![]() |
MANUAL PAGE 1/190 80-CRA 119 1170/1 Uen C | ![]() |
Copyright
© Ericsson AB 2009–2010. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.
Disclaimer
The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.
Trademark List
SmartEdge | is a registered trademark of Telefonaktiebolaget LM Ericsson. | |
NetOp | is a trademark of Telefonaktiebolaget LM Ericsson. |
1 | Commands |
1.1 | asp |
1.2 | asp-count |
1.3 | asp security default |
1.4 | asp group |
1.5 | asp-group |
1.6 | asp pool service |
1.7 | card ase |
1.8 | debug asp engine |
1.9 | debug security |
1.10 | log server |
1.11 | log source |
1.12 | maximum subscribers |
1.13 | maximum tunnels ipsec |
1.14 | pool |
1.15 | priority |
1.16 | show asp |
1.17 | show asp group |
1.18 | show asp pool |
Glossary | |
Reference List |
This document provides command syntax and usage guidelines for commands used in the configuration and operation of the advanced services support available when an Advanced Service (ASE) card is installed in a SmartEdge® router. For an overview of the ASE card infrastructure, see Reference [1]. For configuration tasks, see Reference [2] or Reference [3].
asp slot-id/asp-id
Advanced Services Processor (ASP) pool configuration
slot-id |
Chassis slot number where the ASE card is installed. The range of values depends on the chassis:
|
asp-id |
The ID of the ASP on the ASE card. Possible values are 1 and 2. |
Specifies the ASPs associated with the ASP pool.
No ASPs are associated with an ASP pool.
The following example specifies six ASPs on four ASE cards to associate with the ASP pool being configured:
[local]Redback(config-asp-pool-mode)#asp 1/1 [local]Redback(config-asp-pool-mode)#asp 1/2 [local]Redback(config-asp-pool-mode)#asp 3/1 [local]Redback(config-asp-pool-mode)#asp 3/2 [local]Redback(config-asp-pool-mode)#asp 4/1 [local]Redback(config-asp-pool-mode)#asp 5/1
asp-count number
ASP group configuration
number |
1 to 22 |
No number of ASPs are associated with an ASP group.
Specifies the number of ASPs requested by the ASP group. In conjunction with the priority assigned to the ASP group, ASPs up to the number requested will be allocated to the group from the ASP pool associated with the group.
The following example specifies that two ASPs are requested by the ASP group.
[local]Redback(config-asp-group-mode)#asp-count 2
asp security default
global configuration
This command has no keywords or arguments.
None.
Configures the ASP to provide the security service and enters the ASP security default configuration mode.
[local]Redback(config)#asp security default
asp group group-name
global configuration
group-name |
The name of the ASP group. |
No ASP groups are configured.
Creates or selects an ASP group and enters ASP group configuration mode.
The following example configures the ASP group ipsec_group1
[local]Redback(config)#asp group ipsec_group1
asp-group group-name service service-name
context configuration
group-name |
The name of an existing ASP group. |
service service-name |
The only available value is security. Must match the service-name specified for the ASP pool to which the ASP group belongs. |
No ASP groups are associated with an ASE-based service.
Associates an ASP group for the specified service with the context in which this command is entered.
The following example associates ASP group ipsec_group1 with the context c3.
[local]Redback(config)#context c3 [local]Redback(config-ctx)#asp-group ipsec_group1 service security
asp pool pool-name service service-name
global configuration
pool-name |
The name of the ASP pool. |
service service-name |
Mandatory. The only available value is security. |
No ASP pool is configured by default.
Creates or selects an ASP pool and enters ASP pool configuration mode.
The following example configures an ASP pool ipsec_pool1 for use with the ASE-based service security.
[local]Redback(config)#asp pool ipsec_pool1 service security
card ase slot
global configuration
slot |
Chassis slot number where the card is installed. The range of values depends on the chassis:
|
Specifies an ASE card for a slot, or selects one for modification, and enters card configuration mode.
The following example configures an ASE card in slot 4:
[local]Redback(config)#card ase 4
debug asp slot/asp-id engine all {trace | log} {buffer | console } [level level ]
exec
slot-id |
Chassis slot number where the ASE card is installed. The range of values depends on the chassis:
|
asp-id |
The ID of the ASP on the ASE card. Possible values are 1 and 2. |
trace |
Enables generation of trace messages. |
log |
Enables generation of log messages. |
buffer |
Sends debug information to the circular buffer on the ASP. |
console |
Sends debug information to the console. |
level level |
Specifies the debug logging level, where level is one of the following (in descending severity order):
|
Enables the generation of debug messages for a specific ASP engine on a specific ASE card.
Caution! | ||
Risk of performance loss. Enabling the generation of debug messages
can severely affect system performance. To reduce the risk, exercise
caution when enabling the generation of debug messages on a production
system.
|
Enables the generation of debug messages for the ASP engine of a specific ASP on a specific ASE card.
[local]Redback #debug asp 2/1 engine all
debug security {all | asp | config | general | ppa | rcm | service | state | tunnel}
exec
all |
All security service debug messages |
asp |
ASP messages |
config |
Security configuration download messages |
general |
General messages |
ppa |
Packet Processing ASIC (PPA) messages |
rcm |
Router Configuration Manager (RCM) messages |
service |
Security service processing messages |
state |
State messages |
tunnel |
Tunnel messages |
Enables the generation of debug messages for the ASE-based security service.
Caution! | ||
Risk of performance loss. Enabling the generation of debug messages
can severely affect system performance. To reduce the risk, exercise
caution when enabling the generation of debug messages on a production
system.
|
The following example enables the generation of all debug messages for the ASE-based security service.
[local]Redback#debug security all
log server server-ip [transport transport-protocol] [port port]
ASP security default configuration
server-ip |
IP address of the default log server. |
transport-protocol |
Specifies the transport protocol used for logs. Only UDP is supported. |
No log server is configured by default.
Configures the IP address and destination port of the log server. The log server should be reachable through context local.
[local]Redback(config)#asp security default [local]Redback(config-asp-security-default)#log server 10.1.1.2 udp 514 10.1.0.5
log source source-ip [context context-name]
ASP security default configuration
source-ip |
IP address of the default log source. |
context-name |
Context through which the log source is reachable. |
No log source is configured by default.
Configures the IP address and the context through which the log source is reachable.
[local]Redback(config-asp-security-default)#log server 10.1.1.2 udp 514 10.1.0.5
maximum subscribers max-subscribers
ASP pool configuration
max-subscribers |
Maximum number of subscribers per ASP. Possible values are 1 to 32,768. |
The default number of subscribers admitted per ASP is 8,124.
Specifies the maximum number of subscribers admitted for all ASPs associated with an ASP pool. Each ASP added to the pool can support a maximum of 32,768 units. Subscribers consume a load of 1 unit, so each ASP supports 32,768 subscribers, or a combination of subscribers and tunnels with a maximum load within 32,768 units.
The following example specifies a limit of 16,384 subscribers for each ASP associated with ASP pool p1.
[local]Redback(config)#asp pool p1 service security [local]Redback(config-asp-pool-mode)#maximum subscribers 16384
maximum tunnels ipsec max-tunnels
ASP pool configuration
max-tunnels |
Maximum number of IPsec tunnels per ASP. Possible values are 1 to 4,096. |
The default number of IPsec tunnels admitted per ASP is 2,048.
Specifies the maximum number of IPsec tunnels for all ASPs associated with an ASP pool. Each ASP added to the pool supports a maximum of 32,768 units. IPsec tunnels consume a load of 8 units, so each ASP supports 4,096 tunnels, or a combination of tunnels and subscribers with a maximum load within 32,768 units.
The following example specifies a limit of 1,024 IPsec tunnels for each ASP associated with ASP pool p1.
[local]Redback(config)#asp pool p1 service security [local]Redback(config-asp-pool-mode)#maximum tunnels ipsec 1024
pool pool-name
ASP group configuration
pool-name |
The name of an existing ASP pool. |
No ASP pool is identified for an ASP group by default.
Specifies the ASP pool associated with the ASP group.
The following example specifies that the existing ASP pool ipsec_pool1 is associated with this ASP group.
[local]Redback(config)#asp group ipsec_group1 [local]Redback(config-asp-group-mode)#pool ipsec_pool1
priority number
ASP group configuration
number |
1..1024. The lower the value the higher the priority. |
No priority for an ASP group is configured by default.
Configures the priority for the ASP group. Priority is used to determine the order in which ASPs are allocated to the ASP groups.
The following example configures a priority of 100 for the ASP group. This ASP group will be allocated ASPs before ASP groups with lower priority.
[local]Redback(config-asp-group-mode)#priority 100
show asp [slot-id/asp-id]
all modes
slot-id |
Chassis slot number where the ASE card is installed. The range of values depends on the chassis:
|
asp-id |
The ID of the ASP on the ASE card. Possible values are 1 and 2. |
Displays information about ASPs. With no parameters, a one-line summary for each ASP providing the pool name and the group name to which the ASP belongs, the operational state of the ASP, whether the ASP is acting as an active or backup ASP, and the service the ASP provides is displayed. With an ASP specified, the same information for the specified ASP is displayed.
[local]Redback#show asp ASP-Name Oper-State Active/Backup Pool Group Service 1/1 up active pool1 group1 security 1/2 up active pool2 group2 security 2/1 up active pool_1 ha-grp1 security 11/1 down active ipsec_pool1 ipsec_group1 security [local]Redback#show asp 11/1 ASP ID : 11/1 Operating State : up Active or Backup : active Pool : ipsec_pool1 Group : ipsec_group1 Service : security
show asp group [group-name | detail]
all modes
group-name |
The name of an existing ASP group. |
detail |
Displays detailed information for each configured ASP group. |
Displays information about ASP groups. With no parameters, a one-line summary for each ASP group providing the name of the ASP pool that is referenced by the group, number of configured ASPs for the group and the priority configured for the group is displayed. With an ASP group name specified, the same information is provided for the specified ASP group, and a one line summary for each physical ASP in the ASP group is displayed. With the detail keyword, the same information provided for a single ASP group is displayed for all configured ASP groups.
[local]Redback#show asp group ID Name Service-Type Prio Num-ASPs Num-ASPs-Assigned 2 ipsec_group1 1 0 1 1 [local]Redback#show asp group ipsec_group1 Group Name : ipsec_group1 Service Name : Group ID : 2 Priority : 0 Associated Pool : ipsec_pool1 Configured ASP Count : 1 Assigned ASP Count : 1 Assigned ASPs : 1. 11/1 (up/active)
show asp pool [pool-name | detail]
all modes
pool-name |
The name of an existing ASP pool. |
detail |
Displays detailed information for each configured ASP pool. |
Displays information about ASP pools. With no parameters, a one-line summary for each ASP pool providing the pool name, number of configured ASPs for the pool and the service to which the pool belongs is displayed. With an ASP pool name specified, the service which is being provided by the ASP pool, the ASP groups that are referencing it and the set of physical ASPs that belong to the ASP pool and a one line summary for each ASP group and physical ASP is displayed. With the detail keyword, the same information provided for a single ASP pool is displayed for all configured ASP pools.
[local]Redback#show asp pool Pool-Name Service-Name Number-of-ASPs ipsec_pool1 security 2 ipsec_pool2 security 0 [local]Redback#show asp pool ipsec_pool1 Pool Name : ipsec_pool1 Service Name : security Pool ID : 2 ASP Groups : 1. ipsec_group1 Configured ASPs : 1. 11/1 (up/active) [local]Redback#show asp pool detail Pool Name : ipsec_pool1 Service Name : security Pool ID : 1 ASP Groups : 1. ipsec_group1 Configured ASPs : 1. 11/1 (up/active) Pool Name : ipsec_pool2 Service Name : security Pool ID : 2 ASP Groups : 1. group2 Configured ASPs : 1. 1/2 (up/active)
ASE |
Advanced Service |
ASP |
Advanced Services Processor |
PPA |
Packet Processing ASIC |
RCM |
Router Configuration Manager |
[1] Advanced Services Infrastructure Overview, 1/221 02-CRA 119 1170/1. |
[2] Advanced Services Configuration and Operation Using the SmartEdge OS CLI, 1/1543-CRA 119 1170/1. |
[3] Advanced Services Configuration and Operation Using the NetOp EMS Software, 1553-CRA 119 1170/1. |