C H A P T E R 9 |
Management Commands |
This chapter describes the management commands available in the FASTPATH® CLI.
The commands in this chapter are divided into three groups:
This chapter contains the following sections:
This section describes the commands you use to configure a logical interface for management access. To configure the management VLAN, see network mgmt_vlan
This command gives you access to the Privileged EXEC mode. From the Privileged EXEC mode, you can configure the network interface.
This command sets the IP address, the netmask and the gateway of the network management port.
This command specifies the network management port configuration protocol. If you modify this value, the change is effective immediately. If you use the bootp parameter, the switch periodically sends requests to a BootP server until a response is received. If you use the dhcp parameter, the switch periodically sends requests to a DHCP server until a response is received. If you use the none parameter, you must configure the network information for the switch manually.
This command sets the IP Address, subnet mask and gateway of the device. The IP Address and the gateway must be on the same subnet.
This command specifies the network configuration protocol to be used. If you modify this value, change is effective immediately. If you modify this value, the change is effective immediately. If you use the bootp parameter, the switch periodically sends requests to a BootP server until a response is received. If you use the dhcp parameter, the switch periodically sends requests to a DHCP server until a response is received. If you use the none parameter, you must configure the network information for the switch manually.
This command sets locally administered MAC addresses. The following rules apply:
A locally administered address must have bit 6 On (b'1') and bit 7 Off (b'0').
This command specifies whether the switch uses the burned in MAC address or the locally-administered MAC address.
This command resets the value of MAC address to its default.
This command specifies whether or not the switch should allow access to the Java applet in the header frame of the Web interface. When access is enabled, the Java applet can be viewed from the Web interface. When access is disabled, the user cannot view the Java applet.
This command disallows access to the Java applet in the header frame of the Web interface. When access is disabled, the user cannot view the Java applet.
This command displays configuration settings associated with the switch's network interface. The network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed.
This command displays service port configuration information.
This section describes the commands you use to configure the console port. You can use a serial cable to connect a management host directly to the console port of the switch.
This command gives you access to the Global Config mode. From the Global Config mode, you can configure a variety of system settings, including user accounts. From the Global Config mode, you can enter other command modes, including Line Config mode.
This command gives you access to the Line Config mode, which allows you to configure various Telnet settings and the console port.
This command specifies whether the serial management port goes out the front or the RTM.
This command specifies the communication rate of the terminal interface. The supported rates are 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200.
serial baudrate {1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600 | 115200} |
|
This command sets the communication rate of the terminal interface.
This command specifies the maximum connect time (in minutes) without console activity. A value of 0 indicates that a console can be connected indefinitely. The time range is 0 to 160.
This command sets the maximum connect time (in minutes) without console activity.
This command displays serial communication settings for the switch.
This section describes the commands you use to configure and view Telnet settings. You can use Telnet to manage the device from a remote management host.
Use this command to enable Telnet connections to the system and to enable the Telnet Server Admin Mode. This command opens the Telnet listening port.
Use this command to disable Telnet access to the system and to disable the Telnet Server Admin Mode. This command closes the Telnet listening port and disconnects all open Telnet sessions.
This command establishes a new outbound Telnet connection to a remote host. The host value must be a valid IP address. Valid values for port should be a valid decimal integer in the range of 0 to 65535, where the default value is 23. If [debug] is used, the current Telnet options enabled is displayed. The optional line parameter sets the outbound Telnet operational mode as ‘linemode’, where by default, the operational mode is ‘character mode’. The noecho option disables local echo.
This command regulates new Telnet sessions. If enabled, new Telnet sessions can be established until there are no more sessions available. An established session remains active until the session is ended or an abnormal network error ends the session.
Note - If the Telnet Server Admin Mode is disabled, Telnet sessions cannot be established. Use the ip telnet server enable command to enable Telnet Server Admin Mode. |
Use this command to prevent new Telnet sessions from being established.
This command regulates new outbound Telnet connections. If enabled, new outbound Telnet sessions can be established until the system reaches the maximum number of simultaneous outbound Telnet sessions allowed. An established session remains active until the session is ended or an abnormal network error ends it.
Use this command to prevent new outbound Telnet connection from being established.
This command specifies the maximum number of simultaneous outbound Telnet sessions. A value of 0 indicates that no outbound Telnet session can be established.
This command sets the maximum number of simultaneous outbound Telnet sessions to the default value.
This command sets the Telnet session timeout value.The timeout value unit of time is minutes. A value of 0 indicates that a session remains active indefinitely.
This command sets the Telnet session timeout value to the default. The timeout value unit of time is minutes.
This command specifies the maximum number of Telnet connection sessions that can be established. A value of 0 indicates that no Telnet connection can be established. The range is 0-5.
This command sets the maximum number of Telnet connection sessions that can be established to the default value.
This command sets the Telnet connection session timeout value, in minutes. A session is active as long as the session has not been idle for the value set. The time is a decimal value from 1 to 160.
This command sets the Telnet connection session timeout value to the default.
Note - Changing the timeout value for active sessions does not become effective until the session is reaccessed. Also, any keystroke activates the new timeout duration. |
Use the disconnect command to close Telnet or SSH sessions. Use all to close all Telnet and SSH sessions, or use <session-id> to specify the session ID to close. To view the possible values for <session-id>, use the show loginsession command.
This command displays the current outbound Telnet settings. In other words, these settings apply to Telnet connections initiated from the switch to a remote system.
This command displays the current inbound Telnet settings. In other words, these settings apply to Telnet connections initiated from a remote system to the switch.
This section describes the commands you use to configure SSH access to the switch. Use SSH to access the switch from a remote management host.
Note - The system allows a maximum of 5 SSH sessions. |
Use this command to enable SSH access to the system.
Use this command to disable SSH access to the system.
This command is used to set or remove protocol levels (or versions) for SSH. Either SSH1 (1), SSH2 (2), or both SSH 1 and SSH 2 (1 and 2) can be set.
This command enables the IP secure shell server.
This command disables the IP secure shell server.
This command specifies the maximum number of SSH connection sessions that can be established. A value of 0 indicates that no ssh connection can be established. The range is 0 to 5.
This command sets the maximum number of allowed SSH connection sessions to the default value.
This command sets the SSH connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set. The time is a decimal value from 1 to 160.
Changing the timeout value for active sessions does not become effective until the session is re accessed. Also, any keystroke activates the new timeout duration.
This command sets the SSH connection session timeout value, in minutes, to the default.
Changing the timeout value for active sessions does not become effective until the session is re accessed. Also, any keystroke activates the new timeout duration.
This command displays the ssh settings.
This section describes the commands you use to configure HTTP access to the switch. Access to the switch by using a Web browser is enabled by default. Everything you can view and configure by using the CLI is also available by using the Web.
This command is used to set the SSL port where port can be 1-65535 and the default is port 443.
This command is used to reset the SSL port to the default value.
This command is used to set protocol levels (versions). The protocol level can be set to TLS1, SSL3 or to both TLS1 and SSL3.
This command is used to enable the secure socket layer for secure HTTP.
This command is used to disable the secure socket layer for secure HTTP.
This command enables access to the switch through the Web interface. When access is enabled, the user can login to the switch from the Web interface. When access is disabled, the user cannot login to the switch's Web server.
Disabling the Web interface takes effect immediately. All interfaces are effected.
This command disables access to the switch through the Web interface. When access is disabled, the user cannot login to the switch's Web server.
This command displays the http settings for the switch.
Indicates whether the administrative mode of secure HTTP is enabled or disabled. |
|
This field indicates whether the HTTP mode is enabled or disabled. |
This section describes the commands you use to add, manage, and delete system users. FASTPATH has two default users: admin and guest. The admin user can view and configure system settings, and the guest user can view settings.
Note - You cannot delete the admin user, and there is only one user allowed with read/write privileges. You can configure up to five read-only users on the system. |
This command adds a new user account, if space permits. The account <username> can be up to eight characters in length. You can use alphanumeric characters as well as the dash (‘-’) and underscore (‘_’). You can define up to six user names.
This command removes a user account.
Note - You cannot delete the “admin” user account. |
Use this command to change a password. Passwords are a maximum of eight alphanumeric characters. If a user is authorized for authentication or encryption is enabled, the password length must be at least eight alphanumeric characters. The password is case sensitive. When you change a password, a prompt asks for the old password. If there is no password, press enter. You must enter the <username> in the same case you used when you added the user. To see the case of the <username>, enter the show users command.
This command sets the password of an existing user to blank. When you change a password, a prompt asks for the old password. If there is no password, press enter.
This command specifies the snmpv3 access privileges for the specified login user. The valid accessmode values are readonly or readwrite. The <username> is the login user name for which the specified access mode applies. The default is readwrite for the “admin” user and readonly for all other users. You must enter the <username> in the same case you used when you added the user. To see the case of the <username>, enter the show users command.
This command sets the snmpv3 access privileges for the specified user as readwrite for the “admin” user and readonly for all other users. The <username> value is the user name for which the specified access mode will apply.
This command specifies the authentication protocol to be used for the specified user. The valid authentication protocols are none, md5 or sha. If you specify md5 or sha, the login password is also used as the snmpv3 authentication password and therefore must be at least eight characters in length. The <username> is the user name associated with the authentication protocol. You must enter the <username> in the same case you used when you added the user. To see the case of the <username>, enter the show users command.
This command sets the authentication protocol to be used for the specified user to none. The <username> is the user name for which the specified authentication protocol is used.
This command specifies the encryption protocol used for the specified user. The valid encryption protocols are des or none.
If you select des, you can specify the required key on the command line. The encryption key must be 8 to 64 characters long. If you select the des protocol but do not provide a key, the user is prompted for the key. When you use the des protocol, the login password is also used as the snmpv3 encryption password, so it must be a minimum of eight characters. If you select none, you do not need to provide a key.
The <username> value is the login user name associated with the specified encryption. You must enter the <username> in the same case you used when you added the user. To see the case of the <username>, enter the show users command.
This command sets the encryption protocol to none. The <username> is the login user name for which the specified encryption protocol will be used.
This command displays current Telnet and serial port connections to the switch.
The name the user will use to login using the serial port or Telnet. |
|
IP address of the Telnet client machine or EIA-232 for the serial port connection. |
|
This command displays the configured user names and their settings. This command is only available for users with Read/Write privileges. The SNMPv3 fields will only be displayed if SNMP is available on the system.
This section describes the commands you use to configure Simple Network Management Protocol (SNMP) on the switch. You can configure the switch to act as an SNMP agent so that it can communicate with SNMP managers on your network.
This command sets the name and the physical location of the switch, and the organization responsible for the network. The range for <name>, <loc> and <con> is from 1 to 31 alphanumeric characters.
snmp-server {sysname <name> | location <loc> | contact <con>} |
|
This command adds (and names) a new SNMP community. A community <name> is a name associated with the switch and with a set of SNMP managers that manage it with a specified privileged level. The length of <name> can be up to 16 case-sensitive characters.
public and private, which you can rename
|
|
---|---|
This command removes this community name from the table. The <name> is the community name to be deleted.
This command sets a client IP address for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP mask value to denote a range of IP addresses from which SNMP clients may use that community to access the device. A value of 0.0.0.0 allows access from any IP address. Otherwise, this value is ANDed with the mask to determine the range of allowed client IP addresses. The name is the applicable community name.
This command sets a client IP address for an SNMP community to 0.0.0.0. The name is the applicable community name.
This command sets a client IP mask for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP address value to denote a range of IP addresses from which SNMP clients may use that community to access the device. A value of 255.255.255.255 will allow access from only one station, and will use that machine's IP address for the client IP Address. A value of 0.0.0.0 will allow access from any IP address. The name is the applicable community name.
This command sets a client IP mask for an SNMP community to 0.0.0.0. The name is the applicable community name. The community name may be up to 16 alphanumeric characters.
This command activates an SNMP community. If a community is enabled, an SNMP manager associated with this community manages the switch according to its access right. If the community is disabled, no SNMP requests using this community are accepted. In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed back to Enable.
private and public communities - enabled
|
|
---|---|
This command deactivates an SNMP community. If the community is disabled, no SNMP requests using this community are accepted. In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed back to Enable.
This command restricts access to switch information. The access mode is read-only (also called public).
This command restricts access to switch information. The access mode is read/write (also called private).
This command enables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port.
Note - For other port security commands, see Protected Ports Commands. |
This command disables the sending of new violation traps.
This command enables the Authentication Flag.
This command disables the Authentication Flag.
This command enables the broadcast storm trap. When enabled, broadcast storm traps are sent only if the broadcast storm recovery mode setting associated with the port is enabled.
This command disables the broadcast storm trap. When enabled, broadcast storm traps are sent only if the broadcast storm recovery mode setting associated with the port is enabled.
This command enables Link Up/Down traps for the entire switch. When enabled, link traps are sent only if the Link Trap flag setting associated with the port is enabled. snmp trap link-status
This command disables Link Up/Down traps for the entire switch.
This command enables Multiple User traps. When the traps are enabled, a Multiple User Trap is sent when a user logs in to the terminal interface (EIA 232 or Telnet) and there is an existing terminal interface session.
This command disables Multiple User traps.
This command enables the sending of new root traps and topology change notification traps.
This command disables the sending of new root traps and topology change notification traps.
This command adds an SNMP trap receiver. The maximum length of <name> is 16 case-sensitive alphanumeric characters. The <snmpversion> is the version of SNMP. The version parameter options are snmpv1 or snmpv2.
This command deletes trap receivers for a community.
This command modifies the SNMP version of a trap. The maximum length of <name> is 16 case-sensitive alphanumeric characters. The <snmpversion> parameter options are snmpv1 or snmpv2.
Note - This command does not support a “no” form. |
This command assigns an IP address to a specified community name. The maximum length of name is 16 case-sensitive alphanumeric characters.
This command activates or deactivates an SNMP trap. Enabled trap receivers are active (able to receive traps). Disabled trap receivers are inactive (not able to receive traps).
This command deactivates an SNMP trap. Disabled trap receivers are inactive (not able to receive traps).
This command enables link status traps by interface.
Note - This command is valid only when the Link Up/Down Flag is enabled. snmp-server enable traps linkmode |
This command disables link status traps by interface.
Note - This command is valid only when the Link Up/Down Flag is enabled. See ‘snmp-server enable traps linkmode’ command). |
This command enables link status traps for all interfaces.
Note - This command is valid only when the Link Up/Down Flag is enabled. snmp-server enable traps linkmode |
This command disables link status traps for all interfaces.
Note - This command is valid only when the Link Up/Down Flag is enabled. snmp-server enable traps linkmode |
This command displays SNMP community information. Six communities are supported. You can add, change, or delete communities. The switch does not have to be reset for changes to take effect.
The SNMP agent of the switch complies with SNMP Versions 1, 2 or 3. For more information about the SNMP specification, see the SNMP RFCs. The SNMP agent sends traps through TCP/IP to an external SNMP manager based on the SNMP configuration (the trap receiver and other SNMP community parameters).
This command displays SNMP trap receivers. Trap messages are sent across a network to an SNMP Network Manager. These messages alert the manager to events occurring within the switch or on the network. Six trap receivers are simultaneously supported.
The community string of the SNMP trap packet sent to the trap manager. The string is case sensitive and can be up to 16 alphanumeric characters. |
|
This command displays trap conditions. Configure which traps the switch should generate by enabling or disabling the trap condition. If a trap condition is enabled and the condition is detected, the SNMP agent on the switch sends the trap to all enabled trap receivers. You do not have to reset the switch to implement the changes. Cold and warm start traps are always generated and cannot be disabled.
This section describes the commands you use to configure CLI Command Logging.
This command enables the CLI command logging feature, which enables the FASTPATH software to log all CLI commands issued on the system.
This command disables the CLI command Logging feature.
This section describes the commands you use to configure the switch to use a Remote Authentication Dial-In User Service (RADIUS) server on your network for authentication and accounting.
This command is used to enable the RADIUS accounting function.
This command is used to set the RADIUS accounting function to the default value - i.e. the RADIUS accounting function is disabled.
This command is used to configure the RADIUS authentication and accounting server. If you use the <auth> parameter, the command configures the IP address to use to connect to a RADIUS authentication server. You can configure up to 3 servers per RADIUS client. If the maximum number of configured servers is reached, the command fails until you remove one of the servers by issuing the “no” form of the command. If you use the optional <port> parameter, the command configures the UDP port number to use when connecting to the configured RADIUS server. The <port> number range is 1 - 65535, with 1812 being the default value.
Note - To re-configure a RADIUS authentication server to use the default UDP <port>, set the <port> parameter to 1812. |
If you use the <acct> token, the command configures the IP address to use for the RADIUS accounting server. You can only configure one accounting server. If an accounting server is currently configured, use the “no” form of the command to remove it from the configuration. The IP address you specify must match that of a previously configured accounting server. If you use the optional <port> parameter, the command configures the UDP port to use when connecting to the RADIUS accounting server. If a <port> is already configured for the accounting server, the new <port> replaces the previously configured <port>. The <port> must be a value in the range 1 - 65535, with 1813 being the default.
Note - To re-configure a RADIUS accounting server to use the default UDP <port>, set the <port> parameter to 1813. |
This command is used to remove the configured RADIUS authentication server or the RADIUS accounting server. If the 'auth' token is used, the previously configured RADIUS authentication server is removed from the configuration. Similarly, if the 'acct' token is used, the previously configured RADIUS accounting server is removed from the configuration. The <ipaddr> parameter must match the IP address of the previously configured RADIUS authentication / accounting server.
This command is used to configure the shared secret between the RADIUS client and the RADIUS accounting / authentication server. Depending on whether the 'auth' or 'acct' token is used, the shared secret is configured for the RADIUS authentication or RADIUS accounting server. The IP address provided must match a previously configured server. When this command is executed, the secret is prompted.
Note - The secret must be an alphanumeric value not exceeding 16 characters. |
This command enables the message authenticator attribute for a specified server.
This command disables the message authenticator attribute for a specified server.
This command is used to configure the primary RADIUS authentication server for this RADIUS client. The primary server handles RADIUS requests. The remaining configured servers are only used if the primary server cannot be reached. You can configure up to three servers on each client. Only one of these servers can be configured as the primary. If a primary server is already configured prior to this command being executed, the server specified by the IP address specified used in this command will become the new primary server. The IP address must match that of a previously configured RADIUS authentication server.
This command sets the maximum number of times a request packet is re-transmitted when no response is received from the RADIUS server. The retries value is an integer in the range of 1 to 15.
This command sets the maximum number of times a request packet is re-transmitted, to the default value.
This command sets the timeout value (in seconds) after which a request must be retransmitted to the RADIUS server if no response is received. The timeout value is an integer in the range of 1 to 30.
This command sets the timeout value to the default value.
This command is used to display the various RADIUS configuration items for the switch as well as the configured RADIUS servers. If the optional token 'servers' is not included, the following RADIUS configuration items are displayed.
If you use the [servers] keyword, the following information displays.
The message authenticator attribute for the selected server, which can be enables or disables. |
This command is used to display the configured RADIUS accounting mode, accounting server and the statistics for the configured accounting server.
If you do not specify any parameters, then only the accounting mode and the RADIUS accounting server details are displayed.
If you use the optional statistics <ipaddr> parameter, the statistics for the configured RADIUS accounting server are displayed. The IP address parameter must match that of a previously configured RADIUS accounting server. The following information regarding the statistics of the RADIUS accounting server is displayed.
This command is used to display the statistics for RADIUS or configured server. To show the configured RADIUS server statistic, the IP Address specified must match that of a previously configured RADIUS server. On execution, the following fields are displayed.
If you do not specify the IP address, then only Invalid Server Address field is displayed. Otherwise other listed fields are displayed.
TACACS+ provides access control for networked devices via one or more centralized servers. Similar to RADIUS, this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network. TACACS+ is based on the TACACS protocol (described in RFC1492) but additionally provides for separate authentication, authorization, and accounting services. The original protocol was UDP based with messages passed in clear text over the network; TACACS+ uses TCP to ensure reliable delivery and a shared key configured on the client and daemon server to encrypt all messages.
Use the tacacs-server host command in Global Configuration mode to configure a TACACS+ server. This command enters into the TACACS+ configuration mode. The <ip-address> parameter is the IP address of the TACACS+ server. To specify multiple hosts, multiple tacacs-server host commands can be used.
Use the no tacacs-server host command to delete the specified hostname or IP address. The <ip-address> parameter is the IP address of the TACACS+ server.
Use the tacacs-server key command to set the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. The <key-string> parameter has a range of 0 - 128 characters and specifies the authentication and encryption key for all TACACS communications between the switch and the TACACS+ server. This key must match the key used on the TACACS+ daemon.
Use the no tacacs-server key command to disable the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. The <key-string> parameter has a range of 0 - 128 characters This key must match the key used on the TACACS+ daemon.
Use the tacacs-server timeout command to set the timeout value for communication with the TACACS+ servers. The <timeout> parameter has a range of 1-30 and is the timeout value in seconds.
Use the no tacacs-server timeout command to restore the default timeout value for all TACACS servers.
Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server. This key must match the key used on the TACACS daemon. The <key-string> parameter specifies the key name. For an empty string use “ ”. (Range: 0 - 128 characters).
Use the port command in TACACS Configuration mode to specify a server port number. The server <port-number> range is 0 - 65535.
Use the priority command in TACACS Configuration mode to specify the order in which servers are used, where 0 (zero) is the highest priority. The <priority> parameter specifies the priority for servers. The highest priority is 0 (zero), and the range is 0 - 65535.
Use the timeout command in TACACS Configuration mode to specify the timeout value in seconds. If no timeout value is specified, the global value is used. The <timeout> parameter has a range of 1-30 and is the timeout value in seconds.
Use the show tacacs command to display the configuration and statistics of a TACACS+ server.
Configuration Scripting allows you to generate text-formatted script files representing the current configuration of a system. You can upload these configuration script files to a PC or UNIX system and edit them. Then, you can download the edited files to the system and apply the new configuration. You can apply configuration scripts to one or more switches with no or minor modifications.
Use the show running-config command (see show running-config) to capture the running configuration into a script. Use the copy command (see copy) to transfer the configuration script to or from the switch.
You should use scripts on systems with default configuration; however, you are not prevented from applying scripts on systems with non-default configurations.
Scripts must conform to the following rules:
You can type single-line annotations at the command prompt to use when you write test or configuration scripts to improve script readability. The exclamation point (!) character flags the beginning of a comment. The comment flag character can begin a word anywhere on the command line, and all input following this character is ignored. Any command line that begins with the “!” character is recognized as a comment line and ignored by the parser.
The following lines show an example of a script:
! Script file for displaying management access show telnet !Displays the information about remote connections ! Display information about direct connections show serial ! End of the script file! |
This command applies the commands in the script to the switch. The <scriptname> parameter is the name of the script to apply.
This command deletes a specified script where the <scriptname> parameter is the name of the script to delete. The <all> option deletes all the scripts present on the switch.
This command lists all scripts present on the switch as well as the remaining available space.
This command displays the contents of a script file, which is named <scriptname>.
The output format is as follows:
This command validates a script file by parsing each line in the script file where <scriptname> is the name of the script to validate.The validate option is intended to be used as a tool for script development. Validation identifies potential problems. It might not identify all problems with a given script on any given device.
This section describes the commands you use to configure the pre-login banner and the system prompt. The pre-login banner is the text that displays before you login at the User prompt.
The copy command includes the option to upload or download the CLI Banner to or from the switch. You can specify local URLs by using TFTP, Xmodem, Ymodem, or Zmodem.
copy <tftp://<ipaddr>/<filepath>/<filename>> nvram:clibanner copy nvram:clibanner <tftp://<ipaddr>/<filepath>/<filename>> |
|
This command changes the name of the prompt. The length of name may be up to 64 alphanumeric characters.
© 2007 Diversified Technology, Inc. All Rights Reserved. © 2009 Sun Microsystems, Inc. All rights reserved.