| 1 | Commands |
| 1.1 | asp |
| 1.2 | asp-count |
| 1.3 | asp security default |
| 1.4 | asp group |
| 1.5 | asp-group |
| 1.6 | asp pool service |
| 1.7 | card ase |
| 1.8 | debug asp engine |
| 1.9 | debug security |
| 1.10 | log server |
| 1.11 | log source |
| 1.12 | maximum subscribers |
| 1.13 | maximum tunnels ipsec |
| 1.14 | pool |
| 1.15 | priority |
| 1.16 | show asp |
| 1.17 | show asp group |
| 1.18 | show asp pool |
Glossary | |
Reference List | |
| Copyright |
© Ericsson AB 2009–2011. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner. | ||||||
| Disclaimer |
The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document. | ||||||
| Trademark List |
|
1 Commands
This document provides command syntax and usage guidelines for commands used in the configuration and operation of the advanced services support available when an Advanced Service (ASE) card is installed in a SmartEdge® router. For an overview of the ASE card infrastructure, see Reference [1]. For configuration tasks, see Reference [2] or Reference [3].
1.1 asp
asp slot-id/asp-id
1.1.1 Command Mode
Advanced Services Processor (ASP) pool configuration
1.1.2 Syntax Description
|
slot-id |
Chassis slot number where the ASE card is installed. The range of values depends on the chassis:
|
|
asp-id |
The ID of the ASP on the ASE card. Possible values are 1 and 2. |
1.1.3 Usage Guidelines
Specifies the ASPs associated with the ASP pool.
1.1.4 Default
No ASPs are associated with an ASP pool.
1.1.5 Examples
The following example specifies six ASPs on four ASE cards to associate with the ASP pool being configured:
[local]Redback(config-asp-pool-mode)#asp 1/1 [local]Redback(config-asp-pool-mode)#asp 1/2 [local]Redback(config-asp-pool-mode)#asp 3/1 [local]Redback(config-asp-pool-mode)#asp 3/2 [local]Redback(config-asp-pool-mode)#asp 4/1 [local]Redback(config-asp-pool-mode)#asp 5/1
1.2 asp-count
asp-count number
1.2.1 Command Mode
ASP group configuration
1.2.2 Syntax Description
|
number |
1 to 22 |
1.2.3 Default
No number of ASPs are associated with an ASP group.
1.2.4 Usage Guidelines
Specifies the number of ASPs requested by the ASP group. In conjunction with the priority assigned to the ASP group, ASPs up to the number requested will be allocated to the group from the ASP pool associated with the group.
1.2.5 Examples
The following example specifies that two ASPs are requested by the ASP group.
[local]Redback(config-asp-group-mode)#asp-count 2
1.3 asp security default
asp security default
1.3.1 Command Mode
global configuration
1.3.2 Syntax Description
This command has no keywords or arguments.
1.3.3 Default
None.
1.3.4 Usage Guidelines
Configures the ASP to provide the security service and enters the ASP security default configuration mode.
1.3.5 Examples
[local]Redback(config)#asp security default
1.4 asp group
asp group group-name
1.4.1 Command Mode
global configuration
1.4.2 Syntax Description
|
group-name |
The name of the ASP group. |
1.4.3 Default
No ASP groups are configured.
1.4.4 Usage Guidelines
Creates or selects an ASP group and enters ASP group configuration mode.
1.4.5 Examples
The following example configures the ASP group ipsec_group1
[local]Redback(config)#asp group ipsec_group1
1.5 asp-group
asp-group group-name service service-name
1.5.1 Command Mode
context configuration
1.5.2 Syntax Description
|
group-name |
The name of an existing ASP group. |
|
service service-name |
The only available value is security. Must match the service-name specified for the ASP pool to which the ASP group belongs. |
1.5.3 Default
No ASP groups are associated with an ASE-based service.
1.5.4 Usage Guidelines
Associates an ASP group for the specified service with the context in which this command is entered.
1.5.5 Examples
The following example associates ASP group ipsec_group1 with the context c3.
[local]Redback(config)#context c3 [local]Redback(config-ctx)#asp-group ipsec_group1 service security
1.6 asp pool service
asp pool pool-name service service-name
1.6.1 Command Mode
global configuration
1.6.2 Syntax Description
|
pool-name |
The name of the ASP pool. |
|
service service-name |
Mandatory. The only available value is security. |
1.6.3 Default
No ASP pool is configured by default.
1.6.4 Usage Guidelines
Creates or selects an ASP pool and enters ASP pool configuration mode.
1.6.5 Examples
The following example configures an ASP pool ipsec_pool1 for use with the ASE-based service security.
[local]Redback(config)#asp pool ipsec_pool1 service security
1.7 card ase
card ase slot
1.7.1 Command Mode
global configuration
1.7.2 Syntax Description
|
slot |
Chassis slot number where the card is installed. The range of values depends on the chassis:
|
1.7.3 Usage Guidelines
Specifies an ASE card for a slot, or selects one for modification, and enters card configuration mode.
1.7.4 Examples
The following example configures an ASE card in slot 4:
[local]Redback(config)#card ase 4
1.8 debug asp engine
debug asp slot/asp-id engine all {trace | log} {buffer | console } [level level ]
1.8.1 Command Mode
exec
1.8.2 Syntax Description
|
slot-id |
Chassis slot number where the ASE card is installed. The range of values depends on the chassis:
|
|
asp-id |
The ID of the ASP on the ASE card. Possible values are 1 and 2. |
|
trace |
Enables generation of trace messages. |
|
log |
Enables generation of log messages. |
|
buffer |
Sends debug information to the circular buffer on the ASP. |
|
console |
Sends debug information to the console. |
|
level level |
Specifies the debug logging level, where level is one of the following (in descending severity order):
|
1.8.3 Usage Guidelines
Enables the generation of debug messages for a specific ASP engine on a specific ASE card.
| Caution! | ||
|
Risk of performance loss. Enabling the generation of debug messages
can severely affect system performance. To reduce the risk, exercise
caution when enabling the generation of debug messages on a production
system.
| ||
1.8.4 Examples
Enables the generation of debug messages for the ASP engine of a specific ASP on a specific ASE card.
[local]Redback #debug asp 2/1 engine all
1.9 debug security
debug security {all | asp | config | general | ppa | rcm | service | state | tunnel}
1.9.1 Command Mode
exec
1.9.2 Syntax Description
|
all |
All security service debug messages |
|
asp |
ASP messages |
|
config |
Security configuration download messages |
|
general |
General messages |
|
ppa |
Packet Processing ASIC (PPA) messages |
|
rcm |
Router Configuration Manager (RCM) messages |
|
service |
Security service processing messages |
|
state |
State messages |
|
tunnel |
Tunnel messages |
1.9.3 Usage Guidelines
Enables the generation of debug messages for the ASE-based security service.
| Caution! | ||
|
Risk of performance loss. Enabling the generation of debug messages
can severely affect system performance. To reduce the risk, exercise
caution when enabling the generation of debug messages on a production
system.
| ||
1.9.4 Examples
The following example enables the generation of all debug messages for the ASE-based security service.
[local]Redback#debug security all
1.10 log server
log server server-ip [transport transport-protocol] [port port]
1.10.1 Command Mode
ASP security default configuration
1.10.2 Syntax Description
|
server-ip |
IP address of the default log server. |
|
transport-protocol |
Specifies the transport protocol used for logs. Only UDP is supported. |
1.10.3 Default
No log server is configured by default.
1.10.4 Usage Guidelines
Configures the IP address and destination port of the log server. The log server should be reachable through context local.
1.10.5 Examples
[local]Redback(config)#asp security default [local]Redback(config-asp-security-default)#log server 10.1.1.2 udp 514 10.1.0.5
1.11 log source
log source source-ip [context context-name]
1.11.1 Command Mode
ASP security default configuration
1.11.2 Syntax Description
|
source-ip |
IP address of the default log source. |
|
context-name |
Context through which the log source is reachable. |
1.11.3 Default
No log source is configured by default.
1.11.4 Usage Guidelines
Configures the IP address and the context through which the log source is reachable.
1.11.5 Examples
[local]Redback(config-asp-security-default)#log server 10.1.1.2 udp 514 10.1.0.5
1.12 maximum subscribers
maximum subscribers max-subscribers
1.12.1 Command Mode
ASP pool configuration
1.12.2 Syntax Description
|
max-subscribers |
Maximum number of subscribers per ASP. Possible values are 1 to 32,768. |
1.12.3 Default
The default number of subscribers admitted per ASP is 8,124.
1.12.4 Usage Guidelines
Specifies the maximum number of subscribers admitted for all ASPs associated with an ASP pool. Each ASP added to the pool can support a maximum of 32,768 units. Subscribers consume a load of 1 unit, so each ASP supports 32,768 subscribers, or a combination of subscribers and tunnels with a maximum load within 32,768 units.
1.12.5 Examples
The following example specifies a limit of 16,384 subscribers for each ASP associated with ASP pool p1.
[local]Redback(config)#asp pool p1 service security [local]Redback(config-asp-pool-mode)#maximum subscribers 16384
1.13 maximum tunnels ipsec
maximum tunnels ipsec max-tunnels
1.13.1 Command Mode
ASP pool configuration
1.13.2 Syntax Description
|
max-tunnels |
Maximum number of IPsec tunnels per ASP. Possible values are 1 to 4,096. |
1.13.3 Default
The default number of IPsec tunnels admitted per ASP is 2,048.
1.13.4 Usage Guidelines
Specifies the maximum number of IPsec tunnels for all ASPs associated with an ASP pool. Each ASP added to the pool supports a maximum of 32,768 units. IPsec tunnels consume a load of 8 units, so each ASP supports 4,096 tunnels, or a combination of tunnels and subscribers with a maximum load within 32,768 units.
1.13.5 Examples
The following example specifies a limit of 1,024 IPsec tunnels for each ASP associated with ASP pool p1.
[local]Redback(config)#asp pool p1 service security [local]Redback(config-asp-pool-mode)#maximum tunnels ipsec 1024
1.14 pool
pool pool-name
1.14.1 Command Mode
ASP group configuration
1.14.2 Syntax Description
|
pool-name |
The name of an existing ASP pool. |
1.14.3 Default
No ASP pool is identified for an ASP group by default.
1.14.4 Usage Guidelines
Specifies the ASP pool associated with the ASP group.
1.14.5 Examples
The following example specifies that the existing ASP pool ipsec_pool1 is associated with this ASP group.
[local]Redback(config)#asp group ipsec_group1 [local]Redback(config-asp-group-mode)#pool ipsec_pool1
1.15 priority
priority number
1.15.1 Command Mode
ASP group configuration
1.15.2 Syntax Description
|
number |
1..1024. The lower the value the higher the priority. |
1.15.3 Default
No priority for an ASP group is configured by default.
1.15.4 Usage Guidelines
Configures the priority for the ASP group. Priority is used to determine the order in which ASPs are allocated to the ASP groups.
1.15.5 Examples
The following example configures a priority of 100 for the ASP group. This ASP group will be allocated ASPs before ASP groups with lower priority.
[local]Redback(config-asp-group-mode)#priority 100
1.16 show asp
show asp [slot-id/asp-id]
1.16.1 Command Mode
all modes
1.16.2 Syntax Description
|
slot-id |
Chassis slot number where the ASE card is installed. The range of values depends on the chassis:
|
|
asp-id |
The ID of the ASP on the ASE card. Possible values are 1 and 2. |
1.16.3 Usage Guidelines
Displays information about ASPs. With no parameters, a one-line summary for each ASP providing the pool name and the group name to which the ASP belongs, the operational state of the ASP, whether the ASP is acting as an active or backup ASP, and the service the ASP provides is displayed. With an ASP specified, the same information for the specified ASP is displayed.
1.16.4 Examples
[local]Redback#show asp
ASP-Name Oper-State Active/Backup Pool Group Service
1/1 up active pool1 group1 security
1/2 up active pool2 group2 security
2/1 up active pool_1 ha-grp1 security
11/1 down active ipsec_pool1 ipsec_group1 security
[local]Redback#show asp 11/1
ASP ID : 11/1
Operating State : up
Active or Backup : active
Pool : ipsec_pool1
Group : ipsec_group1
Service : security
1.17 show asp group
show asp group [group-name | detail]
1.17.1 Command Mode
all modes
1.17.2 Syntax Description
|
group-name |
The name of an existing ASP group. |
|
detail |
Displays detailed information for each configured ASP group. |
1.17.3 Usage Guidelines
Displays information about ASP groups. With no parameters, a one-line summary for each ASP group providing the name of the ASP pool that is referenced by the group, number of configured ASPs for the group and the priority configured for the group is displayed. With an ASP group name specified, the same information is provided for the specified ASP group, and a one line summary for each physical ASP in the ASP group is displayed. With the detail keyword, the same information provided for a single ASP group is displayed for all configured ASP groups.
1.17.4 Examples
[local]Redback#show asp group
ID Name Service-Type Prio Num-ASPs Num-ASPs-Assigned
2 ipsec_group1 1 0 1 1
[local]Redback#show asp group ipsec_group1
Group Name : ipsec_group1
Service Name :
Group ID : 2
Priority : 0
Associated Pool : ipsec_pool1
Configured ASP Count : 1
Assigned ASP Count : 1
Assigned ASPs :
1. 11/1 (up/active)
1.18 show asp pool
show asp pool [pool-name | detail]
1.18.1 Command Mode
all modes
1.18.2 Syntax Description
|
pool-name |
The name of an existing ASP pool. |
|
detail |
Displays detailed information for each configured ASP pool. |
1.18.3 Usage Guidelines
Displays information about ASP pools. With no parameters, a one-line summary for each ASP pool providing the pool name, number of configured ASPs for the pool and the service to which the pool belongs is displayed. With an ASP pool name specified, the service which is being provided by the ASP pool, the ASP groups that are referencing it and the set of physical ASPs that belong to the ASP pool and a one line summary for each ASP group and physical ASP is displayed. With the detail keyword, the same information provided for a single ASP pool is displayed for all configured ASP pools.
1.18.4 Examples
[local]Redback#show asp pool
Pool-Name Service-Name Number-of-ASPs
ipsec_pool1 security 2
ipsec_pool2 security 0
[local]Redback#show asp pool ipsec_pool1
Pool Name : ipsec_pool1
Service Name : security
Pool ID : 2
ASP Groups :
1. ipsec_group1
Configured ASPs :
1. 11/1 (up/active)
[local]Redback#show asp pool detail
Pool Name : ipsec_pool1
Service Name : security
Pool ID : 1
ASP Groups :
1. ipsec_group1
Configured ASPs :
1. 11/1 (up/active)
Pool Name : ipsec_pool2
Service Name : security
Pool ID : 2
ASP Groups :
1. group2
Configured ASPs :
1. 1/2 (up/active)
Glossary
| ASE |
| Advanced Service |
| ASP |
| Advanced Services Processor |
| PPA |
| Packet Processing ASIC |
| RCM |
| Router Configuration Manager |
Reference List
| [1] Advanced Services Infrastructure Overview, 1/221 02-CRA 119 1170/1-V1 |
| [2] Advanced Services Configuration and Operation Using the SmartEdge OS CLI, 1/1543-CRA 119 1170/1-V1 |
| [3] Advanced Services Configuration and Operation Using the NetOp EMS Software, 1553-CRA 119 1170/1 |