Avaya BSGx4e CLI User's Guide Page 1

CLI Reference GuideBSGX4eBusiness GatewayNN47928-107Software Release 2.1.1

How to get help 1 About this guide10 NN47928-107

Relay commands 3 Configuration commands100 NN47928-107 relay dns settingsThe DNS relay function relays DNS messages between clients located on LAN and

3 Configuration commands Relay commandsNN47928-107 101source user|auto Enter the source of the DNS relay configuration. The default is auto. For user,

Relay commands 3 Configuration commands102 NN47928-107 relay sntp settingsThe SNTP relay function relays the SNTP messages between clients located on

3 Configuration commands Relay commandsNN47928-107 103client configuration is null if it requested its server from DHCP, but it did not receive one an

Relay commands 3 Configuration commands104 NN47928-107 relay tftp cacheThe TFTP cache feature allows copies of frequently requested files to be tempor

3 Configuration commands Relay commandsNN47928-107 105relay tftp filesUse this command to configure a file to be stored in the TFTP file cache.Syntax

Relay commands 3 Configuration commands106 NN47928-107 relay tftp settingsTFTP relay function relays the TFTP messages between clients located on the

3 Configuration commands RIP commandNN47928-107 107RIP commandThis section describes how to enable dynamic routing using RIP (Routing Information Prot

RIP command 3 Configuration commands108 NN47928-107 rip daemonUse this command to configure the RIP daemon to start then listen for RIP messages on th

3 Configuration commands Route commandsNN47928-107 109Route commandsThis section describes how to configure BSGX4e static IP routes:z route table

NN47928-107 112 COMMAND INTERFACEOVERVIEWThis chapter describes how to use the Command Line Interface (CLI) for the BSGX4e. The CLI provides commands

Route commands 3 Configuration commands110 NN47928-107 route tableThis command adds a static IP route to the routing table in the BSGX4e. Each route i

3 Configuration commands Security commandsNN47928-107 111Security commandsThis section describes how to configure the BSGX4e security features: Firewa

Security commands 3 Configuration commands112 NN47928-107 security algThe Application Layer Gateway (ALG) enables the transfer of FTP, PPTP, and TFTP

3 Configuration commands Security commandsNN47928-107 113security nat interfaceNetwork Address Translation (NAT) provides security by hiding the inter

Security commands 3 Configuration commands114 NN47928-107 security nat policyWhen translating addresses, Network Address Translation (NAT) references

3 Configuration commands Security commandsNN47928-107 115Security NAT publicA public IP address must be configured for static NAT and also for address

Security commands 3 Configuration commands116 NN47928-107 security policy This command defines firewall security policies to accept desired incoming t

3 Configuration commands Security commandsNN47928-107 117(acceptance or rejection) is determined by the first policy that the packet matches. Therefor

Service commands 3 Configuration commands118 NN47928-107 Service commandsThis section describes how to configure BSGX4e access types. The following se

3 Configuration commands Service commandsNN47928-107 119service sshThe SSH server enables secure remote access to the BSGX4e over an insecure network,

Command entry 2 Command interface overview12 NN47928-107 Command entryThis chapter assumes the BSGX4e has been installed in a working network as descr

Service commands 3 Configuration commands120 NN47928-107 service telnetTelnet allows access to the BSGX4e over a remote terminal session. Telnet acces

3 Configuration commands Service commandsNN47928-107 121service webThe Web server enables remote administration of the BSGX4e using the Web User Inter

Shell terminal command 3 Configuration commands122 NN47928-107 Shell terminal commandThis section describes how to configure shell terminal settings:z

3 Configuration commands Shell terminal commandNN47928-107 123shell terminalUse this command to configure the shell terminal settings.Syntax config sh

SIP commands 3 Configuration commands124 NN47928-107 SIP commands The following section describes how to configure Session Initiation Protocol (SIP) c

3 Configuration commands SIP commandsNN47928-107 125sip gateway settingsUse this command to configure a SIP FxO gateway on the LAN side of the BSGX4e

SIP commands 3 Configuration commands126 NN47928-107 sip sc settingsThe SIP session controller (SC) relays SIP messages between SIP endpoints and SIP

3 Configuration commands SIP commandsNN47928-107 127contpass yes|no Enable/disable unknown content types to be relayed. The default is yes.switchtype

SIP commands 3 Configuration commands128 NN47928-107 sip server settingsUse this command to configure a server profile, which determines how the sessi

3 Configuration commands SIP commandsNN47928-107 129ibserver1 ip address|rangeEnter an optional additional inbound servers (IP address or range).ibser

2 Command interface overview Online helpNN47928-107 13Online helpTo get online help with commands while logged in to the device, use the Help command

SIP commands 3 Configuration commands130 NN47928-107 sip ua portThe SIP user agent (UA) allows an analog device to use VoIP connections to place and r

3 Configuration commands SIP commandsNN47928-107 131rfc2833 off|on Enable/disable RFC 2833 for DTMF. RFC2833 provides out of band DTMF event reports.

SIP commands 3 Configuration commands132 NN47928-107 SIP UA settingsUse this command to configure the SIP protocol settings on a BSGX4e that apply to

3 Configuration commands SIP commandsNN47928-107 133Enter the maximum interval of time in seconds that User Agent can ring without being answered. If

SNMP commands 3 Configuration commands134 NN47928-107 SNMP commands The following section describes how to configure SNMP commands. Use the following

3 Configuration commands SNMP commandsNN47928-107 135snmp agentUse this command to configure an SNMP agent. The SNMP agent MIBs are described in IETF

SNMP commands 3 Configuration commands136 NN47928-107 snmp communityUse this command to configure SNMP communities including the IP address and access

3 Configuration commands SNMP commandsNN47928-107 137snmp trapsUse this command to configure SNMP traps. The following traps are supported:z ColdStart

SSL commands 3 Configuration commands138 NN47928-107 SSL commands This section describes how to configure the Secure Socket Layer (SSL). Use the follo

3 Configuration commands SSL commandsNN47928-107 139ssl certificateThe SSL certificate allows a system administrator to configure an X509 certificate

Online help 2 Command interface overview14 NN47928-107 config - Configure an element's parametersdisplay - Displays the current configuration of

SSL commands 3 Configuration commands140 NN47928-107 ssl csrThe SSL Certificate Signing Request (CSR) allows a system administrator to generate an X50

3 Configuration commands SSL commandsNN47928-107 141Uploading csr.pem to /cf0sys/ssl/csr.pem3. Check that the CSR file is in the current directory:sft

SSL commands 3 Configuration commands142 NN47928-107 ssl keyThe SSL key allows the system administrator to manage a private RSA key, which is needed b

3 Configuration commands Switch commandsNN47928-107 143Switch commands This section describes how to configure the LAN switch:z switch qos ieeez switc

Switch commands 3 Configuration commands144 NN47928-107 qosThe LAN switch in the BSGX4e provides a layer 2 Quality of Service (QoS) feature. This feat

3 Configuration commands Switch commandsNN47928-107 145 Table 7 Default Priority QueuesPriority QueuePort NumberIEEE 802.1p or ToS TagTos/DiffServ Tag

Switch commands 3 Configuration commands146 NN47928-107 switch qos ieeeThis command maps IEEE 802.1p values to priority queues. This command is valid

3 Configuration commands Switch commandsNN47928-107 147switch qos portThis command maps port numbers to priority queues. This command is valid only if

Switch commands 3 Configuration commands148 NN47928-107 switch qos settingUse this command to configure layer 2 QoS settings.Syntax config switch qos

3 Configuration commands Switch commandsNN47928-107 149switch qos tosThis command maps IP ToS/DiffServ values to priority queues. This command is vali

2 Command interface overview Online helpNN47928-107 15

Switch commands 3 Configuration commands150 NN47928-107 switch arlAddress Resolution Logic (ARL) maps MAC addresses to specific LAN ports. This enable

3 Configuration commands Switch commandsNN47928-107 151Example The following example increases the aging interval for the ARL table to 320 seconds:>

Switch commands 3 Configuration commands152 NN47928-107 switch mirrorUse this command to configure port mirroring. Port mirroring duplicates traffic f

3 Configuration commands Switch commandsNN47928-107 153switch portUse this command to configure the BSGX4e LAN ports. There is an uplink port (port 0

Switch commands 3 Configuration commands154 NN47928-107 switch vlanThis command assigns ports as members of a Virtual LAN (VLAN). The ports can be any

3 Configuration commands System commandsNN47928-107 155System commands This section describes how to configure the following system parameters:z syste

System commands 3 Configuration commands156 NN47928-107 system dnsThe Domain Name Service (DNS) client in the unit sends requests to a DNS server on t

3 Configuration commands System commandsNN47928-107 157system dyndnsAttention:Dynamic DNS is not yet supported.The dynamic DNS service allows a remote

System commands 3 Configuration commands158 NN47928-107 Example config system dyndns service [email protected] enabled yes user test password **** hos

3 Configuration commands System commandsNN47928-107 159system imagesThis configures the default boot application.Syntax config system images [1|2] def

CLI command syntax 2 Command interface overview16 NN47928-107 CLI command syntaxThe following syntax applies to CLI commands:config [command group] [c

System commands 3 Configuration commands160 NN47928-107 system infoUse this command to configure the name and country code of the BSGX4e. Selecting a

3 Configuration commands System commandsNN47928-107 161system sntpUse this command to configure the SNTP client. Syntax config system sntp enabled [ye

System commands 3 Configuration commands162 NN47928-107 Example The following example changes the configuration source to auto. Assuming the DHCP serv

3 Configuration commands System commandsNN47928-107 163system startupUse this command to configure the BSGX4e to run a command automatically after eac

System commands 3 Configuration commands164 NN47928-107 system watchdogUse this command to configure the watchdog timer. The watchdog reset timer allo

3 Configuration commands Tacplus commandNN47928-107 165Tacplus command This section describes how to configure the TACACS+ client of the BSGX4e.

Tacplus command 3 Configuration commands166 NN47928-107 tacplus clientThis command provides additional security when logging in to the BSGX4e. When a

3 Configuration commands Tacplus commandNN47928-107 167

User commands 3 Configuration commands168 NN47928-107 User commands This section describes how to configure user accounts, groups and rights.z user ac

3 Configuration commands User commandsNN47928-107 169user accountsThis command defines user access to a BSGX4e. There are two types of users, administ

2 Command interface overview CLI command syntaxNN47928-107 17Boolean parameters are parameters with two states (on/off or yes/no). To specify the on/

User commands 3 Configuration commands170 NN47928-107 Example This example assumes that the user is given read and write access to the unit, but only

3 Configuration commands User commandsNN47928-107 171user groupsThis command defines user access to a BSGX4e as managed by user accounts, and user rig

User commands 3 Configuration commands172 NN47928-107 user rightsThere are three rights settings — one for the Administrators (admins) user group and

3 Configuration commands Voice CommandsNN47928-107 173Voice Commands This section describes how to configure the following voice features:z voice aclz

Voice Commands 3 Configuration commands174 NN47928-107 voice aclThe Access Control List (ACL) is a list of policy entries that determine which LAN end

3 Configuration commands Voice CommandsNN47928-107 175voice fxo gainThis command sets the DSP gain values for the FXO port(s).Syntax config voice fxo

Voice Commands 3 Configuration commands176 NN47928-107 voice fxo hw impedanceThis command sets a line impedance value for the FXO port(s).Syntax confi

3 Configuration commands Voice CommandsNN47928-107 177voice fxs gainThis command sets the DSP gain values for the FXS port on a BSGX4e.Syntax config v

Voice Commands 3 Configuration commands178 NN47928-107 voice fxs hw impedanceThis command sets a line impedance value for the FXS port on a BSGX4e.Syn

3 Configuration commands Voice CommandsNN47928-107 179voice fxs ring patternThis command modifies ring cadences for the FxS port based on eight patter

CLI command syntax 2 Command interface overview18 NN47928-107 Country United States of America (US) Temp Unsupported Up ti

Voice Commands 3 Configuration commands180 NN47928-107 voice jitterbufferUse this command to configure voice playout jitter buffer setting for the SIP

3 Configuration commands Voice CommandsNN47928-107 181voice npWhen an analog device, such as a phone, is connected to the FxS port on the BSGX4e, a nu

Voice Commands 3 Configuration commands182 NN47928-107 CFWNA Clear Forward No Answer. Applicable only if type parameter is set to service.BXFER Blind

3 Configuration commands Voice CommandsNN47928-107 183voice tonesUse this command to configure tone types for the FxS port. Each tone type is assigned

Voice Commands 3 Configuration commands184 NN47928-107 > config voice tones congestion on1 150 off1 150 on2 0 off2 0 freq1 425 level1 -10 freq2 0 l

2 Command interface overview Interactive modeNN47928-107 19Interactive modeInteractive mode allows a command to be entered all on one line or split b

NN47928-107 BSGX4e 1.2Business Services GatewayDocument Status: StandardDocument Version: 01.01Document Number: NN47928-107Date: July 2008Copyright ©

Interactive mode 2 Command interface overview20 NN47928-107

NN47928-107 213 CONFIGURATION COMMANDSThis chapter lists the BSGX4e configuration commands in alphabetical order. Configuration commands have the foll

3 Configuration commands22 NN47928-107 — mgcp server settings — mgcp ua port — mgcp ua settings — Netflow commands— netflow agent — netflow filter —PM

3 Configuration commandsNN47928-107 23— switch qos port— switch qos setting— switch qos tos— switch arl — switch mirror—switch port— switch vlan— Syst

Audit status command 3 Configuration commands24 NN47928-107 Audit status command Audit logging logs events that affect system security, such as system

3 Configuration commands Audit status commandNN47928-107 25audit statusUse this command to configure audit logging. Audit logging fills a table of 100

ARP command 3 Configuration commands26 NN47928-107 ARP commandThis section describes how to configure ARP:z arp table

3 Configuration commands ARP commandNN47928-107 27arp tableARP is a network layer protocol that automatically maps IP addresses to hardware Media Acce

Calls analyser command 3 Configuration commands28 NN47928-107 Calls analyser command Voice Quality Monitoring (VQM) measures call quality and monitors

3 Configuration commands Calls analyser commandNN47928-107 29call analyzerUse this command to configure voice quality monitoring.Syntax config jb [st

NN47928-107 3CONTENTS1 About this guide 7Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Calls analyser command 3 Configuration commands30 NN47928-107 Related commandsdisplay calls analysershow calls analysershow calls currentshow calls hi

3 Configuration commands DHCP server commandNN47928-107 31DHCP server command DHCP provides configuration parameters to IP hosts. DHCP consists of two

DHCP server command 3 Configuration commands32 NN47928-107 dhcps groupUse this command to configure a name for a DHCP server (DHCPS) group. This name

3 Configuration commands DHCP server commandNN47928-107 33dhcps hostThe DHCPS host configures the server so that a client with a given MAC always rece

DHCP server command 3 Configuration commands34 NN47928-107 dhcps optionA DHCP option is information that can be sent to a client when assigning a clie

3 Configuration commands DHCP server commandNN47928-107 35dhcps poolThe DHCPS manages a pool of IP addresses and also has information about client con

DHCP server command 3 Configuration commands36 NN47928-107 *dhcps-pool-eth1#*> subnet 10.0.1.0 *dhcps-pool-eth1#*> netmask 255.255.255.0 *dhcps-

3 Configuration commands DHCP server commandNN47928-107 37dhcps vendorclassUse this command to configure the options according to the vendor class ide

Firewall connection timeout command 3 Configuration commands38 NN47928-107 Firewall connection timeout command The firewall dynamically opens and clos

3 Configuration commands Firewall connection timeout commandNN47928-107 39firewall TCPSetting a timer for firewall connections limits how long a port

4 NN47928-107 ids anomaly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41ids flood

Intrusion detection system commands 3 Configuration commands40 NN47928-107 Intrusion detection system commands The Intrusion Detection System (IDS) de

3 Configuration commands Intrusion detection system commandsNN47928-107 41ids anomalyThis command enables and disables protection against packet fragm

Intrusion detection system commands 3 Configuration commands42 NN47928-107 fragtooshort — Triggers when any IP fragment other than the final fragment

3 Configuration commands Intrusion detection system commandsNN47928-107 43ids flood activityFlood attacks result in denial of service. IDS can detect

Intrusion detection system commands 3 Configuration commands44 NN47928-107 unknowntypeflood — This flood activity type refers to floods targeting Ethe

3 Configuration commands Intrusion detection system commandsNN47928-107 45ids flood settingsThis command describes how to change threshold values for

Intrusion detection system commands 3 Configuration commands46 NN47928-107 ids scanIDS scan protection can be activated for ICMP, UDP, and TCP SYN mes

3 Configuration commands Intrusion detection system commandsNN47928-107 47ids spoofIDS spoof detection can be activated for all IP interfaces, includi

Internet key exchange commands 3 Configuration commands48 NN47928-107 Internet key exchange commands The Internet Key Exchange (IKE) protocol provides

3 Configuration commands Internet key exchange commandsNN47928-107 49ike parametersThe IKE SA is re-negotiated when its lifetime expires; the shorter

NN47928-107 5relay sntp settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102relay tftp ca

Internet key exchange commands 3 Configuration commands50 NN47928-107 ike presharedAn IKE preshared key record specifies the preshared key used to enc

3 Configuration commands Interface commandsNN47928-107 51Interface commands This section describes how to configure the interface that connects the BS

Interface commands 3 Configuration commands52 NN47928-107 interface ipUse this command to configure the IP settings of the BSGX4e interfaces. The inte

3 Configuration commands Interface commandsNN47928-107 53interface pppUse this command to configure the BSGX4e to use a PPP link as its primary WAN in

Interface commands 3 Configuration commands54 NN47928-107 user string Enter a user name (up to 32 characters) as provided by the ISP.password string E

3 Configuration commands Interface commandsNN47928-107 55interface vlanUse this command to configure a virtual interface (vif) for a VLAN to assign it

IP security commands 3 Configuration commands56 NN47928-107 IP security commands IPsec provides data confidentiality, data integrity, and data authent

3 Configuration commands IP security commandsNN47928-107 57ipsec parametersUse this command to define the IPsec parameters for maximum lifetimes for a

IP security commands 3 Configuration commands58 NN47928-107 ipsec policyAn IPsec policy specifies the two secure networks that a VPN tunnel connects a

3 Configuration commands IP security commandsNN47928-107 59clear ipsec sashow ipsec sa

6 NN47928-107 system watchdog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164Tacplus command

IP security commands 3 Configuration commands60 NN47928-107 ipsec proposalAn IPsec proposal is a set of security parameters used when negotiating an I

3 Configuration commands Local call routing commandsNN47928-107 61Local call routing commands Local call routing (LCR) mode describes the telephone se

Local call routing commands 3 Configuration commands62 NN47928-107 lcr accountsWhen the BSGX4e acts as the VoIP server to perform local call routing,

3 Configuration commands Local call routing commandsNN47928-107 63lcr settingsUse this command to configure local call routing settings, including if

Local call routing commands 3 Configuration commands64 NN47928-107 > config lcr settings lcbmode int ecpolice 911 coprefix 9Related commandsdisplay

3 Configuration commands Logging commandsNN47928-107 65Logging commands The BSGX4e supports both local module logging and remote module logging (udplo

Logging commands 3 Configuration commands66 NN47928-107 logging destIf the destination map for a message type is external, a server must be configured

3 Configuration commands Logging commandsNN47928-107 67logging mapEach type of log message is mapped to its own set of destinations. Use this command

Logging commands 3 Configuration commands68 NN47928-107 Example > config logging map emerg +syslogRelated commandsdisplay logging mapshow logging m

3 Configuration commands Logging commandsNN47928-107 69logging modulesSpecify which message levels can be included or excluded for a system module. U

NN47928-107 71 About this guideThis chapter describes the intended audience for the Command Line Interface (CLI) Reference Guide, conventions, how the

Media setting command 3 Configuration commands70 NN47928-107 Media setting command Settings for the Media Bridge (MBR) specify how VoIP media connecti

3 Configuration commands Media setting commandNN47928-107 71media settingsUse this command to set the parameters for VoIP media streams. If the direct

Media gateway controller protocol commands 3 Configuration commands72 NN47928-107 Media gateway controller protocol commands The Media Gateway Control

3 Configuration commands Media gateway controller protocol commandsNN47928-107 73mgcp sc settingsAll VoIP traffic is directed through the session cont

Media gateway controller protocol commands 3 Configuration commands74 NN47928-107 mgcp server settingsThe following command configures a MGCP server p

3 Configuration commands Media gateway controller protocol commandsNN47928-107 75mgcp ua portSyntax Use this command to configure the MGCP user agent

Media gateway controller protocol commands 3 Configuration commands76 NN47928-107 fax off|CC_ON Enable/disable fax pass-through and either force media

3 Configuration commands Media gateway controller protocol commandsNN47928-107 77mgcp ua settingsThe MGCP protocol can be modified for interoperabilit

Netflow commands 3 Configuration commands78 NN47928-107 Netflow commands The BSGX4e implements a Netflow exporter. It monitors incoming traffic and re

3 Configuration commands Netflow commandsNN47928-107 79netflow agentUse this command to configure the Netflow agent. Netflow is a Cisco-developed syst

Documentation 1 About this guide8 NN47928-107 Text font conventionsThis guide uses the text font conventions described in the following table.Document

Netflow commands 3 Configuration commands80 NN47928-107 netflow filterUse this command to configure the Netflow filter. By default, all traffic is mon

3 Configuration commands PMON commandsNN47928-107 81PMON commands This section describes how to configure the protocol monitoring (PMON) tool. The PMO

PMON commands 3 Configuration commands82 NN47928-107 pmon agentThis command enables and disables protocol monitoring.Syntax config pmon agent enabled

3 Configuration commands PMON commandsNN47928-107 83pmon traceUse this command to configure monitor traces. All protocol monitoring traces are synchro

Protocol commands 3 Configuration commands84 NN47928-107 Protocol commands This section describes how to configure ARP and PPP protocols to be protect

3 Configuration commands Protocol commandsNN47928-107 85protocol arpAddress Resolution Protocol (ARP) is a network layer protocol that automatically m

Protocol commands 3 Configuration commands86 NN47928-107 protocol pppUse this command to configure PPP control traffic to be protected by QoS.Protecti

3 Configuration commands Proxy ARP commandsNN47928-107 87Proxy ARP commands Proxy ARP is used in the BSGX4e to connect hosts that belong to different

Proxy ARP commands 3 Configuration commands88 NN47928-107 proxy arpProxy ARP enables the BSGX4e to transparently connect hosts that belong to differen

3 Configuration commands QoS (GoS) commandsNN47928-107 89QoS (GoS) commands Attention:Downstream QoS is not yet supported.This section describes how t

1 About this guide How to get helpNN47928-107 9How to get helpThis section explains how to get help for Nortel products and services.Getting help from

QoS (GoS) commands 3 Configuration commands90 NN47928-107 qos downstream linkDownstream QoS manages WAN link bandwidth to provide quality protection f

3 Configuration commands QoS (GoS) commandsNN47928-107 91qos groupUse this command to configure a quality group. A quality group is the definition of

QoS (GoS) commands 3 Configuration commands92 NN47928-107 You can configure a quality group explicitly defined as best effort (BE). The defined BE qua

3 Configuration commands QoS (GoS) commandsNN47928-107 93cos value|no Enter a CoS value to be written into each packet assigned to this quality group

QoS (GoS) commands 3 Configuration commands94 NN47928-107 qos linkUse this command to configure a GoS link. A GoS link specifies the outgoing interfac

3 Configuration commands Radius commandsNN47928-107 95Radius commandsThis section describes how to configure the RADIUS authentication when you log in

Radius commands 3 Configuration commands96 NN47928-107 radius clientExternal authentication of passwords can be configured, providing additional secur

3 Configuration commands Radius commandsNN47928-107 97Enter the binding IP address for the client. It is the IP address of the interface that the serv

Relay commands 3 Configuration commands98 NN47928-107 Relay commandsThis section describes how to configure the following relay commands:z relay dhcp

3 Configuration commands Relay commandsNN47928-107 99relay dhcp settingsThe DHCP relay function relays DHCP messages between clients located on the LA