- DL manuals
- 3Com
- Network Router
- 3036
- Command Reference Manual
3Com 3036 Command Reference Manual
Summary of 3036
Page 1
3com router command reference guide addendum for v1.20 http://www.3com.Com/ part no. 10014302 published january 2004.
Page 2
1.1. Introduction 1.1.1. Scope this manual provides command reference information for new software features found in v1.20 of the 3com router operating system. Use this addendum to supplement command reference information found in the 3com router command reference guide. 1.1.2. Online resources down...
Page 4
1.2 car syntax car cir rate [ cbs size ebs size ] [ conform action [ exceed action] ] undo car view policy-class view parameter cir rate: committed information rate in the range of 8000 to 155000000 bit/s. Cbs size: committed burst size, that is, the number of bits that can be sent in each interval ...
Page 5
For the related command, see qos policy, qos-class. Example configure traffic monitoring for a class. The normal traffic of packets is 38400bit/s. Burst traffic twice of the normal traffic can pass initially and later the traffic is transmitted normally when the rate does not exceed 38400bit/s. When...
Page 6
Description using the debugging qos command, you can enable the debugging of qos. Using the undo debugging qos command, you can disable the debugging of qos. By default, the debugging of qos is disabled. Example enable the debugging of the cbq class information on the interface serial0. [router] deb...
Page 7
1.5 display qos class syntax display qos class [ class-name ] view all views parameter class-name: name of the class. By default, the information of all classes are displayed. Description using the display qos class command, you can browse the class information concerning router configuration. Examp...
Page 8
Parameter policy-name: name of policy. By default, the configuration information of all policies are displayed. Class-name: class name in the policy. Description using the display qos policy command, you can browse the configuration information of the specified or all classes of the specified or all...
Page 9
Committed access rate: cir 8000 (bps), cbs15000 (bit), ebs 0 (bit) conform action: remark mpls exp 3 and pass exceed action: discard class: shape behavior(s): traffic shape: cir 8000 (bps), cbs 15000 (bit), ebs 0 (bit) queue length 1024 (packet) 1.7 display qos policy interface syntax display qos po...
Page 10
Behavior(s): default queue: flow based fair queueing max number of hashed queues 256 matched: 0/0 (packets/bytes) enqueued: 0/0 (packets/bytes) discarded: 0/0 (packets/bytes) discard method: tail class: 3com matched: 0/0 (packets/bytes) operator: logical and rule(s): if-match ip-precedence 5 behavio...
Page 11
General traffic shaping: cir 8000 (bps), cbs 15000 (bit), ebs 0 (bit) queue length: 1024 (packets) queue size: 0 (packets) pass : 0/0 (packets/bytes) discard : 0/0 (packets/bytes) delay : 0/0 (packets/bytes) interface: serial0 direction: inbound policy: test class: default-class matched: 0/0 (packet...
Page 12
View policy-class view parameter bandwidth: bandwidth in kbit/s in the range of 8 to 1000000. Size: specify the allowed burst size in byte in the range of 32 to 2000000. By default, it is bandwidth * 25. Description using the ef command, you can configure certain class to perform expedited-forwardin...
Page 13
Parameter cir rate: committed information rate. Cbs size: burst size in the range of 15000 to 155000000 bits. By default, it is equal to half of cir rate. Ebs size: excessive burst size in the range of 0 to 155000000 bits. By default, it is 0. Queue-length length: queue length in the range of 1 to 1...
Page 14
View class view parameter access-list-number: acl number. Logic-not: do not match the class. Description using the if-match acl command, you can define an acl match rule. Using the undo if-match acl command, you can delete an acl match rule. For the related command, see qos class. Example define a c...
Page 15
Example define match rule for all packets. [3com] qos class class1 [3com-qosclass-class1] if-match any 1.12 if-match class syntax if-match [ logic-not ] class class-name undo if-match [ logic-not ] class class-name view class view parameter class-name: class name. Description using the if-match clas...
Page 16
Example define class2 by invoking class1. Define match rule for class2. As class1 will be invoked, you should configure class1 first.The match rule for class1 is: ip precedence is 5. [3com] qos class class1 [3com-qosclass-class1] if-match ip-precedence 5 define class2 packets with the match rule as ...
Page 17
1.14 if-match inbound-interface syntax if-match [ logic-not ] inbound-interface { type number } undo if-match [ logic-not ] inbound-interface { type number } view class view parameter interface - type : interface type. Number: interface number. Description using the if-match inbound-interface comman...
Page 18
Parameter ip-dscp value: dscp value in the range of 0 to 63. Description using the if-match dscp command, you can define dscp match rule. Using the undo if-match dscp command, you can delete dscp match rule. You can configure this command for a class for several times. When a command is configured, ...
Page 19
Description using the if-match ip-precedence command, you can define ip precedence match rule. Using the undo if-match ip-precedence command, you can delete ip precedence match rule. When the command is configured, the ip-precedence-value will be sorted automatically in ascending order. Up to 8 prec...
Page 20
The match rule for source mac address is effective only for input policies and ethernet interfaces. For the related command, see qos class. Example define the match rule of class1 as follows: match the packets with the destination mac address as 0050-ba27-bed3. [3com] qos class class1 [3com-qosclass...
Page 21
1.19 if-match rtp syntax if-match [ logic-not ] rtp start-port starting-port-number end-port end-port-number undo if-match [ logic-not ] rtp start-port starting-port-number end-port end-port-number view class view parameter starting-port-number: starting rtp port number in the range of 2000 to 65535...
Page 22
View interface view parameter token-number: the number of sending tokens, in the range from 1 to 50. Description using the qmtoken command, you can configure the number of qos sending tokens. Using the undo qmtoken command, you can disable the sending token function of qos. By default, disable qos s...
Page 23
View interface view parameter inbound: inbound direction. Outbound: outbound direction. Policy-name: policy name. Description using the qos apply policy command, you can attach an associated qos policy to an interface. Using the undo qos apply policy command, you can delete associated qos policy fro...
Page 24
View system view. Parameter logic-and: specify the relation between the rules in the class as logic and. That is, the packet that matches all the rules belongs to this class. Logic-or: specify the relation between the rules in the class as logic or. That is, the packet that matches any one of the ru...
Page 25
Description using qos max-bandwidth command, you can set the maximum bandwidth of an interface. Using undo qos max-bandwidth command, you can remove the setting of the maximum bandwidth. By default, the maximum bandwidth is not configured for all interfaces. The bandwidth set by this command is only...
Page 26
Description using qos policy command, you can define a policy and enter map view. Using undo qos policy command, you can delete a policy. The policy cannot be deleted if it is applied on an interface. It is necessary to remove application of the policy on the current interface before deleting it via...
Page 27
Example set the percentage of the maximum reserved bandwidth allocated to the rtp queue application to 70% of the available bandwidth. [3com-serial0] qos reserved-bandwidth pct 70 1.26 qos-class syntax qos-class class-name undo qos-class class-name view class view parameter class-name: name of class...
Page 28
View policy-class view parameter queue-length: maximum threshold value of the queue in the range of 1 to 1024. The default drop mode is tail drop. Description using queue-length command, you can configure maximum queue length. Using undo queue-length command, you can delete configuration. This comma...
Page 29
Parameter value: dscp value in the range of 0 to 63, which can be any of the following keys: ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5 or cs7. Description using remark ip-dscp command, you can configure the dscp value for a class to identify ...
Page 30
Example configure precedence value to 6 to identify packets. [3com] qos policy 3com [3com-qospolicy-3com] qos-class database [3com-qospolicy-c-3com database] remark ip-precedence 6 1.30 wfq syntax wfq [queue-number total-queue-number ] undo wfq view policy-class view parameter total-queue-number: nu...
Page 32
View policy-class view parameter value: dscp value in the range of 0 to 63, which can be any of the following keys: ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5 or cs7. Low-limit: lower threshold value in the range of 1 to 1024. It is 10 by defa...
Page 33
1.33 wred ip-precedence syntax wred ip-precedence value low-limit low-limit high-limit high-limit [discard-probability discard-prob ] undo wred ip-precedence value view policy-class view parameter value: precedence of ip packets in the range of 0 to 7. Low-limit: lower threshold value in the range o...
Page 34
1.34 wred weighting-constant syntax wred weighting-constant exponent undo wred weighting-constant view policy-class view parameter exponent: exponential in the range of 1 to 16. It is 6 by default. Description using wred weighting-constant command, you can set exponential for the calculation of aver...
Page 36
Using debugging hwtacacs authentication command, you can display the authentication information and the authorization state of the current users. If the command is not configured with any argument, the information of all the users will be displayed. If the argument user has been configured, only the...
Page 37
Example # display the accounting information of aaa users. [3com]display hwtacacs accounting hwtacacs accounting statistics accounting packet wait-queue length: 0 username don accounting time=00:01:19 accounting type=login,service=shell ----------------------------------------------------------- use...
Page 38
Table 2-1 field description of the display hwtacacs accounting command item description interface interface used by a user, which can be any type of interfaces listed as follows: physical interfaces: synchronous serial interface, asynchronous serial interface, ethernet interface, aux interface, cons...
Page 39
Authentication terminate packets sent by the router, the received and transmitted packets, and the number of connection failures. Using the display hwtacacs server verbose command, you can display the size of the accounting, authorization and accounting queues of aaa users, whether the queue has bee...
Page 40
View hwtacacs view parameter none description using domain command, you can configure a specified tacacs+ server to permit a user to directly specify the domain name when entering the user name. Using undo domain command, you can disallow a specified tacacs+ server to permit the user to directly spe...
Page 41
Parameter ip ip-address: ip address of the tacacs+ server to be added. Name host-name: name of the tacacs+ server to be added, which has been configured by the ip host command. It is a string of 1 to 20 printable characters except for the space. Port port-number: the service port number on the tacac...
Page 42
Each tacacs+ server group allows only one primary authentication server, one primary authorization server, and one primary accounting server. When you configure a second primary server, there will be prompt information, the previous primary aaa server will be changed into a common server, and the ne...
Page 43
2.6 hwtacacs-server template syntax hwtacacs-server template template-name undo hwtacacs-server template template-name view system view parameter template-name: the string naming a server group, which contains 1 to 20 printable characters except for the space. Description using hwtacacs-server templ...
Page 44
2.7 reset hwtacacs accounting statistics syntax reset hwtacacs accounting statistics view all views parameter none description using reset hwtacacs accounting statistics command, you can clear all accounting statistics for aaa users. For a related command, see display hwtacacs accounting. Example # ...
Page 45
Example # clear all the statistics of tacacs+ servers. [router] reset hwtacacs server statistics 2.9 shared-key syntax shared-key key-string undo shared-key view hwtacacs view parameter key-string: the encrypted key used for the aaa negotiation between the router and a tacacs+ server. It is a string...
Page 47
2.11 timer quiet syntax timer quiet minutes undo timer quiet view hwtacacs view parameter minutes: switchover interval, which must be in the range of 1 to 255 minutes and defaults to 5 minutes. Description using the timer quiet command, you can configure a standby/primary server switchover interval ...
Page 48
Chapter 3 ssh configuration commands 3.1 debugging rsa syntax debugging rsa undo debugging rsa view all views parameter none description using the debugging rsa command, you can enable rsa debugging and send the details of all the processes and the packet structure of the rsa algorithm to the info-c...
Page 49
View user view parameter vty index: the ssh channel being debugged. Its value is a vty number and is in the range of 0 to 4 by default. All: all the ssh channels. Description using the debugging ssh server command, you can send the information such as the negotiation procedure provisioned in ssh1.5 ...
Page 50
View all views parameter none description using the display rsa local-key-pair public command, you can display the public key portion of the server-end host key-pair and server key-pair. If no key has ever been created, the system will inform you that it has not found any keys by displaying “rsa key...
Page 52
Key code: 308186 028180 e75e3d7c 11923d33 143fb829 470ea018 889147f6 6f27a98a d6c54a36 c7db17e1 647dc2be f1c54116 641cd690 e5f7b492 a059bd6a b86a7d18 1040765c 978af7c9 12807eae 819b4a65 787cde9c 940f74c8 bc4efd81 6cc3ebda 51e75d1b d073aa69 1f646a81 035496ac 6f98a730 d8c44931 598682ef ea40df88 5dd98d...
Page 53
Vty0 1.5 des session started 3com vty3 1.5 des session started router 3.6 display sshuser-information syntax display sshuser-information[ username ] view all views parameter username: a valid ssh user name defined by aaa. Description using the display ssh user-information command, you can display in...
Page 54
View public key edit view parameter hex-data: public key data, which is a hexadecimal character string coded in the public key format. Description using the hex command, you can input the public key data. The public key that you input must be the one randomly generated by the ssh client program. You...
Page 55
[3com-rsa-key-code] hex c7db17e1 647dc2be f1c54116 641cd690 e5f7b492 a 059bd6a b86a7d18 [3com-rsa-key-code] hex 1040765c 978af7c9 12807eae 819b4a65 787cde9c 9 40f74c8 bc4efd81 [3com-rsa-key-code] hex 6cc3ebda 51e75d1b d073aa69 1f646a81 035496ac 6 f98a730 d8c44931 [3com-rsa-key-code] hex 598682ef ea4...
Page 57
3.10 public-key-code begin syntax public-key-code begin view public key view parameter none description using the public-key-code begin command, you can access the public key edit view to input the public key data generated by the client program.. Before using this command, you must specify a key na...
Page 58
3.11 public-key-code end syntax public-key-code end view public key view parameter none description using the public-key-code end command, you can end the public key editing and save the configured public key. Besides, you can also use this command to return from the public key view to the system vi...
Page 59
[3com-rsa-public-key] public-key-code begin [3com-rsa-key-code] hex 308186 [3com-rsa-key-code] hex 028180 [3com-rsa-key-code] hex e75e3d7c 11923d33 143fb829 470ea018 889147f6 6 f27a98a d6c54a36 [3com-rsa-key-code] hex c7db17e1 647dc2be f1c54116 641cd690 e5f7b492 a 059bd6a b86a7d18 [3com-rsa-key-code...
Page 60
An essential operation underlying a successful ssh login is generating local rsa key-pairs by configuring rsa local-key-pair create. It is only necessary for you to execute this command once and you do not have to execute it again after rebooting the router.. For related command, see rsa local-key-p...
Page 61
Description using the rsa local-key-pair destroy command, you can destroy all the server-end rsa keys (including host key-pairs and server key-pairs). After inputting this command, you are required to confirm whether to destroy all the server-end rsa keys. In addition, this command will not be saved...
Page 62
When executing the undo rsa peer-public-key command to delete a specified public key, the system will prompt the following information in case the specified key does not exist. % public key not found. For related commands, see public-key-code begin, and public-key-code end. Example access the public...
Page 63
3.16 ssh server rekey-interval syntax ssh server rekey-interval hours undo ssh server rekey-interval view system view parameter hours: updating interval which is in the range of 1 to 24 hours. Description using the ssh server rekey-interval command, you can set the interval for updating the ssh serv...
Page 64
Parameter seconds: login timeout time, which is in the range of 1 to 120 seconds and defaults to 60 seconds. Description using the ssh server timeout command, you can set the login authentication timeout time at the ssh server end. Using the undo ssh server timeout command, you can restore the defau...
Page 65
The public key that you assign to a user by using this command will replace the one that you have assigned last time. The aaa module is responsible for the creation and deletion of local usernames in the system. Whenever creating an ssh user, the aaa module will inform ssh whenever it creates an ssh...
Page 66
Authentication-type command, you can disable the login authentication mode for the user, in which case the user will be unable to log into the system. By default, no login authentication mode is specified, that is, the user is unable to log into the system. You must specify an authentication mode fo...
Page 68
Description using the debugging ntp-service command, you can debug all the information of the ntp service. Using the undo debugging ntp-service command, you can disable the specified debugging. By default, debugging of all the information is disabled. Example enable ntp access control debugging. [3c...
Page 69
******************************************************************** [12345]127.127.1.0 local(0) 7 26 64 1 0.0 0.0 15.6 [5]10.110.101.20 0.0.0.0 16 - 64 0 0.0 0.0 0.0 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured 4.3 display ntp-service status syntax display ntp-service s...
Page 70
Item description root delay total roundtrip delay to the master reference source root disper the maximum error (dispersion) relative to the master reference source peer disper the dispersion of the remote ntp server 4.4 display ntp-service trace syntax display ntp-service trace [ x.X.X.X ] view all ...
Page 72
4.6 ntp-service authentication enable syntax ntp-service authentication enable undo ntp-service authentication enable view system view parameter none description using the ntp-service authentication enable command, you can enable authentication of ntp services. Using the undo ntp-service authenticat...
Page 73
Description using the ntp-service authentication-keyid command, you can set an ntp authentication key. Using the undo ntp-service authentication-keyid command, you can remove the ntp authentication key. By default, there is no authentication key. This command enables you to set an ntp authentication...
Page 74
Client mode to assume the work of detecting the incoming broadcast message packets with which it can synchronize the local clock. Example receive ntp broadcast messages on the interface ethernet 1. [3com] interface ethernet 1 [3com-ethernet1] ntp-service broadcast-client 4.9 ntp-service broadcast-se...
Page 75
[3com] interface ethernet 0 [3com-ethernet0] ntp-service broadcast-server authentication-key 4 version 3 4.10 ntp-service max-dynamic-sessions syntax ntp-service max-dynamic-sessions number undo ntp-service max-dynamic-sessions view system view parameter number: the number of sessions allowed at the...
Page 76
Parameter x.X.X.X: multicast ip address, that is, class d address. Description using the ntp-service multicast-client command, you can enable the ntp multicast client mode. Using the undo ntp-service multicast-client command, you can disable the ntp multicast client mode. By default, multicast clien...
Page 77
Keyid: the key id carried in the messages transmitted to the multicast clients, which is in the range of 1 to 4294967295. Ttl: defines the time-to-live (ttl) period of multicast packets. Ttl-number: the ttl period of multicast packets, which is in the range of 1 to 255. Version: defines an ntp versi...
Page 78
Stratum: the stratum level at which the local clock operates, which is in the range of 1 to 15. Description using the ntp-service refclock-master command, you can set an external reference clock or the local clock to be the ntp master clock. Using the undo ntp-service refclock-master command, you ca...
Page 79
In the event that authentication has been enabled, this command can be used for specifying one or more keys to be reliable. In other words, clients will only synchronize its clock to the server providing a reliable key. Otherwise, clients will refuse synchronization. Example enable ntp authenticatio...
Page 80
Destination addresses for receiving the response messages except for the specified one. Example specify the interface ethernet 0 so that its ip address can be used as the source ip address carried by all the outbound ntp message packets. [3com] ntp-service source-interface ethernet 0 4.16 ntp-servic...
Page 81
Undo ntp-service unicast-peer x.X.X.X view system view parameter x.X.X.X: ip address of the remote server. Version: defines ntp version number. Number: ntp version number in the range of 1 to 3. Authentication-keyid: defines an authentication key. Keyid: the key id carried in the messages transmitte...
Page 82
Example set the peer at 128.108.22.44 to be the synchronization source of the local device, allowing the remote peer to synchronize with the local clock. In addition, version 3 is adopted, and ip address of ethernet 0 is used as the ip source address carried by the ntp messages. [3com] ntp-service u...
Page 83
Description using the ntp-service unicast-server command, you can enable the ntp server mode. Using the undo ntp-service unicast-server command, you can disable the ntp server mode. By default, version number is 3, authentication is enabled, and the server is not the preferred choice. This command d...
Page 85
Description using the display x25 x2t route command, you can display the x2t static routing table. Example display the x2t static routing table maintained by the router. [router]display x25 x2t route sid x.121 ip address ============================================== 1 12321 10.110.54.18 5.3 display...
Page 86
Undo translate ip ip-address port port-number view system view parameter ip-address: local ip address. Port port-number: tcp port number. X25 x.121-address: the destination x.121 address after the address translation. Description using the translate ip command, you can configure an x2t forwarding ro...
Page 87
Port port-number: tcp port number. Description using the translate x25 command, you can configure an x2t forwarding route from the x.25 network to the ip network. Using the undo translate x25 command, you can disable the configuration that has been made. Whenever receiving the x.25 packets destined ...
Page 88: Commands
Chapter 6 additional isdn configuration commands 6.1 isdn ignore callednum syntax isdn ignore callednum undo isdn ignore callednum view isdn bri interface view, ce1/pri interface view, ct1/pri interface view parameter none description using the isdn ignore callednum command, the user can disable the...
Page 89
Example disable the e1 0 interface on the router to send setup ack messages. [3com] controller e1 0 [3com-e1-0] pri-set [3com-e1-0] interface serial 2:15 [3com-serial2:15] isdn ignore callednum 6.2 isdn ignore hlc syntax isdn ignore hlc undo isdn ignore hlc view isdn interface view parameter none de...
Page 90
6.3 isdn ignore llc syntax isdn ignore llc undo isdn ignore llc view isdn interface view parameter none description using the isdn ignore llc command, the user can configure the setup message to ignore the low-level compatibility information unit when a data call is initiated. Using the undo isdn ig...
Page 91
View isdn bri interface view, ce1/pri interface view, ct1/pri interface view parameter none description using isdn waitconnectack command, the user can configure the router to wait for connect ack message replies from the connected exchange until switching to the active state. Using undo isdn waitco...
Page 92
Information of spi on all the spid-supported bri interfaces. You may view one interface by specifying its type and number. Example display the related information of spid on the ni-supported interface bri 0/0/0. [3com] display isdn spid interface bri 0 interface bri 0/0/0: spid type: auto spid b1: s...
Page 93
View isdn pri interface view parameter none description using the isdn ignore dchan command, you can configure the isdn protocol to use consecutive numbering of b channels during call initiation. 1 will be subtracted from all channel numbers after slot 17, to keep the continuity of the channel seria...
Page 94
Parameter dss1:dss1 (digital subscriber signaling no.1) signaling is used. Ni: national isdnsignaling is used. Description using the isdn protocol-type command, you can configure signaling to be used at the isdn interface. By default, dss1 signaling is used. When this command is used in system view,...
Page 95
Parameter timer-name:name of q931 timer. Refer to the following table for a description in detail. Time-interval:interval of timer. Refer to the following table for a description in detail. All:to be used to restore the default interval values of all the q931 timers. Description using the isdn q931-...
Page 96
Parameter none description using the isdn spid auto-trigger command, you can enable spid auto-negotiation once on the bri interface running the ni protocol. On a bri interface compliant with the north american isdn protocol, the router can place a call only after spid negotiation or initialization. ...
Page 97
By default, nit mode does not apply on bri interfaces. Instead, static spid or dynamic spid negotiation is applied. On an ni-compliant bri interface, calls can be placed only after the spid negotiation or initialization is finished. When the router is communicating with an ni-compliant exchange that...
Page 98
This command applies only on ni-compliant bri interfaces. Example set the duration of tspid on the interface bri0 to 50 seconds. [3com-bri0] isdn spid timer 50 6.12 isdn spid resend syntax isdn spid resend times undo isdn spid resend view isdn bri interface view parameter times: an integer in the ra...
Page 100
6.14 isdn spid1 syntax isdn spid1 spid undo isdn spid1 view isdn bri interface view parameter spid: string comprising 9 to 20 digits. Description using the isdn spid1 command, you can configure spid information for the b1 channel on an ni-compliant bri interface. Using the undo isdn spid1 command, y...
Page 101
View isdn bri interface view parameter spid: string comprising 9 to 20 digits. Description using the isdn spid2 command, you can configure spid information for the b1 channel on an ni-compliant bri interface. Using the undo isdn spid2 command, you can remove the spid information from the b1 channel ...