SE800常用命令

1、se800常用命令行5,数据备份及恢复.(1) 备份.配置好ftp server,指定好home目录. 下面例子中,sgao是用户名,sgao123是password.locallab1# copy redback.cfg ftp:/sgao:sgao12333/redback.cfgredback.cfg 为缺省起机配置文件,show config时并无显示. 你也可以指定自己的起机配置文件. 这时,show config 就有该文件的路径显示. 但如果你对此操作并不熟悉, 不要轻易在现网使用.locallab1(config)#boot configuration /

2、flash/myconfig.cfglocallab1#save config(2) 恢复恢复时copy ftp:/sgao:sgao12333/redback.cfg /md/myconfig.cfg 得到出厂配置, 用console 线接入se800,把/flash/redback.cfg, /flash/redback.cfg*(如, redback.cfg.bak, redback.cfg_195814), /flash/redback.bin, 全部删除. 然后, reload.设备起来后,调入备份配置,locallab1#config /md/myconfig

3、.cfg保存为缺省配置. locallab1#save config redback.cfg1、ping 4 source 3 preload 1000 size 2000从3 ping 对端4,共ping1000个2000大小的包2、show subscriber summary 查看在线用户数3、sh ip interface brief 看se800的互联设备信息4、sh ospf neighbor 看se800的ospf邻居5、sh subscribers active all | begi

4、n before profile 2m 查看当前2m用户数6、show process cpu 看设备当前利用率7、sh subscribers username ji10045918 看ji10045918用户是否在线8、sh port 11/1 看某端口信息9、no auto-negotiate 强制全双工(config模式下)10、sh pppoe | grep ji10014927 查看ji10014927用户的mac地址信息11、show ip pool 查看地址池占用情况12、show subs act 查看当前用户详细信息13、clear subs username + 帐号 清

5、楚在线用户14、show subs act username +帐号 查看单个用户详细信息15、show pppoe | grep +帐号 查看用户mac地址16、show subs summary 查看用户总数17、show pppoe | grep 13/4 | count 查看从13/4端口拨入的用户数18、save config ftp:/用户名:密码服务器地址/备份文件名+设备存储文件名copy redback.cfg ftp:/sgao:sgao12333/redback.cfg 数据备份19、copy ftp:/用户名:密码服务器地址/备份文件名+设备存储文

6、件名 copy ftp:/sgao:sgao12333/redback.cfg /md/myconfig.cfg 数据恢复20、boot config weishan.cfg 重新启动生效21、copy 备份文件 /md/备份文件 存储到cf卡22、dir /md 查看cf卡备份文件23、show licenses 查看设备承载用户数24、show subscribers active | include 12/2 vlan-id 3322 | count25、 查看一个vlan有多少用户26、show sub act | grep circuit x/1 vlan-id

7、 | countshow sub act | grep circuit x/2 vlan-id | countshow sub act | grep circuit x/3 vlan-id | countshow sub act | grep circuit x/4 vlan-id | count一个板卡上有多少用户show sub sum all/查看总的用户的数量,包括各个context的用户show sub/查看当前所在context的用户sh circuit counters sub/查看每个用户的流量sh circuit counters 13/1 vlan-id 500 live

8、/查看13/1端口vlan 500中每个用户的流量show pppoe sub 2/4/查看2/4端口的用户(10k、se800)sh pppoe sub 13/1 vlan-id 521 pppoe/查看port 13/1 的vlan-id 521用户sh pppoe up all | grep 521/查看vlan-id 521的用户sh pppoe up all | grep 521 | count /查看vlan-id 521的用户数量show config qos /显示 se 800的qos配置show config acl /显示 se 800的acl配置show config

9、port /显示 se 800的port下的配置show config context /显示 se 800的context adsl的配置show administrators或show user/显示登录se 800的用户clear administrator bjgtilocal ttyp0/清楚用户ttyp0的bjgtilocal用户show sub act | begin after 5 41smartedge se800 contexts:实例，一个设备运行多个实例，每个实例有自己独立的路由能力和域的管理，以及独立的路由协议，认证和记账等等。每个实例可用于相

10、应的服务分类，实例之间也能通信。系统有一个默认的context，名字为local，这个实例是不能被删除并常用于管理。interfaces：一种逻辑接口，提供给高层协议（如3层ip地址）或服务信息，这个逻辑接口配置在相应的context下，并独立于物理端口/链路。高层协议要生效的一个前提是该逻辑接口要关联到相应的物理端口/链路上。subscribers：终端用户，是context配置里面的一部分，用于描述终端用户的特性，包括使之能绑定到相应interface接口或满足某些context或服务所需要的信息，以及其他一些配置信息，如认证，接入控制，限速，策略信息等。ports,channels,an

11、d circuits：这些是物理的端口/链路，上层协议的实现需要与相应的物理端口/链路做绑定，用专门的bind命令。cross-connections：二层交叉互连，可以做到在任何板卡的任何端口/链路上的vlan之间的二层交叉互联，同时支持vlan/svlan/atm pvc 之间的任意的交叉互连。例如从一个端口/链路的vlan100进，从另外一个口的vlan199出。tunnels：gre is a simple, stateless protocol that allows for the tunneling of ip in ip. gre allows you to connect r

12、emote sites using private ip addresses over a public network that uses publicly routable ip addresses.l2tp tunnels are user datagram protocol (udp)/ip-encapsulated circuits that carry subscriber point-to-point protocol (ppp) sessions to another router.bindings：绑定。将物理端口/链路/链路与上层协议配置进行绑定，仅在做完绑定后端口/链路才

13、有流量进出。分为静态绑定和动态绑定。静态绑定中，物理端口/链路可以直接绑定到逻辑interface上，也可以绑定到特定的subscriber用户上，用户再映射到某个逻辑interface上。动态绑定是指基于会话信息的绑定，如pppoe会话，一个ppp封装形式的会话通过其特定的域名（如adsl、lan等）绑定到相应的context的逻辑 interface接口中。redback bras se 800常用命令二、ospf、bgp路由协议show ip route summ all/查看所有context的路由总体情况show ospf nei/查看ospf的neighborshow ospf r

14、oute summ/查看ospf的路由简要情况show bgp nei summ/查看bgp的neighborshow bgp route ipv4 vpn summ /查看bgp协议交换的ipv4 vpn路由情况，一般用在mpls vpn（2547bis）中radius 相关参数：algorithm: first bras总是先把第一个认证包/计费包，发送到第一台radius server。如果这个request失败后超时（超过radius timeout规定的时间），再发送到第二台，以此类推。radius timeout (in sec.): 15bras给radius server发包的

15、间隔时间。bras第一次给radius server发包后，等待15秒后，没有收到认证回复包，就认为原认证包丢失或radius server不可到达。从而再次发认证包。radius accounting timeout和它类似。max retry: 5 最大发送认证包的次数，第一个radius服务器回复认证包没有成功，在radius timeout时间间隔后，继续发送到第二个radius服务器。可以循环发送。max outstanding: 256authenticating最大队列数server timeout (in sec.): 60bras在宣布radius server为dead前的

16、等待时间。缺省为60秒，意味着如果一个bras在60秒内没有收到radius server回复的认证包，那么这个radius server将被宣布为dead。 deadtime (in min.): 5一个radius server被宣布死亡后，到再次把认证包发送给它的时间间隔，缺省时间为5分钟。它意味着radius server状态标示为“dead”后，到bras再次把认证包发送给它的时间间隔最少为5分钟。如果radius server在5分钟内已经正常工作了，那么它就能正常回复认证包，之后，radius server状态重新被标示为”alive”se800的“xc”功能很厉害比如说，在城域

17、网改造过程中，vlan 100200 在城市接入层得多处使用到了，那么在城域网改造过程中无法合并到一个二层域中。有了xc，就可以保留其中一个vlan 100200，其他的就可以改写成没有冲突的vlan.比如改写成vlan 11001200。在台湾中华电信，他们用se800做iptv和以太网传输，一方面se800做组播复制，另外一方面，se800作为传输设备把各地的以太网vlan通过透传或者改写的方式传输到中华电信数据局hinet的“bras”上来终结pppoe和专线，呵呵，这里的se800即不做bras也不做路由器用，当传输设备用。另外，se800上的martini 二层vpn在本机的配置，也

18、是基于xc的，只是交叉到的目的不是本机的端口，而是远端的ip地址，广域上走mpls。juniper/redback martini l2vpn config sample interfaces fxp0 unit 0 family inet address 0/24; fxp1 vlan-tagging; unit 4 vlan-id 40; family inet address /24; family mpls; fxp2 vlan-tagging; unit 0 encapsulation vlan-ccc; vlan-id 100; lo0 u

19、nit 5 family inet address /32; routing-options static route /0 next-hop ; protocols mpls interface fxp1.4; interface lo0.5; ospf area interface fxp1.4; interface lo0.5; ldp interface fxp1.4; interface lo0.5; session authentication-key $9$b.wgjji.m5f; # secre

20、t-data l2circuit neighbor interface fxp2.0 virtual-circuit-id 100; mtu 1500; editrootolive#se800的配置localse1#show configbuilding configuration.current configuration:! configuration last changed by user admin at wed jun 23 14:07:28 2004!service multiple-contexts!service inter-context routing!c

21、ontext local!no ip domain-lookup!interface fxp2.5 ip address /24 ip mtu 1496!interface lo1 loopback ip address /32!interface mgmt ip address /24logging console!router ospf 10 area interface fxp2.5 interface lo1!router mpls interface fxp2.5 interface lo1!router ld

22、p neighbor targeted neighbor password encrypted 7bdbd216d4e15c91 interface fxp2.5 interface lo1!enable encrypted 1 $1$.$4qhlvuh2hdocu/ebyfbm6.!administrator admin encrypted 1 $1$.$4qhlvuh2hdocu/ebyfbm6.!subscriber default ip address poolservice ftp clientservice telnet!l2vpn l2vpn-cc

23、t-bindings ldp xc 11/1 vlan-id 100 vc-id 100 peer remote-encap dot1q! * end context *logging tdm consolelogging activelogging standby short! bridge global configuration!system clock timezone beijing 8 0 local!port ethernet 7/1! xcrp management ports on slot 7 and 8 are configured through 7/1

24、no shutdownbind interface mgmt local!card ether-12-port 11!port ethernet 11/1no shutdownencapsulation dot1qdot1q pvc 50 bind interface fxp2.5 localdot1q pvc 100 l2vpn local!system hostname se1!no service console-break!service crash-dump-dram!no service auto-system-recovery!pppoe services all-domains

25、pppoe service-name accept-all!endlocalse1#juniper/redback martini l2vpn config samplejuniper/redback martini l2vpn config sampletopology:olive本地路由器- p0-p1-p2-p3-se800l2-circuit 配置在本地的路由器上p0，p1，p2，p3配置在logical router中se800是redback 的bras,作为l2-circuilt的另一端在olive本地路由器与se800之间建立l2-circuitrootolive# run s

26、how l2circuit connections layer-2 circuit connections:legend for connection status (st) ei - encapsulation invalid np - interface h/w not present mm - mtu mismatch dn - down em - encapsulation mismatch vc-dn - virtual circuit down cm - control-word mismatch up - operational vm - vlan id mismatch cf

27、- call admission control failureol - no outgoing label xx - unknownnc - intf encaps not ccc/tcccb - rcvd cell-bundle size badlegend for interface status up - operational dn - down neighbor: interface type st time last up # up trans fxp2.0(vc 100) rmt up jun 7 10:09:19 2005 1 local interface:

28、 fxp2.0, status: up, encapsulation: vlan remote pe: , negotiated control-word: no incoming label: 100000, outgoing label: 131072editrootolive#localse1#show l2vpn xc detail ldp l2vpn circuit 11/1 vlan-id 100l2 state : up peer : vc id : 100 xc state : up local label : 131072 access circ

29、uit : 11/1:1023:63/1/2/57342remote label : 100000 l2vpn circuit : 255/12:1023:63/0/1/1exp bits : 0 local encap : dot1qremote group id : 0 remote encap : dot1qlocal vc type : vlan remote vc type : vlanlocal vc mtu : 1500 remote vc mtu : 1500 flags 0x0000b9e9: in-rib, in-lblmap, up, in-ldp, from-ldp,

30、from-cfg : ism-up, peer-up, remote-encap, remote-cbitrootolive# showversion 7.1r1.3;groups mpls logical-routers interfaces unit family mpls; apply-groups mpls;system host-name olive; saved-core-context; login user juniper uid 2002; class superuser; authentication encrypted-password $1$fte4avvp$u8euy

31、zjmcjdvz/albcnoj1; # secret-data user vcmux uid 2000; class superuser; authentication encrypted-password $1$meu83z82$1noibkb7kmymkuu78z.bj/; # secret-data services ftp; telnet; syslog user * any error; file messages any notice; authorization info; compress-configuration-files;logical-routers p0 inte

32、rfaces fxp1 unit 1 vlan-id 10; family inet address /24; fxp2 unit 4 vlan-id 40; family inet address /24; lo0 unit 1 family inet address /32; protocols mpls interface all; ospf area interface all; ldp interface all; routing-options router-id ; p1 interfaces fxp

33、1 unit 2 vlan-id 20; family inet address /24; fxp2 unit 1 vlan-id 10; family inet address /24; lo0 unit 2 family inet address /32; protocols mpls interface all; ospf area interface all; ldp interface all; routing-options router-id ; p2 interfaces fxp1 unit 3 v

34、lan-id 30; family inet address /24; fxp2 unit 2 vlan-id 20; family inet address /24; lo0 unit 3 family inet address /32; protocols mpls interface all; ospf area interface all; ldp interface all; routing-options router-id ; p3 interfaces fxp1 unit 5 vlan-id 50;

35、 family inet address /24; fxp2 unit 3 vlan-id 30; family inet address /24; lo0 unit 4 family inet address /32; protocols mpls interface all; ospf area interface all; ldp interface all; routing-options router-id ; se800针对用户进行速率限制 busrt 带宽(bps) 0.8 / 8这个是现实中已经在用

36、的情况了限速由两部分组成，一部分配置上下行的速度，一部分配置be值。上下行的速度一般放在context pppoe里面配置，be最大突发流量放在全局下配置。context pppoesubscriber profile bw_2mlimitqos policy policing bw_2mupqos policy metering bw_2mdown.endconfqos policy bw_2mup policingrate 2048 burst 204800qos policy bw_2mdown meteringrate 2048 burst 204800vpls 配置说明vpls配置过

37、程：一. 先配置profile1. bridge profile bp-ac2. bridge profile bp-pwtrunk3. vpls profile se1-se2neighbor 2bridge profile bp-pw二. 配置local context中的东西router-id 2router mplsinterface 3/1-ciscointerface 3/2-juniperinterface lo1router ldprouter-id 2neighbor 2 targeted (内层标签用）inte

38、rface 3/1-cisco (外层标签用）interface 3/2-juniper (外层标签用）router ospf略二. 创建bridge instance1. context bridge customer-1vpls -有vpls的profile se1-se2 pw-id 102. 创建bridge的interfaceinterface ac bridgebridge name customer-1三. 将用户电路bind到bridge interfaceport ethernet 3/2encapsulation dot1qdot1q pvc 10bridge profil

39、e bp-acbind interface ac local se800&radius communication(vsa)pid 3764: testing radius server .localse1#test aaa authentication username testl2tp password 12345 pr ra radius authentication test response: server: ip-server/1812 server response: accepted. - attributes list: tunnel-medium-type = 1 tunnel-type = 3 tunnel-server-endpoint = ip-address context-name = vpn1 - send count: 1 send time: jan 10 18:33:22 2007 response time: jan 10 18:33:22 2007localse2#test aaa authentication username testl2tp password 12345 pr ra radius authentication test response: s