SNMP configuration
access
This command defines access level using the SNMPv3 protocol.
The use of a negative form (no) of the command sets the default value.
Syntax
access <TYPE>
no access
Parameters
<TYPE> – access level:
- ro – read only;
- rw – read/write.
Required privilege level
15
Command mode
CONFIG-SNMP-USER
Example
esr(config-snmp-user)# access rw
authentication access
This command defines security mode.
The use of a negative form (no) of the command disables the authentication.
Syntax
authentication access <TYPE>
no authentication access
Parameters
<TYPE> – security mode:
- auth – only authentication is used;
- priv – authentication and data encryption are used.
Required privilege level
15
Command mode
CONFIG-SNMP-USER
Example
esr(config-snmp-user)# authentication algorithm auth
authentication algorithm
This command defines SNMPv3 requests authentication algorithm.
The use of a negative form (no) of the command disables the authentication.
Syntax
authentication algorithm <ALGORITHM>
no authentication algorithm
Parameters
<ALGORITHM> – encryption algorithm:
- md5 – password is encrypted by md5 algorithm.
- sha1 – password is encrypted by sha1 algorithm.
Required privilege level
15
Command mode
CONFIG-SNMP-USER
Example
esr(config-snmp-user)# authentication algorithm md5
authentication key
This command sets a password for SNMPv3 requests authentication.
The use of a negative form (no) of the command removes the password.
Syntax
authentication key ascii-text { <CLEAR-TEXT> | encrypted <ENCRYPTED-TEXT> }
no authentication key
Parameters
<CLEAR-TEXT> – password, sets by string from 8 to 16 characters;
encrypted – when specifying a command, an encrypted password is set:
<ENCRYPTED-TEXT> – encrypted password from 8 bytes to 16 bytes (16 to 32 characters) in hexadecimal format (0xYYYY...) or (YYYY...).
Required privilege level
15
Command mode
CONFIG-SNMP-USER
Example
esr(config-snmp-user)# authentication key ascii-text 123456789 esr(config-snmp-user)# authentication key ascii-text encrypted CDE65039E5591FA3F1
client-list
This command enables filtering and sets up a profile of IP addresses from which SNMPv3 packets with this user SNMPv3 name can be received.
The use of a negative forn (no) of the command disables filtering of received SNMPv3 packets.
Syntax
[no] client-list <NAME>
Parameters
<NAME> – name of the previously conscious object-group, specified in a string of up to 31 characters.
Default value
Restrictions disabled.
Required privilege level
15
Command mode
CONFIG-SNMP-USER
Example
esr(config-snmp-user)# client-list OBG005
community
This command defines the SNMP community to send notifications to the remote server.
The use of a negative form (no) of the command removes the community value.
Syntax
community <COMMUNITY>
no community
Parameters
<COMMUNITY> – community for access via SNMP, set by a string [1..64] characters long;
Default value
The description is not specified.
Required privilege level
15
Command mode
CONFIG-SNMP-HOST
Example
esr(config-snmp-host)# community privatekey
ip address
This command enables the filtering and sets the IP address that is given access to the router under this SNMPv3 user.
The use of a negative forn (no) of the command disables filtering of received SNMPv3 packets.
Syntax
[no] ip address <ADDR>
Parameters
<ADDR> – IP address of client that have access, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];
Default value
Restrictions disabled.
Required privilege level
15
Command mode
CONFIG-SNMP-USER
Example
esr(config-snmp-user)# ip address 192.168.85.33
ipv6 address
This command enables the filtering and sets the IPv6 address that is given access to the router under this SNMPv3 user.
The use of a negative forn (no) of the command disables filtering of received SNMPv3 packets.
Syntax
[no] ipv6 address <IPV6-ADDR>
Parameters
<IPV6-ADDR> – client IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].
Default value
Restrictions disabled.
Required privilege level
15
Command mode
CONFIG-SNMP-USER
Example
esr(config-snmp-user)# ipv6 address AC:05:12:44::24
enable
This command enables SNMPv3 user.
The use of a negative form (no) of the command disables SNMPv3 user.
Syntax
[no] enable
Parameters
The command does not contain parameters.
Default value
Process disabled.
Required privilege level
15
Command mode
CONFIG-SNMP-USER
Example
esr(config-snmp-user)# enable
oid-tree
This command sets OID and action applied to it (allow/deny). Longer OIDs have an advantage.
The use of a negative form (no) of the command removes the oid-tree entry.
Syntax
oid-tree <OID> <ACTION>
no oid-tree <OID>
Parameters
<OID> – OID, sets by string 255 characters;
<ACTION> – action applied to OID
- excluded – deny OID usage;
- included – allow OID usage.
Required privilege level
15
Command mode
CONFIG-SNMP-VIEW
Example
esr(config-snmp-view)# oid-tree 1.3.6.1.2.1.2.2 excluded
port
This command defines SNMP notifications collector port on the remote server.
The use of a negative form (no) of the command sets the default value.
Syntax
port <PORT>
no port
Parameters
<PORT> – UDP port number, set in the range of [1..65535].
Default value
162
Required privilege level
15
Command mode
CONFIG-SNMP-HOST
Example
esr(config-snmp-host)# port 5555
privacy algorithm
This command defines encryption algorithm of transmitted data.
The use of a negative form (no) of the command disables the encryption.
Syntax
privacy algorithm <ALGORITHM>
no privacy algorithm
Parameters
<ALGORITHM> – encryption algorithm:
- aes128 – use AES-128 encryption algorithm;
- des – use DES encryption algorithm.
Required privilege level
15
Command mode
CONFIG-SNMP-USER
Example
esr(config-snmp-user)# privacy algorithm des
privacy key
This command sets a password for encryption of transmitted data.
The use of a negative form (no) of the command removes the password.
Syntax
privacy key ascii-text { <CLEAR-TEXT> | encrypted <ENCRYPTED-TEXT> }
no privacy key
Parameters
<CLEAR-TEXT> – password, sets by string from 8 to 16 characters;
<ENCRYPTED-TEXT> – encrypted password from 8 bytes to 16 bytes (16 to 32 characters) in hexadecimal format (0xYYYY...) or (YYYY...).
Required privilege level
15
Command mode
CONFIG-SNMP-USER
Example
esr(config-snmp-user)# privacy key ascii-text 123456789 esr(config-snmp-user)# privacy key ascii-text encrypted CDE65039E5591FA3F1
rmon collection statistics
This command enables RMON statistics saving for physical interface.
The use of a negative form (no) of the command disables RMON statistics saving for physical interface.
Syntax
rmon collection statistics <INDEX> owner <OWNER>
no rmon collection statistics
Parameters
<INDEX> – specified interface RMON index;
<OWNER> – text field with [1..127] characters length that describes owner, that created this process.
Required privilege level
10
Command mode
CONFIG-GI
CONFIG-TE
Example
esr(config-snmp-user)# rmon collection statistics 17 owner admin
snmp-server
This command enables SNMP server.
The use of a negative form (no) of the command disables SNMP server.
Syntax
[no] snmp-server
Parameters
The command does not contain parameters.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# snmp-server
snmp-server community
This command defines access community using the SNMP protocol.
The use of a negative form (no) of the command removes a community configurations.
Syntax
[no] snmp-server community <COMMUNITY> [ <TYPE> ] [ { <ADDR> | <IPV6-ADDR> } ] [client-list <OBJ-GROUP-NETWORK-NAME> ] [ <VERSION> ] [ view <VIEW-NAME> ] [ vrf <VRF> ]
Parameters
<COMMUNITY> – community for access via SNMP, set by a string [1..64] characters long;
<TYPE> – access level:
- ro – read only;
- rw – read/write.
<ADDR> – IP address of client that have access, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
<IPV6-ADDR> – client IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].
<OBJ-GROUP-NETWORK-NAME> – profile name of IP addresses, from which snmp requests are processing, set by the string of up to 31 characters.
<VERSION> – the snmp version supported by this community takes the values v1 or v2c.
<VIEW-NAME> – name of SNMP view profile, on which based access to OID.
<VRF> – VRF instance name, set by the string of up to 31 characters, for which access will be granted.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# snmp-server community public rw
snmp-server contact
This command sets SNMP variable value, that contains contact information (doesn't defined by default). For convenience, you can specify the person responsible for the equipment, such as his last name, in the parameters.
The use of a negative form (no) of the command removes SNMP variable value, that contains contact information.
Syntax
[no] snmp-server contact <CONTACT>
Parameters
<CONTACT> – contact information, sets by string with 255 characters length.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# snmp-server contact ivanov_ivan
snmp-server dscp
The command sets the DSCP code value for the use in IP headers of SNMP server outgoing packets.
The use of a negative form (no) of the command sets the default DSCP value.
Syntax
snmp-server dscp <DSCP>
no snmp-server dscp
Parameters
<DSCP> – DSCP code value, takes values in the range of [0..63].
Default value
61
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# snmp-server dscp 40
snmp-server enable traps
This command allows sending all types of SNMP notifications.
The use of a negative form (no) of the command forbids sending all types of SNMP notifications.
Syntax
[no] snmp-server enable traps
Parameters
None.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# snmp-server enable traps
snmp-server enable traps config
This command allows sending SNMP notifications about configuration operations.
The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.
Syntax
[no] snmp-server enable traps config { <ACT> }
Parameters
<ACT> – configuration change fact traps:
- commit – configuration change appliance;
- confirm – configuration change confirmance.
Without specifying the <ACT> key – activates sending of all traps of this group.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# snmp-server enable traps config commit
snmp-server enable traps entity
This command allows sending SNMP notifications about running-config operations.
The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.
Syntax
[no] snmp-server enable traps entity { <ENT> }
Parameters
<ENT> – types of environment parameter filters:
- config-change – running-config operations information.
Without specifying the <ENT> key – activates sending of all traps of this group.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# snmp-server enable traps entity
snmp-server enable traps entity-sensor
This command allows sending SNMP notifications about environment parameters changes.
The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.
Syntax
[no] snmp-server enable traps entity-sensor { <ENT> }
Parameters
<ENT> – types of environment parameter filters:
- threshold – information on triggering threshold crossing.
Without specifying the <ENT> key – activates sending of all traps of this group.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# snmp-server enable traps entity-sensor
snmp-server enable traps environment
This command allows sending SNMP notifications about environment parameters changes.
The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.
Syntax
[no] snmp-server enable traps environment { <ENV> }
Parameters
<ENV> – types of environment parameter filters:
- pwrin – power supply failure;
- pwrin-insert – power supply installed;
- fan – fan failure;
- fan-speed-changed – fan speed changed;
- fan-speed-high – fan rotating speed exceeded the maximal threshold;
- memory-flash-low – NAND free space less than specified threshold;
- memory-flash-critical-low – NAND free space less than specified critical threshold;
- memory-ram-low low – RAM free space less than specified maximal threshold;
- memory-ram-critical-low – RAM free space less than specified critical threshold;
- cpu-load – high CPU load;
- cpu-overheat-temp – CPU temperature exceeded specified maximal threshold;
- cpu-critical-temp – CPU temperature exceeded specified critical threshold;
- cpu-supercooling-temp – CPU temperature is lower than specified minimal threshold;
- switch-overheat-temp – switch temperature exceeded specified maximal threshold;
- switch-supercooling-temp – switch temperature is lower than specified minimal threshold;
- board-overheat-temp – board overheat;
- board-supercooling-temp – board supercooling;
- sfp-overheat-temp – SFP module overheat;
- sfp-supercooling-temp – SFP module supercooling.
Without specifying the <ENV> key – activates sending of all traps of this group.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# snmp-server enable traps enviroment pwrin
snmp-server enable traps envmоn
This command allows sending SNMP notifications about environment parameters changes.
The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.
Syntax
[no] snmp-server enable traps envmon { <ENV> }
Parameters
<ENV> – types of environment parameter filters:
- fan – information on the operation of fan blocks;
- shutdown – information about disconnecting the router;
- supply – information about the operation of power supplies;
- temperature – information about the operation of temperature sensors.
Without specifying the <ENV> key – activates sending of all traps of this group.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# snmp-server enable traps envmon fun
snmp-server enable traps files-operations
This command allows sending SNMP notifications about file operations.
The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.
Syntax
[no] snmp-server enable traps files-operations { <ACT> }
Parameters
<ACT> – types of file operation parameter filters:
- successful;
- failed;
canceled.
Without specifying the <ACT> key – activates sending of all traps of this group.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# snmp-server enable traps files-operations canceled
snmp-server enable traps flash
This command allows sending SNMP notifications about operations with external flash drives.
The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.
Syntax
[no] snmp-server enable traps flash { <ACT> }
Parameters
<ACT> – types of file operation parameter filters:
- insertion – flash drive connection;
- removal – flash drive removal.
Without specifying the <ACT> key – activates sending of all traps of this group.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# snmp-server enable traps flash removal
snmp-server enable traps interfaces
This command allows sending SNMP notifications about interface status changes.
The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.
Syntax
[no] snmp-server enable traps interfaces { <ACT> }
Parameters
<ACT> – types of environment parameter filters:
- rx-utilization-high – incoming data stream exceeds threshold;
- tx-utilization-high – outgoing data stream exceeds threshold;
- number-high – excess number of IP interfaces;
Without specifying the <ACT> key – activates sending of all traps of this group.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# snmp-server enable traps interfaces rx-utilization-high
snmp-server enable traps ports
This command allows sending SNMP notifications about errors on the interfaces of the switching chip.
The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.
Syntax
[no] snmp-server enable traps ports { <TYPE> }
Parameters
<TYPE> – types of port status filters:
- port-counters-errors – errors on the switching chip interfaces.
Without specifying the <TYPE> key – activates sending of all traps of this group.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# snmp-server enable traps ports
snmp-server enable traps screens
This command allows broadcast of SNMP notifications about protection from a certain type of DoS attacks.
The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.
Syntax
[no] snmp-server enable traps screens { <SCREEN> }
Parameters
<SCREEN> – types of DoS attacks protection filters:
- dest-limit – limiting the number of simultaneous sessions based on the destination address;
- source-limit – limiting the number of simultaneous sessions based on the source address;
- icmp-threshold – protection from ICMP flood attacks;
- udp-threshold – protection from UDP flood attacks;
- syn-flood – protection from SYN flood attacks;
- land – protection from land attacks;
- winnuke – protection from winnuke attacks;
- icmp-frag – fragmented ICMP packets blocking;
- syn-flag – fragmented TCP packets blocking, with SYN flag;
- unknown-proto – blocking of packets, with the protocol ID contained in IP header equal to 137 and more;
- ip-frag – fragmented packets blocking;
- port-scan – protection from port scan attacks;
- ip-sweep – protection from IP-sweep attacks;
- syn-fin – blocking of TCP packets, with the SYN and FIN flags set;
- fin-no-ack – blocking of TCP packets with the FIN flag set and the ACK flag not set;
- no-flag – blocking of TCP packets with the null flag field;
- spoofing – protection from IP spoofing attacks;
- reserved – blocking of all ICMP packets of types 2 and 7 (reserved);
- quench – blocking of all ICMP packets of type 4 (source quench);
- echo-request – blocking of all ICMP packets of type 8 (echo-request);
- time-exceeded – blocking of all ICMP packets of type 11 (time exceeded);
- unreachable – blocking of all ICMP packets of type 3 (destination-unreachable);
- icmp-large – blocking ICMP packets with large size;
- tcp-all-flags – blocking tcp packets with flags;
- udp-frag – blocking udp packets with flags.
Without specifying the <LINK> key – activates sending of all traps of this group.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# snmp-server enable traps screens reserved
snmp-server enable traps snmp
This command allows sending SNMP notifications about environment parameters changes.
The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.
Syntax
[no] snmp-server enable traps snmp{ <ACT> }
Parameters
<ACT> – types of environment parameter filters:
- authentication – notifications about snmp requests to the router with the wrong community or snmpv3 password;
- coldstart – notifications about restarting the snmp server on the router;
- linkdown – information about link status change to down;
- linkup – information about link status change to up;
Without specifying the <ACT> key – activates sending of all traps of this group.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# snmp-server enable traps snmp linkup
snmp-server enable traps syslog
This command allows sending SNMP notifications with syslog messages.
The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.
Syntax
[no] snmp-server enable traps syslog
Parameters
None.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# snmp-server enable traps syslog
snmp-server host
This command enables the transmission of SNMP notifications to the specified IP address and switches to the SNMP notifications configuration mode.
The use of a negative form (no) of the command disables the transmission of notifications to the specified SNMP notification collector.
Syntax
[no] snmp-server host { <ADDR> | <IPV6-ADDR> } [vrf <VRF>]
Parameters
<ADDR> – IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];
<IPV6-ADDR> – IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF];
<VRF> – VRF instance name, set by the string of up to 31 characters, which contains SNMP notification collector.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# snmp host 192.168.2.2
snmp-server location
This command sets SNMP variable value, that contains information about equipment location (doesn't defined by default). For convenience, you can specify the city, street, district, room number, etc. in the parameters.
The use of a negative form (no) of the command removes the value of the variable containing the equipment location information.
Syntax
[no] snmp-server location <LOCATION>
Parameters
<LOCATION> – information about equipment location, set by the string up to 255 characters.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# snmp-server location duglasa_adamsa_42
snmp-server system-shutdown
This command allows the router to be rebooted using snmp messages.
The use of a negative form (no) of the command denies the router to be rebooted using snmp messages.
Syntax
[no] snmp-server system-shutdown
Parameters
The command does not contain parameters.
Default value
Denied.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# snmp-server system-shutdown
snmp-server trap link
This command sets the send mode of SNMP-trap.
The use of a negative form (no) of the command sets the default mode.
Syntax
snmp-server trap link <MODE>
no snmp-server host
Parameters
<MODE> – SNMP-trap transmission mode. Takes the following values:
- ietf;
- cisco.
Default value
ietf
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# snmp-server trap link cisco
snmp-server user
This command creates SNMPv3 user.
The use of a negative form (no) of the command removes SNMPv3 user.
Syntax
[no] snmp-server user <NAME>
Parameters
<NAME> – user name, set by the string from 1 to 64 characters.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# snmp-server user admin esr(config-snmp-user)#
snmp-server view
This command creates a snmp view profile that allows you to allow or deny access to certain OIDs for the community (SNMPv2) and user (SNMPv3).
The use of a negative form (no) of the command removes snmp view profile.
Syntax
[no] snmp-server view <VIEW-NAME>
Parameters
<VIEW-NAME> – SNMP view profile name, set by the string of up to 31 characters.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# snmp-server view user_access esr(config-snmp-view)#
source-address
This command defines the IP address to send notifications to the remote server.
The use of a negative form (no) of the command sets the default value.
Syntax
source-address { <ADDR> | <IPV6-ADDR> }
no source-address
Parameters
<ADDR> – IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];
<IPV6-ADDR> – IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].
Default value
IPv4/IPv6 – The address of the interface closest to the remote SNMP server.
Required privilege level
15
Command mode
CONFIG-SNMP-HOST
Example
esr(config-snmp-host)# source-address 192.168.22.17
source-interface
This command defines the interface or tunnel of the router whose IPv4/IPv6 address will be used to send notifications to the remote server.
The use of a negative form (no) of the command removes a specified interface or tunnel.
Syntax
source-interface { <IF> | <TUN> }
no source-interface
Parameters
<IF> – an interface's name, specified in the form described in Section Types and naming order of router interfaces;
<TUN> – the name of the tunnel is specified as described in section Types and naming order of router tunnels.
Required privilege level
15
Command mode
CONFIG-SNMP-HOST
Example
esr(config-snmp-host)# source-interface gigabitethernet 1/0/1
view
This command sets a snmp view profile that allows you to allow or deny access to certain OIDs for SNMPv3 user.
The use of a negative form (no) of the command removes snmp view profile.
Syntax
[no] view <VIEW-NAME>
Parameters
<VIEW-NAME> – name of SNMP view profile, on which based access to OID, set by the string up to 31 characters.
Required privilege level
15
Command mode
CONFIG-SNMP-USER
Example
esr(config-snmp-user)# view user_view
SYSLOG management
logging aaa configuration
This command enables writing to the local syslog server of messages about aaa partition configuration changes.
The use of a negative form (no) of the command disables syslog aaa partition changes logging.
Syntax
[no] logging aaa configuration
Parameters
None.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# logging aaa configuration
logging acl configuration
This command enables writing to the local syslog server of messages about ACL configuration changes.
The use of a negative form (no) of the command disables ACL configuration changes logging.
Syntax
[no] logging acl configuration
Parameters
None.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# logging acl configuration
logging firewall configuration
This command enables writing to the local syslog server of messages about firewall configuration changes.
The use of a negative form (no) of the command disables firewall configuration changes logging.
Syntax
[no] logging firewall configuration
Parameters
None.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# logging firewall configuration
logging login on-failure
This command enables writing to the local syslog server of messages about unsuccessful attempts to connect to the CLI.
The use of a negative form (no) of the command disables unsuccessful connection attempts logging.
Syntax
[no] logging login on-failure
Parameters
None.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# logging login on-failure
logging nat
This command enables writing to the local syslog server of messages about unsuccessful attempts to connect to the CLI.
The use of a negative form (no) of the command disables unsuccessful connection attempts logging.
Syntax
[no] logging nat [<NAT-TYPE>]
Parameters
<NAT-TYPE> – type of NAT service to be logged:
destination;
proxy;
source;
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# logging nat source
logging service start-stop
This command enables writing to the local syslog server of messages about starting and stopping used services.
The use of a negative form (no) of the command disables start and stop services used logging.
Syntax
[no] logging service start-stop
Parameters
The command does not contain parameters.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# logging service start-stop
logging syslog configuration
This command enables writing to the local syslog server of messages about syslog server configuration changes.
The use of a negative form (no) of the command disables syslog server configuration changes logging.
Syntax
[no] logging syslog configuration
Parameters
The command does not contain parameters.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# logging syslog configuration
logging userinfo
This command enables writing to the local syslog server of messages about user-profile changes.
The use of a negative form (no) of the command disables user-profile changes logging.
Syntax
[no] logging userinfo
Parameters
The command does not contain parameters.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# logging userinfo
ntp logging
This command enables writing to the local syslog server of messages about operations with NTP peers.
The use of a negative form (no) of the command disables NTP peers operations logging.
Syntax
[no] ntp logging
Parameters
The command does not contain parameters.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# ntp logging
show syslog
This command displays the current configuration information of the syslog, a list of created log files, as well as to view the log files with the ability to filter using regular expressions.
Syntax
show syslog <FILE> [ from-date <YEAR> <MONTH> <DAY> ] [ from-time <TIME> ] [ to-date <YEAR> <MONTH> <DAY> ] [ to-time <TIME> ] [ from-end ]
Parameters
<FILE> – file name, set by the string of up to 31 characters;
from-date – to display information from the specified date;
from-time – to display information from the specified time;
to-date – to display information before the specified date;
to-time – to display information before the specified time;
<YEAR> – year, takes values of [2001..2037].
<MONTH> – month, takes the following values [ January/February/March/April/May/June/July/August/September/October/November/December];
<DAY> – day of the month, takes values of [1..31];
<TIME> – system timer, defined as HH MM SS, where:
HH – hours, takes the value of [0..23];
- MM – minutes, takes the value of [0 ..59];
- SS – seconds, takes the value of [0..59];
from-end – viewing the contents of the file from the end, as the last entries are placed at the end of the file;
Required privilege level
15
Command mode
ROOT
Example
esr# show syslog Log files ~~~~~~~~~ ## Name Size in bytes Date of last modification ---- -------------------- ---------------- ------------------------- 1 debug 371681 Thu Jan 1 16:17:04 1970 2 debug.1 524222 Thu Jan 1 01:48:13 1970 3 esr 97259 Thu Jan 1 16:17:01 1970 ---- -------------------- ---------------- ------------------------- Total files: 4 esr# show syslog configuration SYSLOG File size: 512 (kiB) Number of logs: 3 Console: info Files: ~~~~~~ ID Name Severity -- -------------------------------- ---------- 0 esr info
show syslog configuration
This command allows to view current syslog log configuration information.
Syntax
show syslog configuration
Parameters
The command does not contain parameters.
Required privilege level
15
Command mode
ROOT
Example
esr# show syslog configuration SYSLOG File size: 500 (kiB) Number of logs: 1 Console: info Monitor: info
syslog cli-commands
This command enables the process of logging user input commands to a local syslog server.
The use of a negative form (no) of the command disables command logging.
Syntax
[no] syslog cli-commands
Parameters
The command does not contain parameters.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# syslog cli-commands
syslog console
This command sets the levels of syslog messages that will be displayed in the console. Displays messages that have a severity level, specified in a command, or higher.
The use of a negative form (no) of the command sets the default level of displayed messages.
Syntax
syslog console <SEVERITY>
no syslog console
Parameters
<SEVERITY> – message importance level, takes values (in order of decreasing importance):
- emerg – critical error has occurred in the system, the system is not operational;
- alert – alarms, immediate intervention by staff;
- crit – critical system status, event reporting;
- error – error messages;
- warning – warnings, non-emergency messages;
- notice – messages about important system events;
- info – system information messages;
- debug – debugging messages provide the user with information to correctly configure the system;
- none – disables the output of syslog messages to the console.
Default value
info
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# syslog console info
syslog file
This command enables the saving of syslog messages of a specified level of importance to the specified log file. Saves messages that have a severity level, specified in a command, or higher.
The use of a negative form (no) of the command disables the saving of syslog messages in specified file.
Syntax
syslog file { flash:syslog/<NAME> | tmpsys:syslog/<NAME> } <SEVERITY>
no syslog file { flash:syslog/<NAME> | tmpsys:syslog/<NAME> | all}
Parameters
flash – file is located in the non-volatile memory of the device;
tmpsys – file is located in the volatile memory of the device;
<NAME> – name of the file to which messages of a given level will be recorded, specified by the string up to 31 characters. The use of a negative form (no) of the command with ‘all’ parameter removes all configured syslog files.
<SEVERITY> – importance level of the message, possible values are given in section syslog console.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# syslog file esr info
syslog file-size
This command sets the maximal log file size. If the specified size is exceeded, files will be rotated automatically.
The use of a negative form (no) of the command sets the default value of log file size.
Syntax
syslog file-size <SIZE>
no syslog file-size
Parameters
<SIZE> – file size, takes the value [10..10000000] KB.
Default value
500 KB
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# syslog file-size 10000
syslog host
This command enables the sending of syslog messages of a specified level of importance to a remote syslog server. Sends messages that have a severity level, specified in a command, or higher.
The use of a negative form (no) of the command disables the sending of syslog messages to a remote syslog server.
Syntax
syslog host <HOSTNAME> { <ADDR> | <IPV6-ADDR> } [ <SEVERITY> ] [ <TRANSPORT> ] [ <PORT> ] [ vrf <VRF> ] [ source-address { <SRC-ADDR> | <IPV6-SRC-ADDR> } ]
no syslog host <HOSTNAME>
Parameters
<HOSTNAME> – syslog server name, set by the string of up to 31 characters. Used only to identify the server during configuration. The value 'all' is used in the no syslog host all command to delete all syslog servers;
<ADDR> – IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];
<IPV6-ADDR> – IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF];
<SEVERITY> – importance level of the message, optional parameter, possible values are given in section syslog console;
<TRANSPORT> – data transfer protocol, optional parameter, takes values:
- TCP – data transmission is carried out by TCP;
- UDP – data transmission is carried out by UDP;
<PORT> – number of TCP/UDP port, optional parameter, takes values of [1..65535], default value is 514;
<VRF> – VRF instance name, set by the string of up to 31 characters, which contains remote syslog server.
<SRC-ADDR> – IP address of the router that will be used as the source IP address in sent syslog packets.
<IPV6-SRC-ADDR> – IPv6 address of the router that will be used as the source IPv6 address in sent syslog packets.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# syslog host eltex 192.168.2.2
syslog max-files
This command sets the maximum number of files saved during rotation.
The use of a negative form (no) of the command sets the default value of saved files amount.
Syntax
syslog max-files <NUM>
no syslog max-files
Parameters
<NUM> – maximal numberf of files , takes values [1..1000].
Default value
15
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# syslog max-files 100
syslog monitor
This command sets the level of syslog messages that will be displayed during remote connections (Telnet, SSH). Displays messages that have a severity level, specified in a command, or higher.
The use of a negative form (no) of the command sets the default level of displayed messages.
Syntax
syslog monitor <SEVERITY>
no syslog monitor
Parameters
<SEVERITY> – importance level of the message, possible values are given in section syslog console.
Default value
info
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# syslog monitor info
syslog reload debugging
This command enables debugging mode during the reboot process for the local syslog server.
The use of a negative form (no) of the command sets the default value.
Syntax
[no] syslog reload debugging
Parameters
The command does not contain parameters.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# syslog reload debugging
syslog sequence-numbers
This command enables numbering of the records in the local syslog-server.
The use of a negative form (no) of the command sets the default value.
Syntax
[no] syslog sequence-numbers
Parameters
The command does not contain parameters.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# syslog sequence-numbers
syslog snmp
This command sets the level of syslog messages that will be sent to the snmp server in the form of snmp-trap. The messages that have a severity level, specified in a command, or higher are sent.
The use of a negative form (no) of the command sets the default level of displayed messages.
Syntax
syslog snmp <SEVERITY>
no syslog snmp
Parameters
<SEVERITY> – importance level of the message, possible values are given in section syslog console.
Default value
info
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# syslog snmp info
syslog timestamp msec
In the current firmware version this functionality is supported by ESR-100/200/1000/1200/1500/1510/1700 routers only
This command enables adding the milliseconds to time to the records in the local syslog-server.
The use of a negative form (no) of the command sets the default value.
Syntax
[no] syslog timestamp msec
Parameters
The command does not contain parameters.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# syslog timestamp msec
SSH, Telnet acces configuration
crypto key generate
This command generates a pair of cryptographic keya to establish SSH connection.
Syntax
crypto key generate [ dsa | escda <ESCDA> | ed25519] < ED25519 > | rsa <RSA> | rsa1 <RSA1> ]
Parameters
dsa – DSA algorithm;
ecdsa – ECDSA algorithm;
- <ECDSA> – key size, takes the value 256, 384 or 521;
- Without specification, key size 521 is used.
ed25519 – ED25519 algorithm;
- <ED25519> – key size, may take values [256..2048];
- o Without specification, key size 2048 is used.
rsa – RSA algorithm with specifying the key length;
- <RSA> – key size, may take values [1024..2048];
- Without specification, key size 2048 is used.
rsa1 – RSA1 algorithm.
- <RSA> – key size, may take values [1024..2048];
- Without specification, key size 2048 is used.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# crypto key generate ecdsa
ip ftp client password
This command defines the default password for FTP copy operations.
The use of a negative form (no) of the command removes the password.
Syntax
ip ftp client password { <CLEAR-TEXT> | encrypted <ENCRYPTED-TEXT> }
[no] ftp client password
Parameters
<CLEAR-TEXT> – password, set by the string of 1 to 16 characters, takes the value of [0-9a-fA-F];
<ENCRYPTED-TEXT> – encrypted password, set by the string of [2..32] characters.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# ip ftp client password test
ip ftp client username
This command defines the default user name for FTP copy operations.
The use of a negative form (no) of the command removes a user name.
Syntax
ip ftp client username <NAME>
no ftp client username
Parameters
<NAME> – user name, set by the string of up to 31 characters.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# ip ftp client username test
ip sftp client username
This command sets the user name values for an SFTP client.
The use of a negative form (no) of the command removes the user name values for an SFTP client.
Syntax
ip sftp client username <USERNAME>
no ip sftp client username
Parameters
<USERNAME> – user name, set by the string of up to 31 characters.
Default value
Username is not specified.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# ip sftp client username esruser
ip sftp client password
This command sets the password values for an SFTP client.
The use of a negative form (no) of the command removes the password values for an SFTP client.
Syntax
ip sftp client password { <TEXT> | encrypted < ENCRYPTED-TEXT > }
no ip sftp client password
Parameters
<TEXT> – string [1..16] ASCII characters;
<ENCRYPTED-TEXT> – encrypted password, [8..16] bytes size, set by the string of [16..32] characters.
Default value
Username is not specified.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# ip sftp client password 123456789
ip ssh authentication algorithm disable
This command prohibits the use of a specific authentication algorithm for SSH server.
The use of a negative form (no) of the command allows the use of a specific authentication algorithm for the SSH server.
Syntax
[no] ip ssh authentication algorithm <ALGORITHM> disable
Parameters
<ALGORITHM> – authentication algorithm, takes values of: [md5, md5-96, sha1, sha1-96, sha2-256, sha2-512, ripemd160].
Required privilege level
15
Default value
Allow all authentication algorithms.
Command mode
CONFIG
Example
esr(config)# no ip ssh authentication algorithm md5 disable
ip ssh authentication retries
This command sets the number of authentication attempts for SSH server.
The use of a negative form (no) of the command sets the default number of authentication attempts for SSH server.
Syntax
ip ssh authentication retries <NUM>
no ip ssh authentication retries
Parameters
<NUM> – number of authentication attempts for SSH server [1..10].
Required privilege level
10
Default value
6
Command mode
CONFIG
Example
esr(config)# ip ssh authentication retries 5
ip ssh authentication timeout
This command sets authentication timeout period for SSH server.
The use of a negative form (no) of the command sets the default authentication timeout period for SSH server.
Syntax
ip ssh authentication timeout <SEC>
no ip ssh authentication timeout
Parameters
<SEC> – time interval in seconds, takes values of [30..360].
Required privilege level
10
Default value
120 seconds
Command mode
CONFIG
Example
esr(config)# ip ssh authentication timeout 60
ip ssh client password
This command defines the default password for SCP copy operations.
The use of a negative form (no) of the command removes the password.
Syntax
ip ssh client password { <CLEAR-TEXT> | encrypted <ENCRYPTED-TEXT> }
no ssh client password
Parameters
<CLEAR-TEXT> – password, set by the string of 1 to 16 characters, takes the value of [0-9a-fA-F];
<ENCRYPTED-TEXT> – encrypted password, set by the string of [2..32] characters.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# ip ssh client password test132
ip ssh client source-ip
This command defines the ip-address of the router from which ssh-sessions will be installed on other devices.
The use of a negative form (no) of the command removes a user name.
Syntax
ip ssh client source-ip <ADDR>
no ssh client source-ip
Parameters
<ADDR> – IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255]. The specified IP address must be assigned on any interface/tunnel of the router.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# ip ssh client source-ipt 192.168.22.78
ip ssh client username
This command defines the default user name for SCP copy operations.
The use of a negative form (no) of the command removes a user name.
Syntax
ip ssh client username <NAME>
no ssh client username
Parameters
<NAME> – user name, set by the string of up to 31 characters.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# ip ssh client username tester
ip ssh dscp
The command sets the DSCP code value for the use in IP headers of SSH server outgoing packets.
The use of a negative form (no) of the command sets the default DSCP value.
Syntax
ip ssh dscp <DSCP>
no ip ssh dscp
Parameters
<DSCP> – DSCP code value, takes values in the range of [0..63].
Default value
32
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# ip ssh dscp 40
ip ssh encryption algorithm disable
This command prohibits the use of a specific encryption algorithm for SSH server.
The use of a negative form (no) of the command allows the use of a specific encryption algorithm for the SSH server.
Syntax
[no] ip ssh encryption algorithm <ALGORITHM> disable
Parameters
<ALGORITHM> – encryption algorithm identifier, takes values [aes128, aes192, aes256, aes128ctr, aes192ctr, aes256ctr, arcfour, arcfour128, arcfour256, blowfish, cast128, 3des].
Required privilege level
15
Default value
All algorithms are allowed.
Command mode
CONFIG
Example
esr(config)# ip ssh encryption algorithm aes128 disable
ip ssh key-exchange algorithm disable
This command prohibits the use of a specific key exchange algorithm for SSH server.
The use of a negative form (no) of the command allows the use of a specific key exchange algorithm for the SSH server.
Syntax
[no] ip ssh key-exchange algorithm <ALGORITHM> disable
Parameters
<ALGORITHM> – key exchange protocol identifier, takes values [dh-group1-sha1, dh-group14-sha1, dh-group-exchange-sha1, dh-group-exchange-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521].
Required privilege level
15
Default value
All algorithms are allowed.
Command mode
CONFIG
Example
esr(config)# ip ssh key-exchange algorithm dh-group-exchange-sha1 disable
ip ssh key-exchange time
This command sets authentication keys changing period for SSH server.
The use of a negative form (no) of the command sets the default authentication keys changing period for SSH server.
Syntax
ip ssh key-exchange time <SEC>
no ip ssh key-exchange time
Parameters
<SEC> – time interval in hours, takes values of [1..72].
Required privilege level
15
Default value
1 hour
Command mode
CONFIG
Example
esr(config)# ip ssh key-exchange time 24
ip ssh key-exchange volume
This command sets the amount of data, after passing which, the authentication keys for the SSH server will be updated.
The use of a negative form (no) of the command sets the amount of data, after passing which, the authentication keys for the default SSH server will be updated.
Syntax
ip ssh key-exchange volume <DATA>
no ip ssh key-exchange volume
Parameters
<DATA> – data size in MB, takes values [1..4096].
Required privilege level
15
Default value
1000
Command mode
CONFIG
Example
esr(config)# ip ssh key-exchange volume 512
ip ssh port
This command defines the SSH server port on the router.
The use of a negative form (no) of the command sets the default value.
Syntax
ip ssh port <PORT>
no ip ssh port
Parameters
<PORT> – port number, set in the range of [1..65535].
Default value
22
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# ip ssh port 3001
ip ssh server
This command enables the SSH server on the router.
The use of a negative form (no) of the command disables SSH server.
Syntax
[no] ip ssh server [ vrf <VRF>]
Parameters
<VRF> – VRF instance name, set by the string of up to 31 characters, within which the SSH server will operate.
Default value
SSH server is disabled.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# no ip ssh server
ip telnet dscp
The command sets the DSCP code value for the use in IP headers of Telnet server outgoing packets.
The use of a negative form (no) of the command sets the default DSCP value.
Syntax
ip telnet dscp <DSCP>
no ip telnet dscp
Parameters
<DSCP> – DSCP code value, takes values in the range of [0..63].
Default value
32
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# ip telnet dscp 40
ip telnet port
This command defines the Telnet server port on the router.
The use of a negative form (no) of the command sets the default value.
Syntax
ip telnet port <PORT>
no ip telnet port
Parameters
<PORT> – port number, takes values of [1..65535].
Default value
23
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# ip telnet port 2001
ip telnet server
This command enables the Telnet server on the router.
The use of a negative form (no) of the command disables Telnet server.
Syntax
[no] ip telnet server [vrf <VRF>]
Parameters
<VRF> – VRF instance name, set by the string of up to 31 characters, within which the Telnet server will operate.
Default value
Telnet server is disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# no ip telnet server
show crypto key mypubkey
The command displays the device's public keys used to establish an SSH connection.
Syntax
show crypto key mypubkey <OPTIONS>
Parameters
<OPTIONS> – algorithm for generating a new cryptographic key:
- dsa – DSA algorithm;
- ecdsa – ECDSA algorithm;
- ed25519 – ED25519 algorithm;
- rsa – RSA algorithm;
- rsa1 – RSA1 algorithm.
Required privilege level
15
Command mode
ROOT
Example
esr# show crypto key mypubkey rsa Key data ------------------------------------------------------------ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDz750sWCQrnNufg1yhuksTFYCYdEfg JZ9tWUvcssAZhCJWMewprXBuZMABzFmfBg157pgapxn2qJXJ8ESMV7X7gPfy xQQah6l376z3SFcpKvwudNgwHiS5HCYPRQWx2Xdaz/nJtYr5NpYgLPba68NC iXcqEp7EPR5GojDVxpuDuk0hPFcihzmt5Yx8ZptJRzRtsuDQYlowv0Qa24kd OlQ90/1qKfbAhB6XI60l+dK5VEj7giBESarcRn69/e/YVbdGBdTE93QWFPKI bm63imfbxRwWtcwsFdIHi8Blv9ZqDqqF/IO3TkIKa31hV9GnsawlAXi/IdyY bYPboHRdcTlH/ root@esr-1000
Mirroring configuration
port monitor
This command enables traffic mirroring mode.
The use of a negative form (no) of the command disables the traffic mirroring mode.
Syntax
[no] port monitor
Parameters
None.
Required privilege level
10
Command mode
CONFIG-GI
CONFIG-TE
Example
esr(config-if-gi)# port monitor interface gigabitethernet 1/0/5
port monitor interface
This command defines controlling ports.
The use of a negative form (no) of the command removes controlling port.
Syntax
port monitor interface <IF> <DIRECTION>
no port monitor
Parameters
<IF> – an interface or a group of interfaces is specified in the form described in Section Types and naming order of router interfaces;
<DIRECTION> – traffic direction:
- tx – only outgoing traffic mirroring;
- rx – only incoming traffic mirroring.
Required privilege level
10
Command mode
CONFIG-GI
CONFIG-TE
Example
esr(config-if-gi)# port monitor interface gigabitethernet 1/0/5
port monitor mode
This command defines the mode of the port transmitting mirrored traffic.
The use of a negative form (no) of the command sets the default value.
Syntax
port monitor mode <MODE>
no port monitor mode
Parameters
<MODE> – mode:
- network – combined data transfer and mirroring;
- monitor-only – mirroring only.
Default value
network
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# port monitor mode monitor-only
port monitor remote
This command enables remote mirroring (RSPAN).
The use of a negative form (no) of the command disables remote mirroring (RSPAN).
Syntax
[no] port monitor remote
Parameters
The command does not contain parameters.
Required privilege level
10
Command mode
CONFIG
Example
esr(config-if-gi)# port monitor remote
port monitor remote vlan
This command defines the VLAN over which the mirrored traffic will be transmitted.
The use of a negative form (no) of the command removes a specified VLAN.
Syntax
port monitor remote vlan <VID> <DIRECTION>
no port monitor remote vlan <DIRECTION>
Parameters
<VID> – VLAN ID, set in the range of [2..4094];
<DIRECTION> – traffic direction:
- tx – mirroring only outgoing traffic to the specified VLAN;
- rx – mirroring only incoming traffic to the specified VLAN.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# port monitor remote vlan 10
show interfaces switch-port monitor
The commands displays mirroring settings.
Syntax
show interfaces switch-port monitor [ <IF> ]
Parameters
<IF> – an interface's name, specified in the form described in Section Types and naming order of router interfaces.
You may specify several interfaces in the command. If interface indexes are not specified, then the statuses of all interfaces of a specified group will be shown. If a certain interface is specified, the detailed information on this interface will be displayed. When executing a command without parameter, all logic interface statuses will be displayed.
Required privilege level
1
Command mode
ROOT
Example
esr# show interfaces switch-port monitor Port monitor mode: network RSPAN configuration RX: VLAN 222 RSPAN configuration TX: VLAN 222 Source Port Destination Port Type RSPAN ------------ ---------------- ------ -------- gi1/0/7 gi1/0/6 RX,TX Enabled
LLDP configuration
lldp enable
This command enables LLDP protocol support on the router.
The use of a negative form (no) of the command disables LLDP protocol support.
Syntax
[no] lldp enable
Parameters
The command does not contain parameters.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# lldp enable
lldp hold-multiplier
This command sets the number of lldp-timer periods during which the router stores information received via the LLDP protocol.
The use of a negative form (no) of the command sets the specified parameter to the default value.
Syntax
lldp hold-multiplier <SEC>
no lldp hold-multiplier
Parameters
<SEC> – time interval in seconds, takes values of [1..10].
Default value
4
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# lldp hold-multiplier 5
lldp management-address
This command sets the IP address that will be sent to the LLDP TLV as the management-address.
The use of a negative form (no) of the command sets the default value for the LLDP TLV management-address field.
Syntax
lldp management-address <ADDR>
no lldp management-address
Parameters
<ADDR> – IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255]. The specified IP address must be assigned on any interface/tunnel of the router.
Default value
One of the existing.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# lldp management-address 192.168.54.42
lldp med fast-start enable
This command enables the sending of LLDP-MED messages on interfaces with a configured network policy (see section lldp network-policy).
The use of a negative form (no) of the command disables LLDP-MED broadcasting of messages on interfaces with a configured network policy.
Syntax
[no] lldp med fast-start enable
Parameters
None.
Default value
LLDP-MED messaging is disabled.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# lldp med fast-start enable
lldp med fast-start tx-interval
This command configures the period of sending of LLDP-MED messages on interfaces with a configured network policy (see section lldp network-policy).
The use of a negative form (no) sets the default value for the distribution period of LLDP-MED messages on interfaces with a configured network policy.
Syntax
lldp med fast-start tx-interval <SEC>
[no] lldp med fast-start tx-interval
Parameters
<SEC> – time interval, takes values of [1..32768] seconds.
Default value
1 second
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# lldp med fast-start tx-interval 20
lldp receive
This command enables LLDPDU processing on the physical interface.
The use of a negative form (no) of the command disables LLDPDU processing on the physical interface.
Syntax
[no] lldp receive
Parameters
The command does not contain parameters.
Default value
LLDP packets receiving disabled.
Required privilege level
15
Command mode
CONFIG-IF-GI
CONFIG-IF-TE
Example
esr(config-if-gi)# lldp receive
lldp system-description
This command sets the field that will be sent to the LLDP TLV as the system-description.
The use of a negative form (no) of the command sets the default value for the LLDP TLV system-description field.
Syntax
lldp system-description <DESCRIPTION>
no lldp system-description
Parameters
<DESCRIPTION> – system description identifier, set by the string of up to 255 characters.
Default value
Contains information about the model and firmware version of the router.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# lldp system-description esr-1000-1.3.0
lldp system-name
This command sets the field that will be sent to the LLDP TLV as the system-name.
The use of a negative form (no) of the command.
Syntax
lldp system-name <NAME>
no lldp system-name
Parameters
<NAME> – system name identifier, set by the string of up to 255 characters.
Default value
Same as hostname.
Required privilege level
15
Command mode
CONFIG
Example
esr(config)# lldp system-name esr-100-branch-12
lldp timer
This command sets the LLDPDU send period.
The use of a negative form (no) of the command sets the default LLDPDU send period value.
Syntax
lldp timer <SEC>
no lldp timer
Parameters
<SEC> – time interval in seconds, takes values of [1..32768].
Default value
30
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# lldp timer 3
lldp transmit
This command enables LLDPDU sending on the physical interface.
The use of a negative form (no) of the command disables LLDPDU sending on the physical interface.
Syntax
[no] lldp transmit
Parameters
The command does not contain parameters.
Default value
LLDP packets sending disabled.
Required privilege level
15
Command mode
CONFI-IF-GI
CONFI -IF-TE
Example
esr(config-if-gi)# lldp transmit
show lldp neighbors
This command displays information about the connected devices from which information is received via the LLDP protocol.
Syntax
show lldp neighbors <IF>
Parameters
<IF> – name of an interface or a group of interfaces is specified in the form described in Section Types and naming order of router interfaces; It is permissible to use only physical interfaces (gigabitethernet or tengigabitethernet). Without an interface, information about all devices detected by the LLDP is displayed.
Required privilege level
10
Command mode
ROOT
Example
esr# show lldp neighbors LLDP Neighbor Information: Local Information: Index: 0 Local Interface: gi1/0/4 Neighbour Information: Chassis type: mac Chassis ID: a8:f9:4b:aa:8c:90 Management ip: 192.168.1.5 Management ip: fe80::2052:e5ff:fe36:226f Port type: local Port ID: gi1/0/8 Port description: esr200-lldp-test Time to live: 120 System name: esr-200-test System Description: Eltex Router ESR-200 1.3.0 build 79 (date 14/08/2017 time 10:19:13) System capabilities: Bridge: false Router: true Station: true Wlan: false
show lldp statistics
This command displays the statistics of the LLDP protocol operation on the interfaces on which the LLDP protocol is enabled.
Syntax
show lldp statistics <IF>
Parameters
<IF> – name of an interface or a group of interfaces is specified in the form described in Section Types and naming order of router interfaces; It is permissible to use only physical interfaces (gigabitethernet or tengigabitethernet). Without an interface, information about all devices detected by the LLDP is displayed.
Required privilege level
1
Command mode
ROOT
Example
esr# show lldp statistics Interface Transmitted Received Discarded Unrecognized Ageout Inserted Deleted --------- ----------- -------- --------- ----------- ------ -------- ------- gi1/0/1 1 0 0 0 0 0 0
Zabbix-agent configuration
active-server
This command sets the address and port of the Zabbix server for active checks.
The use of a negative form (no) of the command removes server for active checks.
Syntax
active-server <ADDR> [ port <PORT> ]
no active-server
Parameters
<ADDR> – server IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];
<PORT> – port number, set in the range of [1..65535].
Default value
None
Required privilege level
10
Command mode
CONFIG-ZABBIX
Example
esr(config-zabbix)# active-server 192.168.16.54
enable
This command enables the functionality of the Zabbix agent.
The use of a negative form (no) of the command disables Zabbix agent functionality.
Syntax
[no] enable
Parameters
None.
Default value
no enable
Required privilege level
10
Command mode
CONFIG-ZABBIX
Example
esr(config-zabbix)# enable
hostname
This command sets agent name. Hostname must match the hostname in the Zabbix control panel.
The use of a negative form (no) of the command sets the default agent name.
Syntax
hostname <NAME>
no hostname
Parameters
<NAME> – system name identifier, set by the string of up to 255 characters.
Default value
Same as the configured hostname of the router.
Required privilege level
10
Command mode
CONFIG-ZABBIX
Example
esr(config-zabbix)# hostname branch_12
port
This command sets the TCP port that will be used for Zabbix server requests to the agent.
The use of a negative form (no) of the command removes the value of TCP port.
Syntax
port <PORT>
[no] port
Parameters
<PORT> – port number, set in the range of [1024..32767].
Default value
None
Required privilege level
10
Command mode
CONFIG-ZABBIX
Example
esr(config-zabbix)# port 20050
remote-commands
This command enables the ability to execute commands on the router from the Zabbix server.
The use of a negative form (no) of the command disables the ability to execute commands on the router from the Zabbix server.
Syntax
[no] remote-commands
Parameters
None.
Default value
Disabled.
Required privilege level
15
Command mode
CONFIG-ZABBIX
Example
esr(config-zabbix)# remote-commands
server
This command sets the IP address of the Zabbix server from which incoming connections are allowed.
The use of a negative form (no) of the command removes Zabbix server IP address.
Syntax
server <ADDR>
no server
Parameters
<ADDR> – server IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
Default value
None
Required privilege level
10
Command mode
CONFIG-ZABBIX
Example
esr(config-zabbix)# server 192.168.18.54
show zabbix-agent configuration
This command displays the configuration of the Zabbix agent.
Syntax
show zabbix-agent configuration
Parameters
None.
Required privilege level
1
Command mode
ROOT
Example
esr# show zabbix-agent configuration VRF: -- State: Enabled Active server: -- Active server port: -- Hostname: esr Port: -- Remote commands: Disabled Server: 192.168.18.54 Source address: -- Timeout: 3
source-address
This command specifies the address from which the connection to the Zabbix server will be established.
The use of a negative form (no) of the command sets the default value.
Syntax
source-address <ADDR>
no source-address
Parameters
<ADDR> – IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];
Default value
IP address of the interface from which NTP packet is sent.
Required privilege level
10
Command mode
CONFIG-ZABBIX
Example
esr(config-zabbix)# source-address 192.168.1.57
timeout
This command sets the maximum time for processing a Zabbiz-server request.
The use of a negative form (no) of the command sets the default value.
Syntax
timeout
no timeout
Parameters
<SEC> – time interval in seconds, takes values of [1..30].
Default value
3
Required privilege level
10
Command mode
CONFIG-ZABBIX
Example
esr(config-zabbix)# timeout 20
zabbix-agent
This command switches to the configuration mode of the Zabbix agent in global mode or VRF.
The use of a negative form (no) of the command removes the Zabbix agent settings in global mode or VRF.
Syntax
[no] zabbix-agent [ vrf <VRF> ]
Parameters
<VRF> – VRF instance name, set by the string of up to 31 characters.
Default value
Disabled.
Required privilege level
10
Command mode
CONFIG
Example
esr(config)# zabbix-agent