.
Default Values
By default, the interface is not assigned to any resource pool.
Command History
Usage Examples
The following example configures a basic rate interface (BRI) as a member of resource pool MyPool:

(config-modem 1/2)#resource pool-member MyPool

PRI Interface Command Set Command Reference Guide
PRI INTERFACE COMMAND SET
To activate the PRI Interface Configuration mode, enter the interface pri command at the Global
>enable
#configure terminal
(config-pri 2)#

do on page 81
exit on page 83
shutdown on page 93
calling-party on page 2397

calling-party name-facility-timeout <value> on page 2399
connect e1<slot/port> tdm-group <number> on page 2400
connect t1 <slot/port> tdm-group <number> on page 2401
digits-transferred <value> on page 2402
isdn alert disable pi-8 on page 2403
isdn connect enable pi-2 on page 2404
isdn disconnect progress-tone on page 2405
isdn name-delivery on page 2406
isdn overlap-receive on page 2407
isdn pi-location on page 2408
isdn setup enable on page 2409
isdn supplementary-service on page 2410
isdn switch-type on page 2412
redirecting-number on page 2413
role on page 2414

Command Reference Guide PRI Interface Command Set
calling-party
Use the calling-party command to configure and control the primary rate interface (PRI) outgoing caller
ID information. Use the no form of this command to disable this feature. Variations of this command
include:
calling-party name <name>

calling-party number <number>
calling-party override always
calling-party override if-no-CID
calling-party presentation allowed
calling-party presentation not-available
calling-party presentation restricted
calling-party screening auto
calling-party screening network-provided
Syntax Description
name <name> Configure the calling party name for the PRI.
number <number> Configure the calling party number for the PRI.
override always Enables the calling party to be replaced with the override number.
override if-no-CID Enables the calling party to be replaced if caller ID no number is received.
presentation allowed Enables the presentation of caller ID to always be allowed.
presentation not-available Sets the calling party number to not available.
presentation restricted Restricts the delivery on the caller ID information.
screening auto Specifies that the calling party screening indicator is automatically
determined.
screening network-provided Specifies that the calling party screening indicator is provided by the
network.
Default Values
By default, the command is disabled and the calling party screening indicator is set to auto.
Command History
Release R10.5.0 Command was expanded to include the basic rate interface (PRI) and the
screening parameters.

Usage Examples
The following example configures calling party outgoing information:
(config-pri 2)#calling-party override always
(config-pri 2)#calling-party presentation 555-8000
(config-pri 2)#calling-party name Company, Inc.

calling-party name-facility-timeout <value>

Use the calling-party name-facility-timeout command to set the name facility timeout. This value
determines the number of seconds to wait for the calling-party name delivery after the initial SETUP
message is received. Once the name delivery is received or the timeout has passed, the corresponding
INVITE is sent using the Session Initiation Protocol (SIP) trunk. Set the value to 0 to eliminate the delay.
Use the no form of this command to return to the default setting.
Syntax Description
<value> Sets the number of seconds to wait for the calling-party name delivery. Valid
range is 0 to 5.
Default Values
By default, the timeout is 2 seconds.
Command History
Usage Examples
The following example sets the calling-party name-facility-timeout to 5 seconds:
(config-pri 2)#calling-party name-facility-timeout 5

connect e1<slot/port> tdm-group <number>

Use the connect e1 tdm-group command to configure the time division multiplexing (TDM) group
connection used for the primary rate integrated services digital network (ISDN) primary rate interface
(PRI) interface. Use the no form of this command to return to the default value.
Syntax Description
<slot/port> Specifies the E1 interface identifier.
<number> Specifies the TDM group number. Valid range is 1 to 255.
Default Values
By default, the command is disabled.
Command History
Usage Examples
The following example configures the unit to connect tdm-group 1 of the E1 to the PRI interface 2:
(config-pri 2)#connect e1 0/1 tdm-group 1

connect t1 <slot/port> tdm-group <number>

Use the connect t1 tdm-group command to configure the time division multiplexing (TDM) group
connection used for the primary rate interface (PRI). Use the no form of this command to return to the
default value.
Syntax Description
<slot/port> Configure the T1 interface identifier.
<number> Configure the TDM group number. Valid range is 1 to 255.
Default Values
By default, the command is disabled.
Command History
Usage Examples
The following example configures the unit to connect tdm-group 1 of the T1 to the PRI:
(config-pri 2)#connect t1 1/1 tdm-group 1

digits-transferred <value>
Use the digits-transferred command to define how many of the received digits should be sent to the
internal switchboard from an incoming call on a trunk. The number of digits transferred are the least digits
received. Direct inward dialing (DID) should be used if a Telco provider is providing digits to the unit on
inbound calls or if the unit needs to provide DID information to a piece of customer premises equipment
(CPE). Use the no form of this command to disable this feature. Variations of this command include:
digits-transferred <value>
digits-transferred <value> no-prefix
digits-transferred <value> prefix <number>
Syntax Description
<value> Specifies the number of digits to be transferred. The valid number of digits
are 0, 3, 4, 7 or all.
no-prefix Optional. Specifies transferring the DID digits without appending a prefix.
prefix <number> Optional. Specifies a sequence of digits to be appended to the digits that will
be transmitted. For example, if seven digits will be transferred via DID, then
prefix the seven digits with 256. Thus, 555-8000 would be prefixed with 256,
and 256-555-8000 would not.
Default Values
Command History
Usage Examples
The following example transfers the digits 555-8000 and adds the prefix 256:
(config-pri 2)#digits-transferred 5558000 prefix 256

isdn alert disable pi-8

Use the isdn alert disable pi-8 command to disable progress indicator 8 in integrated services digital
network (ISDN) alert messages on the primary rate interface (PRI). Use the no form of this command to
Syntax Description
No subcommands.
Default Values
By default, progress indicator 8 is enabled.
Command History
Usage Examples
The following example disables progress indicator 8 in the alert message:
(config-pri 2)#isdn alert disable pi-8

isdn connect enable pi-2

Use the isdn connect enable pi-2 command to enable progress indicator 2 in integrated services digital
network (ISDN) connect messages on the primary rate interface (PRI). Use the no form of this command
to disable this feature.
Syntax Description
No subcommands.
Default Values
By default, progress indicator 2 is disabled.
Command History
Usage Examples
The following example enables progress indicator 2 in the connect message:
(config-pri 2)#isdn connect enable pi-2

isdn disconnect progress-tone

Use the isdn disconnect progress-tone command to specify that calls use a progress tone to indicate the
call should be disconnected. Use the no form of this command to disable the feature.
Syntax Description
No subcommands.
Default Values
By default, call progress tones are not used.
Command History
Usage Example
The following example enables the use of progress tones when calls are disconnected:
(config-pri 2)#isdn disconnect progress-tone

isdn name-delivery
Use the isdn name-delivery command to control the delivery of the name associated with the primary rate
interface (PRI). This command can be used to block the caller ID name on the PRI. Use the no form of this
isdn name-delivery display

isdn name-delivery proceeding
isdn name-delivery setup
Syntax Description
display Delivers the calling party’s name in a display information element (IE) in the
SETUP message.
proceeding Delivers the calling party’s name in a facility IE after the PROCEEDING
message.
setup Delivers the calling party’s name in a facility IE in the SETUP message.
Default Values
By default, isdn name-delivery is disabled.
Command History
Usage Examples
The following example configures the calling party information to be delivered in the setup message:
(config-pri 2)#isdn name-delivery setup

isdn overlap-receive
Use the isdn overlap-receive command to enable overlap receiving mode on the primary rate interface
(PRI). Use the no form of this command to return to the default setting. Variations of this command
include:
isdn overlap-receive timeout <value>

isdn overlap-receive digits-transferred <value>
Syntax Description
timeout <value> Specifies how long the interface will attempt to match direct inward dialing
(DID) digits received in INFO messages to entries in the voice dial-plan. If
no matching entry is found, the interface will deliver the message when the
timeout period expires. Valid range is 1 to 15 seconds.
digits-transferred <value> Specifies how many DID digits the interface will collect before delivering the
call. Valid range is 1 to 64 digits
Default Values
By default, isdn overlap-receive is disabled.
Command History
Functional Notes
When isdn overlap-receive is enabled, the interface will accept a SETUP message where the Called
Party Number (CPN) information element is either missing or does not have enough DID digits. When
more digits are received in subsequent INFO messages, the number is matched against entries in the
voice dial-plan to determine when there are enough digits to deliver the call.
If no matching voice dial-plan entry is found, the interface will deliver the call when configuration the isdn
overlap-receive timeout expires.
When isdn overlap-receive did-length is configured, no voice dial-plan look-up occurs. The interface will
deliver the call as soon as the specified number of DID digits has been collected.
If at any time an INFO message is received with CPN information element containing # or a Sending
Complete information element is received, the interface will deliver the call immediately.
Usage Examples
The following example enables overlap receiving with a timeout value of 7 seconds on the PRI:
(config)#interface PRI 2
(config-pri 2)#isdn overlap-receiving timeout 7

isdn pi-location
Use the isdn pi-location command to configure the location of the progress indicator in integrated services
digital network (ISDN) messages on the primary rate interface (PRI). The location is a progress indicator
information element that indicates from where the message comes. Use the no form of this command to
isdn pi-location private

isdn pi-location public
Syntax Description
private Sets the location of the progress indicator to private network serving the
local user.
public Sets the location of the progress indicator to public network serving the
local user.
Default Values
By default, the progress indicator location is public.
Command History
Usage Examples
The following example set the progress indicator location to private:
(config-pri 2)#isdn pi-location private

isdn setup enable

Use the isdn setup enable command to enable progress indicators in the integrated services digital
network (ISDN) setup message and redirecting numbers for ISDN calls on the primary rate interface (PRI).
The redirecting number is used to insert the caller’s number when a call is diverted by a blind transfer or
forward that both occurs on an ISDN trunk in local mode and proceeds out of an ISDN trunk. Use the no
isdn setup enable called

isdn setup enable calling
isdn setup enable redirecting-number
Syntax Description
called Enables the called number in ISDN setup messages.
calling Enables the calling number in ISDN setup messages.
1 indicates that the call is not end-to-end ISDN and further call progress
information may be available in-band.
3 indicates that the origination address is non-ISDN.
redirecting-number Enables redirecting numbers for ISDN calls.
Default Values
By default, the called and calling numbers are included in ISDN setup messages.
Command History
Release A4.03 Command was expanded to include the redirecting-number parameter.
Release R10.5.0 Command was expanded to include the called and calling parameters.
Usage Examples
The following example enables redirecting numbers for ISDN calls:
(config-pri 2)#isdn setup enable redirecting-number

isdn supplementary-service
Use the isdn supplementary-service command to enable integrated services digital network (ISDN)
supplementary services on a primary rate interface (PRI). Use the no form of this command to disable this
feature. Variations of this command include:
isdn supplementary-service ect

isdn supplementary-service rlt
isdn supplementary-service tbct
isdn supplementary-service tbct active-transfers <value>
isdn supplementary-service tbct d-channel-id <id number>
isdn supplementary-service tbct d-channel-id auto
isdn supplementary-service tbct notify-controller
isdn supplementary-service tbct transfer-counters
isdn supplementary-service tbct transfer-rate <value>
Syntax Description
ect Enables European Telecommunications Standards Institute (ETSI)
explicit call transfer (ECT).
rlt Enables Digital Multiplex System (DMS) release link trunk (RLT).
tbct Enables National ISDN II two B-channel transfer (TBCT).
active-transfers <value> Optional. Sets the number of simultaneous TBCT transfers. Valid range
is 0 to 60000.
d-channel-id <id number> Optional. Sets the D-channel ID for TBCT on the interface.
d-channel-id auto Optional. Sets the D-channel ID for TBCT to be automatically
configured.
notify-controller Optional. Enables TBCT notification to the controller.
transfer-counters Optional. Enables transfer counters during TBCT.
transfer-rate <value> Optional. Sets the number of transfers allowed within a 10-second
interval. Valid range is 0 to 500.
Default Values
By default, ECT, RLT, and TBCT are disabled.
By default, the tbct active-transfers value is set to 100, the tbct d-channel-id is set to auto, the tbct
notify-controller is disabled, the tbct transfer-counters are enabled, and the tbct transfer-rate is set to
10.
Command History

Usage Examples
The following example enables TBCT on PRI interface 2 and sets the number of simultaneous TBCT
transfers to 5000:
(config-pri 2)#isdn supplementary-service tbct
(config-pri 2)#isdn supplementary-service tbct active-transfers 5000

isdn switch-type
Use the isdn switch-type command to configure the switch type assigned on the primary rate integrated
services digital network (ISDN) primary rate interface (PRI) circuit. Telephone companies use various
types of ISDN switches and this setting must match the switch type used by your provider. Use the no form
of this command to return to the default setting. Variations of this command include:
isdn switch-type 4ess

isdn switch-type 5ess
isdn switch-type dms100
isdn switch-type etsi
isdn switch-type etsi legacy
isdn switch-type ni2
Syntax Description
4ess Sets the ISDN switch type to ATT 4ESS.
5ess Sets the ISDN switch type to Lucent 5ESS.
dms100 Sets the ISDN switch type to Northern ISDN II.
etsi Sets the ISDN switch type to European Telecommunications Standards
Institute (ETSI) (ETS 300 403).
etsi legacy Sets the ISDN switch type to legacy ETSI (ETS 300 102).
ni2 Sets the ISDN switch type to National ISDN II.
Default Values
By default, the command is set to ni2.
Command History
Release A2 Command was expanded to include the ETSI switch types.
Usage Examples
The following example configures the PRI switch type National ISDN II:
(config-pri 2)#isdn switch-type ni2

redirecting-number
Use the redirecting-number command to configure the format in which redirecting numbers are sent on
the primary rate interface (PRI). Use the no form of this command to return to the default setting.
redirecting-number as-received
redirecting-number prefer-national
Syntax Description
as-received Configures the redirecting number to be sent exactly as it is received.
prefer-national Configures the redirecting number to be sent in E.164 format, if possible.
Default Values
Command History
Usage Examples
The following example configures the redirecting number to be sent in E.164 format:
(config-pri 2)#redirecting-number prefer-national

role
Use the role command to configure the interface protocol to use on the primary rate interface (PRI). This
setting controls the functional mode of the interface. Use the no form of this command to return to the
role network
role network b-channel-restarts disable
role network b-channel-restarts enable
role user
Syntax Description
network Sets the port to operate in network termination (NT) mode.
b-channel-restarts disable Optional. Disables B-channel restarts.
b-channel-restarts enable Optional. Enables B-channel restarts.
user Sets the port to operate in terminal equipment (TE) mode.
Default Values
By default, the role is set to network b-channel-restarts disable.
Command History
Usage Examples
The following example configures the interface protocol as user on the PRI:
(config-pri 2)#role user

snmp trap
Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) traps
on the interface. Use the no form of this command to disable this trap.
Syntax Description
No subcommands.
Default Values
enabled.
Command History
Usage Examples
The following example enables SNMP on the primary rate interface (PRI) 2:
(config-pri 2)#snmp trap


Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on the primary rate interface (PRI) 2:
(config-pri 2)#no snmp trap link-status

Command Reference Guide Serial Interface Command Set
SERIAL INTERFACE COMMAND SET
To activate the Serial Interface Configuration mode, enter the interface serial command at the Global
>enable
#configure terminal
(config-ser 1/1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93
et-clock-source on page 2418

ignore dcd on page 2419
invert etclock on page 2420
invert rxclock on page 2421
invert txclock on page 2422
serial-mode on page 2423

Serial Interface Command Set Command Reference Guide
et-clock-source
Use the et-clock-source command to configure the clock source used when creating the external transmit
reference clock (et-clock). Use the no form of this command to return to the default value. Variations of
et-clock-source rxclock
et-clock-source txclock
Syntax Description
rxclock Uses the clock recovered from the receive signal to generate et-clock.
txclock Uses the clock recovered from the transmit signal to generate et-clock.
Default Values
By default, the clock recovered from the transmit signal is used to generate the et-clock.
Command History
Functional Notes
The external transmit clock (et-clock) is an interface timing signal (provided by the data terminal equipment
(DTE) device) used to synchronize the transfer of transmit data.
Usage Examples
The following example configures the serial interface to recover the clock signal from the received signal
and use it to generate et-clock:

(config-ser 1/1)#et-clock-source rxclock

ignore dcd
Use the ignore dcd command to specify the behavior of the serial interface when the data carrier detect
(DCD) signal is lost. Use the no form of this command to return to the default value.
Syntax Description
No subcommands.
Default Values
By default, the serial interface does not ignore a change in status of the DCD signal.
Command History
Functional Notes
When configured to follow DCD (default condition), the serial interface will not attempt to establish a
connection when DCD is not present. When configured to ignore DCD, the serial interface will continue to
attempt to establish a connection even when DCD is not present.
Usage Examples
The following example configures the serial interface to ignore a loss of the DCD signal:

(config-ser 1/1)#ignore dcd

invert etclock
Use the invert etclock command to configure the serial interface to invert the external transmit reference
clock (et-clock) in the data stream before transmitting. Use the no form of this command to return to the
default value.
Syntax Description
No subcommands.
Default Values
By default, the serial interface does not invert et-clock.
Command History
Functional Notes
If the serial interface cable is long, causing a phase shift in the data, the et-clock can be inverted using the
invert etclock command. This switches the phase of the clock, which compensates for a long cable.
Usage Examples
The following example configures the serial interface to invert et-clock:

(config-ser 1/1)#invert etclock

invert rxclock
Use the invert rxclock command to configure the serial interface to expect an inverted receive clock
(found in the received data stream). Use the no form of this command to return to the default value.
Syntax Description
No subcommands.
Default Values
By default, the serial interface does not expect an inverted receive clock (rxclock).
Command History
Functional Notes
If the serial interface cable is long, causing a phase shift in the data, the transmit clock can be inverted
using the invert txclock command (refer to invert txclock on page 2422). This switches the phase of the
clock, which compensates for a long cable. If the transmit clock of the connected device is inverted, use
the invert rxclock command to configure the receiving interface appropriately.
Usage Examples
The following example configures the serial interface to invert receive clock:

(config-ser 1/1)#invert rxclock

invert txclock
Use the invert txclock command to configure the serial interface to invert the transmit clock (found in the
transmitted data stream) before sending the signal. Use the no form of this command to return to the
default value.
Syntax Description
No subcommands.
Default Values
By default, the serial interface does not invert transmit clock (txclock).
Command History
Functional Notes
If the serial interface cable is long, causing a phase shift in the data, the transmit clock can be inverted
(using the invert txclock command). This switches the phase of the clock, which compensates for a long
cable. If the transmit clock of the connected device is inverted, use the invert rxclock command to
configure the receiving interface appropriately.
Usage Examples
The following example configures the serial interface to invert the transmit clock:

(config-ser 1/1)#invert txclock

serial-mode
Use the serial-mode command to specify the electrical mode for the interface. Use the no form of this
serial-mode eia530
serial-mode v35
serial-mode x21
Syntax Description
eia530 Configures the interface for use with the EIA 530 adapter cable
(P/N 1200883L1).
v35 Configures the interface for use with the V.35 adapter cable
(P/N 1200873L1).
x21 Configures the interface for use with the X.21 adapter cable
(P/N 1200874L1).
Default Values
By default, the serial interface is configured for a V.35 adapter cable.
Command History
Functional Notes
The pinouts for each of the available interfaces can be found in the Hardware configuration guide located
online at http://supportforums.adtran.com.
Usage Examples
The following example configures the serial interface to work with the X.21 adapter cable:

(config-ser 1/1)#serial-mode x21

snmp trap
Syntax Description
No subcommands.
Default Values
enabled.
Command History
interface.
Usage Examples
The following example enables SNMP on the serial interface:

(config-ser 1/1)#snmp trap


Syntax Description
No subcommands.
Default Values
Command History
interface.
interface.
Functional Notes
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on the serial interface:

(config-ser 1/1)#no snmp trap link-status

SHDSL Interface Command Set Command Reference Guide
SHDSL INTERFACE COMMAND SET
To activate the Single-Pair High-Speed Digital Subscriber Line (SHDSL) Interface Configuration mode,
enter the interface shdsl command at the Global Configuration mode prompt. For example:
>enable
#configure terminal
(config-shdsl 1/1)#
Not all SHDSL commands apply to all SHDSL interfaces. Type interface shdsl <slot/port>
to display a list of valid commands.

do on page 81
end on page 82
exit on page 83
shutdown on page 93
alarm-threshold on page 2428

annex on page 2429
boot alternate-image on page 2430
equipment-type on page 2431
ignore-error-duration <time> on page 2432
inband-detection on page 2433
inband-protocol on page 2434
line-mode on page 2435
linerate <value> on page 2436
linerate adaptive <min DS0s-max DS0s> <target dBs> on page 2437
linerate fixed <min DS0s-max DS0s> on page 2438
loopback remote inband on page 2440
outage-retrain on page 2441

Command Reference Guide SHDSL Interface Command Set

test splice-detect distance-type on page 2445
test tscan on page 2446

alarm-threshold
Use the alarm-threshold command to set thresholds for specific alarm conditions. Use the no form of this
command to disable threshold settings. Variations of this command include:
alarm-threshold loop-attenuation <value>

alarm-threshold snr-margin <value>
Syntax Description
loop-attenuation <value> Specifies a loop-attenuation threshold value from 1 to 127 dB. If signal
energy loss on the loop exceeds the configured value, the router issues an
alarm.
snr-margin <value> Specifies a value for signal-to-noise ratio (SNR) margin from 1 to 15 dB. If
the difference in amplitude between the baseband signal and the noise
exceeds the configured value, the router issues an alarm.
Default Values
Command History
Usage Examples
The following example sets the loop attenuation threshold at 45 dB:

(config-shdsl 1/1)#alarm-threshold loop-attenuation 45

annex
Use the annex command to select the single-pair, high-speed digital subscriber line (SHDSL) operating
mode supported on this interface. Use the no form of this command to return to the default setting.
annex a
annex a-efm
annex a-or-b
annex a-or-b-efm
annex b
annex b-efm
annex b
annex efm
Syntax Description
a Specifies Annex A (North American operating parameters).
a-efm Specifies Annex A and IEEE 802.3ah handshake parameters.
a-or-b Specifies Annex A or Annex B. This parameter enables the detection and
selection of the annex type depending on the connected terminating unit.
a-or-b-efm Specifies Annex A or Annex B and IEEE 802.3ah handshake parameters.
This parameter enables the detection and selection of the annex type
depending on the connected terminating unit.
b Specifies Annex B (European operating parameters).
b-efm Specifies Annex B and IEEE 802.3ah handshake parameters.
efm Specifies IEEE 802.3ah handshake parameters.
Default Values
By default, the SHDSL operating mode is set to a-or-b.
Command History
Release R10.6.0 Command was expanded to include the a-efm, a-or-b-efm, b-efm, and efm
parameters.
Usage Examples
The following example sets the operating mode to annex a:

(config-shdsl 1/1)#annex a

boot alternate-image
Use the boot alternate-image command to execute new code after a firmware upgrade.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
The current single-pair high-speed digital subscriber line (SHDSL) network interface module (NIM) card
(P/N 1200867L1) supports two code images commonly referred to as the active image and the inactive
image. When a firmware upgrade is performed on the card (through the copy <filename> interface shdsl
x/y Enable mode command), the new firmware is placed in the inactive image space. This new code will
not be executed until the boot alternate-image command is issued. When the user does this, the NIM will
reboot (taking the current line down) with the new code. At this point, the old code becomes the inactive
image and the new recently updated code becomes the active image.
Usage Examples
The following example causes the firmware upgrade to take effect:

(config-shdsl 1/1)#boot alternate-image

equipment-type
Use the equipment-type command to determine the operating mode for the single-pair high-speed digital
subscriber line (SHDSL) interface. Use the no form of this command to return to the default setting.
equipment-type co
equipment-type cpe
Syntax Description
co Use this option only in a campus environment when operating two SHDSL
network interface modules (NIMs) back-to-back. In this setup, configure the
master NIM to CO and the slave NIM to customer premises equipment
(CPE).
cpe Use this option when interfacing directly with your service provider or when
acting as the slave NIM in a campus environment.
Default Values
The default for this command is cpe.
Command History
Usage Examples
The following example changes the operating mode of the SHDSL interface to CO:

(config-shdsl 1/1)#equipment-type co

ignore-error-duration <time>
Use the ignore-error-duration command to specify the amount of time that errors are ignored during line
training. Use the no form of this command to return to the default setting.
Syntax Description
<time> Specifies time in seconds. Valid range is 15 to 30 seconds.
Default Values
By default, ignore-error-duration is set to 15 seconds.
Command History
Usage Examples
The following example sets the amount of time errors are ignored during line training to 25 seconds:

(config-shdsl 1/1)#ignore-error-duration 25

inband-detection
Use the inband-detection command to enable inband loopback pattern detection on the single-pair
high-speed digital subscriber line (SHDSL) interface. Use the no form of this command to disable this
feature.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example disables inband loopback pattern detection:

(config-shdsl 1/1)#no inband-detection

inband-protocol
Use the inband-protocol command to designate the inband loopback pattern to send/detect on the
single-pair high-speed digital subscriber line (SHDSL) interface. Use the no form of this command to
inband-protocol pn127
inband-protocol v54
Syntax Description
pn127 Selects PN127 as the inband loopback pattern to send/detect.
v54 Selects V.54 as the inband loopback pattern to send/detect.
Default Values
By default, the inband loopback pattern is set to v54.
Command History
Functional Notes
Inband loopbacks are specific patterns that are sent in place of user data to trigger a loopback. Both
PN127 and V.54 are industry standard loopback patterns used to allow remote loopbacks.
Usage Examples
The following example sets the inband loopback pattern for pn127:

(config-shdsl 1/1)#inband-protocol pn127

line-mode
Use the line-mode command to select the controller line mode. Use the no form of this command to return
line-mode 2-wire
line-mode 4-wire
Syntax Description
2-wire Specifies two-wire mode.
4-wire Specifies four-wire mode for extended operation.
Default Values
By default, the digital subscriber line (DSL) operating mode is set to 2-wire.
Command History
Usage Examples
The following example sets the line mode to 4-wire:

(config-shdsl 1/1)#line-mode 4-wire

linerate <value>
Use the linerate command to define the line rate for the single-pair high-speed digital subscriber line
(SHDSL) interface (the value includes 8 kbps of framing overhead). This command is functional only in
CO operating mode (refer to equipment-type on page 2431). The first two selections listed in the command
line interface (CLI) (72 and 136 kbps) are not supported by the SHDSL network interface module (NIM)
(P/N 1200867L1). Use the no form of this command to return to the default setting.
Syntax Description
<value> Specifies the line rate in kbps. Range is 200 to 2312 kbps in 64k
increments.
Default Values
By default, the line rate is set to 2056 kbps.
Command History
Usage Examples
The following example changes the line rate of the SHDSL interface to 264 kbps:

(config-shdsl 1/1)#linerate 264

linerate adaptive <min DS0s-max DS0s> <target dBs>

Use the linerate adaptive command to configure the single-pair, high-speed digital subscriber line
(SHDSL) interface for adaptive line rate training according to the signal quality conditions on the line.
linerate adaptive <min DS0s-max DS0s> <target dBs> current-condition

linerate adaptive <min DS0s-max DS0s> <target dBs> worstcase-condition
Syntax Description
<min DS0s-max DS0s> Specifies a range of DS0s for the minimum and maximum possible values
for the linerate in the format <minimum number of DS0s-maximum number
of DS0s>. The line rate is determined by multiplying the DS0 number by 64
kbps. The default range is 3-89 DS0s.
<target dBs> Specifies the target signal quality margin desired for the interface. Valid
range is -10 to 20 dBs. The default value is 3 dBs.
current-condition Configures the SHDSL interface for adaptive line rate training according to
current signal quality conditions on the line. This mode is not recommended
per ITU-T G991.2 Section 6.3.6.
worstcase-condition Configures the SHDSL interface for adaptive line rate training according to
worst-case signal quality conditions on the line.
Default Values
The default value for this command is linerate adaptive 3-89 3 worstcase-condition.
Command History
Usage Examples
The following example configures the SHDSL interface for adaptive line rate training according to
worst-case signal quality conditions on the line.

(config-shdsl 1/1)#linerate adaptive 3-64 5 worstcase-condition

linerate fixed <min DS0s-max DS0s>

Use the linerate fixed command to configure the single-pair, high-speed digital subscriber line (SHDSL)
interface for fixed adaptive line rate training. When in this mode, no line probing is performed by the
interface. The line rate is determined by comparing the range of level zero digital signals (DS0s) specified
with what is allowed by the other end point during the SHDSL handshake process.
Syntax Description
<min DS0s-max DS0s> Specifies a range of DS0s for the minimum and maximum possible values
for the linerate in the format <minimum number of DS0s-maximum number
of DS0s>. The line rate is determined by multiplying the DS0 number by 64
kbps. The default range is 3-89 DS0s.
Default Values
Command History
Usage Examples
The following example configures the SHDSL interface for fixed line rate training:

(config-shdsl 1/1)#linerate fixed 3-64

loopback
Use the loopback command to initiate a loopback test on the single-pair high-speed digital subscriber line
(SHDSL) interface. Use the no form of this command to deactivate the loopback. Variations of this
command include:
loopback analog
loopback digital
loopback network
loopback remote
Syntax Description
analog Loops the circuit at the analog hybrid.
digital Loops the circuit at the framer.
network Loops data back towards the network.
remote Transmits a network loopback request. This command is functional only in
CO operating mode (refer to equipment-type on page 2431).
Default Values
Command History
Release 15.1 Command was expanded to include the analog and digital loopbacks.
Usage Examples
The following example initiates a loopback test on the SHDSL interface that will loop the data back toward
the network:

(config-shdsl 1/1)#loopback network

loopback remote inband

Use the loopback remote inband command to inject the selected inband loop-up pattern into the data
stream to cause a loopback at the far end. Use the no form of this command to inject a loop-down pattern
into the data stream to cause an existing inband loopback at the far end to cease.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example injects a loop-down pattern into the data stream, causing existing loopbacks at the
far end to stop:

(config-shdsl 1/1)#no loopback remote inband

outage-retrain
Use the outage-retrain command to cause the single-pair high-speed digital subscriber line (SHDSL)
interface to force the SHDSL retrain sequence (which takes the line down temporarily) if the interface
detects more than ten consecutive errored seconds. A retrain is forced in hopes that the newly retrained line
will achieve better performance than the previous training state. Use the no form of this command to
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example forces a retrain sequence on the SHDSL interface:

(config-shdsl 1/1)#outage-retrain

snmp trap
traps on the interface. Us the no form of this command to disable this trap.
Syntax Description
No subcommands.
Default Values
enabled.
Command History
interface.
Ethernet Interface.
Release R11.1.0 Command was expanded to include the single-pair high-speed digital
subscriber line (SHDSL) interface, Ethernet in the first mile (EFM) group,
control EVC.
Usage Examples
The following example enables SNMP capability on the SHDSL interface:

(config-shdsl 1/1)#snmp trap


Syntax Description
No subcommands.
Default Values
Command History
interface.
interface.
Ethernet Interface.
Release R11.1.0 Command was expanded to include the single-pair high-speed digital
subscriber line (SHDSL) interface, Ethernet in the first mile (EFM) group,
control EVC.
Functional Notes
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on the SHDSL interface:

(config-shdsl 1/1)#no snmp trap link-status

test-pattern
Use the test-pattern command to activate the built-in pattern generator and begin sending the selected test
pattern toward the network. This pattern generation can be used to verify a data path when used in
conjunction with an active loopback. Use the no form of this command to cease pattern generation.
test-pattern clear
test-pattern errors
test-pattern insert
test-pattern p215
Syntax Description
register.
Default Values
Command History
Usage Examples
The following example sends a p215 test pattern:

(config-shdsl 1/1)#test-pattern p215

test splice-detect distance-type

Use the test splice-detect distance-type command to specify the unit of measurement used in the bad
splice detection test. Use the no form of this command to return to the default unit of measurement.
test splice-detect distance-type feet

test splice-detect distance-type meters
Syntax Description
feet Specifies the distance to the detected bad splice is measured in feet.
meters Specifies the distance to the detected bad splice is measured in meters.
Default Values
By default, distances in the bad splice detection test are measured in feet.
Command History
Functional Notes
The bad splice detection test is a line testing feature that allows users to locate intermittent faults in lines
by estimating the distance to the fault. Splice detection is always enabled on the SHDSL EFM NIM2
module and it continually monitors the signal-to-noise ratio (SNR) of the connection. When a negative
change in the SNR is detected, a measurement is taken to determine the distance to where the issue is
possibly occurring on the line. Bad splice detection test results can be viewed using the command show
interfaces shdsl <slot/port> splice-detect on page 688.
Usage Examples
In the following example, the unit of measurement used by the bad splice detection test is changed from
feet to meters:

(config-shdsl 1/1)#test splice-detect distance-type meters

test tscan
Use the test tscan command to initiate a Tscan test, as well as configure and display Tscan test parameters
for the interface. Variations of this command include:
test tscan
test tscan clear-results
test tscan display-results
Syntax Description
clear-results Clears the Tscan test results from previously completed Tscan tests.
display-results Displays the results of the most recently completed Tscan test.
Default Values
By default, Tscan tests are not run on the interface.
Command History
Functional Notes
The Tscan line test is a testing feature that allows users to isolate faults in lines by estimating the distance
to the fault and determining the type of fault, whether a short or an open connection. Tscan is an intrusive
test, which causes trained SHDSL loops to go down, but it is useful as a method for finding faults in loops
that will not train, rather than as a performance metric for operational loops.
Tscan tests can be started on any port that is enabled. Tscan tests typically take from 20 seconds to one
minute to complete, and timeout after 90 seconds to restore control to the command line interface (CLI).
When the test is complete, results are displayed in the CLI or can be viewed at a later time using the
command test tscan display-results. Displayed results include the date and time of the test, the status of
the test, the line rate used while Tscan operates (typically 16 or 32 DSOs), the distance to the fault if one is
detected (displayed in feet), and the fault type that is found. The minimum distance for the Tscan test is 0
feet and the maximum Tscan test distance is 1200 feet.
Usage Examples
The following example initiates a Tscan test on SHDSL interface 1/1:

(config-shdsl 1/1)#test tscan

The following example displays results from a recently completed Tscan test:

(config-shdsl 1/1)#test tscan display-results
shdsl 1/1 TSCAN Results
Date/Time: Thu, October 28, 2010 04:30:59 PM, CDT
Status: Done
Rate: 32 DSOs
Distance: 1100 ft
Fault: Open

T1 Interface Command Set Command Reference Guide
T1 INTERFACE COMMAND SET
To activate the T1 Interface Configuration mode, enter the interface t1 command at the Global
>enable
#configure terminal
(config-t1 1/1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93

coding on page 2450
fdl on page 2451
lbo on page 2453
loopback commands begin on page 2454
remote-alarm rai on page 2457
snmp trap line-status on page 2459
snmp trap threshold-reached on page 2461
tdm-group <number> on page 2463
timing-domain <domain> on page 2465

Command Reference Guide T1 Interface Command Set
clock source

clock source line
clock source system
clock source through
clock source through t1 <interface id>
Syntax Description
line Configures the unit to recover clocking from the T1 circuit.
system Configures the unit to provide clocking using the system clock.
through Configures the unit to recover clocking from the circuit connected to the
DSX-1 interface.
through t1 <interface id> Configures the unit to recover clocking from the alternate interface. Only
valid on T1 systems with multiple T1 interfaces and a single clock source.
Default Values
By default, the clock source is set to line.
Command History
Release 13.1 Command was expanded to include the system as a clocking source.
Functional Notes
When operating on a circuit that is providing timing, setting the clock source to line can avoid errors, such
as clock slip seconds (CSS).
Usage Examples
The following example configures the unit to recover clocking from the primary circuit:
(config-t1 1/1)#clock source line

coding
Use the coding command to configure the line coding for a T1 physical interface. This setting must match
the line coding supplied on the circuit by the service provider. Use the no form of this command to return
coding ami
coding b8zs
Syntax Description
b8zs Configures the line coding for bipolar eight zero substitution (B8ZS).
Default Values
By default, all T1 interfaces are configured with b8zs line coding.
Command History
Functional Notes
The line coding configured in the unit must match the line coding of the T1 circuit. A mismatch will result in
Usage Examples
The following example configures the T1 interface for ami line coding:
(config-t1 1/1)#coding ami

fdl
Use the fdl command to configure the format for the facility data link (FDL) channel on the T1 circuit.
FDL channels are only available on point-to-point circuits. Use the no form of this command to return to
fdl ansi
fdl att
fdl none
Syntax Description
ansi Configures the FDL for ANSI T1.403 standard.
att Configures the FDL for AT&T TR 54016 standard.
none Disables FDL on this circuit.
Default Values
By default, the FDL is configured for ansi.
Command History
Functional Notes
T1 circuits using extended superframe (ESF) framing format (specified using the framing command)
reserve 12 bits as a data link communication channel, referred to as the FDL, between the equipment on
either end of the circuit. The FDL allows the transmission of trouble flags, such as the Yellow Alarm signal.
Refer to framing on page 2452 for related information.
Usage Examples
The following example disables the FDL channel for the T1 circuit:
(config-t1 1/1)#fdl none

framing
Use the framing command to configure the framing format for the T1 interface. This parameter should
match the framing format supplied by your network provider. Use the no form of this command to return
to the default value. Variations of this command include:
framing d4
framing esf
Syntax Description
d4 Specifies D4 superframe (SF) format.
esf Specifies extended superframe (ESF) format.
Default Values
By default, the framing format is set to esf.
Command History
Functional Notes
A frame is comprised of a single byte from each of the T1’s timeslots; there are 24 timeslots on a single T1
circuit. Framing bits are used to separate the frames and indicate the order of information arriving at the
receiving equipment. D4 and ESF are two methods of collecting and organizing frames over the circuit.
Usage Examples
The following example configures the T1 interface for D4 framing:
(config-t1 1/1)#framing d4

lbo
Use the lbo command to configure the line build out (LBO) for the T1 interface. Use the no form of this
lbo short <value>

lbo long <value>
Syntax Description
long <value> Configures the LBO (in dB) for T1 interfaces with cable lengths greater than
655 feet. Choose from -22.5, -15, -7.5, and 0 dB.
short <value> Configures the LBO (in feet) for T1 interfaces with cable lengths less than
655 feet. Range is 0 to 655 feet.
Default Values
By default, the build out is set to 0 dB.
Command History
Functional Notes
LBO is artificial attenuation of a T1 output signal to simulate a degraded signal. This is useful to avoid
overdriving a receiver’s circuits. The shorter the distance between T1 equipment (measured in cable
length), the greater the attenuation value. For example, two units in close proximity should be configured
for the maximum attenuation (-22.5 dB).
Usage Examples
The following example configures the T1 interface LBO for -22.5 dB:
(config-t1 1/1)#lbo -22.5

loopback network

Syntax Description
line Initiates a metallic loopback of the physical T1 network interface.
payload Initiates a loopback of the T1 framer (CSU portion) of the T1 network
interface.
Default Values
Command History
Functional Notes
NI CSU
DS1
Payload Loopback
Line Loopback
Usage Examples
The following example initiates a payload loopback of the T1 interface:

loopback remote line

Use the loopback remote line command to send a loopback code to the remote unit to initiate a line
loopback. Use the no form of this command to send a loopdown code to the remote unit to deactivate the
loopback. Variations of this command include:
loopback remote line fdl

loopback remote line inband
Syntax Description
fdl Uses the facility data link (FDL) to initiate a full 1.544 Mbps physical
(metallic) loopback of the signal received by the remote unit from the
network.
inband Uses the inband channel to initiate a full 1.544 Mbps physical (metallic)
loopback of the signal received by the remote unit from the network.
Default Values
Command History
Functional Notes
NI CSU
DS1
Payload Loopback
Line Loopback
Usage Examples
The following example initiates a remote line loopback using the FDL:
(config-t1 1/1)#loopback remote line fdl

loopback remote payload

Use the loopback remote payload command to send a loopback code to the remote unit to initiate a
payload loopback. A payload loopback is a 1.536 Mbps loopback of the payload data received from the
network maintaining bit-sequence integrity for the information bits by synchronizing (regenerating) the
timing. Use the no form of this command to send a loopdown code to the remote unit to deactivate the
loopback.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
NI CSU
DS1
Payload Loopback
Line Loopback
Usage Examples
The following example initiates a remote payload loopback:
(config-t1 1/1)#loopback remote payload

remote-alarm rai
The remote-alarm rai command selects the alarm signaling type to be sent when a loss of frame is
detected on the T1 receive signal. Use the no form of this command to disable all transmitted alarms.
Syntax Description
rai Specifies sending a remote alarm indication (RAI) in response to a loss of
frame. Also, prevents a received RAI from causing a change in interface
operational status.
Default Values
The default for this command is rai.
Command History
Release 7.1 Command was expanded to include the T1 interface.
Usage Examples
The following example enables transmission of RAI in response to a loss of frame:
(config-t1 1/1)#remote-alarm rai

remote-loopback
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables remote loopbacks on the T1 interface:

snmp trap line-status

Use the snmp trap line-status command to control the Simple Network Management Protocol (SNMP)
variable dsx1LineStatusChangeTrapEnable (RFC 2495) to enable (or disable) the interface to send SNMP
traps when there is an interface status change. Use the no form of this command to disable this trap.
Syntax Description
No subcommands.
Default Values
By default, the dsx1LineStatusChangeTrapEnable object identifier (OID) is set to enabled for all interfaces
Command History
Functional Notes
The snmp trap line-status command is used to control the RFC 2495 dsx1LineStatusChangeTrapEnable
OID (OID number 1.3.6.1.2.1.10.18.6.1.17.0).
Usage Examples
The following example disables the line-status trap on the T1 interface:
(config-t1 1/1)#no snmp trap line-status


Syntax Description
No subcommands.
Default Values
Command History
interface.
interface.
Functional Notes
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on the T1 interface:

snmp trap threshold-reached

Use the snmp trap threshold-reached command to control the Simple Network Management Protocol
(SNMP) variable adGenAOSDs1ThresholdReached (adGenAOSDs1-Ext MIB) to enable the interface to
send SNMP traps when a DS1 performance counter threshold is reached. Use the no form of this command
to disable this trap.
Syntax Description
No subcommands.
Default Values
By default, the adGenAOSDs1ThresholdReached object identifier (OID) is disabled for all interfaces.
Command History
Usage Examples
The following example disables SNMP threshold reached trap on the T1 interface:
(config-t1 1/1)#no snmp trap threshold-reached

system-timing
Use the system-timing command to configure the Rx clock as the primary or secondary timing source for
the system. Use the no form of this command to disable this feature.Variations of this command include:
Syntax Description
primary Specifies the Rx clock as the primary timing source.
secondary Specifies the Rx clock as the secondary timing source.
Default Values
Command History
Usage Examples
The following example configures the T1 interface to provide its Rx clock as the primary timing source for
the system:
(config-t1 1/1)#system timing primary

tdm-group <number>
Use the tdm-group command to create a group of contiguous level zero digital signals (DS0s) on this
interface to be used during the cross-connect process. Refer to cross-connect on page 76 for related
information. Use the no form of this command to remove configured time division multiplexing (TDM)
groups. Variations of this command include:
tdm-group <number> timeslots <value>

tdm-group <number> timeslots <value> speed [56 | 64]
Changing tdm-group settings could result in service interruption.
Syntax Description
<number> Identifies the created TDM group. Valid range is 1 to 255.
timeslots <value> Specifies the channels to be used in the TDM group. Valid range is 1 to 31.
The timeslot value can be entered as a single number representing one of
the 31 E1 channel timeslots or as a contiguous group of channels. (For
example, 1-10 specifies the first 10 channels of the E1.)
speed [56 | 64] Optional. Specifies the individual DS0 rate on the T1 interface to be
64 kbps. Only the T1 + DSX-1 network interface module (NIM) supports the
56 kbps DS0 rate. The default speed is 64 kbps.
Default Values
By default, there are no configured TDM groups.
Command History
Usage Examples
The following example creates a TDM group (labeled 5) of 10 DS0s at 64 kbps each:

test-pattern
include:
test-pattern clear
test-pattern errors
test-pattern insert
test-pattern ones
test-pattern p215
test-pattern p220
test-pattern p511
test-pattern qrss
test-pattern zeros
Syntax Description
errors Displays the test pattern errored seconds.
register.
register.
p511 Generates a test pattern of repeating ones and zeros.
qrss Generates a test pattern of random ones and zeros.
Default Values
Command History
Usage Examples
(config-t1 1/1)#test-pattern ones

timing-domain <domain>
Use the timing-domain command to assign the interface to a system-wide voice timing domain. Use the
no form of this command to return to the default.
Syntax Description
<domain> Assigns the interface to a system-wide timing domain. Valid domains are 1
and 2.
Default Values
By default, interfaces are assigned to timing domain 1.
Command History
Usage Examples
The following example assigns the interface to timing domain 2:
(config-t1 1/1)#timing-domain 2

To activate the T3 Interface Configuration mode, enter the interface t3 command at the Global
>enable
#configure terminal
(config-t3 1/1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93

coding b3zs on page 2468
line-length on page 2470
loopback remote on page 2472

clock source
Use the clock source command to configure the source timing used for the interface. The clock specified
using the clock source command is also the system master clock. Use the no form of this command to
clock source local

clock source loop
Syntax Description
local Configures the unit to provide clocking using the internal oscillator.
loop Configures the unit to recover clocking from the T3 circuit.
Default Values
By default, all T3 interfaces are configured with loop as the clock source.
Command History
Usage Examples
(config-t3 1/1)#clock source loop

coding b3zs
Use the coding b3zs command to configure the line coding for a T3 physical interface. This setting must
match the line coding supplied on the circuit by the service provider.
Syntax Description
b3zs Configures the line coding for bipolar three zero substitution (B3ZS).
Default Values
By default, all T3 interfaces are configured with b3zs line coding.
Command History
Functional Notes
The line coding configured in the unit must match the line coding of the T3 circuit. A mismatch will result in
Usage Examples
The following example configures the T1 interface for b3zs line coding:
(config-t3 1/1)#coding b3zs

framing
Use the framing command to configure the network framing format for a T3 physical interface. Use the no
form of this command to return to the default value. Variations of this command include:
framing cbit
framing m13
Syntax Description
cbit Configures the interface for C-bit parity framing.
m13 Configures the interface for M13 framing.
Default Values
By default, all T3 interfaces are configured for cbit parity framing.
Command History
Functional Notes
M13 is an asynchronous framing format that uses all 21 DS3 M-Frame C-bits for bit stuffing indicators.
End-to-end path parity and datalink capabilities are not provided by the standard M13 format. C-bit parity
framing differs from M13 by allowing monitoring of the data path (end-to-end) and supporting out-of-band
(OOB) data links.
Usage Examples
The following example configures the T3 interface for m13 framing:
(config-t3 1/1)#framing m13

line-length
Use the line-length command to configure the line length for a T3 physical interface. Use the no form of
line-length long
line-length short
Syntax Description
long Configures the line length for a distance of 225 to 450 feet of cable.
short Configures the line length for a distance of 0 to 225 feet of cable.
Default Values
By default, all T3 interfaces are configured for a short line length.
Command History
Usage Examples
The following example configures the T3 interface for long line length:
(config-t3 1/1)#line-length long

loopback network
Use the loopback network command to initiate a local T3 loopback on the interface toward the network.
Use the no form of this command to deactivate the loopback. Variations of this command include:

Syntax Description
line Initiates a loopback of the physical T3 network interface; that is, data
received on the T3 is transmitted back out on the T3.
payload Initiates a loopback of the T3 framer (TSU portion) of the T3 network
interface.
Default Values
Command History
Usage Examples
The following example initiates a payload loopback of the T3 interface:

loopback remote
Use the loopback remote command to initiate a loopback test on the T3 interface that sends a remote
loopback code out the T3 circuit to loop up the far end. This command only applies when C-bit framing is
used on the circuit. Use the no form of this command to deactivate the loopback. Variations of this
command include:
loopback remote line

loopback remote payload
Syntax Description
line Initiates a line loopback.
payload Initiates a payload loopback.
Default Values
Command History
Usage Examples
This example initiates a remote loopback on the T3 interface:
(config-t3 1/1)#loopback remote

remote-loopback
Use the remote-loopback command to configure the T3 interface to be looped from the far end (remote
device, Telco, etc.). Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
This example enables remote loopbacks on the T3 interface:


Syntax Description
No subcommands.
Default Values
Command History
interface.
Release 9.1 Command was expanded to the high link data link control (HDLC) interface.
Usage Examples
The following example disables the link-status trap on the T3 interface:

test-pattern
Use the test-pattern command to activate the built-in pattern generator and begin sending the selected test
pattern toward the network. This pattern generation can verify a data path when used in conjunction with
an active loopback. Use the no form of this command to cease pattern generation. Variations of this
command include:
test-pattern clear
test-pattern errors
test-pattern insert
test-pattern ones
test-pattern p215
test-pattern p223
test-pattern zeros
Syntax Description
register.
register.
Default Values
Command History
Usage Examples
The following example enables a p215 test pattern:
(config-t3 1/1)#test-pattern p215

The T4 interface is used to supply configurable synchronous clock output for network synchronization
(Network Sync). You can configure the output format and output squelch threshold for the interface. Enter
the T4 interface configuration mode by entering the interface <interface> command from the Global
Configuration mode as follows:
(config-t4 0/1)#

do on page 81
exit on page 83
shutdown on page 93
format on page 2477

minimum-ssm-ql <value> on page 2478

format
Use the format command to specify the output format for the clock. Use the no form of this command to
return to the default output format. Variations of this command include:
format ds1 d4
format ds1 esf
format e12 cas
format e12 ccs
format t12
Syntax Description
ds1 ds4 Specifies a 1544 kbps synchronization interface (DS1-D4/DS1-SF).
ds1 esf Specifies a 1544 kbps synchronization interface with extended
superframing (DS1-ESF).
e12 cas Specifies a 2048 kbps synchronization interface (E12) with channel
associated signaling pulse code modulation 30 (CAS PCM30) framing.
e12 ccs Specifies a 2048 kbps synchronization interface (E12) with common
channel signaling pulse code modulation 31 (CCS PCM31) framing.
t12 Specifies a 2048 kHz synchronization interface (T12).
Default Values
By default, the format is set to t12.
Command History
Release R11.1.0 Command was expanded to include the e12 cas and e12 ccs parameters,
and the hyphen was removed from the ds1 parameters.
Usage Examples
The following example changes the clock output format to e12:
(config-t4 0/1)#format e12

minimum-ssm-ql <value>
Use the minimum-ssm-ql command to specify a squelch level for the T4 interface output. When the
quality level (QL) of the synchronization status message (SSM) received by the Network Ethernet
synchronization message channel (ESMC) process is below this level, the output is squelched. Use the no
form of this command to disable this feature, which results in the output never being squelched.
Syntax Description
<value> Specifies the minimum level of the synchronization status message (SSM)
for the output to be active. Refer to the Functional Notes of this command
for specific details.
Default Values
By default, squelch is disabled. The output is always active.
Command History
Release R11.7.0 Command was altered to remove the following parameters: ql-dnu for EEC
Option 1 and ql-dus, ql-prov, and ql-smc for EEC Option 2.
Functional Notes
The various <value> parameters available for SSM override vary according to the Ethernet equipment
clock (EEC) option selected in the network synchronization (Network Sync) configuration (refer to the
command eec-option on page 4422). If you have not specified an EEC option, Option 2 is used by default.
The following lists outline the <value> parameters for the minimum-ssm-ql command.
SSM Override Parameters for EEC Option 1
ql-eec1 Synchronous digital hierarchy (SDH) Equipment Clock (0xB)
ql-prc Primary Reference Clock (0x2)
ql-ssu-a First Level Synchronization Supply Unit (0x4)
ql-ssu-b Second Level Synchronization Supply Unit (0x8)
SSM Override Parameters for EEC Option 2
ql-eec2 Stratum 3 Traceable (0xA)
ql-prs Stratum 1 Traceable (0x1)
ql-st2 Stratum 2 Traceable (0x7)
ql-st3e Stratum 3E Traceable (0xD)
ql-stu Synchronized Traceability Unknown (0x0)

ql-tnc Transit Node Clock Traceable (0x4)
The Network Sync command set and esmc-process must be active for squelch to operate. Refer to the
Network Sync command set on page 4419 and the esmc-process command on page 4423 for more
information.
When squelch is active, the output depends on the selected format, as follows:
Format: Output:
format ds1 d4 T1 AIS (unframed, all ones)
format ds1 esf T1 AIS (unframed, all ones)
format e12 cas E1 AIS (unframed, all ones)
format e12 ccs E1 AIS (unframed, all ones)
format t12 none
Usage Examples
The following example enables and configures the squelch threshold as EEC option 2 ql-tnc:
(config-t4 0/1)#minimum-ssm-ql ql-tnc

VDSL Interface Command Set Command Reference Guide
VDSL INTERFACE COMMAND SET
To activate the Very High-Speed Digital Subscriber Line (VDSL) Interface Configuration mode, enter the
interface vdsl command at the Global Configuration mode prompt. For example:
>enable
#configure terminal
(config-vdsl 1/1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93
performance-statistics on page 2481

Command Reference Guide VDSL Interface Command Set
performance-statistics
Use the performance-statistics command to enable gathering performance monitoring statistics on the
interface. Use the no form of this command to disable the performance monitoring feature.
Syntax Description
No subcommands.
Default Values
By default, performance monitoring is enabled.
Command History
Release R11.2.0 Command expanded to include the very high-speed digital subscriber line
(VDSL) interfaces.
Usage Examples
The following example enables performance monitoring on the vdsl interface vdsl 1/1:

(config-vdsl 1/1)#performance-statistics

VIRTUAL INTERFACE COMMAND SETS

• ATM Interface Command Set on page 2483

• ATM Subinterface Command Set on page 2487
• BVI Interface Command Set on page 2578
• Demand Interface Command Set on page 2621
• Frame Relay Interface Command Set on page 2712
• Frame Relay Subinterface Command Set on page 2733
• HDLC Interface Command Set on page 2873
• Loopback Interface Command Set on page 2953
• Port Channel Interface Command Set on page 3019
• PPP Interface Command Set on page 3045
• Tunnel Interface Command Set on page 3196
• VLAN Command Set on page 3341
• VLAN Database Command Set on page 3346
• VLAN Interface Command Set on page 3355

Command Reference Guide ATM Interface Command Set
ATM INTERFACE COMMAND SET
To create a virtual asynchronous transfer mode (ATM) interface and/or activate the ATM Interface
Configuration mode, enter the interface atm command at the Global Configuration mode prompt. For
example:
>enable
#configure terminal
(config)#interface atm 1
(config-atm 1)#
By default, ATM interfaces are created as point-to-point links. This default setting cannot be altered. The
following command creates the exact same interface as that mentioned above:
>enable
#configure terminal
(config)#interface atm 1 point-to-point
(config-atm 1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93


ATM Interface Command Set Command Reference Guide
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables RTP quality monitoring on the asynchronous transfer mode (ATM)
interface:
(config-atm 1)#rtp quality-monitoring

Command Reference Guide ATM Interface Command Set
snmp trap
Syntax Description
No subcommands.
Default Values
enabled.
Command History
interface.
Usage Examples
The following example enables SNMP on the ATM interface:
(config-atm 1)#snmp trap

ATM Interface Command Set Command Reference Guide

Syntax Description
No subcommands.
Default Values
Command History
interface.
interface.
Functional Notes
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on the ATM interface:
(config-atm 1)#no snmp trap link-status

Command Reference Guide ATM Subinterface Command Set
ATM SUBINTERFACE COMMAND SET
To create a virtual asynchronous transfer mode (ATM) subinterface and/or activate the ATM Subinterface
Configuration mode, enter the interface atm command (and specify a subinterface) at the Global
>enable
#configure terminal
(config-atm 1.1)#
By default, ATM subinterfaces are created as point-to-point links. This default setting cannot be altered.
The following command creates the exact same interface as that mentioned above:
>enable
#configure terminal
(config)#interface atm 1.1 point-to-point
(config-atm 1.1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93
atm routed-bridged ip on page 2489

bridge-group <value> on page 2491
cos on page 2492
dial-backup commands begin on page 2493
encapsulation on page 2512
fair-queue on page 2513
hold-queue <value> out on page 2514
ipv6 dhcp relay destination <ipv6 address> on page 2560

ATM Subinterface Command Set Command Reference Guide

oam retry on page 2563
oam-pvc managed on page 2564
pvc <VPI/VCI> on page 2566

atm routed-bridged ip
Use the atm routed-bridged ip command to enable IP routed bridge encapsulation (RBE) on an interface.
Use the no form of this command to disable RBE operation.
Syntax Description
No subcommands.
Default Values
By default, RBE is disabled.
Command History
Usage Examples
The following example enables RBE:

(config-atm 1.1)#atm routed-bridged ip

bandwidth <value>
Syntax Description
Default Values
To view the default values, use the show interfaces command.
Command History
Release 8.1 Asynchronous transfer mode (ATM) subinterface was added.
Functional Notes
Usage Examples
The following example sets bandwidth of the ATM subinterface to 10 Mbps:

(config-atm 1.1)#bandwidth 10000

bridge-group <value>
Syntax Description
<value> Specifies the bridge group (by number) to which to assign this interface.
Range is 1 to 255.
Default Values
Command History
Functional Notes
be bridged (Ethernet to T1, Ethernet to Frame Relay subinterface).
Usage Examples
The following example assigns the ATM subinterface labeled 1.1 to bridge group 1:

(config-atm 1.1)#bridge-group 1

cos
Use the cos command to define class of service (CoS) settings on an asynchronous transfer mode (ATM)
subinterface. Use the no form of this command to remove the parameters. Variations of this command
include:
cos ubr
cos vbr-nrt <pcr> <scr> <mbs>
cos vbr-rt <pcr> <scr> <mbs>
Syntax Description
ubr Indicates unspecified bit rate (UBR) for the CoS.
vbr-nrt Specifies the variable bit rate (VBR) nonreal time (NRT) peak cell rate
(PCR), sustained cell rate (SCR), and maximum burst size (MBS).
vbr-rt Specifies the variable bit rate real time (RT) peak cell rate, sustained cell
rate, and maximum burst size.
<pcr> Indicates the peak cell rate or maximum number of cells per second the
connection can transfer into the network. Valid range is 32 to 50000 kbps.
<scr> Indicates the sustained cell rate or average number of cells per second that
the connection can transfer into the network. Valid range is 32 to
50000 kbps.
<mbs> Indicates the maximum burst size of cells allowed on the connection. Valid
Default Values
The default setting for this feature is cos ubr.
Command History
Usage Examples
The following example defines variable bit rate real time on the ATM subinterface 1.2:
(config)#interface atm 1.2 point-to-point

(config-atm 1.2)#no shutdown
(config-atm 1.2)#pvc 1/101
(config-atm 1.2)#ip address 10.23.107.35 255.255.255.240
(config-atm 1.2)#COS VBR-rt 2304 1024 3
(config-atm 1.2)#bandwidth 2304

dial-backup auto-backup
Use the dial-backup auto-backup command to configure the subinterface to automatically attempt a dial
backup upon failure. Use the no form of this command to disable this feature. For more detailed
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of
the command dial-backup call-mode on page 2496.
Syntax Description
No subcommands.
Default Values
By default, all backup endpoints will automatically attempt dial backup upon a failure.
Command History
Usage Examples
The following example enables automatic dial backup on the endpoint:

(config-atm 1.1)#dial-backup auto-backup

dial-backup auto-restore
Use the dial-backup auto-restore command to configure the subinterface to automatically discontinue
dial backup when all network conditions are operational. Use the no form of this command to disable the
auto-restore feature. For more detailed information on dial-backup functionality, refer to the Functional
Notes and Technology Review sections of the command dial-backup call-mode on page 2496.
Syntax Description
No subcommands.
Default Values
By default, all backup endpoints will automatically restore the primary connection when the failure
condition clears.
Command History
Usage Examples
The following example configures AOS to automatically restore the primary connection when the failure
condition clears:

(config-atm 1.1)#dial-backup auto-restore

dial-backup backup-delay <value>

Use the dial-backup backup-delay command to configure the amount of time the router will wait after the
failure condition is recognized before attempting to backup the link. Use the no form of this command to
return to the default value. For more detailed information on dial-backup functionality, refer to the
Functional Notes and Technology Review sections of the command dial-backup call-mode on page 2496.
Syntax Description
<value> Specifies the delay period (in seconds) a failure must be active before AOS
will enter backup operation on the interface. Valid range is 10 to
86400 seconds.
Default Values
By default, the dial-backup backup-delay period is set to 10 seconds.
Command History
Usage Examples
The following example configures AOS to wait 60 seconds (on an endpoint with an active alarm condition)
before attempting dial-backup operation:

(config-atm 1.1)#dial-backup backup-delay 60

dial-backup call-mode
Use the dial-backup call-mode command to specify whether the configured backup interface answers or
originates (or a combination of both) backup calls. Use the no form of this command to return to the
dial-backup call-mode answer

dial-backup call-mode answer-always
dial-backup call-mode originate
dial-backup call-mode originate-answer
dial-backup call-mode originate-answer-always
Syntax Description
answer Answers and backs up primary link on failure.
answer-always Answers and backs up regardless of primary link state.
originate Originates backup call on primary link failure.
originate-answer Originates or answers call on primary link failure.
originate-answer-always Originates on failure; answers and backs up always.
Default Values
By default, the dial-backup call-mode is set to originate-answer.
Command History
Functional Notes
The majority of the configuration for AOS dial-backup implementation is configured via the dial-backup
Point-to-Point Protocol (PPP) interface configuration commands. However, the numbers dialed are
configured in the primary interface. Full sample configurations follow:
Sample configuration for remote router (dialing out)
hostname “Remote3200”
enable password adtran
!
interface eth 0/1
ip address 192.168.1.254 255.255.255.0
no shutdown
!
interface modem 1/3
no shutdown
!
interface t1 1/1

coding b8zs
framing esf
clock source line
tdm-group 1 timeslots 1-24
no shutdown
!
interface fr 1 point-to-point
frame-relay lmi-type ansi
no shutdown
cross-connect 1 t1 1/1 1 fr 1
!
interface fr 1.16 point-to-point
frame-relay interface-dlci 16
ip address 10.1.1.2 255.255.255.252
dial-backup number 5551111 analog ppp1
no shutdown
!
interface ppp 1
ip address 172.22.56.1 255.255.255.252
ppp authentication chap
username remoter outer password remoteness
ppp chap hostname local router
ppp chap password adtran
no shutdown
!
ip route 192.168.2.0 255.255.255.0 172.22.56.2 255.255.255.252
!
line telnet 0 4
password password
Sample configuration for central router (dialing in)
hostname “Central3200”
!
interface eth 0/1
ip address 192.168.100.254 255.255.255.0
no shutdown
!
interface modem 1/3
no shutdown
!
interface t1 1/1
coding b8zs
framing esf
clock source line


no shutdown
!
no shutdown
!
ip address 10.1.1.1 255.255.255.252
dial-backup number 555-8888 analog ppp 1
!
interface ppp 1
ip address 172.22.56.2 255.255.255.252
username local router password adtran
ppp chap hostname remote router
ppp chap password remoteness
no shutdown
!
ip route 192.168.1.0 255.255.255.0 172.22.56.1 255.255.255.252
line telnet 0 4
password password
Usage Examples
The following example configures AOS to generate backup calls for this endpoint using an analog modem
interface (to phone number 555 1111), but never answer calls and specifies ppp 2 as the backup interface:

(config-atm 1.1)#dial-backup call-mode originate
(config-atm 1.1)#dial-backup number 555 1111 analog ppp 2

Technology Review
This technology review provides information regarding specific dial-backup router behavior (i.e., when the
router will perform dial backup, where in the configuration AOS accesses specific routing information, etc.):
Dialing Out
1. AOS determines to place an outbound call when either the Layer 1 or Layer 2 has a failure.
2. When placing outbound calls, AOS matches the number dialed to a PPP interface. This is accomplished
with an addition to the dial-backup number command (refer to dial-backup number on page 2503).
3. When placing the call, AOS uses the configuration of the related PPP interface for authentication and IP
negotiation.
4. If the call fails to connect on the first number dialed, AOS places a call to the second number (if a
second number is configured). The second number to be dialed references a separate PPP interface.
Dialing In
1. AOS receives an inbound call on a physical interface.
2. Caller ID is used to match the dial-backup number command to the configured PPP interface.
3. If a match is found, the call connects and AOS pulls down the primary connection if it is not already in a
down state.
4. If no match is found from caller ID, the call is terminated.

dial-backup connect-timeout <value>

Use the dial-backup connect-timeout command to specify the number of seconds to wait for a connection
after a call is attempted before trying to call again or dialing a different number. It is recommended this
number be greater than 60. Use the no form of this command to return to the default setting. For more
detailed information on dial-backup functionality, refer to the Functional Notes and Technology Review
sections of the command dial-backup call-mode on page 2496.
Syntax Description
<value> Specifies the amount of time (in seconds) that the router will wait for a
connection before attempting another call. Valid range is 10 to 300 seconds.
Default Values
By default, the dial-backup connect-timeout period is set to 60 seconds.
Command History
Usage Examples
The following example configures AOS to wait 120 seconds before retrying a failed dial-backup call:

(config-atm 1.1)#dial-backup connect-timeout 120

dial-backup force
Use the dial-backup force command to manually override the automatic dial-backup feature. This can be
used to force a link into backup to allow maintenance to be performed on the primary link without
disrupting data. Use the no form of this command to return to the normal dial-backup operation state. For
more detailed information on dial-backup functionality, refer to the Functional Notes and Technology
Review sections of the command dial-backup call-mode on page 2496. Variations of this command
include:
dial-backup force backup

dial-backup force primary
Syntax Description
backup Forces backup regardless of primary link state.
primary Forces primary link regardless of its state.
Default Values
Command History
Usage Examples
The following example configures AOS to force this endpoint into dial backup:

(config-atm 1.1)#dial-backup force backup

dial-backup maximum-retry <value>

Use the dial-backup maximum-retry command to select the number of calls the router will make when
attempting to backup a link. Use the no form of this command to return to the default state. For more
Syntax Description
<value> Selects the number of call retry attempts that will be made after a link
failure. Valid range is 0 to 15 attempts.
Setting this value to 0 will allow unlimited retries during the time the network
is failed.
Default Values
By default, the dial-backup maximum-retry period is set to 0 attempts.
Command History
Usage Examples
The following example configures AOS to retry a dial-backup call 4 times before considering backup
operation not available:

(config-atm 1.1)#dial-backup maximum-retry 4

dial-backup number
Use the dial-backup number command to configure the phone number and the call type the router will
dial upon network failure. Multiple entries can be made for an interface to allow alternate sites to be dialed.
Use the no form of this command to disable this feature. For more detailed information on dial-backup
functionality, refer to the Functional Notes and Technology Review sections of the command dial-backup
call-mode on page 2496. Variations of this command include:
dial-backup number <number> analog ppp <interface>

dial-backup number <number> digital-56k <isdn min chan> <isdn max chan> ppp <interface>
Syntax Description
<number> Specifies the phone numbers to call when the backup is initiated.
analog Indicates the number connects to an analog modem.
digital-56k Indicates the number belongs to a digital 56 kbps per DS0 connection.
<isdn min chan> Specifies the minimum number of DS0s required for a digital 56 or 64 kbps
connection. Range is 1 to 24 DS0s.
<isdn max chan> Specifies the maximum number of DS0s desired for a digital 56 or 64 kbps
ppp <interface> Specifies the Point-to-Point Protocol (PPP) interface to use as the backup for
this interface (for example, ppp 1).
Default Values
By default, there are no configured dial-backup numbers.
Command History
Release 17.2 Command was expanded to include the cellular connections.
Release 17.3 Cellular connections were removed from this command.
Usage Examples
The following example configures AOS to dial 704-555-1212 (digital 64 kbps connection) to initiate
dial-backup operation for this endpoint using the configured ppp 1 backup interface:

(config-atm 1.1)#dial-backup number 7045551212 digital-64k 1 1 ppp 1

dial-backup priority <value>

Use the dial-backup priority command to select the backup priority for this interface. This allows the user
to establish the highest priority backup link and ensure that link will override backups attempted by lower
priority links. Use the no form of this command to return to the default value. For more detailed
Syntax Description
<value> Sets the relative priority to this link. Valid range is 0 to 100. A value of 100
designates the highest priority.
Default Values
By default, the dial-backup priority is set to 50.
Command History
Usage Examples
The following example assigns the highest priority to this endpoint:

(config-atm 1.1)#dial-backup priority 100

dial-backup randomize-timers
Use the dial-backup randomize-timers command to randomize the call timers to minimize potential
contention for resources. Use the no form of this command to return to the default value. For more detailed
Syntax Description
No subcommands.
Default Values
By default, AOS does not randomize the dial-backup call timers.
Command History
Usage Examples
The following example configures AOS to randomize the dial-backup timers associated with this endpoint:

(config-atm 1.1)#dial-backup randomize-timers

dial-backup redial-delay <value>

Use the dial-backup redial-delay command to configure the delay after an unsuccessful call until the call
will be re-tried. Use the no form of this command to return to the default setting. For more detailed
Syntax Description
<value> Specifies the delay (in seconds) between attempting to redial a failed
backup attempt. Valid range is 10 to 3600 seconds.
Default Values
By default, the dial-backup redial-delay period is set to 10 seconds.
Command History
Usage Examples
The following example configures a redial delay of 25 seconds on this endpoint:

(config-atm 1.1)#dial-backup redial-delay 25

dial-backup restore-delay <value>

Use the dial-backup restore-delay command to configure the amount of time the router will wait after the
network is restored before disconnecting the backup link and reverting to the primary. This setting is used
to prevent disconnecting the backup link if the primary link is bouncing in and out of alarm. Use the no
form of this command to return to the default setting. For more detailed information on dial-backup
call-mode on page 2496.
Syntax Description
<value> Specifies the number of seconds AOS will wait (after a primary link is
restored) before disconnecting dial-backup operation. Range is 10 to
86400 seconds.
Default Values
By default, the dial-backup restore-delay period is set to 10 seconds.
Command History
Usage Examples
The following example configures AOS to wait 30 seconds before disconnecting dial-backup operation and
restoring the primary connection for this endpoint:

(config-atm 1.1)#dial-backup restore-delay 30

dial-backup schedule
Use the dial-backup schedule command to set the time of day that backup will be enabled. Use this
command if backup is desired only during normal business hours and on specific days of the week. Use the
no form of this command to disable dial backup (as specified). For more detailed information on
dial-backup functionality, refer to the Functional Notes and Technology Review sections of the command
dial-backup call-mode on page 2496. Variations of this command include:
dial-backup schedule day <name>

dial-backup schedule enable-time <value>
dial-backup schedule disable-time <value>
Syntax Description
day <name> Sets the days to allow backup. Valid range is Monday through Sunday.
enable-time <value> Sets the time of day to enable backup. Time is entered in a 24-hour format
(00:00).
disable-time <value> Sets the time of day to disable backup. Time is entered in a 24-hour format
(00:00).
Default Values
By default, dial backup is enabled for all days and times if the dial-backup auto-backup command has
been issued and the dial-backup schedule has not been entered.
Command History
Usage Examples
The following example enables dial backup Monday through Friday 8:00 a.m. to 7:00 p.m.:

(config-atm 1.1)#dial-backup schedule enable-time 08:00
(config-atm 1.1)#dial-backup schedule disable-time 19:00
(config-atm 1.1)#no dial-backup schedule day Saturday
(config-atm 1.1)#no dial-backup schedule day Sunday

dial-backup shutdown
Use the dial-backup shutdown command to deactivate all dial-backup functionality in the unit.
Dial-backup configuration parameters are kept intact, but the unit will not initiate (or respond) to
dial-backup sequences in the event of a network outage. Use the no form of this command to reactivate the
dial-backup interface. For more detailed information on dial-backup functionality, refer to the Functional
Syntax Description
No subcommands.
Default Values
By default, all AOS interfaces are disabled.
Command History
Usage Examples
The following example deactivates the configured dial-backup interface:

(config-atm 1.1)#dial-backup shutdown

dynamic-dns

Syntax Description
<username> Specifies the user name.
<password> Specifies the password.
Default Values
Command History
Functional Notes

Usage Examples
The following example sets the Dynamic DNS to dyndns-custom with host name host, user name user,
and password pass:

(config-atm 1.1)#dynamic-dns dyndns-custom host user pass

encapsulation
Use the encapsulation command to configure the encapsulation type for the ATM Adaptation Layer
(AAL) of the Asynchronous Transfer Mode (ATM) Protocol Reference Model. Use the no form of this
encapsulation aal5mux ip
encapsulation aal5mux ppp
encapsulation aal5snap
Syntax Description
aal5mux ip Specifies encapsulation type for multiplexed virtual circuits using the IP
protocol.
aal5mux ppp Specifies encapsulation type for multiplexed virtual circuits using the
Point-to-Point Protocol (PPP).
aal5snap Specifies encapsulation type that supports LLC/SNAP protocols.
Default Values
By default, the encapsulation type is aal5snap.
Command History
Functional Notes
For PPP and Point-to-Point Protocol over Ethernet (PPoE), the encapsulation type can be aal5snap or
aal5mux ppp. For IP with no bridging, the encapsulation type can be aal5snap or aal5mux ip. For IP with
bridging, the encapsulation type can only be aal5snap. For bridging, the encapsulation type can only be
aal5snap.
Usage Examples
The following example sets the encapsulation type to aal5snap:

(config-atm 1.1)#encapsulation aal5snap

fair-queue
Use the fair-queue command to enable weighted fair queuing (WFQ) on an interface. Use the no form of
this command to disable WFQ and enable first in, first out (FIFO) queueing for an interface. Variations of
fair-queue
fair-queue <value>
WFQ must be enabled on an interface to use priority queuing. By default, WFQ is enabled
for all interfaces with maximum bandwidth speeds equivalent to T1/E1 and below.
Syntax Description
<value> Optional. Value that specifies the maximum number of packets that can be
present in each conversation subqueue. Packets received for a
conversation after this limit is reached are discarded. Range is 16 to
512 packets.
Default Values
By default, fair-queue is enabled with a threshold of 64 packets.
Command History
Usage Examples
The following example enables WFQ on the interface with a threshold set at 100 packets:

(config-atm 1.1)#fair-queue 100

hold-queue <value> out

Use the hold-queue out command to change the overall size of an interface's wide area network (WAN)
output queue. Use the no form of this command to return to the default setting.
Syntax Description
<value> The total number of packets the output queue can contain before packets
are dropped. Range is 16 to 1000 packets.
Default Values
The default queue size for weighted fair queuing (WFQ) is 400. The default queue size for Point-to-Point
Protocol (PPP) first in, first out (FIFO) and Frame Relay round-robin is 200.
Command History
Usage Examples
The following example sets the overall output queue size to 700:

(config-atm 1.1)#hold-queue 700 out


Use the ip access-group command to create an Internet Protocol version 4 (IPv4) access control list (ACL)
to be used for packets transmitted on or received from the specified interface. Use the no form of this

Syntax Description
<ipv4 acl name> Specifies the assigned IPv4 ACL name.
in Enables access control on packets received on the specified interface.
out Enables access control on packets transmitted on the specified interface.
Default Values
Command History
Functional Notes
Usage Examples
The following example sets up the router to only allow Telnet traffic into the ATM subinterface:

(config-ext-nacl)#interface atm 1.1
(config-atm 1.1)#ip access-group TelnetOnly in


Syntax Description
Default Values
Command History
interfaces.
products.
Functional Notes
Usage Examples


Associate the ACP with the ATM interface 1.1:

(config-atm 1.1)#ip access-policy PRIVATE

ip address dhcp
Syntax Description
from a DHCP server.
media type).
media types.
delimiters).


obtained via DHCP.
Default Values
formula:
8 7 6 5 4 3 2 1
address:

16 / 0x0401
50 / 0x0C21
60 / 0x0CC1
70 / 0x1061
80 / 0x1401
Command History
subinterface.
Ethernet Interface.
DHCP Option 60.
Functional Notes
Option 43.
Usage Examples
The following example enables DHCP operation on the interface:

(config-atm 1.1)#ip address dhcp
The following example enables DHCP operation on the interface utilizing host name adtran and does not
allow obtaining a default route, domain name, or name servers. It also sets the administrative distance as
5:

(config-atm 1.1)#ip address dhcp hostname “adtran” no-default-route no-domain-name
no-nameservers 5


interface. Use the optional secondary keyword to define a secondary IPv4 address. Use the no form of this
command to remove a configured IPv4 address. Variations of this command include:

Syntax Description
example, /24).
Default Values
Command History
Functional Notes
Usage Examples
The following example configures a secondary IPv4 address of 192.22.72.101 255.255.255.252:

(config-atm 1.1)#ip address 192.22.72.101 255.255.255.252 secondary


secondary
Syntax Description
example, 10.10.10.1).
example, /24).
Default Values
Command History
Functional Notes
Usage Examples
on subnet 255.255.255.252:

(config-atm 1.1)#ip address range 192.22.72.1 192.22.72.10 255.255.255.252 secondary


Syntax Description
Default Values
Command History
subinterface.
Release 9.1 Command was expanded to include the High-Levell Data Link Control
(HDLC) interface.
Ethernet Interface.
Functional Notes


(in) (out)
IPSec IPSec
NAT/ACP/
Firewall
Router
by the firewall.
Usage Examples
The following example applies all IPv4 crypto maps with the name MyMap to the interface:

(config-atm 1.1)#ip crypto map MyMap

ip dhcp
ip dhcp release
ip dhcp renew
Syntax Description
Default Values
Command History
subinterface.
Ethernet interface.
Usage Examples
The following example releases the IPv4 DHCP address for the ATM subinterface 1.1:

(config-atm 1.1)#ip dhcp release


Syntax Description
Default Values
Command History
Usage Examples
192.33.4.251:

(config-atm 1.1)#ip dhcp relay destination 192.33.4.251

Syntax Description
<name> Specifies IP access control list (ACL) name.
Default Values
Command History
Functional Notes

Usage Examples
The following example enables forwarding of directed broadcasts on the interface atm 1.1:

(config-atm 1.1)#ip directed-broadcast

ip ffe
Use the ip ffe command to enable the RapidRoute Engine on this interface with the default number of
entries. Use the no form of this command to disable this feature. Variations of this command include:
ip ffe
Issuing this command will cause all RapidRoute entries on this interface to be cleared.
Syntax Description
Default Values
By default, the RapidRoute Engine is disabled. The default number of max-entries is 4096.
Command History
Functional Notes
Usage Examples
The following example enables RapidRoute and sets the maximum number of entries in the flow table to
50:

(config-atm 1.1)#ip ffe max-entries 50

Technology Review
processing layers.

ip flow
ip flow egress
ip flow ingress
Syntax Description
filtering traffic.
Default Values
Command History
Usage Examples
The following example enables traffic monitoring on an atm subinterface to monitor incoming traffic

(config-atm 1.1)#ip flow ingress myacl


packets.
The ip helper command must be used in conjunction with the ip forward-protocol

command to configure AOS to forward UDP broadcast packets. Refer to ip
forward-protocol udp <value> on page 1390 for more information.
Syntax Description
10.10.10.1).
Default Values
Command History
Functional Notes
To implement the helper address feature, assign an address(es) (specifying the device that needs to

Usage Examples
IP address 192.33.5.99:

(config-atm 1.1)#ip helper-address 192.33.5.99

ip igmp
command include:
Syntax Description
default setting.
querier’s last query before it takes over as querier (IGMP Version 2).
Range is 60 to 300 seconds. Use the no form of this command to return
to the default setting.
For IGMP Version 2, the DR is the router with the lowest IP address on
the segment. Range is 0 to 65535 seconds. Use the no form of this
<seconds> interface in queries when using IGMP Version 2. Hosts are allowed a
random time within this period to respond, reducing response bursts.
Use the no form of this command to return to the default setting.

Syntax Description
Default Values
ip igmp immediate-leave No default
ip igmp last-member-query-interval 1000 milliseconds
ip igmp querier-timeout 2x the query-interval value
ip igmp query-interval 60 seconds
ip igmp query-max-response-time 10 seconds
ip igmp static-group No default
ip igmp version Version 1
Command History
Usage Examples

(config-atm 1.1)#ip igmp last-member-query-interval 200

Management Protocol (IGMP) (router mode) on an interface and place it in multicast stub downstream
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples

(config-atm 1.1)#ip mcast-stub downstream

ip mcast-stub fixed
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
the ip igmp static-group <address> command to receive multicast traffic without host-initiated Internet
Usage Examples
(config)#interface atm1.1
(config-atm 1.1)#ip mcast-stub fixed

feature.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
the interface becomes the active upstream interface, enabling the router to perform as an IGMP proxy.
Refer to ip mcast-stub helper-address <ip address> on page 1410, ip mcast-stub downstream on page
2536, and ip mcast-stub upstream on page 2539 for more information.
Usage Examples

(config-atm 1.1)#ip mcast-stub helper-enable

Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples

(config-atm 1.1)#ip mcast-stub upstream

ip mtu <size>
Syntax Description
BVIs 64 to 2100
Default Values
BVIs 1500
FDL interfaces 256
PPP interfaces 1500
Command History
products.

Functional Notes
Usage Examples

(config-atm 1.1)#ip mtu 1200

ip ospf

Syntax Description
4294967295.
1 to 65535.
seconds.
0 to 255.


32767 seconds.
Default Values
Protocol (PPP)
priority <value> 1
Command History
Usage Examples
The following example sets the maximum number of seconds allowed between hello packets to 25000:

(config-atm 1.1)#ip ospf 1 dead-interval 25000



Syntax Description
Default Values
Command History
Usage Examples
The following example specifies that no authentication will be used on the ATM subinterface 1.1:

(config-atm 1.1)#ip ospf 1 authentication null



Syntax Description
Default Values
point-to-point.
Command History
Functional Notes
Usage Examples

(config-atm 1.1)#ip ospf network broadcast

ip pim sparse-mode
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
unidirectional shared trees rooted at a rendezvous point (RP) for a multicast group or a shortest-path tree
Usage Examples

(config-atm 1.1)#ip pim sparse-mode


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies a priority of 100 on the asynchronous transfer mode (ATM) subinterface
1.1:

(config-atm 1.1)#ip pim-sparse dr-priority 100


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies hellos be sent on the asynchronous transfer mode (ATM) subinterface 1.1
every 3600 seconds:

(config-atm 1.1)#ip pim-sparse hello-timer 3600


Syntax Description
Default Values
Command History
Usage Examples
The following example sets the nbr-timeout to 300 seconds:

(config-atm 1.1)#ip pim-sparse nbr-timeout 300


default value.
Syntax Description
65535 milliseconds.
Default Values
Command History
Usage Examples

(config-atm 1.1)#ip pim-sparse override-interval 3000


Syntax Description
Default Values
Command History
Usage Examples

(config-atm 1.1)#ip pim-sparse propagation-delay 300


Use the ip policy route-map command to assign a policy route map to this interface. Use the no form of
Syntax Description
Default Values
Command History
Usage Examples
The following example assigns the policy route map policy1 to the asynchronous transfer mode (ATM)
subinterface 1.1:

(config-atm 1.1)#ip policy route-map policy1

ip proxy-arp
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
If proxy ARP is enabled, AOS will respond to all proxy ARP requests with its specified medium access
control (MAC) address and forward packets accordingly.
Usage Examples
The following example enables proxy ARP on the ATM subinterface 1.1:

(config-atm 1.1)#ip proxy-arp


unit accepts in all RIP packets received on the interface. Use the no form of this command to restore the

Syntax Description
1 Accepts only received RIP version 1 packets on the interface.
Default Values
Command History
Functional Notes
Use the ip rip receive version to specify a RIP version that will override the version (in the Router RIP)
configuration.
Usage Examples
The following example configures the ATM subinterface 1.1 to accept only RIP version 2 packets:

(config-atm 1.1)#ip rip receive version 2

ip rip send version

unit sends in all RIP packets transmitted on the interface. Use the no form of this command to restore the

Syntax Description
Default Values
Command History
Functional Notes
Use the ip rip send version to specify a RIP version that will override the version (in the Router RIP)
configuration.
Usage Examples
The following example configures the ATM subinterface 1.1 to transmit only RIP version 2 packets:

(config-atm 1.1)#ip rip send version 2


disable this mode.
Syntax Description
Default Values
Command History
Functional Notes
Usage Examples

(config-atm 1.1)#ip rip summary-address 10.10.123.0 255.255.255.0

ip route-cache
Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this
command to disable fast-cache switching and return to process switching mode.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Fast switching allows an IP interface to provide optimum performance when processing IP traffic.
Usage Examples
The following example enables fast switching on the ATM subinterface 1.1:

(config-atm 1.1)#ip route-cache

configuration.
Syntax Description
Default Values
By default, all interfaces are configured to use a specified IP address (using the command ip address
<ipv4 address> <subnet mask> on page 2521).
Command History
Ethernet interface.
Functional Notes
taken from the specified interface. For example, specifying ip unnumbered eth 0/1 while in the Frame
Relay Subinterface Configuration mode configures the Frame Relay subinterface to use the IP address
assigned to the Ethernet interface for all IP processing. In addition, AOS uses the specified interface
Usage Examples
The following example configures the ATM subinterface 1.1 to use the IP address assigned to the Ethernet
interface (eth 0/1):

(config-atm 1.1)#ip unnumbered eth 0/1

ip urlfilter <name>
Syntax Description
Default Values
Command History
interfaces.
Functional Notes
must be created by using the ip urlfilter <name> http command before applying it to the interface. Refer
to ip urlfilter allowmode on page 1485 for more information on using this command.
Usage Examples
The following example performs URL filtering on all traffic entering through the asynchronous transfer
mode (ATM) subinterface 1.1 and matches the URL filter named MyFilter:

(config-atm 1.1)#ip urlfilter MyFilter in


are removed, DHCPv6 relay functionality is disabled on the interface. Variations of this command include:

Syntax Description
should be specified in colon hexadecimal format (X:X:X:X::X). For
example, 2001:DB8:1::1.
Default Values
Command History
Release R10.1.0 Command was expanded to include the Tunnel interface.
Functional Notes
using the command ipv6.
Usage Examples
2001:DB8:2::1:

(config-atm 1.1)#ipv6
(config-atm 1.1)#ipv6 dhcp relay destination 2001:DB8:2::1

Syntax Description
Default Values
Command History
Usage Examples
The following example specifies 85 percent bandwidth on the asynchronous transfer mode (ATM)
subinterface to be available for use in user-defined queues:

(config-atm 1.1)#max-reserved-bandwidth 85

media-gateway ip

Syntax Description
loopback interface.
(for example, 10.10.10.1).
Default Values
Command History
Ethernet interface.
Usage Examples

(config-atm 1.1)#media-gateway ip primary

oam retry
Use the oam retry command to configure parameters related to operations, administration, and
maintenance (OAM) management for an asynchronous transfer mode (ATM) interface. Use the no form of
this command to disable OAM management parameters. Variations of this command include:
oam retry
oam retry <up value>
oam retry <up value> <down value>
oam retry <up value> <down value> <value>
Syntax Description
<up value> Optional. Specifies the number of consecutive end-to-end F5 OAM
loopback cell responses that must be received in order to change a
permanent virtual circuit (PVC) connection state to up. Range is 1 to 255.
<down value> Optional. Specifies the number of consecutive end-to-end F5 OAM
loopback cell responses that are not received in order to change a PVC
state to down. Range is 1 to 255.
<value> Optional. Specifies the frequency (in seconds) that end-to-end F5 OAM
loopback cells are transmitted when a change in the up/down state of a
PVC is being verified. Range is 1 to 600 seconds.
Default Values
By default, the up-count is set to 3, the down-count is set to 5, and the retry frequency is 1.
Command History
Usage Examples
The following example configures the OAM parameters with an up-count of 2, down-count of 2, and retry
frequency of 10:

(config-atm 1.1)#oam retry 2 2 10

oam-pvc managed
Use the oam-pvc managed command to enable end-to-end F5 operations, administration, and
maintenance (OAM) loopback cell generation and OAM management for an asynchronous transfer mode
(ATM) interface. Use the no form of this command to disable generation of OAM loopback cells.
oam-pvc managed
oam-pvc managed <value>
Syntax Description
<value> Optional. Specifies the time delay between transmitting OAM loopback
cells. Range is 0 to 600 seconds.
Default Values
By default, the frequency is 1 second.
Command History
Usage Examples
The following example enables OAM loopback cell generation with a frequency of 5 seconds:

(config-atm 1.1)#oam-pvc managed 5

Syntax Description
Default Values
Command History
Functional Notes
Usage Examples

(config-atm 1.1)#packet-capture 1CAPTURE

pvc <VPI/VCI>
Use the pvc command to select the asynchronous transfer mode (ATM) virtual link for this subinterface.
Use the no form of this command to remove the link.
Syntax Description
<VPI/VCI> Specifies the ATM network virtual path identifier (VPI) for this permanent
virtual circuit (PVC). The VPI value range is 0 to 255, and the virtual
channel identifier (VCI) value range is 32 to 65535.
Default Values
Command History
Usage Examples
The following example sets the VPI to 8 and the VCI to 35:

(config-atm 1.1)#pvc 8/35

qos-policy
Syntax Description
Default Values
Command History
Functional Notes
5. The interface queuing method is changed to fair-queue to use weighted fair queuing (WFQ).

Usage Examples
The following example applies the QoS map VOICEMAP to the ATM subinterface 1.1:

(config-atm 1.1)#qos-policy out VOICEMAP

snmp trap
Syntax Description
No subcommands.
Default Values
enabled.
Command History
interface.
Release 17.9 Command was expanded to the Frame Relay and the ATM subinterfaces.
Usage Examples
The following example enables SNMP on the virtual ATM subinterface:

(config-atm 1.1)#snmp trap


Syntax Description
No subcommands.
Default Values
Command History
interface.
interface.
Release 17.9 Command was explanded to the Frame Relay and the ATM subinterfaces.
Functional Notes
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on th ATM subinterface:

(confi-atm 1.1)#no snmp trap link-status

Use the spanning-tree bpdufilter command to block bridge protocol data units (BPDUs) from being
transmitted and received on this interface. To return to the default value, use the no form of this command.

Syntax Description
disable Disables the BPDU filter.
enable Enables the BPDU filter.
Default Values
By default, this command is set to disable.
Command History
Functional Notes
The purpose of this command is to remove a port from participation in the spanning tree. This might be
beneficial while debugging a network setup. It normally should not be used in a live network.
Usage Examples
The following example enables the BPDU filter on the interface:

(config-atm 1.1)#spanning-tree bpdufilter enable

Use the spanning-tree bpduguard command to block bridge protocol data units (BPDUs) from being
received on this interface. To return to the default value, use the no form of this command. Variations of

Syntax Description
disable Disables the BPDU block.
enable Enables the BPDU block.
Default Values
Command History
Usage Examples
The following example enables the bpduguard on the interface:

(config-atm 1.1)#spanning-tree bpduguard enable

Use the spanning-tree edgeport command to set this interface to be an edgeport. This command overrides
the global setting (refer to spanning-tree edgeport default on page 1829). Use the no form of this
Syntax Description
No subcommands.
Default Values
Command History
Release 8.1 Command was added to the ATM Subinterface command set.
Functional Notes
When an interface is designated as an edgeport, the interface will immediately go to a forwarding state
when the link becomes active. When an interface is not designated as an edgeport, the interface must go
through the listening and learning states before going to the forwarding state.
Usage Examples
The following example configures the interface to be an edgeport:

(config-atm 1.1)#spanning-tree edgeport

(config-atm 1.1)#spanning-tree edgeport disable
or

(config-atm 1.1)#no spanning-tree edgeport

Use the spanning-tree link-type command to configure the spanning-tree protocol link type for an
interface. To return to the default value, use the no form of this command. Variations of this command
include:

Syntax Description
point-to-point Sets link type manually to point-to-point regardless of duplex settings.
shared Sets link type manually to shared regardless of duplex settings.
Default Values
By default, a port is set to auto.
Command History
Functional Notes
This command overrides the default link-type setting determined by the duplex of the individual port. By
use the specified link type. Using the link-type auto command, restores the convention of determining link
Usage Examples
The following example forces the link type to point-to-point, even if the port is configured to be half-duplex:
(config)#bridge 1 protocol ieee

(config-atm 1.1)#spanning-tree link-type point-to-point
Technology Review


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example assigns a path cost of 100 for bridge group 17 on an ATM subinterface:

(config-atm 1.1)#spanning-tree path-cost 100
Technology Review


Use the spanning-tree port-priority command to select the priority level of a port associated with a
bridge. To return to the default bridge-group priority value, use the no form of this command.
Syntax Description
<value> Assigns a priority value for the bridge group; the lower the value, the higher
the priority. Valid range is 0 to 255.
Default Values
By default, the bridge-group priority value is set to 128.
Command History
Functional Notes
At that point, the level set in this command will determine which port the bridge will use. Set the priority
value lower to increase the chance the interface will be used.
Usage Examples
The following example sets the maximum priority on the ATM subinterface labeled 1.1 in bridge
group 17:

(config-atm 1.1)#spanning-tree port-priority 0


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example assigns the ATM subinterface labeled 1.1 to the VRF instance named RED:


BVI Interface Command Set Command Reference Guide
BVI INTERFACE COMMAND SET
To activate the Bridged Virtual Interface Configuration mode, first enable integrated routing and bridging
(IRB) via the bridge irb command (refer to bridge irb on page 1221) at the Global Configuration mode
prompt. For example:
>enable
#configure terminal
(config)#bridge irb
Next, enter the interface bvi command and a specific interface number that corresponds to an existing
bridge group at the Global Configuration mode prompt. For example:
(config)#bridge irb
(config-bvi 1)#
do on page 81
end on page 82
exit on page 83
shutdown on page 93

mac-address <mac address> on page 2614
qos-policy out <name> on page 2617
traffic-shape rate <value> on page 2619

Command Reference Guide BVI Interface Command Set
bandwidth <value>
Syntax Description
Default Values
To view default values, use the show interfaces command.
Command History
Functional Notes
Usage Examples
The following example sets bandwidth of BVI 1 to 10 Mbps:
(config-bvi 1)#bandwidth 10000

dynamic-dns

Syntax Description
<password> Specifies a password using an alphanumerical string up to 30 characters in
Default Values
Command History
Functional Notes

Usage Examples
and password pass:
(config-bvi 1)#dynamic-dns dyndns-custom host user pass



Syntax Description
<ipv4 acl name> Specifies the IPv4 ACL name.
Default Values
Command History
Functional Notes
Usage Examples
The following example sets up the router to only allow Telnet traffic into BVI 1:
(config-bvi 1)#ip access-group TelnetOnly in


Syntax Description
Default Values
Command History
interfaces.
products.
Functional Notes
Usage Examples


Associate the ACP with the BVI interface 1:
(config-bvi 1)#ip access-policy PRIVATE


Syntax Description
Default Values
Command History
subinterface.
(HDLC) interface.
Ethernet Interface.
Functional Notes


(in) (out)
IPSec IPSec
NAT/ACP/
Firewall
Router
by the firewall.
Usage Examples
(config-bvi 1)#ip crypto map MyMap

ip address dhcp
Syntax Description
from a DHCP server.
media type).
media types.
delimiters).


obtained via DHCP.
Default Values
formula:
8 7 6 5 4 3 2 1
address:

16 / 0x0401
50 / 0x0C21
60 / 0x0CC1
70 / 0x1061
80 / 0x1401
Command History
subinterface.
Ethernet Interface.
DHCP Option 60.
Functional Notes
Option 43.
Usage Examples
(config-bvi 1)#ip address dhcp
5:
(config-bvi 1)#ip address dhcp hostname “adtran” no-default-route no-domain-name
no-nameservers 5



Syntax Description
example, /24).
Default Values
Command History
Functional Notes
Usage Examples
(config-bvi 1)#ip address 192.22.72.101 255.255.255.252 secondary


secondary
Syntax Description
example, 10.10.10.1).
example, /24).
Default Values
Command History
Functional Notes
Usage Examples
on subnet 255.255.255.252:
(config-bvi 1)#ip address range 192.22.72.1 192.22.72.10 255.255.255.252 secondary

ip dhcp
ip dhcp release
ip dhcp renew
Syntax Description
Default Values
Command History
subinterface.
Ethernet interface.
Usage Examples
The following example releases the DHCP IPv4 address for the virtual interface:
(config-bvi 1)#ip dhcp release


Syntax Description
should be expressed in dotted decimal notation (for example, 10.10.10.1)..
Default Values
Command History
Usage Examples
192.33.4.251:
(config-bvi 1)#ip dhcp relay destination 192.33.4.251

Syntax Description
Default Values
Command History
Functional Notes

Usage Examples
The following example enables forwarding of directed broadcasts on BVI 1:
(config-bvi 1)#ip directed-broadcast

ip flow
ip flow egress
ip flow ingress
Syntax Description
filtering traffic.
Default Values
Command History
Usage Examples
The following example enables traffic monitoring on a bridged virtual interface (BVI) to monitor incoming
traffic through an ACL called myacl:
(config-bvi 1)#ip flow ingress myacl


packets.

Syntax Description
10.10.10.1).
Default Values
Command History
Functional Notes
To implement the helper address feature, assign a helper-address(es) (specifying the device that needs to

Usage Examples
The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99:

(config-bvi 1)#ip helper-address 192.33.5.99

ip mtu <size>
Syntax Description
BVIs 64 to 2100
Default Values
BVIs 1500
FDL interfaces 256
PPP interfaces 1500
Command History
products.

Functional Notes
Usage Examples
(config-bvi 1)#ip mtu 1200

ip ospf

Syntax Description
4294967295.
1 to 65535.
seconds.
0 to 255.


32767 seconds.
Default Values
Protocol (PPP)
priority <value> 1
Command History
Release 15.1 Command was expanded to include the BVIs.
Usage Examples
(config-bvi 1)#ip ospf 1 dead-interval 25000



Syntax Description
Default Values
Command History
Usage Examples
The following example specifies that no authentication will be used on BVI 1:
(config-bvi 1)#ip ospf 1 authentication null



Syntax Description
Default Values
point-to-point.
Command History
Functional Notes
Usage Examples
(config-bvi 1)#ip ospf 1 network broadcast


Syntax Description
Default Values
Command History
Usage Examples
(config-bvi 1)#ip policy route-map policy1

ip proxy-arp
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
The following example enables proxy ARP on BVI 1:
(config-bvi 1)#ip proxy-arp



Syntax Description
Default Values
Command History
Functional Notes
Use the ip rip receive version command to specify a RIP version that will override the version (in the
Router RIP) configuration.
Usage Examples
The following example configures a BVI to accept only RIP version 2 packets:
(config-bvi 1)#ip rip receive version 2

ip rip send version


Syntax Description
Default Values
Command History
Functional Notes
configuration.
Usage Examples
The following example configures a BVI to transmit only RIP version 2 packets:
(config-bvi 1)#ip rip send version 2


disable this mode.
Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
(config-bvi 1)#ip rip summary-address 10.10.123.0 255.255.255.0

ip route-cache
Syntax Description
No subcommands.
Default Values
By default, fast-cache switching is enabled on all Ethernet and virtual bridged virtual interfaces (BVIs). IP
route cache is enabled for all virtual Point-to-Point Protocol (PPP) interfaces.
Command History
Functional Notes
Usage Examples
The following example enables fast-cache switching on a BVI:
(config-bvi 1)#ip route-cache

configuration.
Syntax Description
interface id.subinterface id]>. For example, for a T1 interface, use t1 0/1; for
an Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; and
for an ATM subinterface, use atm 1.1. Type ip unnumbered ? for a list of
valid interfaces.
Default Values
Command History
Functional Notes
taken from the specified interface. For example, specifying ip unnumbered eth 0/1 while in the BVI
Configuration mode configures the BVI to use the IP address assigned to the Ethernet interface for all IP
processing. In addition, AOS uses the specified interface information when sending route updates over the
unnumbered interface.
Usage Examples
The following example configures BVI 1 to use the IP address assigned to the Ethernet interface (eth 0/1):
(config-bvi 1)#ip unnumbered eth 0/1

ip urlfilter <name>
Syntax Description
Default Values
Command History
interfaces.
Functional Notes
Usage Examples
The following example performs URL filtering on all traffic entering through BVI 1 and matches the URL
filter named MyFilter:
(config-bvi 1)#ip urlfilter MyFilter in



Syntax Description
example, 2001:DB8:1::1.
Default Values
Command History
Functional Notes
Usage Examples
2001:DB8:2::1:
(config-bvi 1)#ipv6
(config-bvi 1)#ipv6 dhcp relay destination 2001:DB8:2::1

mac-address <mac address>

Use the mac-address command to specify the medium access control (MAC) address of the virtual local
area network (VLAN) interface. Only the last three values of the MAC address can be modified. The first
three values contain the ADTRAN reserved number (00:0A:C8) by default. Use the no form of this
command to return to the default MAC address programmed by ADTRAN.
Syntax Description
Default Values
A unique default MAC address is programmed in each unit shipped by ADTRAN.
Command History
Usage Examples
The following example configures a MAC address of 00:0A:C8:5F:00:D2 for BVI 1:
(config-bvi 1)#mac-address 00:0A:C8:5F:00:D2

Syntax Description
Default Values
Command History
Usage Examples
The following example specifies 85 percent of the bandwidth on BVI 1 be available for use in user-defined
queues:
(config-bvi 1)#max-reserved-bandwidth 85

Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
(config-bvi 1)#packet-capture 1CAPTURE


Use the qos-policy out command to apply a previously configured quality of service (QoS) map to
outgoing packets on an interface. Use the no form of this command to remove the map from the interface.
Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example applies the QoS map VOICEMAP to BVI 1:
(config-bvi 1)#qos-policy out VOICEMAP

Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables RTP quality monitoring on the bridged virtual interface (BVI) 1:
(config-bvi 1)#rtp quality-monitoring


Use the traffic-shape rate command to specify and enforce an output bandwidth for the bridged virtual
interface (BVI). Use the no form of this command to disable this feature. Variations of this command
include:

traffic-shape rate <value> count-eth-overhead
traffic-shape rate <value> <burst>
traffic-shape rate <value> <burst> count-eth-overhead
Syntax Description
<value> Specifies the rate (in bits per second) at which the interface should be shaped.
<burst> Optional. Specifies the allowed burst in bytes. By default, the burst is
specified as the rate divided by 5 and represents the number of bytes that
would flow within 200 ms.
count-eth-overhead Optional. Indicates to include the Ethernet header overhead bytes when
determining packet size.
Default Values
By default, traffic-shape rate is disabled.
Command History
Release R11.1.0 Command was expanded to include the count-eth-overhead parameter,
control EVC.
Functional Notes
Traffic shaping can be used to limit the virtual local area network (VLAN) interface to a particular rate or to
specify use of quality of service (QoS).
Usage Examples
The following example sets the outbound rate of BVI 1 to 128 kbps and applies a QoS policy that gives all
Realtime Transport Protocol (RTP) traffic priority over all other traffic:
(config)#qos map voip 1

(config-qos-map)#match ip rtp 10000 10500 all
(config-qos-map)#priority unlimited
(config-qos-map)#interface bvi 1
(config-bvi 1)#traffic-shape rate 128000
(config-bvi 1)#qos-policy out voip


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example assigns the bvi 1 interface to the VRF instance named RED:
(config-bvi 1)#vrf forwarding RED

Command Reference Guide Demand Interface Command Set
DEMAND INTERFACE COMMAND SET
To create a virtual demand interface and/or activate the Demand Interface Configuration mode, enter the
interface demand command at the Global Configuration mode prompt. For example:
>enable
#configure terminal
(config)#interface demand 1
(config-demand 1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93

called-number <number> on page 2624
caller-number <number> on page 2625
connect-mode on page 2626
connect-order on page 2627
connect-sequence on page 2628
connect-sequence attempts <value> on page 2630
connect-sequence interface-recovery on page 2631
demand-hold-queue <number> timeout <value> on page 2632
fast-idle <value> on page 2636
idle-timeout <value> on page 2638
keepalive <value> on page 2674

Demand Interface Command Set Command Reference Guide
match-interesting ip on page 2678

peer default ip address <ipv4 address> on page 2693
ppp commands begin on page 2694
resource pool <name> on page 2707
username <username> password <password> on page 2710

bandwidth <value>
Syntax Description
<value> Specifies the bandwidth value in kbps.
Default Values
To view default values, use the show interfaces command.
Command History
Functional Notes
Usage Examples
The following example sets the bandwidth of the demand interface to 10 Mbps:
(config-demand 1)#bandwidth 10000

called-number <number>
Use the called-number command to link calls to specific interfaces based on their dialed number
identification service (DNIS) numbers. Multiple called numbers may be specified for an interface. Use the
no form of this command to restore the default value.
Syntax Description
<number> Identifies the called number to be linked to an interface. The DNIS number
is limited to 20 digits.
Default Values
By default, no called numbers are defined.
Command History
Usage Examples
The following example links calls with a DNIS number of 2565558409 to the demand interface 1:
(config-demand 1)#called-number 2565558409

caller-number <number>
Use the caller-number command to link calls to specific interfaces based on its caller ID (CLID) number.
Multiple caller ID numbers may be specified, allowing the interface to accept calls from different remote
resources. Use the no form of this command to restore the default value.
Syntax Description
<number> Identifies the caller’s number to be linked to an interface. The CLID number
is limited to 20 digits.
Default Values
By default, no caller numbers are defined.
Command History
Usage Examples
The following example links calls with a CLID number of 2565559911 to the demand interface 1:
(config-demand 1)#caller-number 2565559911

connect-mode
Use the connect-mode command to configure the interface to only answer calls, only originate calls, or to
both answer and originate calls. Use the no form of this command to restore the default value. Variations
connect-mode answer
connect-mode either
connect-mode originate
Syntax Description
answer Specifies the interface may be used to answer calls, but not originate calls.
either Specifies the interface may be used to answer and originate calls.
originate Specifies the interface may be used to originate calls, but not answer calls.
Default Values
By default, the connect mode is set to both answer and originate calls.
Command History
Usage Examples
The following example configures demand interface 1 to only answer calls:
(config-demand 1)#connect-mode answer

connect-order
Use the connect-order command to specify the starting point in the connection sequence for each
sequence activation. The connection sequence is a circular list. Use the no form of this command to restore
connect-order last-successful
connect-order round-robin
connect-order sequential
Syntax Description
last-successful Specifies the connect sequence be processed beginning with the last
successful entry or the first entry if there are no previous connections.
round-robin Specifies the connect sequence be processed beginning with the entry that
follows the last successful entry or the first entry if there are no previous
connections.
sequential Specifies the connect sequence be processed from the beginning of the list.
Default Values
By default, connect sequences are processed sequentially.
Command History
Usage Examples
The following example configures the connection sequence to begin with the last successful entry:
(config-demand 1)#connect-order last-successful

connect-sequence
Use the connect-sequence command to provide instructions to the interface on how to use the resource
pool and telephone numbers to connect to demand destinations. Use the no form of this command to
restore the default value.Variations of this command include the following:
connect-sequence <value> dial-string <string> forced-analog

connect-sequence <value> dial-string <string> forced-analog busyout-threshold <value>
connect-sequence <value> dial-string <string> forced-cellular
connect-sequence <value> dial-string <string> forced-cellular busyout-threshold <value>
connect-sequence <value> dial-string <string> forced-isdn-56k
connect-sequence <value> dial-string <string> forced-isdn-56k busyout-threshold <value>
connect-sequence <value> dial-string <string> forced-isdn-64k
connect-sequence <value> dial-string <string> forced-isdn-64k busyout-threshold <value>
connect-sequence <value> dial-string <string> isdn-56k
connect-sequence <value> dial-string <string> isdn-56k busyout-threshold <value>
connect-sequence <value> dial-string <string> isdn-64k
connect-sequence <value> dial-string <string> isdn-64k busyout-threshold <value>
Syntax Description
<value> Specifies the sequence number for this connection specification entry.
dial-string <string> Specifies the telephone number to dial when using this connection. The dial
string is limited to 20 digits.
forced-analog Specifies that only analog resources may be used.
forced-cellular Specifies that only cellular resources may be used.
forced-isdn-56k Specifies that only integrated services digital network (ISDN) resources may
be used. Call is placed using ISDN 56k.
forced-isdn-64k Specifies that only ISDN resources may be used. Call is placed using ISDN
64k.
isdn-56k Specifies any dial resource may be used if ISDN 56k call type is used.
isdn-64k Specifies any dial resource may be used if ISDN 64k call type is used.
busyout-threshold <value> Optional. Specifies the maximum number of connect sequence cycles
during an activation attempt that must fail before it is skipped until the next
activation attempt.
Default Values
By default, any dial resource may be used.
By default, the dial string for cellular connections is #777.
Command History

Usage Examples
The following example instructs demand interface 1 to place the call using ISDN 64k:
(config-demand 1)#connect-sequence 65 dial-string 2565559911 forced-isdn-64k
The following example instructs demand interface 1 to place the call using a cellular connection:
(config-demand 1)#connect-sequence 1 dial-string #777 forced-cellular

connect-sequence attempts <value>

Use the connect-sequence attempts command to limit the number of times the connect sequence will
cycle when its entries are unable to establish a connection. When the maximum number of attempts are
exhausted, the interface will go into recovery mode. Refer to connect-sequence interface-recovery on page
2631 for more information. Use the no form of this command to restore the default value.
Syntax Description
<value> Specifies the number of times the connect sequence will cycle through its
entries if it is unable to make a connection. Range is 0 to 65535.
Default Values
By default, the connect-sequence attempts are unlimited.
Command History
Usage Examples
The following example instructs demand interface 1 to attempt its connection sequence 500 times:
(config-demand 1)#connect-sequence attempts 500

connect-sequence interface-recovery
Use the connect-sequence interface-recovery command to allow the interface to go down in the event
that the connect-sequence attempts value is exhausted. Refer to connect-sequence attempts <value> on
page 2630 for more information. Use the no form of this command to restore the default value. Variations
connect-sequence interface-recovery
connect-sequence interface-recovery retry-interval <value>
connect-sequence interface-recovery retry-interval <value> max-retries <number>
Syntax Description
retry-interval <value> Optional. Specifies the number of seconds the interface will wait between
connect sequence cycles during recovery attempts.
max-retries <number> Optional. Specifies the maximum number of times the connect sequence
will cycle in an attempt to bring the interface back up. When in interface
recovery mode, this value overrides the connect-sequence attempts
value.
Default Values
By default, the connect-sequence interface-recovery retry-interval is set to 120 seconds and
max-retries are unlimited.
Command History
Usage Examples
The following example configures demand interface 1 to wait 60 seconds between retry attempts with a
maximum number of 500 retries:
(config-demand 1)#connect-sequence interface-recovery retry-interval 60 max-retries 500

demand-hold-queue <number> timeout <value>

Use the demand-hold-queue timeout command to set the number and length of time interesting packets
will be held while a connection is being made. Use the no form of this command to restore the default
value.
Syntax Description
<number> Specifies the number of packets that may be stored in the hold queue.
Range is 0 to 100.
<value> Specifies the number of seconds a packet may remain in the hold queue.
Default Values
By default, the hold queue is disabled.
Command History
Usage Examples
The following example configures demand interface 1 to hold 50 packets in the queue for up to
120 seconds:
(config-demand 1)#demand-hold-queue 50 timeout 120

dynamic-dns

Syntax Description
Default Values
Command History
Functional Notes

Usage Examples
and password pass:
(config-demand 1)#dynamic-dns dyndns-custom host user pass

fair-queue
fair-queue
fair-queue <threshold>
Syntax Description
<threshold> Optional. Specifies the maximum number of packets that can be present in
each conversation subqueue. Packets received for a conversation after this
limit is reached are discarded. Range: 16 to 512 packets.
Default Values
By default, WFQ is enabled with a threshold of 64 packets.
Command History
Usage Examples
(config-demand 1)#fair-queue 100

fast-idle <value>
Use the fast-idle command to set the amount of time the demand interface connection will remain active in
the absence of interesting traffic when there is contention for the demand resources being used by this
interface. Use the no form of this command to restore the default value.
Syntax Description
<value> Specifies the number of seconds the interface will remain up in the absence
of interesting traffic. Range is 1 to 2147483 seconds.
Default Values
By default, fast-idle is set to 120 seconds.
Command History
Usage Examples
The following example sets fast idle to 1073752 seconds:
(config-demand 1)#fast-idle 1073752


Syntax Description
<value> Specifies the total number of packets the output queue can contain before
packets are dropped. Range is 16 to 1000 packets.
Default Values
Command History
Usage Examples
(config-demand 1)#hold-queue 700 out

idle-timeout <value>
Use the idle-timeout command to set the amount of time the interface link/bundle will remain up in the
absence of interesting traffic. Interesting traffic and direction logic are set using the match-interesting
commands. Refer to match-interesting ip on page 2678 for more information. Use the no form of this
command to restore the default value.
Syntax Description
<value> Specifies the number of seconds the interface will remain up in the absence
of interesting traffic. Range is 1 to 2147483 seconds.
Default Values
By default, idle-timeout is set to 120 seconds.
Command History
Usage Examples
The following example configures demand interface 1 to time out after 360 seconds:
(config-demand 1)#idle-timeout 360



Syntax Description
<ipv4 acl name> Indicates the assigned IPv4 ACL name.
Default Values
Command History
Functional Notes
Usage Examples
The following example sets up the router to only allow Telnet traffic into the demand interface:

(config-ext-nacl)#interface demand 1
(config-demand 1)#ip access-group TelnetOnly in


Syntax Description
Default Values
Command History
interfaces.
products.
Functional Notes
Usage Examples
to the deman interface 1:


Associate the ACP with the demand interface 1:
(config-demand 1)#ip access-policy PRIVATE


interface. Use the optional keyword secondary to define a secondary IPv4 address. Use the no form of this

Syntax Description
example, /24).
Default Values
Command History
Functional Notes
Usage Examples
(config-demand 1)#ip address 192.22.72.101 255.255.255.252 secondary

ip address cellular
Use the ip address cellular command to allow the interface to be assigned an IP address and name server
from a cellular modem. Use the no form of this command to disable the feature. Variations of this
command include:
ip address cellular
ip address cellular no-nameservers
Syntax Description
no-nameservers Optional. Specifies that the interface receives an IP address from a cellular
modem but does not receive a name server.
Default Values
By default, the interface is assigned an address with the command ip address <ipv4 address> <subnet
mask> on page 2642.
Command History
Functional Notes
In order to configure the demand interface using the ip address cellular command, you must also
configure the interface to use High Level Data Link Control (HDLC) encapsulation, have a cellular resource
configured in the resource pool, and configure the connect-sequence to use forced-cellular. In addition,
for interesting traffic to arrive at the demand interface, a static route must be configured on the AOS
device. The following configuration example displays the necessary configurations for this command to be
used:
(config)#interface demand 1 encapsulation hdlc

(config-demand 1)#resource pool LTERESOURCE
(config-demand 1)#connect-sequence 1 dial-string #777 forced-cellular
(config-demand 1 )#ip address cellular
(config-demand 1)#exit
(config)#ip route 0.0.0.0 0.0.0.0 demand 1
Usage Examples
The following example enables the demand interface to receive an IP address and name server from a
cellular modem:
(config-demand 1)#ip address cellular

ip address negotiated
Use the ip address negotiated command to allow the interface to negotiate (i.e., be assigned) an IP
address from the far-end Point-to-Point Protocol (PPP) connection. Use the no form of this command to
disable the negotiation for an IP address. Variations of this command include:
ip address negotiated
ip address negotiated dns-sync
ip address negotiated dns-sync no-default
ip address negotiated no-default
ip address negotiated no-default dns-sync
Syntax Description
dns-sync Optional. Specifies that when the IP address is negotiated, domain naming
system (DNS) information is also received.
no-default Optional. Prevents the insertion of a default route. Some systems already
have a default route configured and need a static route to the PPP interface
to function correctly.
Default Values
By default, the interface is assigned an address with the ip address <ip address> <subnet mask>
command.
Command History
Release 17.9 Command was expanded to include the dns-sync parameter.
Usage Examples
The following example enables the demand interface to negotiate an IP address from the far-end
connection:
(config-demand 1)#ip address negotiated
The following example enables the demand interface to negotiate an IP address from the far-end
connection without inserting a default route:
(config-demand 1)#ip address negotiated no-default


secondary
Syntax Description
example, 10.10.10.1).
example, /24).
Default Values
Command History
Functional Notes
Usage Examples
on subnet 255.255.255.252:
(config-demand 1)#ip address range 192.22.72.1 192.22.72.10 255.255.255.252 secondary


Syntax Description
Default Values
Command History
subinterface.
(HDLC) interface.
Ethernet Interface.
Functional Notes


(in) (out)
IPSec IPSec
NAT/ACP/
Firewall
Router
by the firewall.
Usage Examples
(config)#demand 1
(config-demand 1)#ip crypto map MyMap


Syntax Description
Default Values
Command History
Usage Examples
192.33.4.251:
(config-demand 1)#ip dhcp relay destination 192.33.4.251

Syntax Description
Default Values
Command History
Functional Notes

Usage Examples
The following example enables forwarding of directed broadcasts on the interface demand 1:
(config-demand 1)#ip directed-broadcast

ip flow
ip flow egress
ip flow ingress
Syntax Description
filtering traffic.
Default Values
Command History
Usage Examples
The following example enables traffic monitoring on a demand interface to monitor incoming traffic
(config-demand 1)#ip flow ingress myacl


packets.

Syntax Description
10.10.10.1).
Default Values
Command History
Functional Notes
To implement the helper address feature, assign a helper address(es) (specifying the device that needs to

Usage Examples
IP address 192.33.5.99:

(config-demand 1)#ip helper-address 192.33.5.99

ip igmp
command include:
Syntax Description
default setting.
default setting.

Syntax Description (Continued)

Default Values
Command History
Usage Examples
(config-demand 1)#ip igmp last-member-query-interval 200

Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
(config-demand 1)#ip mcast-stub downstream

ip mcast-stub fixed
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
the command ip igmp on page 2654 to receive multicast traffic without host-initiated Internet Group
Management Protocol (IGMP) activity on the selected interface. Otherwise, all host-initiated IGMP
Usage Examples
(config-demand 1)#ip mcast-stub fixed

feature.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
(config-demand 1)#ip mcast-stub helper-enable

Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
router's unicast route table, the IGMP host function is dynamically enabled and the interface becomes the
active upstream interface, enabling the router to perform as an IGMP proxy. Though multiple interfaces
may be candidates, no more than one interface will actively serve as the helper forwarding interface. Refer
to ip mcast-stub helper-address <ip address> on page 1410 and ip mcast-stub downstream on page 2656
Usage Examples
(config-demand 1)#ip mcast-stub upstream

ip mtu <size>
Syntax Description
BVIs 64 to 2100
Default Values
BVIs 1500
FDL interfaces 256
PPP interfaces 1500
Command History
products.

Functional Notes
Usage Examples
(config-demand 1)#ip mtu 1200

ip ospf

Syntax Description
4294967295.
1 to 65535.
seconds.
0 to 255.


32767 seconds.
Default Values
Protocol (PPP)
priority <value> 1
Command History
Usage Examples
(config-demand 1)#ip ospf 1 dead-interval 25000



Syntax Description
Default Values
Command History
Usage Examples
The following example specifies that no authentication will be used on the demand interface:
(config-demand 1)#ip ospf 1 authentication null



Syntax Description
Default Values
point-to-point.
Command History
Functional Notes
Usage Examples
(config-demand 1)#ip ospf 1 network broadcast


Use the ip policy route-map command to associate a route map with a network interface source. Use the
Syntax Description
<name> Specifies the route map to associate with this interface.
Default Values
By default, policy-based routing is disabled for all interfaces.
Command History
Usage Examples
The following example associates the route map named MyMap with demand interface 1:
(config-demand 1)#ip policy route-map MyMap

ip proxy-arp
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
The following example enables proxy ARP on the virtual demand interface:
(config-demand 1)#ip proxy-arp



Syntax Description
Default Values
Command History
Functional Notes
Use the ip rip receive version to specify a RIP version that overrides the version (in the Router RIP)
configuration.
Usage Examples
The following example configures the virtual demand interface to accept only RIP version 2 packets:
(config-demand 1)#ip rip receive version 2

ip rip send version


Syntax Description
Default Values
Command History
Functional Notes
Use the ip rip send version to specify a RIP version that overrides the version (in the Router RIP)
configuration.
Usage Examples
The following example configures the virtual demand interface to transmit only RIP version 2 packets:
(config-demand 1)#ip rip send version 2


disable this mode.
Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
(config-demand 1)#ip rip summary-address 10.10.123.0 255.255.255.0

ip route-cache
Syntax Description
No subcommands.
Default Values
cache is enabled for all virtual demand interfaces.
Command History
Functional Notes
Fast-cache switching allows an IP interface to provide optimum performance when processing IP traffic.
Usage Examples
The following example enables fast-cache switching on the virtual demand interface:
(config-demand 1)#ip route-cache

configuration.
Syntax Description
Default Values
Command History
Functional Notes
taken from the specified interface. For example, specifying ip unnumbered eth 0/1 while in the Demand
Interface Configuration mode configures the demand interface to use the IP address assigned to the
Ethernet interface for all IP processing. In addition, AOS uses the specified interface information when
sending route updates over the unnumbered interface. Static routes may either use the interface name
(ppp 1) or the far-end address (if it will be discovered).
Usage Examples
The following example configures the demand interface (labeled demand 1) to use the IP address
assigned to the Ethernet interface (eth 0/1):
(config-demand 1)#ip unnumbered eth 0/1

ip urlfilter <name>
Syntax Description
Default Values
Command History
interfaces.
Functional Notes
Usage Examples
The following example performs URL filtering on all traffic entering through the demand interface (labeled
demand 1) and matches the URL filter named MyFilter:
(config-demand 1)#ip urlfilter MyFilter in

keepalive <value>
Use the keepalive command to enable the transmission of keepalive packets on the interface and specify
the time interval in seconds between transmitted packets. Use the no form of this command to return to the
default setting.
Syntax Description
<value> Defines the time interval (in seconds) between transmitted keepalive
packets. Range is 0 to 32767 seconds.
Default Values
By default, the time interval between transmitted keepalive packets is 10 seconds.
Command History
Functional Notes
If three keepalive packets are sent to an interface with no response, the interface is considered down. To
detect interface failures quickly, specify a smaller keepalive time.
Usage Examples
The following example specifies a keepalive time of 5 seconds on the virtual demand interface:
(config-demand 1)#keepalive 5

lldp receive
this interface. Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example configures the demand interface to receive LLDP packets:
(config-demand 1)#lldp receive

lldp send
lldp send
Syntax Description
and-receive Configures this interface to both transmit and receive LLDP packets.
Default Values
By default, all interfaces are configured to transmit and receive LLDP packets of all types.
Command History
Functional Notes
Usage Examples
The following example configures the demand interface to transmit LLDP packets containing all enabled
information types:
(config-demand 1)#lldp send

The following example configures the demand interface to transmit and receive LLDP packets containing
all information types:
(config-demand 1)#lldp send-and-receive

match-interesting ip
Use the match-interesting ip command to allow an access control list (ACL) to specify which traffic
attempting to cross this interface will be considered interesting. Use the no form of this command to
restore the default value. Variations of this command include:
match-interesting ip list <name>

match-interesting ip list <name> in
match-interesting ip list <name> out
match-interesting ip reverse list <name>
match-interesting ip reverse list <name> in
match-interesting ip reverse list <name> out
Syntax Description
list <name> Specifies using an ACL with normal (source, destination) ACL matching
logic.
reverse list <name> Specifies using an ACL with reverse (destination, source) ACL matching
logic.
in Optional. Specifies that only incoming traffic is interesting.
out Optional. Specifies that only outgoing traffic is interesting.
Default Values
By default, no interesting traffic is defined.
Command History
products.
Usage Examples
The following example instructs demand interface 1 to use the access control list MyACL when checking
for interesting traffic:
(config-demand 1)#match-interesting ip list MyACL in

Syntax Description
Default Values
Command History
Usage Examples
The following example specifies 85 percent of the bandwidth on the demand interface 1 be available for
use in user-defined queues:
(config-demand 1)#max-reserved-bandwidth 85


command include:

Syntax Description
is 0 to 31.
Default Values
Command History
Functional Notes

command fails.
interface.
Usage Examples
follows:
(config-demand 1)#ospfv3 5 area 10 ipv6 instance 10


Syntax Description
Default Values
Command History
Usage Examples
(config-demand 1)#ospfv3 authentication null


the default value.
Syntax Description
reported.
65535.
Default Values
Command History
Functional Notes
Usage Examples
(config-demand 1)#ospfv3 5 cost 10


Syntax Description
reported.
Default Values
Command History
Functional Notes
Usage Examples
follows:
(config-demand 1)#ospfv3 5 dead-interval 100

ospfv3 encryption
include:
Syntax Description
256.
des uses DES.
(sha1) algorithms.

Default Values
Command History
Functional Notes
Usage Examples
(config-demand 1)#ospfv3 encryption ipsec spi 120 esp null md5


Syntax Description
reported.
Default Values
Command History
Functional Notes
Usage Examples
seconds:
(config-demand 1)#ospfv3 5 hello-interval 20



Syntax Description
reported.
point-to-point.
Default Values
Command History
Functional Notes
Usage Examples
(config-demand 1)#ospfv3 5 network point-to-point


Syntax Description
reported.
Default Values
Command History
Functional Notes
Usage Examples
(config-demand 1)#ospfv3 5 priority 6


Syntax Description
reported.
Default Values
Command History
Functional Notes
Usage Examples
(config-demand 1)#ospfv3 5 retransmit-interval 10


Syntax Description
reported.
Default Values
Command History
Functional Notes
Usage Examples
(config-demand 1)#ospfv3 5 shutdown


Syntax Description
reported.
Default Values
Command History
Functional Notes
Usage Examples
(config-demand 1)#ospfv3 5 transmit-delay 2

peer default ip address <ipv4 address>

Use the peer default ip address command to specify the default Internet Protocol version 4 (IPv4) address
of the remote end of this interface. Use the no form of this command to remove a configured default IPv4
address.
Syntax Description
<ipv4 address> Specifies the default IPv4 address for the remote end. IPv4 addresses
Default Values
By default, there is no assigned peer default IPv4 address.
Command History
Functional Notes
This command is useful if the peer does not send the IPv4 address option during Point-to-Point Protocol
(PPP) negotiations.
Usage Examples
The following example sets the default peer IPv4 address to 192.22.71.50:
(config-demand 1)#peer default ip address 192.22.71.50

ppp authentication
Use the ppp authentication command to specify the authentication protocol on the Point-to-Point
Protocol (PPP) virtual interface that the peer should use to authenticate itself. Use the no form of this
command to remove configured PPP authentication. Variations of this command include:

ppp authentication pap
Syntax Description
chap Configures Challenge-Handshake Authentication Protocol (CHAP)
authentication on the interface.
pap Configures Password Authentication Protocol (PAP) authentication on the
interface.
Default Values
By default, PPP endpoints have no authentication configured.
Command History
Technology Review
CHAP and PAP are two authentication methods that enjoy widespread support. Both methods are included
in AOS and are easily configured.
The authentication method set up on the local router can be different from that on the peer.
Also, just because one router requires authentication from its peer does not mean it also
has to authenticate itself to the peer.
Defining PAP
The PAP is used to verify that the PPP peer is a permitted device by checking a user name and password
configured on the peer. The user name and password are both sent unencrypted across the connecting
private circuit.
PAP requires a two-way message passing. First, the router that is required to be authenticated (for
example, the peer) sends an authentication request with its user name and password to the router
requiring authentication (for example, the local router). The local router then looks up the user name and
password in the user name database within the PPP interface and, if they match, sends an authentication
acknowledge back to the peer.

The PPP user name and password database is separate and distinct from the global user
name password database. For PAP and CHAP, use the database under the PPP interface
configuration.
Several example scenarios are given below for clarity.
Configuring PAP Example 1: Only the local router requires the peer to authenticate itself.
On the local router (host name Local):
Local(config-demand 1)#ppp authentication pap

Local(config-demand 1)#username farend password same
On the peer (host name Peer):
Peer(config-demand 1)#ppp pap sent-username farend password same
The first line of the configuration sets the authentication mode as PAP. This means the peer is required to
authenticate itself to the local router via PAP. The second line is the user name and password expected to
be sent from the peer. On the peer, the ppp pap sent-username command is used to specify the
appropriate matching user name and password.
Configuring PAP Example 2: Both routers require the peer to authenticate itself.
Local(config-demand 1)#ppp authentication pap

Local(config-demand 1)#username farend password far
Local(config-demand 1)#ppp pap sent-username nearend password near
Peer(config-demand 1)#ppp authentication pap

Peer(config-demand 1)#username nearend password near
Peer(config-demand 1)#ppp pap sent-username farend password far
Now both routers send the authentication request, verify that the user name and password sent match
what is expected in the database, and send an authentication acknowledge.
Defining CHAP
The CHAP is a three-way authentication protocol composed of a challenge response and success or
failure. The message digest 5 (MD5) protocol is used to protect user names and passwords in the
response.

First, the local router (requiring its peer to be authenticated) sends a challenge containing only its own
unencrypted user name to the peer. The peer then looks up the user name in the user name database
within the PPP interface and, if found, takes the corresponding password and its own host name and
sends a response back to the local router. This data is encrypted. The local router verifies that the user
name and password are in its own user name database within the PPP interface and, if so, sends a
success back to the peer.
The PPP user name and password database is separate and distinct from the global user
name password database. For PAP and CHAP, use the database under the PPP interface
configuration.
Several example scenarios are given below for clarity.
Configuring CHAP Example 1: Only the local router requires the peer to authenticate itself.
Local(config-demand 1)#ppp authentication chap

Local(config-demand 1)#username Peer password same
Peer(config-demand 1)#ppp chap password same
The first line of this configuration sets the authentication mode to CHAP. This means the peer is required to
authenticate itself to the local router via CHAP. The second line is the user name and password expected
to be sent from the peer. The peer uses its hostname and ppp chap password commands to send the
proper authentication information.
Both ends must have identical passwords.
Configuring CHAP Example 2: Using the ppp chap hostname command as an alternate solution.

Local(config-demand 1)#username farend password same
Peer(config-demand 1)#ppp chap hostname farend

Peer(config-demand 1)#ppp chap password same

Notice the local router is expecting user name farend even though the peer router's host name is Peer.
Therefore, the peer router can use the ppp chap hostname command to send the correct name in the
challenge.
Configuring CHAP Example 3: Both routers require each other to authenticate themselves using
the same shared password.

Local(config-demand 1)#username Peer password same
Peer(config-demand 1)#ppp authentication chap

Peer(config-demand 1)#username Local password same
This is basically identical to Example 1 except that both routers will now challenge each other and
respond.
Configuring CHAP Example 4: Both routers require each other to authenticate themselves using
two separate shared passwords.

Local(config-demand 1)#username Peer password far
Local(config-demand 1)#ppp chap password near

Peer(config-demand 1)#username Local password near
Peer(config-demand 1)#ppp chap password far

This is basically identical to Example 3, except that there are two separate shared passwords.
Notice this example has both ends using different sets of passwords.
Configuring CHAP Example 5: Using the ppp chap hostname command as an alternate solution.

Local(config-demand 1)#username farend password far
Local(config-demand 1)#ppp chap hostname nearend
Local(config-demand 1)#ppp chap password near

Peer(config-demand 1)#username nearend password near
Peer(config-demand 1)#ppp chap hostname farend
Peer(config-demand 1)#ppp chap password far
Notice the local router is expecting user name farend even though the peer router's host name is Peer.
Therefore, the peer router can use the ppp chap hostname command to send the correct name on the
challenge.
Notice this example has both ends using different sets of passwords.

ppp bcp tagged-frame

Use the ppp bcp tagged-frame command to allow negotiation of IEEE 802.1Q-tagged packets over
Bridging Control Protocol (BCP). Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example configures the interface to negotiate tagged frames over bcp:
(config-demand 1)#ppp bcp tagged-frame

ppp chap hostname <name>

Use the ppp chap hostname command to configure an alternate host name for Challenge-Handshake
Authentication Protocol (CHAP) Point-to-Point Protocol (PPP) authentication. Use the no form of this
command to remove a configured host name. For more information on Password Authentication Protocol
(PAP) and CHAP functionality, refer to the Technology Review section for the command ppp
authentication on page 2694.
Syntax Description
<name> Specifies a host name using an alphanumeric string up to 80 characters in
length.
Default Values
By default, there are no configured PPP CHAP host names.
Command History
Usage Examples
The following example specifies a PPP CHAP host name of my_host:
(config-demand 1)#ppp chap hostname my_host

ppp chap password <password>

Use the ppp chap password command to configure an alternate password when the peer requires
Challenge-Handshake Authentication Protocol (CHAP) Point-to-Point Protocol (PPP) authentication. Use
the no form of this command to remove a configured password. For more information on Password
Authentication Protocol (PAP) and CHAP functionality, refer to the Technology Review section for the
command ppp authentication on page 2694.
Syntax Description
<password> Specifies a password using an alphanumeric string up to 80 characters in
length.
Default Values
By default, there is no defined PPP CHAP password.
Command History
Usage Examples
The following example specifies a PPP CHAP password of my_password:
(config-demand 1)#ppp chap password my_password

ppp multilink
Use the ppp multilink command to enable Multilink Point-to-Point Protocol (MLPPP) operation on an
existing Point-to-Point Protocol (PPP) interface. Use the no form of this command to disable this feature.
ppp multilink
ppp multilink fragmentation
ppp multilink interleave
ppp multilink maximum <number>
Syntax Description
fragmentation Enables multilink fragmentation operation.
interleave Enables multilink interleave operation.
maximum <number> Specifies the maximum number of links allowed in a PPP multilink bundle.
Default Values
By default, MLPPP is disabled.
Command History
Release 7.2 Fragmentation and interleave operation were added.
Functional Notes
When enabled, this interface is capable of the following:
• Combining multiple physical links into one logical link.

• Receiving upper layer protocol data units (PDUs), fragmenting and transmitting over the physical links.
• Receiving fragments over the physical links and reassembling them into PDUs.
The fragmentation and interleave options can be used to enhance the multilink operation. Fragmentation is
used to reduce serialization delays of large packets. The fragmentation process evenly divides the data
among all links in the bundle with a minimum packet size of 96 bytes. The interleave operation is used with
streaming protocols to reduce delay by giving priority to packets identified as being high priority. Delivery in
order is guaranteed with multilink fragmentation, but is not guaranteed with multilink interleave operation.
The multilink bundle will remain active with a minimum of one physical link. Physical links may be
dynamically added or removed from the multilink bundle with minor interruption to traffic flow.

Usage Examples
The following example enables MLPPP:
(config-demand 1)#ppp multilink

ppp mtu <size>

Use the ppp mtu command to configure the Point-to-Point Protocol (PPP) maximum transmission unit
Syntax Description
<size> Configures the window size for transmitted packets. The valid range is 64 to
2100 bytes.
Default Values
By default, the PPP MTU on an interface is set to 1500 bytes.
Command History
Usage Examples
The following example specifies a PPP MTU of 1200 on the virtual demand interface:
(config-demand 1)#ppp mtu 1200

ppp pap sent-username <username> password <password>

Use the ppp pap sent-username password command to configure a user name and password when the
peer requires Password Authentication Protocol (PAP) Point-to-Point Protocol (PPP) authentication. Use
the no form of this command to remove a configured password. For more information on PAP and
Challenge-Handshake Authentication Protocol (CHAP) functionality, refer to the Technology Review
section for the command ppp authentication on page 2694.
Syntax Description
<username> Specifies a user name by alphanumeric string up to 80 characters in length
(the user name is case sensitive).
<password> Specifies a password by alphanumeric string up to 80 characters in length
(the password is case sensitive).
Default Values
By default, there is no defined ppp pap sent-username and password.
Command History
Usage Examples
The following example specifies a PPP PAP sent-user name of local and a password of my_password:
(config-demand 1)#ppp pap sent-username local password my_password

qos-policy
Syntax Description
Default Values
Command History
Usage Examples
The following example applies the QoS map VOICEMAP to the demand 1 interface:
(config-demand 1)#qos-policy out VOICEMAP

resource pool <name>

Use the resource pool command to associate a resource pool with the demand interface. No more than one
resource pool may be associated with an interface. Refer to resource pool-member <name> on page 2086
for more information. Use the no form of this command to restore the default value.
Syntax Description
<name> Specifies the resource pool that this interface will use to originate/answer
demand connections.
Default Values
By default, no resource pool is associated with this interface.
Command History
Usage Examples
The following example associates the resource pool named Pool1 with demand interface 1:
(config-demand 1)#resource pool Pool1

Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables RTP quality monitoring on the virtual demand interface:
(config-demand 1)#rtp quality-monitoring


Syntax Description
No subcommands.
Default Values
Command History
interface.
interface.
Release 17.2 Command was expanded to the cellular interface.
Functional Notes
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on the virtual demand interface:
(config-demand 1)#no snmp trap link-status


Use the username password command to configure the user name and password of the peer to use for
demand authentication. Use the no form of this command to remove a configured user name and password.
Syntax Description
<username> Specifies a user name by alphanumerical string up to 30 characters in
<password> Specifies a password by alphanumerical string up to 30 characters in length
(the password is case sensitive).
Default Values
By default, there is no established user name and password.
Command History
Functional Notes
Password Authentication Protocol (PAP) uses this entry to check received information from the peer.
Challenge-Handshake Authentication Protocol (CHAP) uses this entry to check the received peer host
name and a common password.
Usage Examples
The following example creates a user name of ADTRAN with password ADTRAN for the demand link
labeled 5:
(config-demand 5)#username ADTRAN password ADTRAN


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example assigns the virtual demand interface to the VRF instance named RED:
(config-demand 1)#vrf forwarding RED

Frame Relay Interface Command Set Command Reference Guide
FRAME RELAY INTERFACE COMMAND SET
To create a virtual Frame Relay interface and activate the Frame Relay Interface Configuration mode,
enter the interface frame-relay command at the Global Configuration mode prompt. For example:
>enable
#configure terminal
(config-fr 1)#
By default, Frame Relay interfaces are created as point-to-point links. This default setting cannot be
altered. The following command creates the exact same interface as that mentioned above:
>enable
#configure terminal
(config)#interface frame-relay 1 point-to-point
(config-fr 1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93

encapsulation frame-relay ietf on page 2714
frame-relay commands begin on page 2716

Command Reference Guide Frame Relay Interface Command Set
bandwidth <value>
Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example sets bandwidth of the Frame Relay interface to 10 Mbps:
(config-fr 1)#bandwidth 10000

encapsulation frame-relay ietf

Use the encapsulation frame-relay ietf command to configure the encapsulation on a virtual Frame Relay
interface as IETF (RFC 1490). Currently, this is the only encapsulation setting. Settings for this option
must match the far-end router’s settings in order for the Frame Relay interface to become active.
Syntax Description
No subcommands.
Default Values
By default, all Frame Relay interfaces use IETF encapsulation.
Command History
Usage Examples
The following example configures the endpoint for IETF encapsulation:
(config-fr 1)#encapsulation frame-relay ietf

fair-queue
fair-queue
fair-queue <value>
Syntax Description
<value> Optional. Specifies the maximum number of packets that can be present in
each conversation subqueue. Packets received for a conversation after this
limit is reached are discarded. Range is 16 to 512 packets.
Default Values
By default, fair-queue is enabled with a threshold of 64 packets.
Command History
Usage Examples
(config-fr 1)#fair-queue 100

frame-relay intf-type
Use the frame-relay intf-type command to define the Frame Relay signaling role needed for the endpoint.
frame-relay intf-type dce

frame-relay intf-type dte
frame-relay intf-type nni
Syntax Description
dce Specifies data communication equipment (DCE) or network-signaling role.
Use this interface type when you need the unit to emulate the frame switch.
dte Specifies data terminal equipment (DTE) or user-signaling role. Use this
interface type when connecting to a Frame Relay switch (or piece of
equipment emulating a frame switch).
nni Configures the interface to support both network and user signaling (DTE or
DCE) when necessary.
Default Values
By default, frame-relay intf-type is set to dte.
Command History
Usage Examples
The following example configures the Frame Relay endpoint for DCE signaling:
(config-fr 1)#frame-relay intf-type dce

frame-relay lmi-n391dte <value>

Use the frame-relay lmi-n391dte command to set the N391 full status polling counter for the data
terminal equipment (DTE) endpoint. Typical applications should leave the default value for this timer. Use
Syntax Description
<value> Sets the poll counter value. Valid range is 1 to 255.
Default Values
By default, the polling counter for the DTE endpoint is set to six polls.
Command History
Functional Notes
The N391 counter determines how many link integrity polls occur in between full status polls. The number
of link integrity polls between full status polls is n - 1, where n represents the full status poll. n can be set to
any number between 1 and 255, but the default is used for most applications.
Usage Examples
The following example sets the N391 counter for three polls:
(config-fr 1)#frame-relay lmi-n391dte 3

frame-relay lmi-n392dce <value>

Use the frame-relay lmi-n392dce command to set the N392 error threshold for the data communication
equipment (DCE) endpoint. Typical applications should leave the default value for this setting. Use the no
Syntax Description
<value> Sets the error threshold value. Valid range is 1 to 10 errors.
Default Values
By default, the error threshold for the DCE endpoint is set to three errors.
Command History
Functional Notes
If the error threshold is met, the signaling state status is changed to down, indicating a service-affecting
condition. This condition is cleared once N393 consecutive error-free events are received. N392 defines
the number of errors required in a given event window, while N393 defines the number of polling events in
each window.
For example:
If N392 = 3 and N393 = 4, then if three errors occur within any four events, the interface is determined
inactive.
Usage Examples
The following example sets the N392 threshold for 5 seconds:
(config-fr 1)#frame-relay lmi-n392dce 5


Use the frame-relay lmi-n392dte command to set the N392 error threshold for the data terminal
equipment (DTE) endpoint. Typical applications should leave the default value for this setting. Use the no
Syntax Description
<value> Sets the error threshold value. Valid range is 1 to 10 errors.
Default Values
By default, the error threshold for the DTE endpoint is set to three errors.
Command History
Functional Notes
If the error threshold is met, the signaling state status is changed to down, indicating a service-affecting
condition. This condition is cleared once N393 consecutive error-free events are received. N392 defines
the number of errors required in a given event window, while N393 defines the number of polling events in
each window.
For example:
If N392 = 3 and N393 = 4, then if three errors occur within any four events, the interface is determined
inactive.
Usage Examples
The following example sets the N392 threshold for five errors:

frame-relay lmi-n393dce <value>

Use the frame-relay lmi-n393dce command to set the N393 local management interface (LMI) monitored
event counter for the data communication equipment (DCE) endpoint. Typical applications should leave
the default value for this counter. Use the no form of this command to return to the default value.
Syntax Description
<value> Sets the event counter value. Valid range is 1 to 10 events.
Default Values
By default, the LMI monitored event counter for the DCE endpoint is set to four events.
Command History
Usage Examples
The following example sets the N393 threshold for five events:
(config-fr 1)#frame-relay lmi-n393dce 5


Use the frame-relay lmi-n393dte command to set the N393 local management interface (LMI) monitored
event counter for the data terminal equipment (DTE) endpoint. Typical applications should leave the
default value for this counter. Use the no form of this command to return to the default value.
Syntax Description
<value> Sets the event counter value. Valid range is 1 to 10 events.
Default Values
By default, the LMI monitored event counter for the DTE endpoint is set to four events.
Command History
Usage Examples
The following example sets the N393 threshold for five events:

frame-relay lmi-t391dte <value>

Use the frame-relay lmi-t391dte command to set the T391 signal polling timer for the data terminal
equipment (DTE) endpoint. Typical applications should leave the default value for this timer. Use the no
Syntax Description
<value> Sets the signal polling timer value in seconds. Valid range is 5 to
30 seconds.
Default Values
By default, the signal polling timer for the DTE endpoint is set to 10 seconds.
Command History
Functional Notes
The T391 timer sets the time (in seconds) between polls to the Frame Relay network.
Usage Examples
The following example sets the T391 timer for 15 seconds:
(config-fr 1)#frame-relay lmi-t391dte 15

frame-relay lmi-t392dce <value>

Use the frame-relay lmi-t392dce command to set the T392 polling verification timer for the data
communication equipment (DCE) endpoint. Typical applications should leave the default value for this
timer. Use the no form of this command to return to the default value.
Syntax Description
<value> Sets the polling verification timer value in seconds. Valid range is 5 to
30 seconds.
Default Values
By default, the polling verification timer for the DCE endpoint is set to 10 seconds.
Command History
Functional Notes
The T392 sets the timeout (in seconds) between polling intervals. This parameter needs to be a few
seconds longer than the T391 setting of the attached Frame Relay device.
Usage Examples
The following example sets the T392 timer for 15 seconds:
(config-fr 1)#frame-relay lmi-t392dce 15

frame-relay lmi-type
Use the frame-relay lmi-type command to define the Frame Relay signaling (local management interface
(LMI)) type. Use the no form of this command to return to the default value. Variations of this command
include:

frame-relay lmi-type auto
frame-relay lmi-type cisco
frame-relay lmi-type none
frame-relay lmi-type q933a
Syntax Description
ansi Specifies Annex D signaling method.
auto Automatically determines signaling type by messages received on the
frame circuit.
cisco Specifies Group of 4 signaling method.
none Turns off signaling on the endpoint. This is used for dial-backup connections
to ADTRAN IQ and Express Series products.
q933a Specifies Annex A signaling method.
Default Values
By default, the Frame Relay signaling type is set to ansi.
Command History
Release 2.1 Added signaling type none to provide support for dial-backup to ADTRAN
IQ and Express Series products.
Usage Examples
The following example sets the signaling method for the endpoint to cisco:
(config-fr 1)#frame-relay lmi-type cisco

frame-relay multilink
Use the frame-relay multilink command to enable the Frame Relay multilink interface. When the no
form of this command is issued, all configuration options associated with this command and cross connects
made to this interface are removed. Variations of this command include:
frame-relay multilink
frame-relay multilink ack <value>
frame-relay multilink bandwidth-class [A | B]
frame-relay multilink bandwidth-class C <threshold>
frame-relay multilink bid <string>
frame-relay multilink hello <value>
frame-relay multilink retry <number>
Syntax Description
ack <value> Optional. Specifies a wait for acknowledgement time (in seconds) for every
bundle link in the bundle. Range is 1 to 180 seconds.
bandwidth-class Optional. Specifies the class of operation, placing a minimum limit on the
acceptable amount of bandwidth required for a bundle to be up.
[A | B] Optional. Specifies the class of operation.
Class A A single active link is sufficient for the bundle to be up.
Class B All defined bundle links must be active for the bundle to be up.
C <threshold> Optional. Specifies the minimum number of active bundle links required for
a Class C bundle to be in the up state. This option will not be available
unless Class C is specified. Range is 1 to 65535 links.
bid <string> Optional. Specifies a bundle ID (up to 48 characters) for the multilink
bundle. All hello messages sent on links belonging to the multilink bundle
contain the bundle ID. By default, AOS creates a generic bundle ID for each
configured multilink bundle using the following: MFR <interface number>
where the interface number corresponds to the interface number of the
Frame Relay interface. For example, if multilink is enabled on Frame Relay
interface 1, by default the bundle ID is MFR1. Changing the bundle ID
causes the multilink connection to go down for renegotiation.
hello <value> Optional. Specifies the time (in seconds) between hello messages for every
bundle link in the bundle. Range is 1 to 180 seconds.
retry <number> Optional. Specifies the number of times a bundle link will retransmit a
message while waiting for acknowledgement. Range is 1 to 5 times.
Default Values
The default ack value is 4 seconds. The default hello value is 10 seconds. The default <class> value is A.
The default retry value is 2.
Command History

Functional Notes
This command is different from ppp multilink. In ppp multilink, if multiple cross connects are configured
for the Point-to-Point Protocol (PPP) interface without multilink PPP being enabled, the first link to bring up
Link Control Protocol (LCP) will be the only link actually cross connected. In Frame Relay multilink, since
there is no protocol corresponding to LCP, all cross connects will be removed and the user will be free to
re-issue any cross connect.
Usage Examples
The following example enables the Frame Relay multilink interface and sets the time between hello
messages to 45 seconds:
(config-fr 1)#frame-relay multilink hello 45
The following example specifies Class B operation:
(config-fr 1)#frame-relay multilink bandwidth-class B
The following example specifies Class C operation with a threshold of 5:
(config-fr 1)#frame-relay multilink bandwidth-class C 5


Syntax Description
<value> Specifies the total number of packets the output queue can contain before
packets are dropped. Range is 16 to 1000 packets.
Default Values
Protocol (PPP) first in, first out (FIFO) and Frame Relay round robin is 200.
Command History
Usage Examples
(config-fr 1)#hold-queue 700 out

Syntax Description
Default Values
Command History
Usage Examples
The following example specifies 85 percent of the bandwidth on the Frame Relay 1 interface to be
available for use in user-defined queues:
(config-fr 1)#max-reserved-bandwidth 85

qos-policy
Syntax Description
Default Values
Command History
Functional Notes

Usage Examples
The following example applies the QoS map VOICEMAP to the Frame Relay interface:
(config-fr 1)#qos-policy out VOICEMAP

snmp trap
Syntax Description
No subcommands.
Default Values
enabled.
Command History
interface.
Usage Examples
The following example enables SNMP on the virtual Frame Relay interface:
(config-fr 1)#snmp trap


Syntax Description
No subcommands.
Default Values
Command History
interface.
interface.
Functional Notes
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on the Frame Relay interface:
(config-fr 1)#no snmp trap link-status

Command Reference Guide Frame Relay Subinterface Command Set
FRAME RELAY SUBINTERFACE COMMAND SET
To create a virtual Frame Relay subinterface and activate the Frame Relay Subinterface Configuration
mode, enter the interface frame-relay command (and specify a subinterface) at the Global Configuration
mode prompt. For example:
>enable
#configure terminalF
(config-fr 1.16)#
By default, Frame Relay subinterfaces are created as point-to-point links. This default setting cannot be
altered. The following command creates the exact same interface as that mentioned above:
>enable
#configure terminal
(config)#interface frame-relay 1.16 point-to-point
(config-fr 1.16)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93

bridge-group <number> on page 2736
frame-relay commands begin on page 2757

Frame Relay Subinterface Command Set Command Reference Guide
media-gateway ipv6 on page 2848


bandwidth <value>
Syntax Description
Default Values
Command History
Functional Notes
QoS. Using the bandwidth command can severely disrupt the configuration of QoS on the interface.
Usage Examples
The following example sets bandwidth of the Frame Relay interface to 10 Mbps:

(config-fr 1.16)#bandwidth 10000

bridge-group <number>
Use the bridge-group command to assign an interface to the specified bridge group. This command is
supported on all Ethernet interfaces, Point-to-Point Protocol (PPP) virtual interfaces, and Frame Relay
virtual subinterfaces. Use the no form of this command to remove the interface from the bridge group.
Syntax Description
<number> Specifies the bridge group number. Range is 1 to 255.
Default Values
Command History
Functional Notes
be bridged (Ethernet to T1 bridge, Ethernet to Frame Relay subinterface).
Usage Examples
The following example assigns the Frame Relay subinterface labeled 1.16 to bridge group 1:

(config-fr 1.16)#bridge-group 1



Syntax Description
Default Values
Command History
Usage Examples
The following example removes the VLAN tags from the packets on the Frame Relay subinterface labeled
1.16:

(config-fr 1.16)#bridge-group 1 vlan-transparent

Use the dial-backup auto-backup command to configure the interface to automatically attempt a dial
dial-backup call-mode on page 2741.
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples

(config-fr 1.16)#dial-backup auto-backup

Use the dial-backup auto-restore command to configure the interface to automatically discontinue
dial-backup when all network conditions are operational. Use the no form of this command to disable the
Notes and Technology Review sections of dial-backup call-mode on page 2741.
Syntax Description
No subcommands.
Default Values
condition clears.
Command History
Usage Examples
condition clears:

(config-fr 1.16)#dial-backup auto-restore


Functional Notes and Technology Review sections of dial-backup call-mode on page 2741.
Syntax Description
will enter backup operation on the interface. Range is 10 to 86400 seconds.
Default Values
Command History
Usage Examples

(config-fr 1.16)#dial-backup backup-delay 60


Syntax Description
Default Values
Command History
Functional Notes
Point-to-Point Protocol (PPP) interface configuration commands. However, the numbers dialed are
configured in the primary interface. Full sample configurations follow:
!
interface eth 0/1
ip address 192.168.1.254 255.255.255.0
no shutdown
!
interface modem 1/3
no shutdown
!
interface t1 1/1
coding b8zs
framing esf

clock source line

no shutdown
!
no shutdown
!
ip address 10.1.1.2 255.255.255.252
no shutdown
!
interface ppp 1
ip address 172.22.56.1 255.255.255.252
username remoterouter password remotepass
ppp chap hostname localrouter
no shutdown
!
ip route 192.168.2.0 255.255.255.0 172.22.56.2 255.255.255.252
!
line telnet 0 4
password password
!
interface eth 0/1
ip address 192.168.100.254 255.255.255.0
no shutdown
!
interface modem 1/3
no shutdown
!
interface t1 1/1
coding b8zs
framing esf
clock source line
no shutdown

!
no shutdown
!
ip address 10.1.1.1 255.255.255.252
!
interface ppp 1
ip address 172.22.56.2 255.255.255.252
username localrouter password adtran
ppp chap hostname remoterouter
ppp chap password remotepass
no shutdown
!
ip route 192.168.1.0 255.255.255.0 172.22.56.1 255.255.255.252
line telnet 0 4
password password
Usage Examples

(config-fr 1.16)#dial-backup call-mode originate
(config-fr 1.16)#dial-backup number 555 1111 analog ppp 1

Technology Review
Dialing Out
with an addition to the dial-backup number command (refer to dial-backup number <number> on page
2748).
negotiation.
Dialing In
down state.


sections of dial-backup call-mode on page 2741.
Syntax Description
<value> Selects the amount of time (in seconds) that the router will wait for a
Default Values
Command History
Usage Examples

(config-fr 1.16)#dial-backup connect-timeout 120

dial-backup force
Review sections of dial-backup call-mode on page 2741. Variations of this command include:

Syntax Description
backup Force backup regardless of primary link state.
primary Force primary link regardless of its state.
Default Values
Command History
Usage Examples
The following example configures AOS to force this interface into dial backup:

(config-fr 1.16)#dial-backup force backup


Syntax Description
<value> Selects the number of call retries that will be made after a link failure. Valid
range is 0 to 15 attempts.
is failed.
Default Values
By default, dial-backup maximum-retry is set to 0 attempts.
Command History
Usage Examples
The following example configures AOS to retry a dial-backup call four times before considering backup

(config-fr 1.16)#dial-backup maximum-retry 4

dial-backup number <number>

Use the no form of this command to disable this feature. For more detailed information on dial-backup

Syntax Description
ppp <interface> Specifies the Point-to-Point Protocol (PPP) interface to use as the backup for
this interface (for example, ppp 1).
Default Values
Command History
Usage Examples

(config-fr 1.16)#dial-backup number 7045551212 digital-64k 1 1 ppp 1


Use the dial-backup priority command to select the backup priority for this interface. This command
allows the user to establish the highest priority backup link and ensure that link will override backups
attempted by lower priority links. Use the no form of this command to return to the default value. For more
Syntax Description
<value> Sets the relative priority of this link. Valid range is 0 to 100. A value of 100
Default Values
By default, dial-backup priority is set to 50.
Command History
Usage Examples

(config-fr 1.16)#dial-backup priority 100

Syntax Description
No subcommands.
Default Values
Command History
Usage Examples

(config-fr 1.16)#dial-backup randomize-timers


Syntax Description
<value> Specifies the delay in seconds between attempting to redial a failed backup
attempt. Range is 10 to 3600 seconds.
Default Values
By default, dial-backup redial-delay is set to 10 seconds.
Command History
Usage Examples

(config-fr 1.16)#dial-backup redial-delay 25


functionality, refer to the Functional Notes and Technology Review sections of dial-backup call-mode on
page 2741.
Syntax Description
86400 seconds.
Default Values
By default, dial-backup restore-delay is set to 10 seconds.
Command History
Usage Examples

(config-fr 1.16)#dial-backup restore-delay 30

dial-backup functionality, refer to the Functional Notes and Technology Review sections of dial-backup

Syntax Description
(00:00).
(00:00).
Default Values
Command History
Usage Examples

(config-fr 1.16)#dial-backup schedule enable-time 08:00
(config-fr 1.16)#dial-backup schedule disable-time 19:00
(config-fr 1.16)#no dial-backup schedule day Saturday
(config-fr 1.16)#no dial-backup schedule day Sunday

Syntax Description
No subcommands.
Default Values
Command History
Usage Examples

(config-fr 1.16)#dial-backup shutdown

dynamic-dns

Syntax Description
Default Values
Command History
Functional Notes

Usage Examples
and password pass:

(config-fr 1.16)#dynamic-dns dyndns-custom host user pass

frame-relay bc <value>
Use the frame-relay bc command to set the bc (committed burst) value for a Frame Relay sublink. The
value is in bits. Use the no form of this command to return to the default value.
Syntax Description
<value> Specifies the committed burst value (in bits) for the sublink.
Default Values
By default, the committed burst value is set to 0 (no limit).
Command History
Functional Notes
The time interval is always one second, so this can also be considered bits per second. Shaping is
performed on a sliding one-second window to make maximum use of configured bandwidth. Note that
when both bc and be are nonzero, shaping is performed on the virtual circuit. The circuit is limited to the
sum of bc and be , and it is recommended that the sum always be greater than 8000.
Usage Examples
The following example configures the Frame Relay sublink with a committed burst value of 128,000 bits:

(config-fr 1.16)#frame-relay bc 128000

frame-relay be <value>
Use the frame-relay be command to set the be (excessive burst) value for a Frame Relay sublink. The
value is in bits. Use the no form of this command to return to the default value.
Syntax Description
<value> Specifies the excessive burst value (in bits) for the sublink.
Default Values
By default, the excessive burst value is set to 0 (no limit).
Command History
Functional Notes
The time interval is always one second, so this can also be considered bits per second. Shaping is
performed on a sliding one-second window to make maximum use of configured bandwidth. Note that
when both bc and be are nonzero, shaping is performed on the virtual circuit. The circuit is limited to the
sum of bc and be, and it is recommended that the sum always be greater than 8000.
Usage Examples
The following example configures the Frame Relay sublink with an excessive burst value of 64,000 bits:

(config-fr 1.16)#frame-relay be 64000

frame-relay fragment <value>

Use the frame-relay fragment command to set the FRF.12 fragmentation threshold. Use the no form of
this command to erase the configured threshold.
Syntax Description
<value> Specifies the fragmentation threshold. Valid fragmentation thresholds are
greater than or equal to 64 and less than or equal to 1600.
Default Values
Command History
Functional Notes
For Frame Relay fragmentation to take effect, rate-limiting must be enabled by setting the committed burst
rate and excessive burst rate. Refer to frame-relay bc <value> on page 2757 and frame-relay be <value>
Usage Examples
The following example enables FRF.12 fragmentation on a sublink:

(config-fr 1.16)#frame-relay bc 64000
(config-fr 1.16)#frame-relay be 16
(config-fr 1.16)#frame-relay fragment 100
The following example disables FRF.12 fragmentation on a sublink:

(config-fr 1.16)#no frame-relay fragment

frame-relay interface-dlci <value>

Use the frame-relay interface-dlci command to configure the data link connection identifier (DLCI) for
the Frame Relay subinterface. This setting should match the DLCI supplied by your Frame Relay service
provider. Use the no form of this command to remove the configured DLCI.
Syntax Description
<value> Specifies numeric value of the DLCI supplied by your provider.
Default Values
By default, the DLCI is populated with the subinterface identifier. For example, if configuring the virtual
Frame Relay subinterface labeled fr 1.20, the default DLCI is 20.
Command History
Usage Examples
The following example configures a DLCI of 72 for this Frame Relay endpoint:




Syntax Description
<ipv4 acl name> Specifies the IPv4 ACL name.
Default Values
Command History
Functional Notes
Usage Examples
The following example sets up the router to only allow Telnet traffic into the Frame Relay subinterface:

(config-ext-nacl)#int frame-relay 1.16
(config-fr 1.16)#ip access-group TelnetOnly in


Syntax Description
Default Values
Command History
interfaces.
products.
Functional Notes
Usage Examples



(config-fr 1.16)#ip access-policy PRIVATE

ip address dhcp
Syntax Description
from a DHCP server.
media type).
media types.
delimiters).


obtained via DHCP.
Default Values
formula:
8 7 6 5 4 3 2 1
address:

16 / 0x0401
50 / 0x0C21
60 / 0x0CC1
70 / 0x1061
80 / 0x1401
Command History
subinterface.
Ethernet Interface.
DHCP Option 60.
Functional Notes
Option 43.
Usage Examples

(config-fr 1.16)#ip address dhcp
5:

(config-fr 1.16)#ip address dhcp hostname “adtran” no-default-route no-domain-name
no-nameservers 5



Syntax Description
example, /24).
Default Values
Command History
Functional Notes
Usage Examples

(config-fr 1.16)#ip address 192.22.72.101 255.255.255.252 secondary


secondary
Syntax Description
example, 10.10.10.1).
example, /24).
Default Values
Command History
Functional Notes
Usage Examples
on subnet 255.255.255.252:

(config-fr 1.16)#ip address range 192.22.72.1 192.22.72.10 255.255.255.252 secondary


Syntax Description
Default Values
Command History
subinterface.
(HDLC) interface.
Ethernet Interface.
Functional Notes


(in) (out)
IPSec IPSec
NAT/ACP/
Firewall
Router
by the firewall.
Usage Examples

(config-fr 1.16)#ip crypto map MyMap

ip dhcp
ip dhcp release
ip dhcp renew
Syntax Description
Default Values
Command History
subinterface.
Ethernet interface.
Usage Examples
The following example releases the IPv4 DHCP address for the virtual interface:

(config-fr 1.16)#ip dhcp release


Syntax Description
Default Values
Command History
Usage Examples
192.33.4.251:

(config-fr 1.16)#ip dhcp relay destination 192.33.4.251

Syntax Description
Default Values
Command History
Functional Notes

Usage Examples
The following example enables forwarding of directed broadcasts on the interface frame-relay 1.16:

(config-fr 1.16)#ip directed-broadcast

ip ffe
Use the ip ffe command to enable the RapidRoute fast forwarding engine (FFE) on this Internet Protocol
ip ffe
interface.
Syntax Description
Default Values
By default, the RapidRoute Engine is enabled. The default number of max-entries is 4096.
Command History
Ethernet Interface.
Release R10.4.0 Maximum number of stored entries was expanded to 500000 and
RapidRoute is now enabled by default.
Functional Notes
Usage Examples

(config-fr 1.16)#no ip ffe

Technology Review
processing layers.

ip flow
ip flow egress
ip flow ingress
Syntax Description
filtering traffic.
Default Values
Command History
Usage Examples
The following example enables traffic monitoring on a Frame Relay interface to monitor incoming traffic

(config-fr 1.16)#ip flow ingress myacl


packets.

Syntax Description
10.10.10.1).
Default Values
Command History
Functional Notes

Usage Examples

(config-fr 1.16)#ip helper-address 192.33.5.99

ip igmp
command include:
Syntax Description
default setting.
default setting.

Syntax Description
Default Values
Command History
Usage Examples

(config-fr 1.16)#ip igmp last-member-query-interval 200

Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Refer to ip mcast-stub helper-address <ip address> on page 1410 for more information.
Usage Examples

(config-fr 1.16)#ip mcast-stub downstream

ip mcast-stub fixed
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
the ip igmp static-group <address> command (refer to ip igmp on page 2780) to receive multicast traffic
without host-initiated Internet Group Management Protocol (IGMP) activity on the selected interface.
Otherwise, all host-initiated IGMP transactions will enter multicast routes on the router’s interface involved
with IGMP activities.
Usage Examples

(config-fr 1.16)#ip mcast-stub fixed

feature.
Syntax Description
No subcommands.
Default Values
Command History
Release 10.1 Command was expanded to include the Frame Relay subinterfaces.
Functional Notes
Usage Examples

(config-fr 1.16)#ip mcast-stub helper-enable

Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples

(config-fr 1.16)#ip mcast-stub upstream

ip mtu <size>
Syntax Description
BVIs 64 to 2100
Default Values
BVIs 1500
FDL interfaces 256
PPP interfaces 1500
Command History
products.

Functional Notes
Usage Examples

(config-fr 1.16)#ip mtu 1200

ip ospf

Syntax Description
4294967295.
1 to 65535.
seconds.
0 to 255.


32767 seconds.
Default Values
Protocol (PPP)
priority <value> 1
Command History
Usage Examples

(config-fr 1.16)#ip ospf 1 dead-interval 25000



Syntax Description
Default Values
Command History
Usage Examples
The following example specifies that no authentication will be used on the Frame Relay interface:

(config-fr 1.16)#ip ospf 1 authentication null



Syntax Description
Default Values
point-to-point.
Command History
Functional Notes
Usage Examples

(config-fr 1.16)#ip ospf 1 network broadcast

ip pim sparse-mode
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples

(config-fr 1.16)#ip pim sparse-mode


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies a priority of 100 on the Frame Relay subinterface:

(config-fr 1.16)#ip pim-sparse dr-priority 100


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies hellos be sent on the Frame Relay subinterface every 3600 seconds:

(config-fr 1.16)#ip pim-sparse hello-timer 3600


Syntax Description
Default Values
Command History
Usage Examples

(config-fr 1.16)#ip pim-sparse nbr-timeout 300


default value.
Syntax Description
65535 milliseconds.
Default Values
Command History
Usage Examples

(config-fr 1.16)#ip pim-sparse override-interval 3000


Syntax Description
Default Values
Command History
Usage Examples
The following example sets the propagation delay to 300 milliseconds on the Frame Relay subinterface:

(config-fr 1.16)#ip pim-sparse propagation-delay 300


Syntax Description
Default Values
Command History
Usage Examples

(config-fr 1.16)#ip policy route-map policy1

ip proxy-arp
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
The following example enables proxy ARP on the Frame Relay subinterface:

(config-fr 1.16)#ip proxy-arp



Syntax Description
Default Values
Command History
Functional Notes
Use the ip rip receive version command to specify a RIP version that will override the version (in the
Router RIP) configuration.
Usage Examples
The following example configures a Frame Relay subinterface to accept only RIP version 2 packets:

(config-fr 1.16)#ip rip receive version 2

ip rip send version


Syntax Description
Default Values
Command History
Functional Notes
configuration.
Usage Examples
The following example configures a Frame Relay subinterface to transmit only RIP version 2 packets:

(config-fr 1.16)#ip rip send version 2


disable this mode.
Syntax Description
Default Values
Command History
Functional Notes
Usage Examples

(config-fr 1.16)#ip rip summary-address 10.10.123.0 255.255.255.0

ip route-cache
Use the ip route-cache command to enable Internet Protocol version 4 (IPv4) fast-cache switching on the
interface. Use the no form of this command to disable fast-cache switching and return to process switching
mode.
Syntax Description
No subcommands.
Default Values
Command History
Ethernet Interface.
Functional Notes
Usage Examples
The following example enables IPv4 fast switching on the Frame Relay subinterface:

(config-fr 1.16)#ip route-cache

configuration.
Syntax Description
Default Values
Command History
Ethernet interface.
Functional Notes
Usage Examples
The following example configures the Frame Relay interface (labeled frame-relay 1.16) to use the IP
address assigned to the Ethernet interface (eth 0/1):

(config-fr 1.16)#ip unnumbered eth 0/1

ip urlfilter <name>
Syntax Description
Default Values
Command History
interfaces.
Functional Notes
Usage Examples
The following example performs URL filtering on all traffic entering through a Frame Relay subinterface
and matches the URL filter named MyFilter:

(config-fr 1.16)#ip urlfilter MyFilter in

ipv6
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
interface.
Usage Examples

(config-fr 1.16)#ipv6

ipv6 access-group <ipv6 acl name>

Use the ipv6 access-group command to apply an Internet Protocol version 6 (IPv6) access control list
(ACL) to be used for IPv6 packets transmitted on or received from the specified interface. Use the no form
of this command to disable this type of control. Variations of this command include:
ipv6 access-group <ipv6 acl name> in

ipv6 access-group <ipv6 acl name> out
Syntax Description
interface.
Default Values
Command History
Functional Notes
Only one IPv6 ACL can be applied in each traffic direction.
Unlike in IPv4, IPv6 traffic filters include an implicit permit for neighbor solicitation and advertisement
packets in an ACL before the traditional implicit deny at the end of the ACL. This prevents blocking of
address resolution and unreachability detection, although this can be overridden by entering explicit deny
commands in the IPv6 ACL.
Usage Examples
The following example applies the IPv6 ACL Privatev6 to incoming IPv6 traffic on the interface:

(config-fr 1.16)#ipv6 access-group Private6 in

ipv6 access-policy <ipv6 acp>

Syntax Description
<ipv6 acp> Identifies the configured IPv6 ACP by alphanumeric descriptor (all ACP
Default Values
Command History
Usage Examples

Associate the ACP with the Frame Relay subinterface 1.16:

(config-fr 1.16)#ipv6 access-policy PRIVATEv6


Syntax Description
Default Values
interface.
Command History
Functional Notes
Usage Examples
interface:

(config-fr 1.16)#ipv6 address 2001:DB8::/32


from the interface.
Syntax Description
64 bits.
Default Values
interface.
Command History
Functional Notes
Usage Examples

(config-fr 1.16)#ipv6 address 2001:DB8:3F::/48 eui-64


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
processing:

(config-fr 1.16)#ipv6 address FE80::220:8FF:FE54:F9D8 link-local


Use the ipv6 address autoconfig command to enable Internet Protocol version 6 (IPv6) processing on the
interface, create a local-link IPv6 address for the interface, and allow the interface to automatically
configure itself based on advertisements from other routers on the link. Use the no form of this command
to remove all autoconfigured addresses, prefixes, and any resulting routes from the interface and also
causes the interface to cease processing received router advertisements (RAs).Variations of this command
include:

ipv6 address autoconfig default
ipv6 address autoconfig default metric <value>
Syntax Description
default Optional. Specifies that the interface maintain a list of advertising routers
that are willing to be IPv6 default routers.
metric <value> Optional. Specifies the administrative distance for a default router
maintained in the default router list. Range is 1 to 255. Routes with lower
administrative distance are favored.
Default Values
By default, no IPv6 addresses are configured for the interface and IPv6 processing is not enabled. When
an IPv6 address is configured automatically, the administrative distance for default routers is 2 by default.
Command History
Functional Notes
When autoconfiguration is enabled, the interface listens for RA messages that tell the interface how it
should be configured. The interface then creates addresses for advertised 64-bit prefixes with the A flag in
the IPv6 address set using stateless address autoconfiguration (SLAAC). The addresses use the EUI-64
interface ID in the lower 64 bits of the address. A route type of Connected is added to the route table if the
L flag on the prefix advertisement (on-link flag) is also set.
Usage Examples
The following example enables IPv6 processing on the interface, creates a link-local IPv6 address for the
interface, and allows the interface to automatically configure itself for IPv6:

(config-fr 1.16)#ipv6 address autoconfig

ipv6 address dhcp

ipv6 address dhcp

Syntax Description
marks.
client.
Default Values
Command History

Functional Notes
ipv6 on page 2806.
Usage Examples

(config-fr 1.16)#ipv6 address 2001:DB8:1::1/64
(config-fr 1.16)#ipv6 address dhcp fqdn client@company.com

ipv6 address named-prefix <prefix name> <ipv6 address/prefix-length>

Use the ipv6 address named-prefix command to create an Internet Protocol version 6 (IPv6) address for
the interface using the values in a named prefix. Use the no form of this command to remove the address
from the interface. Variations of this command include:

ipv6 address named-prefix <prefix name> <ipv6 address/prefix-length> eui-64
Syntax Description
<prefix name> Specifies the named prefix to use to create the address.
<ipv6 address/prefix-length> Specifies the address portion appended to the named prefix to create a
128-bit host address. IPv6 addresses should be expressed in colon
hexadecimal format (X:X:X:X::X), for example, 2001:DB8:1::1.
eui-64 Optional. Indicates that the interface ID is to be placed in the lower 64 bits of
the address.
Default Values
By default, no IPv6 addresses are specified on the interface.
Command History
Usage Examples
The following example creates an IPv6 address on the interface using the named prefix PREFIX1:

(config-fr 1.16)#ipv6 address named-prefix PREFIX1 2001:1:0:/48

ipv6 crypto map <name>

Use the ipv6 crypto map command to associate Internet Protocol version 6 (IPv6) crypto maps with the
Syntax Description
Default Values
Command History
Functional Notes
Only one IPv6 crypto map can be specified per interface, and the crypto map is applied within the virtual
routing and forwarding (VRF) instance to which the interface belongs. To apply the IPv6 crypto map, the
interface must have IPv6 enabled. In addition, the interface must have an IPv6 address of appropriate
scope to allow connectivity to peer’s addresses as specified in the crypto map’s entries.
Usage Examples

(config-fr 1.16)#ipv6 crypto map MyMap

ipv6 dhcp client information refresh minimum <seconds>

Use the ipv6 dhcp client information refresh minimum command to specify the minimum value the
Dynamic Host Control Protocol for Internet Protocol version 6 (DHCPv6) client on the interface accepts as
its information refresh timer. Use the no version of this command to return to the default setting.
Syntax Description
<seconds> Specifies the refresh timer in seconds. Valid range is 600 to 3600 seconds.
Default Values
By default, the DHCPv6 client refresh timer is set to 600 seconds.
Command History
Usage Examples
The following example specifies the DHCPv6 client refresh timer for the interface is 800 seconds:

(config-fr 1.16)#ipv6 dhcp client information refresh minimum 800


include:

Syntax Description
Default Values
Command History
Usage Examples

(config-fr 1.16)#ipv6 dhcp client pd PREFIX1



Syntax Description
2001:DB8:1::1.
used when sending messages to the DHCPv6 server.
system-management-evc Optional. Specifies the system management EVC is used when sending
messages to the DHCPv6 server.
Default Values
Command History
management EVCs.

Functional Notes
Usage Examples
2001:DB8:2::1:

(config-fr 1.16)#ipv6 dhcp relay destination 2001:DB8:2::1
Technology Review
broadcast address. In DHCPv6, the IPv6 client sends messages using the link-scoped mulitcast address.

ipv6 dhcp server

include:

Syntax Description
command.
this command.

Default Values
Command History
Functional Notes
mode.
Usage Examples

(config-fr 1.16)#ipv6 address 2001:DB8:1::1/64
(config-fr 1.16)#ipv6 dhcp server POOL1

ipv6 ffe
Use the ipv6 ffe command to enable the RapidRoute fast forwarding engine (FFE) on this Internet Protocol
ipv6 ffe
interface.
Syntax Description
Default Values
By default, the RapidRoute Engine is enabled on IPv6-enabled interfaces (using the command ipv6 on
page 2216). The default number of max-entries is 4096.
Command History
Functional Notes
Usage Examples

(config-fr 1.16)#no ipv6 ffe
Technology Review

processing layers.


Syntax Description
No subcommands.
Default Values
Command History
Command History
Usage Examples

(config-fr 1.16)#ipv6 mode host unicast

ipv6 mtu <size>

Use the ipv6 mtu command to specify the maximum transmission unit (MTU) for Internet Protocol
version 6 (IPv6) packets on the interface. Use the no form of this command to return to the default value.
Syntax Description
<size> Specifies the MTU value. Valid range is 1280 to 1500 bytes.
Default Values
By default, the MTU of the interface is set to 1280 bytes.
Command History
Functional Notes
In IPv6, the minimum MTU is 1280 octets. Any link that has an MTU less than 1280 octets must use link
fragmentation and reassembly that is transparent to IPv6 (for example, the Fragmentation Header).
Sources in the IPv6 network are expected to perform path maximum transmission unit (PMTU) discovery
to send packets larger than 1280 octets. PMTU works in the following manner: First, the sending node
assumes the link MTU of the interface from which the traffic is being forwarded and then sends the IPv6
packet at the link MTU size. If a router on the path is unable to forward the packet, it sends an ICMP
Packet Too Big message back to the sending node containing the link MTU of the link on which the packet
forwarding failed. The sending node then rests the PMTU to the value of the MTU field in the Internet
Control Message Protocol version 6 (ICMPv6) Packet Too Big message, and the packet is resent.
The MTU for IPv6 packets can be set on a per-interface basis. There are two methods for setting MTUs for
interfaces if required: one for Layer 3 interfaces, and one for the underlying Layer 1 and Layer 2 interfaces.
For all interface types, use the ipv6 mtu <size> command to specify the IPv6 MTU in bytes from the
interface’s configuration mode. The minimum MTU setting for IPv6 is 1280 bytes, and the maximum is
1500 bytes. The IPv6 MTU value is independent of the IPv4 MTU setting (set with the command ip mtu
<size> on page 2786).
When the interface is forwarding the IPv6 packet as a router, if the packet size exceeds the IPv6 MTU of
the egress interface, the packet is dropped and ICMPv6 Packet Too Big message is sent to the source.
When originating an IPv6 packet from the local IPv6 stack, and the packet is larger than the IPv6 MTU of
the egress interface, the packet is fragmented and sent.
Usage Examples
The following example specifies the IPv6 MTU value for the interface:

(config-fr 1.16)#ipv6 mtu 1350

ipv6 nd advertisement-interval
Use the ipv6 nd advertisement-interval command to specify that the Advertisement Interval Option is
sent in Internet Protocol version 6 (IPv6) router advertisement (RA) messages from the router. This
command is effectual only when the interface is in router mode. Use the no form of this command to return
to the default interval.
Syntax Description
No subcommands.
Default Values
By default, Advertisement Interval Options are not sent in RA messages.
Command History
Functional Notes
Sending the Advertisement Interval Option should be enabled when the router is functioning in a mobile IP
environment to aid movement detection by mobile nodes. This option contains the current value of the
maximum router advertisement interval configured using the command ipv6 nd ra interval on page 2837.
Usage Examples
The following example specifies that the interface include Advertisement Interval Options in RA messages
sent from the router:

(config-fr 1.16)#ipv6 nd advertisement-interval

ipv6 nd cache max-incomplete <number>

Use the ipv6 nd cache max-incomplete command to specify the maximum number of incomplete entries
the Neighbor Discovery (ND) cache retains. Use the no form of this command to return to the default
value.
Syntax Description
<number> Specifies the number of incomplete ND entries to retain in the cache. Valid
range is 1 to 321.
Default Values
By default, the incomplete ND entries can take at maximum one-third of the possible ND cache entries
(varies by product).
Command History
Usage Examples
The following example specifies that the interface stores 150 incomplete entries in the ND cache:

(config-fr 1.16)#ipv6 nd cache max-incomplete 150

ipv6 nd dad attempts <number>

Use the ipv6 nd dad attempts command to specify the number of neighbor solicitation (NS) messages
sent by the interface when performing Internet Protocol version 6 (IPv6) duplicate address detection
(DAD). This command is effectual when the interface is in either host or router mode. Use the no form of
Syntax Description
<number> Specifies the number of NS messages that will be sent. Range is 0 to 10
messages. A value of 0 disables DAD on the interface.
Default Values
By default, the interface sends 1 NS message.
Command History
Functional Notes
DAD is used by devices to determine if IPv6 addresses are unique before they are applied to interfaces.
DAD is used in NS messages to detect duplicate unicast addresses. The Target Address fields in the NS
messages are set to the IPv6 address for which duplication is being detected. Destination IPv6 addresses
for DAD in NS messages are the solicited-node multicast version of the address being tested. Source IPv6
addresses for DAD are set to the IPv6 unspecified address (::). Once the IPv6 address is determined by
DAD to be unique, it can be applied to the IPv6 interface on the node.
DAD in AOS is performed when an interface transitions state from DOWN to UP or when manually
configuring an address. When performing DAD because of an interface transition, DAD will happen
immediately after the interface transition and again 40 seconds later to cooperate with the port being
connected to an Ethernet switch.
Usage Examples
The following example specifies that 3 NS messages are sent by the interface when performing DAD:

(config-fr 1.16)#ipv6 nd dad attempts 3

ipv6 nd managed-config-flag
Use the ipv6 nd managed-config-flag command to specify the M flag in Internet Protocol version 6
(IPv6) router advertisement (RA) messages. The M flag instructs hosts receiving the RA that they can use
stateful Dynamic Host Configuration Protocol version 6 (DHCPv6) to configure addresses and nonaddress
information. Use the no form of this command to disable the setting of the M flag.
Syntax Description
No subcommands.
Default Values
By default, the M flag is not set in RAs.
Command History
Functional Notes
If you specify that the M flag is set in RA messages, you do not need to set the 0 flag (it becomes
redundant).
Usage Examples
The following example sets the M flag for RA messages sent by the interface:

(config-fr 1.16)#ipv6 nd managed-config-flag

ipv6 nd ns-interval <value>

Use the ipv6 nd ns-interval command to specify the interval between transmission of certain Internet
Protocol version 6 (IPv6) Neighbor Discovery (ND) messages and to control what ND value is advertised
in router advertisement (RA) messages. This command is effectual whether the interface is in host or
router mode. Use the no form of this command to return the interval to the default value.
Syntax Description
<value> Specifies the time (in milliseconds) between neighbor message
Default Values
By default, the interval is set to 1000 ms for internal use by the router and 0 (unspecified) is sent in RA
messages.
Command History
Functional Notes
This command controls the spacing of neighbor solicitation (NS) messages for functions such as address
resolution, reachability detection, and duplicate address detection (DAD). For DAD it also serves as the
amount of time after the last transmission before the detection phase of autoconfiguration terminates. In
addition, the command controls the interval between unsolicited neighbor advertisement (NA) messages.
Usage Examples
The following example changes the interval between RA messages sent from the interface to 2000 ms:

(config-fr 1.16)#ipv6 nd ns-interval 2000

ipv6 nd other-config-flag
Use the ipv6 nd other-config-flag command to specify the O flag in Internet Protocol version 6 (IPv6)
router advertisement (RA) messages. This command is only effectual when the interface is in router mode.
When the O flag is set, hosts receiving the RA messages are instructed that they may use stateless Dynamic
Host Configuration Protocol version 6 (DHCPv6) to receive information that is not IPv6 addressing
information, and to use some other method (whether through manual configuration, stateless address
autoconfiguration (SLAAC), etc.) for addressing information. Use the no form of this command to disable
the O flag setting.
Syntax Description
No subcommands.
Default Values
By default, the O flag is not set in RA messages.
Command History
Functional Notes
If the M flag is set for RA messages, you do not need to set the O flag.
Usage Examples
The following example sets the O flag in RA messages from the interface:

(config-fr 1.16)#ipv6 nd other-config-flag

ipv6 nd prefix

[off-link]
Syntax Description
between 0 and 128.
infinite Optional. Specifies that the the valid and preferred lifetimes of the prefix do
not expire.
no-rtr-address Optional. Sets the R flag in the RA message to 0 and specifies the full router
IPv6 address is not included in the RA message.
prefix.

Default Values
Command History
options.
Functional Notes

Usage Examples

(config-fr 1.16)#ipv6 nd prefix 2001:DB8:3F::/48 infinite infinite

(config-fr 1.16)#ipv6 nd prefix default infinite infinite off-link no-autoconfig

ipv6 nd purge-timer <value>

Use the ipv6 nd purge-timer command to specify the maximum amount of time an unused Internet
Protocol version 6 (IPv6) neighbor entry remains in the neighbor cache. This command applies to
interfaces in either host or router mode. Use the no form of this command to return the purging interval to
the default value.
Syntax Description
<value> Specifies the neighbor cache entry storage time in minutes. Valid range is
10 to 1440 minutes.
Default Values
By default, idle (STALE) neighbor cache entries are cleared after 1440 minutes (24 hours).
Command History
Functional Notes
This command applies to interfaces in either router or host mode. A neighbor entry is typically purged
when neighbor unreachability detection (NUD) is invoked and the neighbor is determined to no longer be
reachable. However, NUD is not performed on idle (STALE) neighbor entries, so this command provides a
method for purging unused entries after a specified amount of time.
Usage Examples
The following example specifies that idle neighbor entries in the neighbor cache are removed after
800 minutes:

(config-fr 1.16)#ipv6 nd purge-timer 800

ipv6 nd ra interval
Use the ipv6 nd ra interval command to specify the interval between transmission of Internet Protocol
version 6 (IPv6) router advertisement (RA) messages. This command is only effectual when the interface
is in router mode. Use the no form of this command to return to the default value. Variations of this
command include:
ipv6 nd ra interval <max time>

ipv6 nd ra interval <max time> <min time>
ipv6 nd ra interval msec <max time>
ipv6 nd ra interval msec <max time> <min time>
Syntax Description
<max time> Specifies the maximum interval between RA message transmission. Time
can be specified in seconds or milliseconds. Range is 4 to 1800 seconds
and 70 to 1800000 ms.
<min time> Optional. Specifies the minimum interval between RA message
transmission. Time can be specified in seconds or milliseconds. Range is
3 seconds to 75 percent of the configured maximum time value in seconds,
or 30 ms to 75 percent of the configured maximum time value in ms.
msec Optional. Specifies that the time values are in milliseconds.
Default Values
By default, the interval is set in seconds and has a maximum interval time of 200 seconds and a minimum
interval time of 75 percent of the maximum seconds value, but not less than 3 seconds.
Command History
Functional Notes
If this router is used as a default router, the interval between RA messages should not be set to a larger
value than the RA lifetime set by the command ipv6 nd ra lifetime <value> on page 2838, which has a
Usage Examples
The following example specifies that the maximum interval in seconds between RA message
transmissions is 300:

(config-fr 1.16)#ipv6 nd ra interval 300


Use the ipv6 nd ra lifetime command to specify the router lifetime advertised in Internet Protocol version
6 (IPv6) router advertisement (RA) messages. This command is effectual when the interface is in router
mode. Use the no form of this command to return to the default setting. Variations of this command
include:

ipv6 nd ra lifetime default-route
Syntax Description
<value> Specifies the router lifetime in seconds. Range is 0 to 9000 seconds. A
value of 0 indicates this is not a default router. A value other than 0
indicates to other nodes that this router can be used as a default router.
default-route Specifies the RA lifetime is 0 if no default route exists on any IPv6 interface.
Default Values
By default, the router lifetime is set to 1800 seconds.
Command History
Release R11.5.0 Command was expanded to include the default-route parameter.
Functional Notes
A value other than 0 for a router lifetime should be larger than the router advertisement interval specified in
the command ipv6 nd ra interval on page 2837.
Usage Examples
In the following example, the router lifetime advertised in RA messages is 3000 seconds:

(config-fr 1.16)#ipv6 nd ra lifetime 3000

ipv6 nd ra reachable-time <value>

Use the ipv6 nd ra reachable-time command to specify the value advertised for reachable time in Internet
Protocol version 6 (IPv6) router advertisement (RA) messages. This command also specifies the internal
base reachable time used by the router. This command is effectual for interfaces in either host or router
mode. Use the no form of this command to return the reachability value to the default setting.
Syntax Description
<value> Specifies the reachability time in milliseconds. Range is 0 to 3600000 ms. A
value of 0 indicates the reachable time is unspecified.
Default Values
By default, the router advertises a reachability time of 0 ms and uses an internal value of 30000 ms.
Command History
Functional Notes
This command is effectual for interfaces in either router or host mode. For hosts, this value sets the internal
reachable time used by the host if no RAs are received specifying a different value. For routers, the value
indicates the amount of time a device is considered reachable after having received a reachability
confirmation in neighbor unreachabililty detection (NUD).
Usage Examples
The following example specifies that a reachability time of 50000 ms is advertised in RA messages:

(config-fr 1.16)#ipv6 nd ra reachable-time 50000

ipv6 nd ra suppress
Use the ipv6 nd ra suppress command to specify whether Internet Protocol version 6 (IPv6) router
advertisement (RA) messages will be suppressed. This command only applies to interfaces in router mode.
Use the no form of this command to begin sending RA messages.
Syntax Description
No subcommands.
Default Values
By default, RA messages are not suppressed. When IPv6 routing is not enabled on the router, or when
implemented in a host-only mode, the default setting is to suppress advertisements on all interface types.
Command History
Usage Examples
The following example suppresses RA messages on the interface:

(config-fr 1.16)#ipv6 nd ra suppress

ipv6 nd router-preference
Use the ipv6 nd router-preference command to specify the default router preference value set in Internet
Protocol version 6 (IPv6) router advertisement (RA) messages. Setting this preference helps the receivers
of RA messages to determine the preference of one router over another as a default router in environments
with multiple routers. Use the no form of this command to return the preference to the default setting.
ipv6 nd router-preference high

ipv6 nd router-preference low
ipv6 nd router-preference medium
Syntax Description
high Specifies the preference value is high.
low Specifies the preference value is low.
medium Specifies the preference value is medium.
Default Values
By default, the router preference is set to medium.
Command History
Usage Examples
The following example specifies that the advertised default router preference is high:

(config-fr 1.16)#ipv6 nd router-preference high

ipv6 route-cache
Use the ipv6 route-cache command to enable Internet Protocol version 6 (IPv6) fast-cache switching on
the interface. Use the no form of this command to disable fast-cache switching and return to process
switching mode.
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
The following example enables IPv6 fast switching on the interface:

(config-fr 1.16)#ipv6 route-cache

lldp receive
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example configures the Frame Relay subinterface to receive LLDP packets:

(config-fr 1.16)#lldp receive

lldp send
lldp send
Syntax Description
Default Values
Command History
Functional Notes

Usage Examples
The following example configures the Frame Relay subinterface to transmit LLDP packets containing all
enabled information types:

(config-fr 1.16)#lldp send
The following example configures the Frame Relay subinterface to transmit and receive LLDP packets
containing all information types:

(config-fr 1.16)#lldp send-and-receive

media-gateway ip

media-gateway ip primary vrrp <number>
media-gateway ip primary vrrpv3 <number>
media-gateway ip secondary vrrp <number>
media-gateway ip secondary vrrp <number> <ipv4 address>
media-gateway ip secondary vrrpv3 <number>
media-gateway ip secondary vrrpv3 <number> <ipv4 address>
Syntax Description
loopback interface.
(for example, 10.10.10.1).
vrrp <number> Specifies that the IPv4 address of the Virtual Router Redundancy Protocol
version 2 (VRRP) router group’s virtual router ID (VRID) is used as the
media gateway address on the interface. Valid VRID range is 1 to 255.
vrrpv3 <number> Specifies that the IPv4 address of the VRRP version 3 (VRRPv3) VRID is
used as the media gateway address on the interface. Valid VRID range is 1
to 255.
<ipv4 address> Optional. Specifies a secondary IPv4 address of the VRRP or VRRPv3
VRID is used as the media gateway address on the interface. IPv4
10.10.10.1).
Default Values

Command History
Ethernet interface.
Release R12.2.0 Command was expanded to include the vrrp and vrrpv3 parameters.
Functional Notes
To use VRRP or VRRPv3 addresses as the media gateway on the interface, you must first have configured
VRRP or VRRPv3.
Usage Examples

(config-fr 1.16)#media-gateway ip primary

media-gateway ipv6
Use the media-gateway ipv6 command to associate an Internet Protocol version 6 (IPv6) address source to
media-gateway ipv6
media-gateway ipv6 <ipv6 address>
media-gateway ipv6 loopback <interface id>
media-gateway ipv6 vrrpv3 <number>
media-gateway ipv6 vrrpv3 <number> <ipv6 address>
Syntax Description
<ipv6 address> Specifies an IPv6 address to use for the media gateway. Specify an IPv6
address in colon hexadecimal format (X:X:X:X::X), for example,
2001:DB8:1::1.
loopback interface.
vrrpv3 <number> Specifies that all the secondary IPv6 addresses of the Virtual Routing
Redundancy Protocol version 3 (VRRPv3) virtual router ID (VRID) are used
as media gateway addresses on the interface. Valid VRID range is 1 to 255.
<ipv6 address> Optional. Specifies a single IPv6 address of the VRRPv3 VRID is used as
the media gateway address on the interface. Specify an IPv6 address in
colon hexadecimal format (X:X:X:X::X), for example, 2001:DB8:1::1.
Default Values
By default, media-gateway ipv6 is disabled.
Command History
Release R12.2.0 Command was expanded to include the vrrpv3 parameters.
Functional Notes
To use VRRPv3 addresses as the media gateway on the interface, you must first have configured
VRRPv3.

Usage Examples
The following example configures the unit to use the IPv6 address for RTP traffic:

(config-fr 1.16)#media-gateway ipv6


command include:

Syntax Description
is 0 to 31.
Default Values
Command History
Functional Notes

command fails.
interface.
Usage Examples
follows:

(config-fr 1.16)#ospfv3 5 area 10 ipv6 instance 10


Syntax Description
Default Values
Command History
Usage Examples

(config-fr 1.16)#ospfv3 authentication null


the default value.
Syntax Description
reported.
65535.
Default Values
Command History
Functional Notes
Usage Examples

(config-fr 1.16)#ospfv3 5 cost 10


Syntax Description
reported.
Default Values
Command History
Functional Notes
Usage Examples
follows:

(config-fr 1.16)#ospfv3 5 dead-interval 100

ospfv3 encryption
include:
Syntax Description
256.
des uses DES.
(sha1) algorithms.

Default Values
Command History
Functional Notes
Usage Examples

(config-fr 1.16)#ospfv3 encryption ipsec spi 120 esp null md5


Syntax Description
reported.
Default Values
Command History
Functional Notes
Usage Examples
seconds:

(config-fr 1.16)#ospfv3 5 hello-interval 20



Syntax Description
reported.
point-to-point.
Default Values
Command History
Functional Notes
Usage Examples

(config-fr 1.16)#ospfv3 5 network point-to-point


Syntax Description
reported.
Default Values
Command History
Functional Notes
Usage Examples

(config-fr 1.16)#ospfv3 5 priority 6


Syntax Description
reported.
Default Values
Command History
Functional Notes
Usage Examples

(config-fr 1.16)#ospfv3 5 retransmit-interval 10


Syntax Description
reported.
Default Values
Command History
Functional Notes
Usage Examples

(config-fr 1.16)#ospfv3 5 shutdown


Syntax Description
reported.
Default Values
Command History
Functional Notes
Usage Examples

(config-fr 1.16)#ospfv3 5 transmit-delay 2

Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables RTP quality monitoring on the Frame Relay interface:

(config-fr 1.16)#rtp quality-monitoring

snmp trap
Syntax Description
No subcommands.
Default Values
enabled.
Command History
interface.
Release 17.9 Command was expanded to the Frame Relay and the ATM subinterfaces.
Usage Examples
The following example enables SNMP on the virtual Frame Relay subinterface:

(config-fr 1.16)#snmp trap


Syntax Description
No subcommands.
Default Values
Command History
interface.
interface.
Release 17.9 Command was explanded to the Frame Relay and the ATM subinterfaces.
Functional Notes
number 1.3.6.1.2.1.31.1.1.1.14.0).
Usage Examples
The following example disables the link-status trap on the Frame Relay subinterface:

(config-fr 1.16)#no snmp trap link-status

Use the spanning-tree bpdufilter command to block bridge protocol data units (BPDUs) from being
transmitted and received on this interface. To return to the default value, use the no form of this command.

Syntax Description
disable Disables the BPDU filter.
enable Enables the BPDU filter.
Default Values
Command History
Functional Notes
The purpose of this command is to remove a port from participation in the spanning tree. This might be
beneficial while debugging a network setup. It normally should not be used in a live network.
Usage Examples
The following example enables the BPDU filter on the interface:

(config-fr 1.16)#spanning-tree bpdufilter enable

Use the spanning-tree bpduguard command to block bridge protocol data units (BPDUs) from being
received on this interface. To return to the default value, use the no form of this command. Variations of

Syntax Description
disable Disables the BPDU block.
enable Enables the BPDU block.
Default Values
Command History
Usage Examples
The following example enables the BPDU guard on the interface:

(config-fr 1.16)#spanning-tree bpduguard enable

Use the spanning-tree edgeport command to set this interface to be an edgeport. This command overrides
the global setting (refer to spanning-tree edgeport default on page 1829). Use the no form of this
Syntax Description
No subcommands.
Default Values
Command History
Release 8.1 Command was added to the ATM Subinterface command set.
Functional Notes
When an interface is designated as an edgeport, the interface will immediately go to a forwarding state
when the link becomes active. When an interface is not designated as an edgeport, the interface must go
through the listening and learning states before going to the forwarding state.
Usage Examples
The following example configures the interface to be an edgeport:

(config-fr 1.16)#spanning-tree edgeport

(config-fr 1.16)#spanning-tree edgeport disable
or

(config-fr 1.16)#no spanning-tree edgeport

Use the spanning-tree link-type command to configure the spanning-tree protocol link type for an
interface. To return to the default value, use the no form of this command. Variations of this command
include:

Syntax Description
point-to-point Manually sets link type to point-to-point regardless of duplex settings.
shared Manually sets link type to shared regardless of duplex settings.
Default Values
By default, a port is set to auto.
Command History
Functional Notes
This command overrides the default link-type setting determined by the duplex of the individual port. By
use the specified link type. Using the link-type auto command, restores the convention of determining link
Usage Examples
The following example forces the link type to point-to-point, even if the port is configured to be half-duplex:
(config)#bridge 1 protocol ieee

(config-fr 1.16)#spanning-tree link-type point-to-point
Technology Review


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example assigns a path cost of 100 on a Frame Relay subinterface:

(config-fr 1.16)#spanning-tree path-cost 100
Technology Review


Use the spanning-tree port-priority command to select the priority level of a port associated with a
bridge. To return to the default bridge-group priority value, use the no form of this command.
Syntax Description
<value> Priority value for the bridge group; the lower the value, the higher the
priority. Valid range is 0 to 255.
Default Values
By default, the bridge-group priority value is set at 28.
Command History
Functional Notes
At that point, the level set in this command will determine which port the bridge will use. Set the priority
value lower to increase the chance the interface will be used.
Usage Examples
The following example sets the maximum priority on the Frame Relay subinterface labeled 1.16:

(config-fr 1.16)#spanning-tree port-priority 0


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example assigns the frame-relay 1.16 interface to the VRF instance named RED:


Command Reference Guide HDLC Interface Command Set
HDLC INTERFACE COMMAND SET
To create a virtual high level data link control (HDLC) interface and/or activate the HDLC Interface
Configuration mode, enter the interface hdlc command at the Global Configuration mode prompt. For
example:
>enable
#configure terminal
(config-hdlc 1)#
do on page 81
end on page 82
exit on page 83
shutdown on page 93
alias link “<text>” on page 2875

bridge-group <value> on page 2877
keepalive <value> on page 2941

HDLC Interface Command Set Command Reference Guide


alias link “<text>”

Each configured high level data link control (HDLC) interface (when referenced using Signaling Network
Management Protocol (SNMP)) contains a link (physical port) and a bundle (group of links). RFC 1471
(for Link Connection Protocol) provides an interface table to manage lists of bundles and associated links.
The alias link command provides the management station an identifying description for each link (HDLC
physical).
Syntax Description
“<text>” Describes the interface (for SNMP) using an alphanumeric character string
enclosed in quotation marks.
Default Values
By default, the HDLC identification string appears as empty quotation marks (“ ”).
Command History
Functional Notes
The alias link string should be used to uniquely identify an HDLC link. Enter a string that clearly identifies
the link.
Usage Examples
The following example defines a unique character string for the virtual HDLC interface (1):
(config-hdlc 1)#alias link “HDLC_link_1”
Technology Review
Please refer to RFC 1990 for a more detailed discussion on HDLC links and bundles.

bandwidth <value>
Syntax Description
<value> Specifies the bandwidth in kbps. Range is 1 to 4294967295 kbps.
Default Values
To view the default values, use the command show interfaces on page 670.
Command History
Functional Notes
Usage Examples
The following example sets bandwidth of the high level data link control (HDLC) interface to 10 Mbps:
(config-hdlc 1)#bandwidth 10000

bridge-group <value>
Syntax Description
<value> Specifies the bridge group (by number) to which to assign this interface.
Range is 1 to 255.
Default Values
Command History
Functional Notes
be bridged (Ethernet to T1 bridge, Ethernet to Frame Relay subinterface, etc.).
Usage Examples
The following example assigns the high level data link control (HDLC) interface labeled 1 to bridge group 1:
(config-hdlc 1)#bridge-group 1



Syntax Description
Default Values
Command History
Usage Examples
The following example removes the VLAN tags from the packets on the HDLC 1 interface:
(config-hdlc 1)#bridge-group 1 vlan-transparent

Use the dial-backup auto-backup command to configure the interface to automatically attempt a dial
Syntax Description
No subcommands.
Default Values
Command History
Release 5.1 Command was expanded to include the Point-to-Point Protocol (PPP)
interface.
Usage Examples
(config-hdlc 1)#dial-backup auto-backup

Use the dial-backup auto-restore command to configure the interface to automatically discontinue dial
backup when all network conditions are operational. Use the no form of this command to disable the
Syntax Description
No subcommands.
Default Values
condition clears.
Command History
interface.
Usage Examples
condition clears:
(config-hdlc 1)#dial-backup auto-restore


Functional Notes and Technology Review sections of dial-backup call-mode on page 2882.
Syntax Description
will enter backup operation on the interface. Range is 10 to 86400 seconds.
Default Values
Command History
interface.
Usage Examples
(config-hdlc 1)#dial-backup backup-delay 60


Syntax Description
Default Values
Command History
interface.
Functional Notes
PPP interface configuration commands. However, the numbers dialed are configured in the primary
interface. Full sample configurations follow:
!
interface eth 0/1
ip address 192.168.1.254 255.255.255.0
no shutdown
!
interface modem 1/3
no shutdown
!
interface t1 1/1

coding b8zs
framing esf
clock source line
no shutdown
!
no shutdown
!
ip address 10.1.1.2 255.255.255.252
no shutdown
!
interface ppp 1
ip address 172.22.56.1 255.255.255.252
username remoterouter password remotepass
ppp chap hostname localrouter
no shutdown
!
ip route 192.168.2.0 255.255.255.0 172.22.56.2 255.255.255.252
!
line telnet 0 4
password password
!
interface eth 0/1
ip address 192.168.100.254 255.255.255.0
no shutdown
!
interface modem 1/3
no shutdown
!
interface t1 1/1
coding b8zs
framing esf
clock source line


no shutdown
!
no shutdown
!
ip address 10.1.1.1 255.255.255.252
!
interface ppp 1
ip address 172.22.56.2 255.255.255.252
username localrouter password adtran
ppp chap hostname remoterouter
ppp chap password remotepass
no shutdown
!
ip route 192.168.1.0 255.255.255.0 172.22.56.1 255.255.255.252
line telnet 0 4
password password
Usage Examples
(config-hdlc 1)#dial-backup call-mode originate
(config-hdlc 1)#dial-backup number 555 1111 analog ppp 1

Technology Review
Dialing Out
with an addition to the dial-backup number command (refer to dial-backup number <number> on page
2889).
negotiation.
Dialing In
down state.


Syntax Description
<value> Selects the amount of time (in seconds) that the router will wait for a
Default Values
Command History
interface.
Usage Examples
(config-hdlc 1)#dial-backup connect-timeout 120

dial-backup force
Review sections of the command dial-backup call-mode on page 2882. Variations of this command
include:

Syntax Description
backup Forces backup regardless of primary link state.
primary Forces primary link regardless of its state.
Default Values
Command History
interface.
Usage Examples
The following example configures AOS to force this interface into dial backup:
(config-hdlc 1)#dial-backup force backup


Syntax Description
<value> Selects the number of call retry attempts that will be made after a link
failure. Valid range is 0 to 15 attempts.
is failed.
Default Values
By default, dial-backup maximum-retry is set to 0 attempts.
Command History
interface.
Usage Examples
The following example configures AOS to retry a dial-backup call four times before considering backup
(config-hdlc 1)#dial-backup maximum-retry 4

dial-backup number <number>

Use the no form of this command to remove a configured dial-backup number. For more detailed
the command dial-backup call-mode on page 2882. Variations of this command include:

Syntax Description
ppp <interface> Specifies the Point-to-Point Protocol (PPP) interface to use as the backup
for this interface (for example, ppp 1).
Default Values
Command History
Release 5.1 Command was expanded to include the PPP interface.
Usage Examples
(config-hdlc 1)#dial-backup number 7045551212 digital-64k 1 1 ppp 1


Use the dial-backup priority command to select the backup priority for this interface. This allows the user
to establish the highest priority backup link and ensure that link will override backups attempted by lower
priority links. Use the no form of this command to return to the default value. For more detailed
Syntax Description
<value> Sets the relative priority of this link. Valid range is 0 to 100. A value of 100
Default Values
By default, dial-backup priority is set to 50.
Command History
interface.
Usage Examples
(config-hdlc 1)#dial-backup priority 100

Syntax Description
No subcommands.
Default Values
Command History
interface.
Usage Examples
(config-hdlc 1)#dial-backup randomize-timers


Syntax Description
<value> Specifies the delay in seconds between attempting to redial a failed backup
attempt. Range is 10 to 3600 seconds.
Default Values
By default, dial-backup redial-delay is set to 10 seconds.
Command History
interface.
Usage Examples
(config-hdlc 1)#dial-backup redial-delay 25


call-mode on page 2882.
Syntax Description
86400 seconds.
Default Values
By default, dial-backup restore-delay is set to 10 seconds.
Command History
interface.
Usage Examples
(config-hdlc 1)#dial-backup restore-delay 30

dial-backup functionality, refer to the Functional Notes and Technology Review sections of the command
dial-backup call-mode on page 2882. Variations of this command include:

Syntax Description
(00:00).
(00:00).
Default Values
Command History
interface.
Usage Examples
(config-hdlc 1)#dial-backup schedule enable-time 08:00
(config-hdlc 1)#dial-backup schedule disable-time 19:00
(config-hdlc 1)#no dial-backup schedule day Saturday
(config-hdlc 1)#no dial-backup schedule day Sunday

Syntax Description
No subcommands.
Default Values
Command History
interface.
Usage Examples
(config-hdlc 1)#dial-backup shutdown

dynamic-dns

Syntax Description
Default Values
Command History
Functional Notes

Usage Examples
and password pass:
(config-hdlc 1)#dynamic-dns dyndns-custom host user pass

fair-queue
fair-queue
fair-queue <value>
Syntax Description
<value> Optional. Value that specifies the maximum number of packets that can be
present in each conversation subqueue. Packets received for a
conversation after this limit is reached are discarded. Range is 16 to
512 packets.
Default Values
By default, fair queue is enabled with a threshold of 64 packets.
Command History
Usage Examples
(config-hdlc 1)#fair-queue 100


Syntax Description
<value> The total number of packets the output queue can contain before packets
are dropped. Range is 16 to 1000 packets.
Default Values
Command History
Usage Examples
(config-hdlc 1)#hold-queue 700 out



Syntax Description
<ipv4 acl name> Assigned IPv4 ACL name.
Default Values
Command History
Functional Notes
Usage Examples
The following example sets up the unit to only allow Telnet traffic (as defined in the user-configured
TelnetOnly IP ACL) into the high level data link control (HDLC) interface:

(config-ext-nacl)#int hdlc 1
(config-hdlc 1)#ip access-group TelnetOnly in


Syntax Description
Default Values
Command History
interfaces.
products.
Functional Notes
Usage Examples


Associate the ACP with the HDLC interface 1:
(config-hdlc 1)#ip access-policy PRIVATE


interface. Use the no form of this command to remove a configured IPv4 address. Variations of this
command include:

Syntax Description
example, /24).
Default Values
Command History
Functional Notes
Usage Examples
The following example configures a secondary IPv4 address of 192.22.72.101 /30:
(config-hdlc 1)#ip address 192.22.72.101 255.255.255.252 secondary


secondary
Syntax Description
example, 10.10.10.1).
example, /24).
Default Values
Command History
Functional Notes
Usage Examples
on subnet 255.255.255.252:
(config-hdlc 1)#ip address range 192.22.72.1 192.22.72.10 255.255.255.252 secondary


Syntax Description
Default Values
Command History
subinterface.
(HDLC) interface.
Ethernet Interface.
Functional Notes


(in) (out)
IPSec IPSec
NAT/ACP/
Firewall
Router
by the firewall.
Usage Examples
(config)#hdlc 1
(config-hdlc 1)#ip crypto map MyMap


Syntax Description
Default Values
Command History
Usage Examples
192.33.4.251:
(config-hdlc 1)#ip dhcp relay destination 192.33.4.251

Syntax Description
Default Values
Command History
Functional Notes

Usage Examples
The following example enables forwarding of directed broadcasts on the interface hdlc 1:
(config-hdlc 1)#ip directed-broadcast

ip ffe
Use the ip ffe command to enable the RapidRoute Engine on this interface with the default number of
entries. Use the no form of this command to disable this feature. Variations of this command include:
ip ffe
Issuing this command will cause all RapidRoute entries on this interface to be cleared.
Syntax Description
Default Values
By default, the RapidRoute Engine is disabled. The default number of max-entries is 4096.
Command History
Release 17.6 Command was expanded to include the tunnel and high level data link
control (HDLC) interface.
Functional Notes
Usage Examples
The following example enables RapidRoute and sets the maximum number of entries in the flow table to
50:
(config-hdlc 1)#ip ffe max-entries 50

Technology Review
processing layers.

ip flow
ip flow egress
ip flow ingress
Syntax Description
filtering traffic.
Default Values
Command History
Usage Examples
The following example enables traffic monitoring on an high level data link control (HDLC) interface to
monitor incoming traffic through an ACL called myacl:
(config-hdlc 1)#ip flow ingress myacl


packets.
The ip helper-address command must be used in conjunction with the ip forward-protocol

Syntax Description
10.10.10.1).
Default Values
Command History
Functional Notes
To implement the helper address feature, assign a helper address(es) (specifying the device that needs to

Usage Examples
IP address 192.33.5.99:

(config-hdlc 1)#ip helper-address 192.33.5.99

ip igmp
command include:
Syntax Description
default setting.
default setting.

Syntax Description
Default Values
Command History
Usage Examples
(config-hdlc 1)#ip igmp last-member-query-interval 200

Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
The following example enables multicast forwarding and IGMP on the high level data link control (HDLC)
interface:
(config-hdlc 1)#ip mcast-stub downstream

ip mcast-stub fixed
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
the ip igmp static-group <address> command (refer to ip igmp on page 2914) to receive multicast traffic
without host-initiated Internet Group Management Protocol (IGMP) activity on the selected interface.
Otherwise, all host-initiated IGMP transactions will enter multicast routes on the router’s interface involved
with IGMP activities.
Usage Examples
(config-hdlc 1)#ip mcast-stub fixed

feature.
Syntax Description
No subcommands.
Default Values
Command History
Release 10.1 Command was expanded to include high level data link control (HDLC)
interfaces.
Functional Notes
Usage Examples
(config-hdlc 1)#ip mcast-stub helper-enable

Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
The following example enables multicast forwarding on the high level data link control (HDLC) interface:
(config-hdlc 1)#ip mcast-stub upstream

ip mtu <size>
Syntax Description
BVIs 64 to 2100
Default Values
BVIs 1500
FDL interfaces 256
PPP interfaces 1500
Command History
products.

Functional Notes
Usage Examples
(config-hdlc 1)#ip mtu 1200

ip ospf

Syntax Description
4294967295.
1 to 65535.
seconds.
0 to 255.


32767 seconds.
Default Values
Protocol (PPP)
priority <value> 1
Command History
Usage Examples
(config-hdlc 1)#ip ospf 1 dead-interval 25000



Syntax Description
Default Values
Command History
Usage Examples
The following example specifies that no authentication will be used on the high level data link control
(HDLC) interface:
(config-hdlc 1)#ip ospf 1 authentication null



Syntax Description
Default Values
point-to-point.
Command History
Functional Notes
Usage Examples
(config-hdlc 1)#ip ospf 1 network broadcast

ip pim sparse-mode
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
The following example enables PIM sparse mode on the high level data link control (HDLC) 1 interface:
(config-hdlc 1)#ip pim sparse-mode


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies a priority of 100 on the high level data link control (HDLC) 1 interface:
(config-hdlc 1)#ip pim-sparse dr-priority 5


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies hellos be sent on the high level data link control (HDLC) 1 interface every
3600 seconds:
(config-hdlc 1)#ip pim-sparse hello-timer 3600


Syntax Description
Default Values
Command History
Usage Examples
(config-hdlc 1)#ip pim-sparse nbr-timeout 300


default value.
Syntax Description
65535 milliseconds.
Default Values
Command History
Usage Examples
(config-hdlc 1)#ip pim-sparse override-interval 3000


Syntax Description
Default Values
Command History
Usage Examples
The following example sets the expected propagation delay to 300 milliseconds on the high level data link
control (HDLC) 1 interface:
(config-hdlc 1)#ip pim-sparse propagation-delay 300


Syntax Description
Default Values
Command History
Usage Examples
The following example assigns the policy route map policy1 to the high level data link control (HDLC) 1
interface:
(config-hdlc 1)#ip policy route-map policy1

ip proxy-arp
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
The following example enables proxy ARP on the high level data link control (HDLC) interface:
(config-hdlc 1)#ip proxy-arp



Syntax Description
Default Values
Command History
Functional Notes
Use the ip rip receive version command to specify a RIP version that overrides the version (in the
Router RIP) configuration. Refer to version on page 4205 for more information.
Usage Examples
The following example configures the high level data link control (HDLC) interface to accept only RIP
version 2 packets:
(config-hdlc 1)#ip rip receive version 2

ip rip send version


Syntax Description
Default Values
Command History
Functional Notes
Use the ip rip send version command to specify a RIP version that overrides the version (in the Router
RIP) configuration. Refer to version on page 4205 for more information.
Usage Examples
The following example configures the high level data link control (HDLC) interface to transmit only RIP
version 2 packets:
(config-hdlc 1)#ip rip send version 2


disable this mode.
Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
(config-hdlc 1)#ip rip summary-address 10.10.123.0 255.255.255.0

ip route-cache
Syntax Description
No subcommands.
Default Values
By default, fast caching is enabled on all interfaces.
Command History
Functional Notes
Usage Examples
The following example enables fast switching on the high level data link control (HDLC) interface:
(config-hdlc 1)#ip route-cache

configuration.
Syntax Description
Default Values
Command History
Ethernet interface.
Functional Notes
Usage Examples
The following example configures the high level data link control (HDLC) interface to use the IP address
assigned to the Ethernet interface 0/1:
(config-hdlc 1)#ip unnumbered eth 0/1

ip urlfilter <name>
Syntax Description
Default Values
Command History
interfaces.
Functional Notes
Usage Examples
The following example performs URL filtering on all traffic entering through the high level data link control
(HDLC) interface and matches the URL filter named MyFilter:
(config-hdlc 1)#ip urlfilter MyFilter in



Syntax Description
example, 2001:DB8:1::1.
Default Values
Command History
Functional Notes
Usage Examples
2001:DB8:2::1:
(config-hdlc 1)#ipv6
(config-hdlc 1)#ipv6 dhcp relay destination 2001:DB8:2::1

keepalive <value>
Use the keepalive command to enable the transmission of keepalive packets on the interface and specify
the time interval in seconds between transmitted packets. Use the no form of this command to return to the
default setting.
Syntax Description
<value> Defines the time interval (in seconds) between transmitted keepalive
packets. Valid range is 0 to 32767 seconds.
Default Values
By default, the time interval between transmitted keepalive packets is 10 seconds.
Command History
Functional Notes
If three keepalive packets are sent to an interface with no response, the interface is considered down. To
detect interface failures quickly, specify a smaller keepalive time.
Usage Examples
The following example specifies a keepalive time of 5 seconds on the high level data link control (HDLC)
interface:
(config-hdlc 1)#keepalive 5

lldp receive
Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example configures the high level data link control (HDLC) interface to receive LLDP
packets:
(config-hdlc 1)#lldp receive

lldp send
lldp send
Syntax Description
Default Values
Command History
Functional Notes

Usage Examples
The following example configures the high level data link control (HDLC) interface to transmit LLDP
packets containing all enabled information types:
(config-hdlc 1)#lldp send
The following example configures the HDLC to transmit and receive LLDP packets containing all
information types:
(config-hdlc 1)#lldp send-and-receive

Syntax Description
Default Values
Command History
Usage Examples
The following example specifies 85 percent of the bandwidth on the high level data link control (HDLC) 1
be available for use in user-defined queues:
(config-hdlc 1)#max-reserved-bandwidth 85

media-gateway ip

Syntax Description
loopback interface.
(for example, 10.10.10.1).
Default Values
Command History
Ethernet interface.
Usage Examples
(config-hdlc 1)#media-gateway ip primary

Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
(config-hdlc 1)#packet-capture 1CAPTURE

qos-policy
Syntax Description
Default Values
Command History
Functional Notes

Usage Examples
The following example applies the QoS map VOICEMAP to the high level data link control (HDLC)
interface:
(config-hdlc 1)#qos-policy out VOICEMAP

Syntax Description
No subcommands.
Default Values
Command History
Usage Examples
The following example enables RTP quality monitoring on the high level data link control (HDLC) interface:
(config-hdlc 1)#rtp quality-monitoring


Syntax Description
No subcommands.
Default Values
Command History
interface.
interface.
Usage Examples
The following example disables the link-status trap on the HDLC interface:
(config-hdlc 1)#no snmp trap link-status


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example assigns the HDLC interface to the VRF instance named RED:
(config-hdlc 1)#vrf forwarding RED

Command Reference Guide Loopback Interface Command Set
LOOPBACK INTERFACE COMMAND SET
To create a virtual loopback interface and/or activate the Loopback Interface Configuration mode, enter
the interface loopback command at the Global Configuration mode prompt. For example:
>enable
#configure terminal
(config-loop 1)#

do on page 81
end on page 82
exit on page 83
shutdown on page 93

ospfv3 <process id> area <area id> on page 3012
ospfv3 <process id> shutdown on page 3014

Loopback Interface Command Set Command Reference Guide
bandwidth <value>
Syntax Description
Default Values
Command History
Functional Notes
QoS. Using the bandwidth command can severely disrupt the configuration of QoS on the interface.
Usage Examples
The following example sets bandwidth of the loopback interface to 10 Mbps:
(config-loop 1)#bandwidth 10000

dynamic-dns

Syntax Description
Default Values
Command History
Functional Notes

Usage Examples
and password pass:
(config-loop 1)#dynamic-dns dyndns-custom host user pass



Syntax Description
<ipv4 acl name> Specifies IPv4 ACL name.
Default Values
Command History
Functional Notes
Usage Examples
The following example sets up the router to allow only Telnet traffic into the loopback interface:

(config-ext-nacl)#interface loopback 1
(config-loop 1)#ip access-group TelnetOnly in


Syntax Description
Default Values
Command History
interfaces.
products.
Functional Notes
Usage Examples


Associate the ACP with the loopback interface 1:
(config-loop 1)#ip access-policy PRIVATE



Syntax Description
example, /24).
Default Values
Command History
Release 2.1 Added ip address dhcp for Dynamic Host Configuration Protocol (DHCP)
client support.
Functional Notes
Use secondary IPv4 addresses to allow dual subnets on a single interface (when you need more IP
Usage Examples
(config-loop 1)#ip address 192.22.72.101 255.255.255.252 secondary


secondary
Syntax Description
example, 10.10.10.1).
example, /24).
Default Values
Command History
Functional Notes
Usage Examples
on subnet 255.255.255.252:
(config-loop 1)#ip address range 192.22.72.1 192.22.72.10 255.255.255.252 secondary


Syntax Description
Default Values
Command History
subinterface.
(HDLC) interface.
Ethernet Interface.
Functional Notes


(in) (out)
IPSec IPSec
NAT/ACP/
Firewall
Router
by the firewall.
Usage Examples
(config-loop 1)#ip crypto map MyMap


Syntax Description
Default Values
Command History
Usage Examples
192.33.4.251:
(config-loop 1)#ip dhcp relay destination 192.33.4.251

Syntax Description
Default Values
Command History
Functional Notes

Usage Examples
The following example enables forwarding of directed broadcasts on the interface loopback 1:
(config-loop 1)#ip directed-broadcast

ip flow
ip flow egress
ip flow ingress
Syntax Description
filtering traffic.
Default Values
Command History
Usage Examples
The following example enables traffic monitoring on a loopback interface to monitor incoming traffic
(config-loop 1)#ip flow ingress myacl


packets.

Syntax Description
10.10.10.1).
Default Values
Command History
Functional Notes

Usage Examples

(config-loop 1)#ip helper-address 192.33.5.99

ip igmp
command include:
Syntax Description
default setting.
default setting.

Syntax Description
Default Values
Command History
Usage Examples
(config-loop 1)#ip igmp last-member-query-interval 200

Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
(config-loop 1)#ip mcast-stub downstream

ip mcast-stub fixed
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
the ip igmp static-group <ip address> command to receive multicast traffic without host-initiated Internet
Usage Examples
(config-loop 1)#ip mcast-stub fixed

feature.
Syntax Description
No subcommands.
Default Values
Command History
Release 10.1 Command was expanded to include the loopback interfaces.
Functional Notes
Usage Examples
(config-loop 1)#ip mcast-stub helper-enable

Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
(config-loop 1)#ip mcast-stub upstream

ip mtu <size>
Syntax Description
BVIs 64 to 2100
Default Values
BVIs 1500
FDL interfaces 256
PPP interfaces 1500
Command History
products.

Functional Notes
Usage Examples
(config-loop 1)#ip mtu 1200


Use the ip ospf area command to add an interface to an Open Shortest Path First version 2 (OSPFv2)
specified area. Use the no form of this command to remove the OSPFv2 process from the interface.
Syntax Description
<area id> Specifies the ID of the area to which this interface is assigned for the
specified OSPFv2 process. Valid range is 0 to 4294967295.
iDefault Values
By default, an OSPFv2 process is not configured on an interface. By default, process IDs and area IDs.
Command History
Usage Examples
To add an interface to the OSPFv2 process 5 in area 10:
(config-loop 1)#ip ospf 5 area 10


Use the ip ospf shutdown command to disable an Open Shortest Path First version 2 (OSPFv2) process on
the interface. When this command is used, the OSPFv2 setting remain in place, but logically it appears to
the interface as though the OSPFv2 process has been removed from the configuration. This command can
be useful in troubleshooting. Use the no form of this command to reinstate the OSPFv2 process.
Syntax Description
(using the command ip ospf <process id> area <area id> on page 2978),
reported.
Default Values
Command History
Usage Examples
(config-loop 1)#ip ospf 5 shutdown

ip pim sparse-mode
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
(config-loop 1)#ip pim sparse-mode


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies a priority of 100 on the loopback 1 interface:
(config-loop 1)#ip pim-sparse dr-priority 100


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
The following example specifies hellos be sent on the loopback 1 interface every 3600 seconds:
(config-loop 1)#ip pim-sparse hello-timer 3600


Syntax Description
Default Values
By default, the PIM sparse neighbor timeout is set to 105 seconds.
Command History
Usage Examples
(config-loop 1)#ip pim-sparse nbr-timeout 300


default value.
Syntax Description
65535 milliseconds.
Default Values
Command History
Usage Examples
(config-loop 1)#ip pim-sparse override-interval 3000


Syntax Description
Default Values
Command History
Usage Examples
(config-loop 1)#ip pim-sparse propagation-delay 300


Syntax Description
Default Values
Command History
Usage Examples
(config-loop 1)#ip policy route-map policy1

ip proxy-arp
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
Usage Examples
The following example enables proxy ARP on the loopback interface:
(config-loop 1)#ip proxy-arp


unit accepts in all RIP packets received on the interface. Use the no form of this command to return to the

Syntax Description
Default Values
Command History
Functional Notes
Use the ip rip receive version to specify a RIP version that overrides the version (in the Router RIP)
configuration.
Usage Examples
The following example configures the loopback interface to accept only RIP version 2 packets:
(config-loop 1)#ip rip receive version 2

ip rip send version

unit sends in all RIP packets transmitted on the interface. Use the no form of this command to return to the

Syntax Description
Default Values
Command History
Functional Notes
Use the ip rip send version to specify a RIP version that overrides the version (in the Router RIP)
configuration.
Usage Examples
The following example configures the loopback interface to transmit only RIP version 2 packets:
(config-loop 1)#ip rip send version 2


disable this mode.
Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
(config-loop 1)#ip rip summary-address 10.10.123.0 255.255.255.0

ip route-cache
Syntax Description
No subcommands.
Default Values
By default, fast-cache switching is enabled on all Ethernet and virtual Frame Relay subinterfaces. IP
route-cache is enabled for all virtual Point-to-Point Protocol (PPP) interfaces.
Command History
Functional Notes
Usage Examples
The following example enables fast switching on the loopback interface:
(config-loop 1)#ip route-cache

configuration.
Syntax Description
dot11ap 1/1.1. Type ip unnumbered ? for a complete list of valid
interfaces.
Default Values
Command History
Ethernet interface.
Functional Notes
taken from the specified interface. For example, specifying ip unnumbered ppp 1 while in the Ethernet
Interface Configuration mode configures the Ethernet interface to use the IP address assigned to the
Point-to-Point Protocol (PPP) interface for all IP processing. In addition, AOS uses the specified interface
Usage Examples
The following example configures the loopback interface (labeled loop 1) to use the IP address assigned
to the PPP interface (ppp 1):
(config-loop 1)#ip unnumbered ppp 1

ip urlfilter <name>
Syntax Description
Default Values
Command History
interfaces.
Functional Notes
Usage Examples
The following example performs URL filtering on all traffic entering through the loopback interface (labeled
loop 1) and matches the URL filter named MyFilter:
(config-loop 1)#ip urlfilter MyFilter in

ipv6
Syntax Description
No subcommands.
Default Values
Command History
Functional Notes
interface.
Usage Examples
(config-loop 1)#ipv6

ipv6 access-policy <ipv6 acp name>

Syntax Description
Default Values
Command History
Usage Examples

Associate the ACP with the PPP interface:
(config-loop 1)#ipv6 access-policy PRIVATEv6


Syntax Description
Default Values
interface.
Command History
Functional Notes
Usage Examples
interface:
(config-loop 1)#ipv6 address 2001:DB8::/32


from the interface.
Syntax Description
64 bits.
Default Values
interface.
Command History
Functional Notes
Usage Examples
(config-loop 1)#ipv6 address 2001:DB8:3F::/48 eui-64


Syntax Description
Default Values
Command History
Functional Notes
Usage Examples
processing:
(config-loop 1)#ipv6 address FE80::220:8FF:FE54:F9D8 link-local

ipv6 address dhcp

ipv6 address dhcp

Syntax Description
marks.
client.
Default Values
Command History

Functional Notes
ipv6 on page 2994.
Usage Examples
(config-loop 1)#ipv6 address 2001:DB8:1::1/64
(config-loop 1)#ipv6 address dhcp fqdn client@company.com


Use the ipv6 address named-prefix command to create an Internet Protocol version 6 (IPv6) address for
the interface using the values in a named prefix. Use the no form of this command to remove the address
from the interface. Variations of this command include:

ipv6 address named-prefix <prefix name> <ipv6 address/prefix-length> eui-64
Syntax Description
<prefix name> Specifies the named prefix to use to create the address.
<ipv6 address/prefix-length> Specifies the address portion appended to the named prefix to create a
128-bit host address. IPv6 addresses should be expressed in colon
hexadecimal format (X:X:X:X::X), for example, 2001:DB8:1::1.
eui-64 Optional. Indicates that the interface ID is to be placed in the lower 64 bits of
the address.
Default Values
By default, no IPv6 addresses are specified on the interface.
Command History
Usage Examples
The following example creates an IPv6 address on the interface using the named prefix PREFIX1:
(config-loop 1)#ipv6 address named-prefix PREFIX1 2001:1:0:/48

ipv6 dhcp client information refresh minimum <seconds>

Use the ipv6 dhcp client information refresh minimum command to specify the minimum value the
Dynamic Host Control Protocol for Internet Protocol version 6 (DHCPv6) client on the interface accepts as
its information refresh timer. Use the no version of this command to return to the default setting.
Syntax Description
<seconds> Specifies the refresh timer in seconds. Valid range is 600 to 3600 seconds.
Default Values
By default, the DHCPv6 client refresh timer is set to 600 seconds.
Command History
Usage Examples
The following example specifies the DHCPv6 client refresh timer for the interface is 800 seconds:
(config-loop 1)#ipv6 dhcp client information refresh minimum 800


include:

Syntax Description
Default Values
Command History
Usage Examples
(config-loop 1)#ipv6 dhcp client pd PREFIX1



Syntax Description
2001:DB8:1::1.
used when sending messages to the DHCPv6 server.
system-management-evc Optional. Specifies the system management EVC is used when sending
messages to the DHCPv6 server.
Default Values
Command History
management EVCs.

Functional Notes
Usage Examples
2001:DB8:2::1:
(config-loop 1)#ipv6
(config-loop 1)#ipv6 dhcp relay destination 2001:DB8:2::1
Technology Review
broadcast address. In DHCPv6, the IPv6 client sends messages using the link-scoped mulitcast address.

ipv6 dhcp server

include:

Syntax Description
command.
this command.

Default Values
Command History
Functional Notes
mode.
Usage Examples
(config-loop 1)#ipv6 address 2001:DB8:1::1/64
(config-loop 1)#ipv6 dhcp server POOL1


Syntax Description
No subcommands.
Default Values
Command History
Command History
Usage Examples
(config-loop 1)#ipv6 mode host unicast

ipv6 nd prefix

[off-link]
Syntax Description
between 0 and 128.
infinite Optional. Specifies that the the valid and preferred lifetimes of the prefix do
not expire.
no-rtr-address Optional. Sets the R flag in the RA message to 0 and specifies the full router
IPv6 address is not included in the RA message.
prefix.

Default Values
Command History
options.
Functional Notes

Usage Examples
(config-loop 1)#ipv6 nd prefix 2001:DB8:3F::/48 infinite infinite
(config-loop 1)#ipv6 nd prefix default infinite infinite off-link no-autoconfig


command include:

Syntax Description
is 0 to 31.
Default Values
Command History
Functional Notes

• If the specified OSPFv3 process is already at its maximum lim

AOS R13.12.0 Command Reference Guide

Uploaded by

Copyright:

Available Formats

AOS R13.12.0 Command Reference Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AOS R13.12.0 Command Reference Guide

Uploaded by

Copyright:

Available Formats

ADTRAN Operating System (AOS)

AOS Version R13.12.0

To the Holder of this Manual

Software Licensing Agreement

901 Explorer Boulevard

2 Copyright © 2021 ADTRAN, Inc. 60000CRG0-35AV

Notes provide additional useful information.

Cautions signify information that could prevent service interruption.

Warnings provide information that could prevent damage to the equipment or

Service and Warranty

DOC - Department of Commerce

60000CRG0-35AV Copyright © 2021 ADTRAN, Inc. 3

AOS Unit Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Introduction to Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Command Set Access Path Quick Reference Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

System Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Application Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1976

Interface Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2004

4 Copyright © 2021 ADTRAN, Inc. 60000CRG0-35AV

PRI Interface Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2396

Carrier Ethernet Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3582

60000CRG0-35AV Copyright © 2021 ADTRAN, Inc. 5

Carrier Ethernet Policer Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3704

Routing Protocol Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3961

Security and Services Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4218

6 Copyright © 2021 ADTRAN, Inc. 60000CRG0-35AV

IPv4 Access Control Policy Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4263

Voice Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4501

60000CRG0-35AV Copyright © 2021 ADTRAN, Inc. 7

HMR Command Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4747

VPN Parameter Command Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5193

8 Copyright © 2021 ADTRAN, Inc. 60000CRG0-35AV

REFERENCE GUIDE INTRODUCTION

AOS UNIT INTRODUCTION

1. ROM - Read Only Memory

60000CRG0-35AV Copyright © 2021 ADTRAN, Inc. 9

4. RAM - Random Access Memory

5. NVRAM - Nonvolatile Random Access Memory

10 Copyright © 2021 ADTRAN, Inc. 60000CRG0-35AV

INTRODUCTION TO COMMAND LINE INTERFACE

How Commands Function

clock set <time> <day> <month> <year>

AOS Command System

60000CRG0-35AV Copyright © 2021 ADTRAN, Inc. 11

#show [flash | cflash]

#copy <file source location> <config-file> tftp

12 Copyright © 2021 ADTRAN, Inc. 60000CRG0-35AV

USING THE CLI

Connecting the Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Connecting the Unit

Accessing the CLI from Your PC

60000CRG0-35AV Copyright © 2021 ADTRAN, Inc. 13

Session Now Available

Understanding Command Modes

Mode Access By... Mode Prompt Accessible Commands

14 Copyright © 2021 ADTRAN, Inc. 60000CRG0-35AV

Mode Access By.... Mode Prompt Accessible Commands

Mode Access By... Mode Prompt Accessible Commands

60000CRG0-35AV Copyright © 2021 ADTRAN, Inc. 15