IP System Management Commands

This chapter contains the following sections:

ping

Use the ping EXEC mode command to send ICMP echo request packets to another node on the network.

Syntax

ping [ip] {ipv4-address | hostname} [size packet_size] [count packet_count] [timeout time_out] [source source-address]

ping ipv6 {ipv6-address | hostname} [size packet_size] [count packet_count] [timeout time_out] [source source-address]

Parameters

  • ip—Use IPv4 to check the network connectivity.

  • ipv6—Use IPv6 to check the network connectivity.

  • ipv4-address—IPv4 address to ping.

  • ipv6-address—Unicast or Multicast IPv6 address to ping. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified.

  • hostname—Hostname to ping (Length: 1-158 characters. Maximum label size for each part of the host name: 58.)

  • size packet_size—Number of bytes in the packet not including the VLAN tag. The default is 64 bytes. (IPv4:64–1518, IPv6: 68–1518)

  • count packet_count—Number of packets to send, from 1 to 65535 packets. The default is 4 packets. If 0 is entered, it pings until stopped (0–65535).

  • time time-out—Timeout in milliseconds to wait for each reply, from 50 to 65535 milliseconds. The default is 2000 milliseconds (50–65535).

  • source source-address—Source address (Unicast IPv4 address or global Unicast IPv6 address).

Command Mode

Privileged EXEC mode

User Guidelines

Press Esc to stop pinging. Following are sample results of the ping command:

  • Destination does not respond—If the host does not respond, a “no answer from host” appears within 10 seconds.

  • Destination unreachable—The gateway for this destination indicates that the destination is unreachable.

  • Network or host unreachable—The switch found no corresponding entry in the route table.

When using the ping ipv6 command to check network connectivity of a directly attached host using its link local address, the egress interface may be specified in the IPv6Z format. If the egress interface is not specified, the default interface is selected.

When using the ping ipv6 command with a Multicast address, the information displayed is taken from all received echo responses.

When the source keyword is configured and the source address is not an address of the switch, the command is halted with an error message and pings are not sent.

Examples

Example 1 - Ping an IP address. 

switchxxxxxx> ping ip 10.1.1.1
Pinging 10.1.1.1 with 64 bytes of data:
64 bytes from 10.1.1.1: icmp_seq=0. time=11 ms
64 bytes from 10.1.1.1: icmp_seq=1. time=8 ms
64 bytes from 10.1.1.1: icmp_seq=2. time=8 ms
64 bytes from 10.1.1.1: icmp_seq=3. time=7 ms
----10.1.1.1 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 7/8/11

Example 2 - Ping a site. 

switchxxxxxx> ping ip yahoo.com
Pinging yahoo.com [66.218.71.198] with 64 bytes of data:
64 bytes from 66.218.71.198: icmp_seq=0. time=11 ms
64 bytes from 66.218.71.198: icmp_seq=1. time=8 ms
64 bytes from 66.218.71.198: icmp_seq=2. time=8 ms
64 bytes from 66.218.71.198: icmp_seq=3. time=7 ms
----10.1.1.1 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 7/8/11

Example 3 - Ping an IPv6 address. 

switchxxxxxx> ping ipv6 3003::11
Pinging 3003::11 with 64 bytes of data:
64 bytes from 3003::11: icmp_seq=1. time=0 ms
64 bytes from 3003::11: icmp_seq=2. time=50 ms
64 bytes from 3003::11: icmp_seq=3. time=0 ms
64 bytes from 3003::11: icmp_seq=4. time=0 ms
----3003::11 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/12/50
switchxxxxxx> ping ipv6 FF02::1
Pinging FF02::1 with 64 bytes of data:
64 bytes from FF02::1: icmp_seq=1. time=0 ms
64 bytes from FF02::1: icmp_seq=1. time=70 ms
64 bytes from FF02::1: icmp_seq=2. time=0 ms
64 bytes from FF02::1: icmp_seq=1. time=1050 ms
64 bytes from FF02::1: icmp_seq=2. time=70 ms
64 bytes from FF02::1: icmp_seq=2. time=1050 ms
64 bytes from FF02::1: icmp_seq=3. time=0 ms
64 bytes from FF02::1: icmp_seq=3. time=70 ms
64 bytes from FF02::1: icmp_seq=4. time=0 ms
64 bytes from FF02::1: icmp_seq=3. time=1050 ms
64 bytes from FF02::1: icmp_seq=4. time=70 ms
64 bytes from FF02::1: icmp_sq=4. time=1050 ms
---- FF02::1 PING Statistics----
4 packets transmitted, 12 packets received

ssh

To start an encrypted session with a remote networking device, use the ssh command in user EXEC or privileged EXEC mode.

Syntax

ssh {ip-address | hostname} [port] [keyword...]

Parameters

  • ip-addressSpecifies the destination host IP address (IPv4 or IPv6).

  • hostname—Hostname to ping (Length: 1-158 characters. Maximum label size for each part of the host name: 58.)

  • portSpecifies the decimal TCP port number. The default port is the SSH port (22).

  • keyword—Specifies the one or more keywords listed in the Keywords table in the User Guidelines.

Keywords Table

Options

Description

/password password

Specifies the password to use when logging in on the remote networking device running the SSH server. If the keyword is not specified, the password configured by the ip ssh-client password command is used. If this keyword is specified the the /user keyword must be specified too.

/source-interface interface-id

Specifies the source interface which minimal IPv4/v6 address will be used as the source IPv4/v6 address. If the keyword is not specified, the source IPv4/IPv6 address configured by the ip ssh-client source-interface command is used.

/user user-name

Specifies the user name to use when logging in on the remote networking device running the SSH server. If the keyword is not specified, the user name configured by the ip ssh-client username command is used. If this keyword is specified the /password keyword must be specified too.

Default Configuration

The default port is the SSH port (22) on the host.

Command Mode

Privileged EXEC mode

User Guidelines

The ssh command enables the switch to make a secure, encrypted connection to another switch running an SSH server. This connection provides functionality that is similar to that of a Telnet connection except that the connection is encrypted. With authentication and encryption, the SSH client allows for a secure communication over an insecure network.

Only one SSH terminal connection can be active at the same time.

Examples

Example 1. The following example sets a secure session between the local device and the edge device HQedge. 

switchxxxxxx> ssh HQedge

Example 2. The following example sets a secure session between the local device and the edge device 1.1.1.1. The user name is HQhost and the password is a password configured by the ip ssh-client password command. 

switchxxxxxx> ssh 1.1.1.1 /user HQhost

Example 3. The following example sets a secure session between the local device and the edge device HQedge. The user name is HQhost and the password is ar3245ddd. 

switchxxxxxx> ssh HQedge /user HQhost /password ar3245ddd

Example 4. The following example sets a lookback interface as a source interface: 

switchxxxxxx> ssh HQedge /source-interface loopback1

telnet

The telnet EXEC mode command logs on to a host that supports Telnet.

Syntax

telnet {ip-address | hostname} [port] [keyword...]

Parameters

  • ip-addressSpecifies the destination host IP address (IPv4 or IPv6).

  • hostname—Hostname to ping (Length: 1-158 characters. Maximum label size for each part of the host name: 58.)

  • portSpecifies the decimal TCP port number or one of the keywords listed in the Ports table in the User Guidelines.

  • keyword—Specifies the one or more keywords listed in the Keywords table in the User Guidelines.

Default Configuration

The default port is the Telnet port (23) on the host.

Command Mode

Privileged EXEC mode

User Guidelines

Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating system-specific functions. To enter a Telnet sequence, press the escape sequence keys (Ctrl-shift-6) followed by a Telnet command character.

Special Telnet Sequences

Telnet Sequence

Purpose

Ctrl-shift-6-b

Break

Ctrl-shift-6-c

Interrupt Process (IP)

Ctrl-shift-6-h

Erase Character (EC)

Ctrl-shift-6-o

Abort Output (AO)

Ctrl-shift-6-t

Are You There? (AYT)

Ctrl-shift-6-u

Erase Line (EL)

At any time during an active Telnet session, available Telnet commands can be listed by pressing the ?/help keys at the system prompt.

A sample of this list follows.

switchxxxxxx> ?/help
[Special telnet escape help] 
^^ B sends telnet BREAK 
^^ C sends telnet IP 
^^ H sends telnet EC 
^^ O sends telnet AO 
^^ T sends telnet AYT 
^^ U sends telnet EL 
?/help suspends the session (return to system command prompt)

Several concurrent Telnet sessions can be opened, enabling switching between the sessions. To open a subsequent session, the current connection has to be suspended by pressing the escape sequence keys (Ctrl-shift-6) and x to return to the system command prompt. Then open a new connection with the telnet EXEC mode command.

This command lists concurrent Telnet connections to remote hosts that were opened by the current Telnet session to the local device. It does not list Telnet connections to remote hosts that were opened by other Telnet sessions.

Keywords Table

Options

Description

/echo

Enables local echo.

/quiet

Prevents onscreen display of all messages from the software.

/source-interface

Specifies the source interface.

/stream

Turns on stream processing, which enables a raw TCP stream with no Telnet control sequences. A stream connection does not process Telnet options and can be appropriate for connections to ports running UNIX-to-UNIX Copy Program (UUCP) and other non-Telnet protocols.

Ctrl-shift-6 x

Returns to the System Command Prompt.

Ports Table

Keyword

Description

Port Number

BGP

Border Gateway Protocol

179

chargen

Character generator

19

cmd

Remote commands

514

daytime

Daytime

13

discard

Discard

9

domain

Domain Name Service

53

echo

Echo

7

exec

Exec

512

finger

Finger

79

ftp

File Transfer Protocol

21

ftp-data

FTP data connections

20

gopher

Gopher

70

hostname

NIC hostname server

101

ident

Ident Protocol

113

irc

Internet Relay Chat

194

klogin

Kerberos login

543

kshell

Kerberos shell

544

login

Login

513

lpd

Printer service

515

nntp

Network News Transport Protocol

119

pim-auto-rp

PIM Auto-RP

496

pop2

Post Office Protocol v2

109

pop3

Post Office Protocol v3

110

smtp

Simple Mail Transport Protocol

25

sunrpc

Sun Remote Procedure Call

111

syslog

Syslog

514

tacacs

TAC Access Control System

49

talk

Talk

517

telnet

Telnet

23

time

Time

37

uucp

Unix-to-Unix Copy Program

540

whois

Nickname

43

www

World Wide Web

80

Example

The following example displays logging in to IP address 176.213.10.50 via Telnet.

switchxxxxxx>  telnet 176.213.10.50

traceroute

To display the routes that packets will take when traveling to their destination, use the traceroute EXEC mode command.

Syntax

traceroute ip {ipv4-address | hostname} [size packet_size] [ttl max-ttl] [count packet_count] [timeout time_out] [source ip-address]

traceroute ipv6 {ipv6-address | hostname} [size packet_size] [ttl max-ttl] [count packet_count] [timeout time_out] [source ip-address]

Parameters

  • ip—Use IPv4 to discover the route.

  • ipv6—Use IPv6 to discover the route.

  • ipv4-address—IPv4 address of the destination host.

  • ipv6-address—IPv6 address of the destination host.

  • hostname—Hostname to ping (Length: 1-158 characters. Maximum label size for each part of the host name: 58.)

  • size packet_size—Number of bytes in the packet not including the VLAN tag. The default is 64 bytes. (IPv4:64-1518, IPv6: 68-1518)

  • ttl max-ttl—The largest TTL value that can be used. The default is 30. The traceroute command terminates when the destination is reached or when this value is reached. (Range: 1–255)

  • count packet_count—The number of probes to be sent at each TTL level. The default count is 3. (Range: 1–10)

  • timeout time_out—The number of seconds to wait for a response to a probe packet. The default is 3 seconds. (Range: 1–60)

  • source ip-address—One of the interface addresses of the device to use as a source address for the probes. The device selects the optimal source address by default. (Range: Valid IP address)

Command Mode

Privileged EXEC mode

User Guidelines

The traceroute command works by taking advantage of the error messages generated by routers when a datagram exceeds its time-to-live (TTL) value.

The traceroute command starts by sending probe datagrams with a TTL value of one. This causes the first router to discard the probe datagram and send back an error message. The traceroute command sends several probes at each TTL level and displays the round-trip time for each.

The traceroute command sends out one probe at a time. Each outgoing packet can result in one or two error messages. A "time exceeded” error message indicates that an intermediate router has seen and discarded the probe. A "destination unreachable" error message indicates that the destination node has received the probe and discarded it because it could not deliver the packet. If the timer goes off before a response comes in, the traceroute command prints an asterisk (*).

The traceroute command terminates when the destination responds, when the maximum TTL is exceeded, or when the user interrupts the trace with Esc.

The traceroute ipv6 command is not relevant to IPv6 link local addresses.

Example

switchxxxxxx> traceroute ip umaxp1.physics.lsa.umich.edu
Type Esc to abort.
Tracing the route to umaxp1.physics.lsa.umich.edu (141.211.101.64)
1 i2-gateway.stanford.edu (192.68.191.83)  0 msec 0 msec 0 msec
2 STAN.POS.calren2.NET (171.64.1.213) 0 msec 0 msec 0 msec
3 SUNV--STAN.POS.calren2.net (198.32.249.73) 1 msec 1 msec 1 msec
4 Abilene--QSV.POS.calren2.net (198.32.249.162)  1 msec 1 msec 1 msec
5 kscyng-snvang.abilene.ucaid.edu (198.32.8.103)  33 msec 35 msec 35 msec
6 iplsng-kscyng.abilene.ucaid.edu (198.32.8.80)   47 msec 45 msec 45 msec
7 so-0-2-0x1.aa1.mich.net (192.122.183.9)  56 msec  53 msec 54 msec
8 atm1-0x24.michnet8.mich.net (198.108.23.82)  56 msec 56 msec 57 msec
9 * * *
10 A-ARB3-LSA-NG.c-SEB.umnet.umich.edu(141.211.5.22)58 msec 58msec 58 msec
11 umaxp1.physics.lsa.umich.edu (141.211.101.64)  62 msec 63 msec 63 msec
Trace completed

The following table describes the significant fields shown in the display:

Field

Description

1

Indicates the sequence number of the router in the path to the host.

i2-gateway.stanford.edu

Host name of this router.

192.68.191.83

IP address of this router.

1 msec 1 msec 1 msec

Round-trip time for each of the probes that are sent.

The following are characters that can appear in the traceroute command output:

Field

Description

*

The probe timed out.

?

Unknown packet type.

A

Administratively unreachable. Usually, this output indicates that an access list is blocking traffic.

F

Fragmentation required and DF is set.

H

Host unreachable.

N

Network unreachable.

P

Protocol unreachable.

Q

Source quench.

R

Fragment reassembly time exceeded

S

Source route failed.

U

Port unreachable.