information
show>system
Supported on all 7210 SAS platforms as described in this document
This command displays the SNMP configuration and statistics.
The following output is an example of SNMP configuration and statistics information, and Table: Output fields: system information describes the output fields.
Sample outputSample output for 7210 SAS D:
*A:SAS-D>show>system# information
===============================================================================
System Information
===============================================================================
System Name : SAS-D
System Type : 7210 SAS-D 6F4T-1
System Version : B-3.0.S66
System Contact :
System Location :
System Coordinates :
System Up Time : 10 days, 01:24:01.43 (hr:min:sec)
SNMP Port : 161
SNMP Engine ID : 0000197f0000003f11abca11
SNMP Max Message Size : 1500
SNMP Admin State : Disabled
SNMP Oper State : Disabled
SNMP Index Boot Status : Not Persistent
SNMP Sync State : N/A
Tel/Tel6/SSH/FTP Admin : Disabled/Disabled/Enabled/Disabled
Tel/Tel6/SSH/FTP Oper : Down/Down/Up/Down
BOF Source : N/A
Image Source : primary
Config Source : N/A
Last Booted Config File: N/A
Last Boot Cfg Version : N/A
Last Boot Config Header: N/A
Last Boot Index Version: N/A
Last Boot Index Header : N/A
Last Saved Config : cf1:\smitha.cfg
Time Last Saved : 1970/01/01 00:04:11
Changes Since Last Save: Yes
User Last Modified : admin
Time Last Modified : 1970/01/11 00:44:21
Max Cfg/BOF Backup Rev : 5
Cfg-OK Script : N/A
Cfg-OK Script Status : not used
Cfg-Fail Script : N/A
Cfg-Fail Script Status : not used
Management IP Addr : 0.0.0.0/0
Primary DNS Server : N/A
Secondary DNS Server : N/A
Tertiary DNS Server : N/A
DNS Domain :
DNS Resolve Preference : ipv4-only
BOF Static Routes : None
===============================================================================
*A:SAS-D>show>system#
Label |
Description |
|---|---|
System Name |
The name configured for the device |
System Contact |
The text string that identifies the contact name for the device |
System Location |
The text string that identifies the location of the device |
System Coordinates |
The text string that identifies the system coordinates for the device location For example, ‟37.390 -122.0550" is read as latitude 37.390 north and longitude 122.0550 west. |
System Up Time |
The time since the last reboot |
SNMP Port |
The port which SNMP sends responses to management requests |
SNMP Engine ID |
The ID for either the local or remote SNMP engine to uniquely identify the SNMPv3 node |
SNMP Max Message Size |
The maximum size SNMP packet generated by this node |
SNMP Admin State |
Enabled — SNMP is administratively enabled Disabled — SNMP is administratively disabled |
SNMP Oper State |
Enabled — SNMP is operationally enabled Disabled — SNMP is operationally disabled |
SNMP Index Boot Status |
Persistent — Persistent indexes at the last system reboot was enabled Disabled — Persistent indexes at the last system reboot was disabled |
SNMP Sync State |
The state when the synchronization of configuration files between the primary and secondary s finish |
Telnet/SSH/FTP Admin |
Displays the administrative state of the Telnet, SSH, and FTP sessions |
Telnet/SSH/FTP Oper |
Displays the operational state of the Telnet, SSH, and FTP sessions |
BOF Source |
The boot location of the BOF |
Image Source |
primary — Specifies whether the image was loaded from the primary location specified in the BOF secondary — Specifies whether the image was loaded from the secondary location specified in the BOF tertiary — Specifies whether the image was loaded from the tertiary location specified in the BOF |
Config Source |
primary — Specifies whether the configuration was loaded from the primary location specified in the BOF secondary — Specifies whether the configuration was loaded from the secondary location specified in the BOF tertiary — Specifies whether the configuration was loaded from the tertiary location specified in the BOF |
Last Booted Config File |
Displays the URL and filename of the configuration file used for the most recent boot |
Last Boot Cfg Version |
Displays the version of the configuration file used for the most recent boot |
Last Boot Config Header |
Displays header information of the configuration file used for the most recent boot |
Last Boot Index Version |
Displays the index version used in the most recent boot |
Last Boot Index Header |
Displays the header information of the index used in the most recent boot |
Last Saved Config |
Displays the filename of the last saved configuration |
Time Last Saved |
Displays the time the configuration was most recently saved |
Changes Since Last Save |
Yes — The configuration changed since the last save No — The configuration has not changed since the last save |
Time Last Modified |
Displays the time of the last modification |
Max Cfg/BOF Backup Rev |
The maximum number of backup revisions maintained for a configuration file This value also applies to the number of revisions maintained for the BOF. |
Cfg-OK Script |
URL — The location and name of the CLI script file executed following successful completion of the boot-up configuration file execution N/A — No CLI script file is executed |
Cfg-OK Script Status |
Successful/Failed — The results from the execution of the CLI script file specified in the Cfg-OK Script location Not used — No CLI script file was executed |
Cfg-Fail Script |
URL — The location and name of the CLI script file executed following a failed boot-up configuration file execution Not used — No CLI script file was executed |
Cfg-Fail Script Status |
Successful/Failed — The results from the execution of the CLI script file specified in the Cfg-Fail Script location Not used — No CLI script file was executed |
Management IP address |
The Management IP address of the node |
DNS Server |
The DNS address of the node |
DNS Domain |
The DNS domain name of the node |
BOF Static Routes |
To — The static route destination Next Hop — The next hop IP address used to reach the destination Metric — Displays the priority of this static route versus other static routes None — No static routes are configured |
access-group group-name
show>system>security
Supported on all 7210 SAS platforms as described in this document
This command displays access-group information.
The following output is an example of access group information, and Table: Output fields: security access group describes the output fields.
Sample outputA:ALA-1# show system security access-group
===============================================================================
Access Groups
===============================================================================
group name security security read write notify
model level view view view
-------------------------------------------------------------------------------
snmp-ro snmpv1 none no-security no-security
snmp-ro snmpv2c none no-security no-security
snmp-rw snmpv1 none no-security no-security no-security
snmp-rw snmpv2c none no-security no-security no-security
snmp-rwa snmpv1 none iso iso iso
snmp-rwa snmpv2c none iso iso iso
snmp-trap snmpv1 none iso
snmp-trap snmpv2c none iso
-------------------------------------------------------------------------------
No. of Access Groups: 8
===============================================================================
A:ALA-1#
A:ALA-1# show system security access-group detail
===============================================================================
Access Groups
===============================================================================
group name security security read write notify
model level view view view
-------------------------------------------------------------------------------
snmp-ro snmpv1 none no-security no-security
-------------------------------------------------------------------------------
No. of Access Groups:
...
===============================================================================
A:ALA-1#
Label |
Description |
|---|---|
Group name |
The access group name |
Security model |
The security model required to access the views configured in this node |
Security level |
Specifies the required authentication and privacy levels to access the views configured in this node |
Read view |
Specifies the view to read the MIB objects |
Write view |
Specifies the view to configure the contents of the agent |
Notify view |
Specifies the view to send a trap about MIB objects |
No. of access groups |
The total number of configured access groups |
authentication [statistics]
show>system>security
Supported on all 7210 SAS platforms as described in this document
This command displays authentication information.
The following output is an example of authentication information, and Table: Output fields: authentication describes the output fields.
Sample outputA:ALA-49>show>system>security# authentication
===============================================================================
Authentication sequence : radius tacplus local
===============================================================================
server address status type timeout(secs) single connection retry count
-------------------------------------------------------------------------------
10.10.10.103 up radius 5 n/a 5
10.10.0.1 up radius 5 n/a 5
10.10.0.2 up radius 5 n/a 5
10.10.0.3 up radius 5 n/a 5
-------------------------------------------------------------------------------
radius admin status : down
tacplus admin status : up
health check : enabled
-------------------------------------------------------------------------------
No. of Servers: 4
===============================================================================
A:ALA-49>show>system>security#
Label |
Description |
|---|---|
sequence |
The authentication order in which password authentication, authorization, and accounting is attempted among RADIUS, TACACS+, and local passwords |
server address |
The address of the RADIUS, TACACS+, or local server |
status |
The status of the server |
type |
The type of server |
timeout (secs) |
Number of seconds the server waits before timing out |
single connection |
Specifies whether a single connection is established with the server The connection is kept open and is used by all the Telnet/SSH/FTP sessions for AAA operations. |
retry count |
The number of attempts to retry contacting the server |
radius admin status |
The administrative status of the RADIUS protocol operation |
tacplus admin status |
The administrative status of the TACACS+ protocol operation |
health check |
Specifies whether the RADIUS and TACACS+ servers are periodically monitored Each server is contacted every 30 seconds. If in this process a server is found to be unreachable, or a previously unreachable server starts responding, based on the type of the server, a trap is sent. |
No. of Servers |
The total number of servers configured |
keychain [key-chain] [detail]
show>system>security
Supported on all 7210 SAS platforms as described in this document
This command displays keychain information.
Specifies the keychain name to display.
Displays detailed keychain information.
The following output is an example of keychain information.
Sample output*A:ALA-A# show system security keychain test
===============================================================================
Key chain:test
===============================================================================
TCP-Option number send : 254 Admin state : Up
TCP-Option number receive : 254 Oper state : Up
===============================================================================
*A:ALA-A#
management-access-filter
show>system>security
Supported on all 7210 SAS platforms as described in this document
This command displays management access filter information for IP and MAC filters.
ip-filter [entry entry-id]
show>system>security>mgmt-access-filter
Supported on all 7210 SAS platforms as described in this document
This command displays management-access IP filters.
Displays information for the specified entry.
The following output is an example of management access IP filter information, and Table: Output fields: IP filter describes the output fields.
Sample output*7210-SAS>show>system>security>management-access-filter# ip-filter entry 1
===============================================================================
IPv4 Management Access Filter
===============================================================================
filter type : ip
Def. Action : permit
Admin Status : enabled (no shutdown)
-------------------------------------------------------------------------------
Entry : 1
Description : (Not Specified)
Src IP : undefined
Src interface : undefined
Dest port : undefined
Protocol : undefined
Router : undefined
Action : none
Log : disabled
Matches : 0
===============================================================================
*7210-SAS>show>system>security>management-access-filter#
Label |
Description |
|---|---|
Def. action |
Permit — Specifies that packets not matching the configured selection criteria in any of the filter entries are permitted Deny — Specifies that packets not matching the configured selection criteria in any of the filter entries are denied and that a ICMP host unreachable message will be issued Deny-host-unreachable — Specifies that packets not matching the configured selection criteria in the filter entries are denied |
Entry |
The entry ID in a policy or filter table |
Description |
A text string describing the filter |
Src IP |
The source IP address used for management access filter match criteria |
Src Interface |
The interface name for the next-hop to which the packet should be forwarded if it hits this filter entry |
Dest port |
The destination port |
Match |
The number of times a management packet has matched this filter entry |
Protocol |
The IP protocol to match |
Action |
The action to take for packets that match this filter entry |
password-options
show>system>security
Supported on all 7210 SAS platforms as described in this document
This command displays password options.
The following output is an example of password options, and Table: Output fields: password options describes the output fields.
Sample outputA:ALA-48>show>system>security# password-options
===============================================================================
Password Options
===============================================================================
Password aging in days : 365
Number of invalid attempts permitted per login : 5
Time in minutes per login attempt : 5
Lockout period (when threshold breached) : 20
Authentication order : radius tacplus local
Configured complexity options :
Minimum password length : 8
===============================================================================
A:ALA-48>show>system>security#
Label |
Description |
|---|---|
Password aging in days |
Number of days a user password is valid before the user must change their password |
Number of invalid attempts permitted per login |
Displays the maximum number of unsuccessful login attempts allowed for a user |
Time in minutes per login attempt |
Displays the time in minutes that user is to be locked out |
Lockout period (when threshold breached) |
Displays the number of minutes the user is locked out if the threshold of unsuccessful login attempts has exceeded |
Authentication order |
Displays the most preferred method to authenticate and authorize a user |
Configured complexity options |
Displays the complexity requirements of locally administered passwords, HMAC-MD5-96, HMAC-SHA-96 and DES-keys configured in the authentication section |
Minimum password length |
Displays the minimum number of characters required in the password |
profile [profile-name]
show>system>security
Supported on all 7210 SAS platforms as described in this document
This command displays user profiles for CLI command tree permissions.
Specifies the profile name to display information about a single user profile. If no profile name is displayed, the entire list of profile names are listed.
The following output is an example of user profile information, and Table: Output fields: profile describes the output fields.
Sample outputA:ALA-48>config>system>snmp# show system security profile
===============================================================================
User Profile
===============================================================================
User Profile : test
Def. Action : none
-------------------------------------------------------------------------------
Entry : 1
Description :
Match Command:
Action : unknown
===============================================================================
User Profile : default
Def. Action : none
-------------------------------------------------------------------------------
Entry : 10
Description :
Match Command: exec
Action : permit
-------------------------------------------------------------------------------
Entry : 20
Description :
Match Command: exit
Action : permit
-------------------------------------------------------------------------------
Entry : 30
Description :
Match Command: help
Action : permit
-------------------------------------------------------------------------------
...
-------------------------------------------------------------------------------
Entry : 80
Description :
Match Command: enable-admin
Action : permit
===============================================================================
User Profile : administrative
Def. Action : permit-all
-------------------------------------------------------------------------------
Entry : 10
Description :
Match Command: configure system security
Action : permit
-------------------------------------------------------------------------------
Entry : 20
Description :
Match Command: show system security
Action : permit
===============================================================================
-------------------------------------------------------------------------------
No. of profiles: 3
===============================================================================
A:ALA-48>config>system>snmp#
Label |
Description |
|---|---|
User Profile |
default — The action to be given to the user profile if none of the entries match the command administrative — Specifies the administrative state for this profile |
Def. Action |
none — No action is given to the user profile when none of the entries match the command permit-all — The action to be taken when an entry matches the command |
Entry |
10 to 80 — Each entry represents the configuration for a system user |
Description |
A text string describing the entry |
Match Command |
administrative — Enables the user to execute all commands configure system security — Enables the user to execute the config system security command enable-admin — Enables the user to enter a special administrative mode by entering the enable-admin command exec — Enables the user to execute (exec) the contents of a text file as if they were CLI commands entered at the console exit — Enables the user to execute the exit command help — Enables the user to execute the help command logout — Enables the user to execute the logout command password — Enables the user to execute the password command show config — Enables the user to execute the show config command show — Enables the user to execute the show command show system security — Enables the user to execute the show system security command |
Action |
permit — Enables the user access to all commands deny-all — Denies the user access to all commands |
snmp
show
show>system>security
Supported on all 7210 SAS platforms as described in this document
Commands in this context displays SNMP information.
community
community community-string
show>system>security>snmp
Supported on all 7210 SAS platforms as described in this document
This command lists SNMP communities and characteristics.
Specifies the community name, up to 32 characters.
The following output is an example of SNMP community information, and Table: Output fields: SNMP community describes the output fields.
Sample outputA:Dut-P# show system security snmp community
==============================================================================
Communities
==============================================================================
community access view version group name
------------------------------------------------------------------------------
cli-readonly r iso v2c cli-readonly
cli-readwrite rw iso v2c cli-readwrite
private rwa iso v1 v2c snmp-rwa
public rwa iso v1 v2c snmp-rwa
------------------------------------------------------------------------------
No. of Communities: 4
==============================================================================
A:Dut-P#
Label |
Description |
|---|---|
Community |
Displays the community string name for SNMPv1 and SNMPv2c access only |
Access |
r — The community string allows read-only access rw — The community string allows read-write access rwa — The community string allows read-write access mgmt — The unique SNMP community string assigned to the management router |
View |
Displays the view name |
Version |
Displays the SNMP version |
Group Name |
Displays the access group name |
No of Communities |
Displays the total number of configured community strings |
ssh
show>system>security
Supported on all 7210 SAS platforms as described in this document
This command displays all the SSH sessions as well as the SSH status and fingerprint.
The following output is an example of SSH session information, and Table: Output fields: SSH describes the output fields.
Sample outputA:ALA-7# show system security ssh
SSH is enabled
Key fingerprint: 34:00:f4:97:05:71:aa:b1:63:99:dc:17:11:73:43:83
=======================================================
Connection Encryption Username
=======================================================
192.168.5.218 3des admin
-------------------------------------------------------
Number of SSH sessions : 1
=======================================================
A:ALA-7#
A:ALA-49>config>system>security# show system security ssh
SSH is disabled
A:ALA-49>config>system>security#
Label |
Description |
|---|---|
SSH status |
SSH is enabled — Displays that SSH server is enabled |
SSH is disabled — Displays that SSH server is disabled |
|
Key fingerprint |
The key fingerprint is the server identity. Clients trying to connect to the server verify the server fingerprint. If the server fingerprint is not known, the client may not continue with the SSH session because the server might be spoofed. |
Connection |
The IP address of the connected routers (remote client) |
Encryption |
des — Data encryption using a private (secret) key 3des — An encryption method that allows proprietary information to be transmitted over untrusted networks |
Username |
The name of the user |
Number of SSH sessions |
The total number of SSH sessions |
users [user-id] [detail]
show>system>security
Supported on all 7210 SAS platforms as described in this document
This command displays user information.
The following output is an example of user information, and Table: Output fields: security user describes the output fields.
Sample outputA:ALA-1# show system security user
===============================================================================
Users
===============================================================================
user id need user permissions password attempted failed local
new pwd console ftp snmp expires logins logins conf
-------------------------------------------------------------------------------
admin n y n n never 2 0 y
testuser n n n y never 0 0 y
-------------------------------------------------------------------------------
Number of users : 2
===============================================================================
A:ALA-1#
Label |
Description |
|---|---|
User ID |
The name of a system user |
Need New PWD |
Yes — The user must change their password at the next login No — The user is not forced to change their password at the next login |
User Permission |
Console — Specifies whether the user is permitted console/Telnet access FTP — Specifies whether the user is permitted FTP access SNMP — Specifies whether the user is permitted SNMP access |
Password expires |
The date on which the current password expires |
Attempted logins |
The number of times the user has attempted to login irrespective of whether the login succeeded or failed |
Failed logins |
The number of unsuccessful login attempts |
Local Conf. |
Y — Password authentication is based on the local password database N — Password authentication is not based on the local password database |
view [view-name] [detail]
show>system>security
Supported on all 7210 SAS platforms as described in this document
This command lists one or all views and permissions in the MIB-OID tree.
The following output is an example of permissions views, and Table: Output fields: security view describes the output fields.
Sample outputA:ALA-1# show system security view
===============================================================================
Views
===============================================================================
view name oid tree mask permission
-------------------------------------------------------------------------------
iso 1 included
no-security 1 included
no-security 1.3.6.1.6.3 excluded
no-security 1.3.6.1.6.3.10.2.1 included
no-security 1.3.6.1.6.3.11.2.1 included
no-security 1.3.6.1.6.3.15.1.1 included
-------------------------------------------------------------------------------
No. of Views: 6
===============================================================================
A:ALA-1#
A:ALA-1# show system security view no-security detail
===============================================================================
Views
===============================================================================
view name oid tree mask permission
-------------------------------------------------------------------------------
no-security 1 included
no-security 1.3.6.1.6.3 excluded
no-security 1.3.6.1.6.3.10.2.1 included
no-security 1.3.6.1.6.3.11.2.1 included
no-security 1.3.6.1.6.3.15.1.1 included
-------------------------------------------------------------------------------
No. of Views: 5
===============================================================================
=======================================
no-security used in
=======================================
group name
---------------------------------------
snmp-ro
snmp-rw
=======================================
A:ALA-1#
Label |
Description |
|---|---|
View name |
The name of the view Views control the accessibility of a MIB object within the configured MIB view and subtree. |
OID tree |
The Object Identifier (OID) value OIDs uniquely identify MIB objects in the subtree. |
Mask |
The mask value and the mask type, along with the oid-value configured in the view command, determines the access of each sub-identifier of an object identifier (MIB subtree) in the view. |
Permission |
Included — Specifies to include MIB subtree objects Excluded — Specifies to exclude MIB subtree objects |
No. of Views |
The total number of configured views |
Group name |
The access group name |