Administration Commands
RCP100 router can be accessed over Telnet, HTTP, FTP and TFTP. The access can be restricted using access control lists, see this example.
By default, Telnet and HTTP access is enabled, and an administrator account is created:
- user name: rcp
- password: rcp
Please login into the box and change the default password using administrator command.
Table Of Contents
administratorclear logging buffer
clear service statistics
cli exec-timeout
configure
copy
delete
dir
enable
exit
hostname
logging
logging debugging
logging host
logging rate-limit
logging snmp
logout
ping
service ftp
service http
service telnet
service tftp
show administrators
show clock
show configuration
show history
show logging
show logging buffer
show process
show running-config
show service
show startup-config
show version
telnet-client
terminal monitor
traceroute
Example: Restricting router administration access using ACLs
administrator
Set administrator accounts.
administrator <name> password <password>
administrator <name> encrypted password <password>
no administrator <name>
Example:
rcp(config)#administrator admin password Xz45g_ty rcp(config)#show configuration administrators administrator rcp encrypted password QFSNKPHJ$kNBAqXTxlxZhwKWIpt1e61 administrator admin encrypted password WDCXJPLMO$Cew9S6/7CiIzyVCjwe74zW ! rcp(config)#
show commands will always print encrypted passwords in CLI session.
clear service statistics
Clear access counters for all services.
clear service statistics
clear logging buffer
Clear internal logging buffer.
clear logging buffer
exec-timeout
Set CLI session inactivity timeout in minutes. The CLI session is automatically disconnected after the specified time. The no form of the command restores the default of 10 minutes.
exec-timeout <minutes>
no exec-timeout
configure
Enter configuration mode.
configure
Use exit command to leave the configuration mode
Example:
rcp#configure rcp(config)# [...] rcp(config)#exit rcp#
copy
Copy files.
copy <source file> <destination file>
copy running-config startup-config
Copying over FTP and TFTP protocols is also supported. The format of the file name differs from protocol to protocol, and requires user names and passwords.
Example:
rcp#copy ? FILE Source file FTP FILE ftp://user:password@host/file TFTP FILE tftp://host/file running-config System running configuration rcp#dir -rw-r--r--. 1 rcp rcp 6 Jan 4 08:17 testfile drwxr-xr-x. 2 rcp rcp 4096 Nov 14 07:44 tftpboot rcp#copy testfile ? FILE Destination file FTP FILE ftp://user:password@host/file TFTP FILE tftp://host/file rcp#copy testfile newtestfile rcp#
delete
Delete an existing file.
delete <existing file>
dir
List all files in home directory.
dir
enable
Enter privileged mode.
enable
Configuring password authorization:
enable password <password>
enable encrypted password <password>
no enable password
Use exit or logout to leave CLI session.
Example:
$ ssh rcp@0 rcp@0's password: Last login: Sat Jan 7 08:25:55 2012 from localhost.localdomain rcp>en Password: rcp#show configuration hostname rcp ! enable encrypted password WDCXJPLMO$Cew9S6/7CiIzyVCjwe74zW service ssh ! administrator rcp encrypted password QFSNKPHJ$kNBAqXTxlxZhwKWIpt1e61 [...] rcp#logout Connection to 0 closed.
exit
Exit the current CLI mode.
exit
hostname
Set router hostname.
hostname <name>
no hostname
no form of the command restores the default rcp.
Example:
rcp(config)#hostname lab1 lab1(config)#no hostname rcp(config)#
logging
Set logging level. Messages with a level smaller or equal to the one configured are sent to the logger. The messages are stored in the log buffer, printed on the terminal, and/or sent to an external log server.
logging <0..7>
logging <level name>
no logging
Logging level can be specified as a number between 0 and 7, or it can be specified by name. The following level names are defined:
0: emergencies
1: alerts
2: critical
3: errors
4: warnings
5: notifications
6: informational
7: debugging
no form of the command restores the default notifications level.
logging debugging
Turn debugging on or off. Debug messages are processed as regular log messages by the logger, and can be retrieved from the log buffer. The logger also allows printing of the messages on the terminal, or forwarding them to an external log server.
logging debugging <facility>
no logging debugging <facility>
no logging
The following facilities are implemented:
admin - Administrators facility logging
all - All facilities
configuration - Configuration facility logging
dhcp - DHCP facility logging
dns - DNS facility logging
interface - Interface facility logging
ipc - Inter-process communication
monitor - Network Monitoring facility logging
ntp - NTP facility logging
rip - RIP facility logging
router - Router facility logging
syscfg - System config facility logging
logging host
Send log messages to an external log server.
logging host <address>
no logging host <facility>
no logging
The no for of the command will delete the host. no logging command will delete all hosts.
Example:
rcp(config)#logging errors rcp(config)#logging host 10.1.20.7 rcp(config)#logging host 10.1.20.8 rcp(config)#show configuration logger logging 3 logging host 10.1.20.7 logging host 10.1.20.8 ! rcp(config)#
logging rate-limit
Limit the number of messages processed every second. The default value is 100. When this value is reached, log messages are dropped.
logging rate-limit <messages per second>
no logging rate-limit
no logging
no logging command will also restore the default value.
Example:
rcp(config)#logging errors rcp(config)#logging rate-limit 1000 rcp(config)#show configuration logger logging 3 logging rate-limit 1000 ! rcp(config)#
logging snmp
Send the log message to a SNMP trap receiver using syslogMsgNotification (RFC5676).
logging snmp <facility>
no logging snmp <facility>
no logging snmp
no logging
The following facilities are implemented:
admin - Administrators facility logging
all - All facilities
configuration - Configuration facility logging
dhcp - DHCP facility logging
dns - DNS facility logging
interface - Interface facility logging
ipc - Inter-process communication
monitor - Network Monitoring facility logging
ntp - NTP facility logging
rip - RIP facility logging
router - Router facility logging
syscfg - System config facility logging
logout
Exit the current CLI session.
logout
ping
Ping a host or an IP address.
ping <host name>
ping <address>
Example:
rcp#ping google.com PING google.com (74.125.113.106) 56(84) bytes of data. 64 bytes from 74.125.113.106: icmp_req=1 ttl=52 time=103 ms 64 bytes from 74.125.113.106: icmp_req=2 ttl=52 time=68.6 ms 64 bytes from 74.125.113.106: icmp_req=3 ttl=52 time=68.6 ms 64 bytes from 74.125.113.106: icmp_req=4 ttl=52 time=70.4 ms --- google.com ping statistics --- 5 packets transmitted, 4 received, 20% packet loss, time 4007ms rtt min/avg/max/mdev = 68.666/77.925/103.926/15.028 ms rcp#
service ftp
Enable ftp access.
service ftp
no service ftp
Example:
rcp(config)#service ftp rcp(config)#show configuration services ! service ftp ! rcp(config)#
service http
Enable http access.
service http [port <port number>]
no service http
Use this command to enable http service. An optional port number can be sepcified, default value 80. Http service is enabled by default.
Example:
rcp(config)#service http rcp(config)#show configuration services ! service http ! rcp(config)#
service telnet
Enable telnet access.
service telnet [port <port number>]
no service telnet
Use this command to enable telnet service. An optional port number can be sepcified, default value 23. Telnet service is enabled by default.
Example:
rcp(config)#service telnet rcp(config)#show configuration services ! service telnet ! rcp(config)#
service tftp
Enable tftp access.
service tftp
no service tftp
Example:
rcp(config)#service tftp rcp(config)#show configuration services hostname rcp ! service tftp ! rcp(config)#
show administrators
Show the currently logged in administrators.
show administrators
Example:
rcp#show administrators Administrator IP Address TTY Start Time rcp 127.0.0.1 /dev/pts/3 Sat Mar 17 08:35:45 2012 mike 127.0.0.1 /dev/pts/3 Sat Mar 17 08:49:05 2012 rcp#
show clock
Show current time.
show clock
Example:
rcp#show clock Sat Jan 7 13:15:39 EST 2012 rcp#
show running-config, show configuration
Show currently running configuration.
show running-config
show configuration
show configuration no-passwords
show configuration <subsystem>
show configuration and show running-config are identical. The no-passwords argument disables password and encryption keys printing in the output. There is also support to show the configuration for a specific subsystem:
Example:
rcp#show configuration acl Access control lists configuration administrators Administrators configuration arp Address Resolution Protocol dhcp Dynamic Host Configuration Protocol dns Domain Name Server configuration interfaces Interfaces configuration logger System logger configuration monitor Network Monitoring configuration no-passwords Do not display passwords ntp Network Time Protocol configuration ospf Open Short Path First rip Routing Information Protocol configuration route Static route configuration services Services configuration | Output modifiersrcp#
show history
Show CLI session history.
show history
Example:
rcp(config)#show history ip route 10.1.20.0/24 10.1.5.67 ip route 10.1.30.0/24 10.1.5.67 show ip route rcp(config)#
show logging
Show logging subsystem status.
show logging
Example:
rcp(config)#show logging Logging level 5 (Notice) Debug logging facilities: SYSCFG IPC Logging rate limit 100 Logging hosts: 10.1.20.89 rcp(config)#
show logging buffer
Show buffered log messages.
show logging buffer
Example:
rcp(config)#show logging buffer Jan 10 10:18:22 SERVICES-IPC: <Debug> forwarding internal packet Jan 10 10:18:22 SERVICES-IPC: <Debug> received INTERFACE UP packet Jan 10 10:18:22 ROUTER-INTERFACE: <Warning> interface eth0 link changed state to UP Jan 10 10:18:21 SERVICES-IPC: <Debug> forwarding CLI response packet Jan 10 10:18:21 SERVICES-IPC: <Debug> received CLI packet Jan 10 10:06:04 SERVICES-ADMIN: <Notice> administrator rcp logged in form 127.0.0.1 rcp(config)#
show process
Show all running RCP processes running.
show process
show process statistics
Example:
rcp>show process PID USER PR NI VIRT RES SHR S CPU MEM TIME+ COMMAND 2745 root 20 0 21264 4208 4008 S 0.0 0.5 0:00.11 rcpservices 2768 root 20 0 19872 1528 1332 S 0.0 0.2 0:00.07 rcpacl 2772 root 20 0 18576 936 772 S 0.0 0.1 0:00.00 ntpd 2773 root 20 0 17772 1304 1124 S 0.0 0.1 0:00.07 rcprip 2776 rcp 20 0 19856 1444 1252 S 0.0 0.2 0:00.07 rcpdns 2777 root 20 0 17744 1304 1128 S 0.0 0.1 0:00.05 rcpdhcp 2778 root 20 0 17764 1300 1124 S 0.0 0.1 0:00.06 rcprouter 2779 root 20 0 21556 1276 1048 S 0.0 0.1 0:00.01 xinetd 2780 rcp 20 0 19936 636 464 S 0.0 0.1 0:00.00 ntpd 2865 root 20 0 14968 1032 836 S 0.0 0.1 0:00.01 in.telnetd 2866 rcp 20 0 17872 1432 1204 S 0.0 0.2 0:00.05 cli rcp>show process statistics Process PID Start Reconnect Speed-up rcpservices 2745 1 0 6 rcpacl 2768 1 0 5 rcprip 2773 1 0 1 rcpdns 2776 1 0 1 rcprouter 2778 1 0 1 rcpdhcp 2777 1 0 1 rcp>
show service
Show service status and access counters.
show service
Example:
rcp(config)#show services Service Status Connections Telnet enabled 26 TFTP enabled 527 rcp(config)#
show startup-config
Show the configuration activated when the system is started.
show startup-config
show version
Show RCP system version.
show version
Example:
rcp(config)#show version RCP100 software version 0.98 Kernel version: Linux 3.4.2-1.fc16.x86_64 x86_64 System uptime is 0 days, 0 hours 44 minutes 6 seconds 48.16G total disk storage, free 29.33G 868M total memory, free 277M (31.92%) 1759M swap total memory, free 1730M (98.32%) rcp(config)#
telnet-client
Start a telnet session.
telnet-client <host>
terminal monitor
Monitor log messages in CLI terminal.
terminal monitor
no terminal monitor
traceroute
Trace the route to a destination.
traceroute <host>
traceroute <address>
Example: Restricting router administration access using ACLs
In this ACL example we allow the administration access (telnet, HTTP, FTP, TFTP) to our router only from a specific range of IP addresses. All other addresses are blocked.
rcp(config)#! permit administration access from stations on 192.168.20.0/24 network rcp(config)#access-list 1 permit 192.168.20.0/24 rcp(config)# rcp(config)#! apply the access list to all interfaces rcp(config)#interface ethernet eth0 rcp(config-if eth0)#ip access-group 1 in rcp(config-if eth0)#exit rcp(config)#interface ethernet eth1 rcp(config-if eth1)#ip access-group 1 in rcp(config-if eth1)#exit rcp(config)#interface ethernet eth2 rcp(config-if eth2)#ip access-group 1 in