u Commands

uefi-vars

Syntax

uefi-vars cpm-slot

Context

[Tree] (tools>dump>system>security>secure-boot uefi-vars)

Full Context

tools dump system security secure-boot uefi-vars

Description

This command displays the secure-boot Unified Extensible Firmware Interface (UEFI) variables.

Parameters

cpm-slot

Specifies the CPM slot.

Values: A, B

Platforms

7705 SAR Gen 2

unreachable-route-table

Syntax

unreachable-route-table[ip-prefix[/prefix-length]] [ipv4 | ipv6] [longer | exact] [protocol protocol-name] [instance instance-id] [all]

Context

[Tree] (show>router unreachable-route-table)

Full Context

show router unreachable-route-table

Description

This command displays the unreachable route table.

Parameters

ip-prefix[/prefix-length]

Displays routes only matching the specified IP address and length.

Values


ipv4-address/prefix:	ipv4-address	a.b.c.d (host bits must be 0)
ipv4-prefix-length		0 to 32
ipv6-address/prefix:	ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
		x:x:x:x:x:x:d.d.d.d
		x [0 to FFFF]H
		d [0 to 255]D
prefix-length		1 to 128

ipv4: Displays information for IPv4.

ipv6: Displays information for IPv6.

longer: Displays information for the longer configuration.

exact: Displays information for the exact configuration.

protocol-name: Displays information for the referenced protocol.

instance-id: Displays information for the referenced instance.

all: Displays information for all of the unreachable routes.

Platforms

7705 SAR Gen 2

Output

The following output is an example of unreachable route table information, and Output fields: unreachable route table describes the output fields.

Output example

A:node-2# show router unreachable-route-table

===============================================================================
IPv6 Unreachable Route Table (Router: Base)
===============================================================================
Dest Prefix
  Proto                                     Age        Pref Metric
-------------------------------------------------------------------------------
2000::6/128
 ISIS                                        00h00m38s  15   4261412865
-------------------------------------------------------------------------------
No. of Routes: 1
===============================================================================

Table 1. Output fields: unreachable route table
Label	Description
Dest Prefix	Displays the destination and prefix
Proto	Displays the protocol
Age	Displays the age
Pref	Displays the preference
Metric	Displays the metric
No. of Routes	Displays the number of routes

unreachable-routes

Syntax

unreachable-routes originated [family] [prefix ip-prefix[/prefix-length]]

unreachable-routes originated mt mt-id-number [prefix ip-prefix[prefix-length]]

Context

[Tree] (show>router>isis unreachable-routes)

Full Context

show router isis unreachable-routes

Description

This command displays the unreachable routes originated by the router. The output can be filtered using family or IP prefix criteria.

Parameters

family

Keyword to display information about unreachable IPv6 or IPv4 unicast routes.

Values: ipv4-unicast | ipv6-unicast

ip-prefix/prefix-length

Displays the unreachable routes based on a specific IP prefix, or a specific IP prefix and prefix length.

Values


ipv4-address/prefix:	ipv4-address	a.b.c.d (host bits must be 0)
ipv4-prefix-length		0 to 32
ipv6-address/prefix:	ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
		x:x:x:x:x:x:d.d.d.d
		x [0 to FFFF]H
		d [0 to 255]D
prefix-length		1 to 128

mt-id-number

Displays the unreachable routes based on a specific Multitopology (MT) ID number.

Values: 0 | 2

Platforms

7705 SAR Gen 2

Output

The following output is an example of unreachable-routes information, and Output fields: unreachable routes describes the output fields.

Output example

A:node-2>show>router>isis# unreachable-routes originated
===============================================================================
Rtr Base ISIS Instance 0 Unreachable Route Table (originated)
===============================================================================
Prefix                                        Algo Metric     Tag          Time
  SysID/Hostname                                MT   Lvl/Type   SpfVersion 
-------------------------------------------------------------------------------
800::1/128                                    0    4261412865 0            0
  CFCF.CFCF.CFCF                                2    2/Int.     0             
-------------------------------------------------------------------------------
No. of Routes: 1
===============================================================================

Table 2. Output fields: unreachable routes
Label	Description
Prefix	Displays the unreachable route information for a prefix
Algo	Displays the unreachable route information for an algorithm
Metric	Displays the unreachable route information for a metric
Tag	Displays the unreachable route information for a tag
Time	Displays the current UPA lifetime counting down and is a value between 0 to 1800 seconds
SysID/Hostname	Displays the unreachable route information for a system ID or hostname
MT	Displays the unreachable route information for an MT ID
Lvl/Type	Displays the unreachable route information for a level or type
SpfVersion	Displays the unreachable route information for an SPF version
No. of Routes	Displays the number of routes

unsubscribe-from

Syntax

unsubscribe-from log-id log-id

Context

[Tree] (tools>perform>log unsubscribe-from)

Full Context

tools perform log unsubscribe-from

Description

This command cancels the subscription of the current CLI session to the specified CLI log.

Parameters

log-id

Specifies the log ID from which cancellation is requested.

Values: 1 to 101

Platforms

7705 SAR Gen 2

update-path

Syntax

update-path {lsp lsp-name path current-path-name new-path new-path-name}

Context

[Tree] (tools>perform>router>mpls update-path)

Full Context

tools perform router mpls update-path

Description

This command enables you to instruct MPLS to replace the path of a primary or secondary LSP. The primary or secondary LSP path is indirectly identified via the current-path-name value. The same path name cannot be used more than once in a given LSP name.

This command applies to both CSPF LSP and to a non-CSPF LSP. This command will only work when the specified current-path-name has the adaptive option enabled. The adaptive option can be enabled at the LSP level or the path level.

The new path must have been configured in the CLI or provided via SNMP. The CLI command for entering the path is

configure router mpls path path-name

The command fails if any of the following conditions exist:

The specified current-path-name of this LSP does not have the adaptive option enabled.
The specified new-path-name value does not correspond to a previously defined path.
The specified new-path-name value exists but is being used by any path of the same LSP, including this one.

When you execute this command, MPLS performs the following procedures:

MPLS performs a single MBB attempt to move the LSP path to the new path.
If the MBB is successful, MPLS updates the new path
- MPLS writes the corresponding NHLFE in the data path if this path is the current backup path for the primary.
- If the current path is the active LSP path, it updates the path and writes the new NHLFE in the data path that causes traffic to switch to the new path.
If the MBB is not successful, the path retains its current value.
The update-path MBB has the same priority as the manual re-signal MBB.

Platforms

7705 SAR Gen 2

uptime

Syntax

uptime

Context

[Tree] (show uptime)

Full Context

show uptime

Description

This command displays the time since the system started.

Platforms

7705 SAR Gen 2

Output

The following output is an example of uptime information, and Output fields: uptime describes the output field.

Output example

A:ALA-1# show uptime
System Up Time         : 11 days, 18:32:02.22 (hr:min:sec)

A:ALA-1#

Table 3. Output fields: uptime
Label	Description
System Up Time	Displays the length of time the system has been up in days, hr:min:sec format.

user

Syntax

user [user-name] [detail]

user [user-name] lockout

Context

[Tree] (show>system>security user)

Full Context

show system security user

Description

This command displays user account information.

If no command line options are specified, summary information for all users is displayed.

Parameters

user-name

Displays information for the specified user.

Default: All users

detail: Displays detailed user information to the summary output.

lockout: Displays information about any users who are currently locked out.

Platforms

7705 SAR Gen 2

Output

The following outputs are examples of user output information, and Output fields: system security user describes the output fields.

Output example

A:node-2# show system security user

===============================================================================
Users
===============================================================================
User ID      New Access                           Password Login   Failed Local
             Pwd Permissions                      Expires  Attempt Logins Conf
-------------------------------------------------------------------------------
admin        n   bt cc -- gr li nc sp -- sc tc    never    3       0      y
-------------------------------------------------------------------------------
Number of users : 1
Permissions: (bt) Bluetooth, (cc) Console port CLI, (fp) FTP, (gr) gRPC,
             (li) LI, (nc) NETCONF, (sp) SCP/SFTP, (sn) SNMP, (sc) SSH CLI,
             (tc) Telnet CLI
===============================================================================

A:node-2# show system security user detail

===============================================================================
Users
===============================================================================
User ID      New Access                           Password Login   Failed Local
             Pwd Permissions                      Expires  Attempt Logins Conf
-------------------------------------------------------------------------------
admin        n   bt cc -- gr li nc sp -- sc tc    never    3       0      y
-------------------------------------------------------------------------------
Number of users : 1
Permissions: (bt) Bluetooth, (cc) Console port CLI, (fp) FTP, (gr) gRPC,
             (li) LI, (nc) NETCONF, (sp) SCP/SFTP, (sn) SNMP, (sc) SSH CLI,
             (tc) Telnet CLI
===============================================================================

===============================================================================
User Configuration Detail
===============================================================================
===============================================================================
user id            : admin
-------------------------------------------------------------------------------
console parameters
-------------------------------------------------------------------------------
new pw required    : no                 cannot change pw   : no
home directory     :
restricted to home : no
save when restrict*: no
login exec file    :
profile            : administrative
locked-out         : no
-------------------------------------------------------------------------------
snmp parameters
-------------------------------------------------------------------------------
auth protocol      : hmac-sha2-512
auth key           : ffb8bb4392ccab627d903db396cd928fdde5ac8cdb78e7b6ecb39bde2c
                     3ec67c8380cd0d91dfe6f30c041d9819a34e297994c3b759e68f2db075
                     4bc408e3a001
privacy protocol   : cfb128-aes-256
privacy key        : ffb8bb4392ccab627d903db396cd928fdde5ac8cdb78e7b6ecb39bde2c
                     3ec67c
group              : moje
===============================================================================

A:node-2# show system security user lockout

===============================================================================
Currently Failed Login Attempts
===============================================================================
User ID Remaining Login attempts Remaining Lockout Time (min:sec)
-------------------------------------------------------------------------------
user123 N/A 9:56
-------------------------------------------------------------------------------
Number of users : 1
===============================================================================

Table 4. Output fields: system security user
Label	Description
User ID	The name of a system user.
Users
New Pwd	y — The user must change their password at the next login. n — The user does not need to change their password at the next login.
Access Permissions	The user can access: bt — Bluetooth cc — console port CLI fp — FTP gr — gRPC li — LI nc — NETCONF sp — SCP/SFTP sn — SNMP sc — SSH CLI tc — Telnet CLI
Password Expires	The number of days after which the user must change their password.
Login Attempts	The number of times that the user has attempted to log in, irrespective of whether the login succeeded or failed.
Failed Logins	The number of unsuccessful login attempts.
Local Conf	y — Password authentication is based on the local password database. n — Password authentication is not based on the local password database.
Number of users	The total number of listed users.
User Configuration Detail
new pw required	yes — The user must change their password at the next login. no — The user does not need to change their password at the next login.
cannot change pw	yes — The user does not have the ability to change their password. no — The user has the ability to change their password.
home directory	The local home directory for the user for both console and FTP access.
restricted to home	yes — The user is not allowed to navigate to a directory higher in the directory tree on the home directory device. no — The user is allowed to navigate to a directory higher in the directory tree on the home directory device.
save when restricted	Whether configuration save operations are allowed when the user is restricted to home.
login exec file	The user’s login exec file which executes whenever the user successfully logs in to a console session.
profile	The security profiles associated with the user.
locked-out	Whether the user is currently locked out, and, if they are locked out, how much time remains before the user can attempt to log into the node again.
SNMP Parameters
auth protocol	The SNMPv3 authentication protocol.
auth key	The SNMPv3 authentication key.
privacy protocol	The SNMPv3 privacy protocol.
privacy protocol	The SNMPv3 privacy key.
group	The group for which the protocols apply.
Currently Failed Login Attempts
Remaining Login Attempts	The number of login attempts remaining before the user is locked out.
Remaining Lockout Time (min:sec)	The number of minutes and seconds remaining until the lockout expires and the user can attempt to log in again.

With the introduction of the PKI on an SR OS (SSH server) the authentication process can be done via PKI or password. The SSH client usually authenticates via PKI and password if PKI is configured on the client. In this case, the PKI takes precedence over the password in most clients.

All client authentications are logged and display in the show>system>security>user detail. The following table lists the rules where pass and fail attempts are logged.

Table 5. Pass/fail login attempts
Authentication order	Client (such as, PuTTY)	Server (such as SR OS)		CLI show system security attempts (SR OS)
Authentication order	Private key programmed	Public key configured	Password configured	Logins attempts	Failed logins
1. Public Key	Yes	Yes	N/A	Increment
2. Password	Yes	Yes (No match between client and server. Go to password.)	Yes	Increment
	Yes	No	Yes	Increment
	No	N/A	Yes	Increment
	No	N/A	No		Increment
1. Public Key (only)	Yes	Yes	N/A	Increment
	Yes	Yes (No match between client and server. Go to password.)			Increment
	Yes		N/A		Increment
	No		N/A		Increment

users

Syntax

users

Context

[Tree] (show users)

Full Context

show users

Description

Displays console user login and connection information.

Platforms

7705 SAR Gen 2

Output

The following output is an example of user information, and Output fields: users describes the output fields.

Output example: Console users

*A:node-1# show users
===============================================================================
User                             Type      Login time           Idle time
  Session ID   From
===============================================================================
                                 Console         --             3d 10:11:02 --
  6            --
admin                            SSHv2     12OCT2018 20:44:15   0d 00:00:50 A-
  83           192.168.0.10
admin                            SSHv2     12OCT2018 21:09:25   0d 00:00:00 --
 #84           192.168.0.10
-------------------------------------------------------------------------------
Number of users: 2
'#' indicates the current active session
'A' indicates user is in admin mode
===============================================================================

Table 6. Output fields: users
Label	Description
User	The user name.
Type	The user is authorized this access type.
From	The originating IP address.
Login time	The time the user logged in.
Idle time	The amount of idle time for a specific login.
Number of users	Displays the total number of users logged in.