Acme Packet notes
From Jaymzworld
These commands were run against a Acme Session Director 4250.
Contents |
Initial Configuration
Serial Port Settings
You can use Hyperterminal, minicom, putty, etc. to access the Session Director.
| Setting | Value |
|---|---|
| Bits per second | 115200 |
| Data Bits | 8 |
| Parity | None |
| Stop bits | 1 |
| Flow control | None |
Acme Command Line Interface (ACLI)
- Log in to the SD with the user password.
- Enable the Supersuser mode by entering the enable command and then the superuser password. The command prompt will change to include a # instead of a > while in Superuser mode. This level of system access (i.e. at the acmesystem# prompt) is referred to as the main level of the ACLI. Specific sub-levels of the ACLI are then accessed to configure specific elements and specific parameters of those elements.
User Access Verification Password: acme acmesystem> acmesystem> enable Password: packet acmesystem#
- In Superuser mode, enter the configure terminal command. The configure terminal command is used to access the system level where all operating and system elements may be configured. This level of system access is referred to as the configuration level.
acmesystem# configure terminal acmesystem(configure)#
- Enter the name of an element to be configured (e.g. system).
- Enter the name of a sub-element, if any (e.g. phy-interface)
- Enter the name of an element parameter followed by its value (e.g., name To_HQ).
- Enter done to save changes to the element. Use of the done command causes the system to save and display the settings for the current element.
- Enter exit as many times as is necessary to return to the configuration level.
- Repeat Steps 4 to 8 to configure all the elements.
- Enter exit to return to the main level.
- Type save-config to save the entire configuration.
- Type activate-config to activate the entire configuration.
Default to factory settings
Use the delete-config command to delete the current configuration. Perform this step only if you wish to delete the current configuration and create a new configuration from scratch.
acmesystem# delete-config ****************************************************** Do you really want to ERASE the current config:? [y/n]?: y Deleting configuration NOTE: need to reboot for changes to take effect task done acmesystem#
bootparam
Use the bootparam command to review and/or change system boot parameters. In particular, review and/or change the IP address information of the management interface which, in the example, is the wancom0 interface. The bootparam command will prompt for a line-by-line review of the system boot parameters. To accept a parameter as is, press Enter. To change a parameter, type in a new value and press Enter.
acmesystem# config t acmesystem(configure)# bootp '.' = clear field; '-' = go to previous field; q = quit boot device : wancom0 processor number : 0 host name : file name : /tffs0/sd210p29.gz inet on ethernet (e) : 10.0.0.175 inet on backplane (b) : host inet (h) : gateway inet (g) : 10.0.0.1 user (u) : vxftp ftp password (pw) (blank = use rsh) : vxftp flags (f) : 0x8 target name (tn) : startup script (s) : other (o) :
| Parameter | Meaning |
|---|---|
| boot device | The selected management interface on the SD 4250's rear |
| processor number | Currently always 0 |
| host name | Device host name |
| file name | /tffs0/filename.gz if booting from a local file, or the off-device filename, if using that feature. |
| inet on ethernet (e) | The IP address and mask (in hex) to be used for network management (10.0.0.175:ffffff00) |
| inet on backplane (b) | |
| host inet (h) | Remote host that off-device boot files are retrieved from, if using that feature. |
| gateway inet (g) | The management network gateway IP address |
| user (u) | FTP user name used to log into the off-device file server |
| ftp password (pw) | FTP password used to log into the off-device file server |
| target name (tn) | ACLI prompt name |
| startup script (s) | |
| other (o) |
System
system-config
hostname
description
location
mib-system-contact
mib-system-name
mib-system-location
snmp-enabled enabled
enable-snmp-auth-traps disabled
enable-snmp-syslog-notify disabled
enable-snmp-monitor-traps disabled
enable-env-monitor-traps disabled
snmp-syslog-his-table-length 1
snmp-syslog-level WARNING
system-log-level WARNING
process-log-level NOTICE
process-log-ip-address 0.0.0.0
process-log-port 0
default-gateway 135.60.25.129
restart enabled
exceptions
telnet-timeout 0
console-timeout 0
Interfaces
When configuring interfaces, you will most always create two, one for the outside network, and one for the inside network.
Physical Interface
The physical interface (phy-interface) elements detail the layer 2 characteristics of an interface.
You can add a physical interface by navigating to the configure terminal->system->phy-interface element and configuring the following parameters:
- name: A unique name (e.g. s0p1)
- operation-type: Media
- Media: the interface is used for media
- Maintenance/Control:Specifies that this interface is on the rear of the chassis, and is used for management
- port: An available port (e.g. 1).
- slot: An available slot (e.g. 0)
Enter the done command to save the changes and use the exit command as many times as is necessary to return to the configuration level.
phy-interface
name s0p1
operation-type Media
port 0
slot 0
virtual-mac
admin-state enabled
auto-negotiation enabled
duplex-mode FULL
speed 100
Network Interface
The network interface (network-interface) elements detail the layer 3 characteristics of a logical interface, and tie this to a pre-defined physical interface. More than one network interface can reside on a single physical interface, with VLAN IDs being used to differentiate between them.
You can add a network interface by navigating to the configure terminal->system->network-interface element and configuring the following parameters:
- name: The associated physical interface defined in Section 6.5, Step 1 (e.g. s0p1).
- sub-port-id: A VLAN number (e.g. 12). Use of a VLAN is optional but is required in cases where the same physical interface is assigned multiple IP addresses.
- ip-address: IP address for the interface (e.g. 135.60.25.173).
- netmask: netmask for the interface (e.g. 255.255.255.0).
- gateway: IP address for the gateway on the subnetwork (e.g. 135.60.25.129)
network-interface
name s0p1
sub-port-id 0
hostname
ip-address 135.60.25.173
pri-utility-addr
sec-utility-addr
netmask 255.255.255.192
gateway 135.60.25.129
sec-gateway
gw-heartbeat
state disabled
heartbeat 0
retry-count 0
retry-timeout 1
health-score 0
dns-ip-primary
dns-ip-backup1
dns-ip-backup2
dns-domain
hip-ip-list 135.60.25.173
ftp-address
icmp-address 135.60.25.173
snmp-address
telnet-address
Although the operation-type of a physical interface may be set to Media, you can still enable management functions on it using the network-interface element using these optional configuration elements:
- ftp-address
- icmp-address
- snmp-address
- telnet-address
For example, even though the physical interface is configured properly and up, the system will not respond to ping requests to its network interface unless snmp-address has been assigned the network interface IP address.
Enter the done command to save the changes and use the exit command as many times as is necessary to return to the configuration level.
Configs
With this minimum configuration in place, you can now save and activate your configuration, and access the SD either from a management station (using a station on the wancom subnet), or one of the network interfaces (assuming telnet-address was assigned).
First verify your configuration is OK:
acmesystem# verify-config Verifying Configuration: OK. All physical-interface network-interfaces exist. Checking gateway list for each host-route... OK. Each referenced gateway exists. OK. The system-config default gateway (135.60.25.129) is present in the network-interface s0p0:0 Configuration elements checked are valid.
- Next, use the save-config command to move your configuration from non-volatile memory to volatile memory:
acmesystem# save-config Save-Config received, processing. waiting 1200 for request to finish Request to 'SAVE-CONFIG' has Finished, Save complete Currently active and saved configurations do not match! To sync & activate, run 'activate-config' or 'reboot activate'.
- Finally, activate the configuration, either by activate-config, or reboot activate:
acmesystem# activate-config Activate-Config received, processing. waiting 120000 for request to finish Request to 'ACTIVATE-CONFIG' has Finished, Activate Complete
acmesystem# reboot activate ----------------------------------------- WARNING: you are about to reboot this SD! ----------------------------------------- Reboot this SD [y/n]?:
If you really like your configuration, be sure to back it up to the SD's filesystem. Just use the backup command with a descriptive filename:
acmesystem# backup 05282010-cfg task done
You can also display and delete backups:
acmesystem# display-backups 05272010-Aura-1.tar.gz 05272010-Aura-2.tar.gz 05282010-cfg.tar.gz acmesystem# delet delete-backup-config delete-config delete-status-file acmesystem# delete-backup-config 05282010-cfg.tar.gz task done
Make sure you don't confuse the delete-backup-config and delete-config commands!
Miscellaneous Commands
Show enabled features
acmesystem# show features
Total session capacity: 250
Enabled features: SIP, H323, ACP, Routing, Load Balancing,
High Availability, PAC
See details for a particular realm
acmesystem# realm-specifics core
realm-config
identifier core
addr-prefix 0.0.0.0
network-interfaces
Front1_0:0
mm-in-realm enabled
mm-in-network enabled
msm-release disabled
qos-enable disabled
max-bandwidth 0
max-latency 0
max-jitter 0
max-packet-loss 0
observ-window-size 0
parent-realm
dns-realm
media-policy
in-translationid
out-translationid
class-profile
average-rate-limit 0
access-control-trust-level none
invalid-signal-threshold 0
maximum-signal-threshold 0
deny-period 30
last-modified-date 2010-05-25 08:55:26
steering-pool
ip-address 10.0.24.254
start-port 49152
end-port 65535
realm-id core
network-interface
Selecting a particular sub-element to modify its value. For example, to change the policy-attribute sub-element of the local-policy element, you have to first select the local-policy, then select the policy-attribute. In this case we are changing app-protocol to SIP.
This is done using the select command, which will prompt you for information about the element or sub-element you wish to change, so that it can find the right one.
acmesystem(configure)#
acmesystem(configure)# session-router
acmesystem(session-router)# local-policy
acmesystem(local-policy)# select
<source-realm>: access
<from>: *
<to>: *
1: realms 'access'; from *; to *
selection: 1
acmesystem(local-policy)# show
local-policy
from-address
*
to-address
*
source-realm
access
activate-time N/A
deactivate-time N/A
state enabled
last-modified-date 2010-05-25 09:33:09
policy-attribute
next-hop 10.0.24.9
realm core
replace-uri disabled
carrier
start-time 0000
end-time 2400
days-of-week U-S
cost 0
app-protocol
state enabled
media-profiles
acmesystem(local-policy)# policy-attribute
acmesystem(local-policy-attributes)# select
<next-hop>: 10.0.24.9
<carrier>:
1: 10.0.24.9 realm=core car= 0000 2400 U-S cost=0 enabled
selection: 1
acmesystem(local-policy-attributes)# show
policy-attribute
next-hop 10.0.24.9
realm core
replace-uri disabled
carrier
start-time 0000
end-time 2400
days-of-week U-S
cost 0
app-protocol
state enabled
media-profiles
acmesystem(local-policy-attributes)# app-protocol SIP
acmesystem(local-policy-attributes)# show
policy-attribute
next-hop 10.0.24.9
realm core
replace-uri disabled
carrier
start-time 0000
end-time 2400
days-of-week U-S
cost 0
app-protocol SIP
state enabled
media-profiles
acmesystem(local-policy-attributes)# done
Here's another example, changing duplex and speed of a physical interface.
acmesystem(configure)# system
acmesystem(system)# phy
acmesystem(phy-interface)# select
<name>: Front0_0
1: Front0_0
selection: 1
acmesystem(phy-interface)# show
phy-interface
name Front0_0
operation-type Media
port 0
slot 0
virtual-mac
admin-state enabled
auto-negotiation enabled
duplex-mode
speed
last-modified-date 2009-10-05 13:19:05
acmesystem(phy-interface)# duplex-mode FULL
acmesystem(phy-interface)# speed 100
acmesystem(phy-interface)# done
You can also enable packet capturing on a particular interface.
acmesystem# packet-capture
---------- ACLI v1.0 -----------
enable enable packet capturing for interfaces
disable disable packet capturing for interfaces
clear empty the packet buffer
modify modify the packet buffer size
show show a summary of most recently captured packets
detail show detail of a particular captured packet
acmesystem# packet-capture enable
---------- ACLI v1.0 -----------
<0|1> media interface slot
0:left slot, 1:right slot
<0|1|2|3> media interface port
0:leftmost port ... 3:rightmost port
acmesystem# packet-capture enable 0 0
acmesystem# packet-capture show
Entry # Ingress IF Frame Format Type/Length VLAN ID Source IP address Destination IP address Protocol Src Port Dest Port
1 1/0 unknown 0x0026 - - - - - -
2 1/0 unknown 0x0026 - - - - - -
3 1/0 unknown 0x0026 - - - - - -
4 1/0 unknown 0x0026 - - - - - -
5 1/0 unknown 0x0026 - - - - - -
6 1/0 unknown 0x0026 - - - - - -
7 1/0 DIX 0x0800 - 148.147.172.069 135.060.025.177 17 52278 162
8 1/0 DIX 0x0800 - 135.060.004.228 135.060.025.173 6 1030 5060
9 1/0 DIX 0x0800 - 148.147.172.069 135.060.025.177 17 52278 162
10 1/0 DIX 0x0800 - 135.060.004.228 135.060.025.173 6 1030 5060
11 1/0 unknown 0x0026 - - - - - -
12 1/0 DIX 0x0800 - 135.060.004.228 135.060.025.173 6 1030 5060
13 1/0 unknown 0x0026 - - - - - -
14 1/0 DIX 0x0800 - 148.147.172.069 135.060.025.177 17 52278 162
15 1/0 DIX 0x0800 - 135.060.004.228 135.060.025.173 6 1030 5060
16 1/0 unknown 0x0026 - - - - - -
acmesystem# packet-capture detail 15 Ingress Slot/Port: 1/0 00 08 25 02 33 84 00 30 6D 98 40 03 08 00 45 88 00 2C 00 5C 40 00 3C 06 10 DF 87 3C 04 E4 87 3C 19 AD 04 06 13 C4 E5 5E 72 C9 00 00 00 00 60 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DIX header --- MAC Src Addr : 0x 00 08 25 02 33 84 MAC Dest Addr : 0x 00 30 6D 98 40 03 VLAN ID : 0x XX Length/Type : 0x 0800 IP Header --- IP Version : 4 IP Header Length : 5 Type-of-Service : 136 Total Length : 44 Identificaton : 92 Flags : 2 Fragment Offset : 0 Time-to-Live : 60 protocol : 6 Header Checksum : 0x10DF Source IP Addr : 135.60.4.228 Destination IP Addr : 135.60.25.173 TCP Header --- Source Port : 1030 Destination Port : 5060 Sequence Number : 0xE55E72C9 Ack Number : 0x00000000 Header Length : 6 Flags : 0x0002 Window : 0 Checksum : 0x0000 Urgent Point : 0x0000
